mirror of
https://abf.rosa.ru/djam/mono.git
synced 2025-02-23 13:52:51 +00:00
40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
From 722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Mon Sep 17 00:00:00 2001
|
|
From: Sebastien Pouliot <sebastien@ximian.com>
|
|
Date: Wed, 6 Apr 2011 13:24:31 -0400
|
|
Subject: [PATCH] Fix access to freed members of a dead thread
|
|
|
|
* threads.c: Fix access to freed members of a dead thread. Found
|
|
and fixed by Rodrigo Kumpera <rkumpera@novell.com>
|
|
Ref: CVE-2011-0992
|
|
---
|
|
mono/metadata/threads.c | 11 ++++++++---
|
|
1 files changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/mono/metadata/threads.c b/mono/metadata/threads.c
|
|
index 3fe4e93..a7a721d 100644
|
|
--- a/mono/metadata/threads.c
|
|
+++ b/mono/metadata/threads.c
|
|
@@ -1036,12 +1036,17 @@ void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInterna
|
|
CloseHandle (thread);
|
|
|
|
if (this->synch_cs) {
|
|
- DeleteCriticalSection (this->synch_cs);
|
|
- g_free (this->synch_cs);
|
|
+ CRITICAL_SECTION *synch_cs = this->synch_cs;
|
|
this->synch_cs = NULL;
|
|
+ DeleteCriticalSection (synch_cs);
|
|
+ g_free (synch_cs);
|
|
}
|
|
|
|
- g_free (this->name);
|
|
+ if (this->name) {
|
|
+ void *name = this->name;
|
|
+ this->name = NULL;
|
|
+ g_free (name);
|
|
+ }
|
|
}
|
|
|
|
static void mono_thread_start (MonoThread *thread)
|
|
--
|
|
1.7.5.4
|
|
|