diff options
author | Maniraj D <md@nvidia.com> | 2021-10-11 22:37:02 +0530 |
---|---|---|
committer | Marge Bot <eric+marge@anholt.net> | 2021-10-15 06:22:13 +0000 |
commit | 796c9ab3fd6b897ae3b3c069568182178c7661d4 (patch) | |
tree | 06f8f79258ea9da9689df51fc8fc06b40780b6e2 | |
parent | 835b98e101fa6aeb6fb8a47059d66f8e48260bac (diff) |
egl: set TSD as NULL after deinit
When eglReleaseThread() is called from application's
destructor (API with __attribute__((destructor))),
it crashes due to invalid memory access.
In this case, _egl_TLS is freed in the flow of
_eglAtExit() as below but _egl_TLS is not set to NULL.
_eglDestroyThreadInfo
_eglFiniTSD
_eglAtExit
_run_exit_handlers
exit
Later when the eglReleaseThread is called from
application's destructor, it ends-up accessing
the freed _egl_TLS pointer.
eglReleaseThread -> in libEGL_mesa
eglReleaseThread -> in libEGL(glvnd)
destructor() -> App's destructor
To resolve the invalid access, setting the _egl_TLS
pointer as NULL after freeing it.
Reviewed-by: Eric Engestrom <eric@engestrom.ch>
Reviewed-by: Jesse Natalie <jenatali@microsoft.com>
Reviewed-by: Tapani Pälli <tapani.palli@intel.com>
Cc: mesa-stable
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5466
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13302>
-rw-r--r-- | src/egl/main/eglcurrent.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/egl/main/eglcurrent.c b/src/egl/main/eglcurrent.c index 27b09fc4623..3a82a2d0d77 100644 --- a/src/egl/main/eglcurrent.c +++ b/src/egl/main/eglcurrent.c @@ -131,8 +131,14 @@ _eglCreateThreadInfo(void) static void _eglDestroyThreadInfo(_EGLThreadInfo *t) { - if (t != &dummy_thread) + if (t != &dummy_thread) { free(t); +#ifdef USE_ELF_TLS + /* Reset the TLS also here, otherwise + * it will be having a dangling pointer */ + _egl_TLS = NULL; +#endif + } } |