From 722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Mon Sep 17 00:00:00 2001
From: Sebastien Pouliot <sebastien@ximian.com>
Date: Wed, 6 Apr 2011 13:24:31 -0400
Subject: [PATCH] Fix access to freed members of a dead thread
* threads.c: Fix access to freed members of a dead thread. Found
and fixed by Rodrigo Kumpera <rkumpera@novell.com>
Ref: CVE-2011-0992
---
mono/metadata/threads.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/mono/metadata/threads.c b/mono/metadata/threads.c
index 3fe4e93..a7a721d 100644
--- a/mono/metadata/threads.c
+++ b/mono/metadata/threads.c
@@ -1036,12 +1036,17 @@ void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInterna
CloseHandle (thread);
if (this->synch_cs) {
- DeleteCriticalSection (this->synch_cs);
- g_free (this->synch_cs);
+ CRITICAL_SECTION *synch_cs = this->synch_cs;
this->synch_cs = NULL;
+ DeleteCriticalSection (synch_cs);
+ g_free (synch_cs);
}
- g_free (this->name);
+ if (this->name) {
+ void *name = this->name;
+ this->name = NULL;
+ g_free (name);
+ }
}
static void mono_thread_start (MonoThread *thread)
--
1.7.5.4
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
1dbb49209b0b2fcadedb0498a8ae483c
>
files
>
2
