[K/N] Fix calls checker use-after-free in main thread deinit
Calls checker was trying to read thread state while unlocking mutex in unregister thread function. At this point thread is already unregistered and reference to current thread node is dangling. To avoid this, we nullify this reference in advance, as its anyway explicitly passed to unregister function, not read from global.
This commit is contained in:
committed by
Space Team
parent
b7b221d261
commit
ef54a6d7cb
@@ -113,15 +113,16 @@ extern "C" void DeinitMemory(MemoryState* state, bool destroyRuntime) {
|
||||
AssertThreadState(state, ThreadState::kNative);
|
||||
auto* node = mm::FromMemoryState(state);
|
||||
if (destroyRuntime) {
|
||||
ThreadStateGuard guard(state, ThreadState::kRunnable);
|
||||
node->Get()->gc().ScheduleAndWaitFullGCWithFinalizers();
|
||||
// TODO: Why not just destruct `GC` object and its thread data counterpart entirely?
|
||||
mm::GlobalData::Instance().gc().StopFinalizerThreadIfRunning();
|
||||
}
|
||||
mm::ThreadRegistry::Instance().Unregister(node);
|
||||
if (destroyRuntime) {
|
||||
{
|
||||
ThreadStateGuard guard(state, ThreadState::kRunnable);
|
||||
node->Get()->gc().ScheduleAndWaitFullGCWithFinalizers();
|
||||
// TODO: Why not just destruct `GC` object and its thread data counterpart entirely?
|
||||
mm::GlobalData::Instance().gc().StopFinalizerThreadIfRunning();
|
||||
}
|
||||
// we can clear reference in advance, as Unregister function can't use it anyway
|
||||
mm::ThreadRegistry::ClearCurrentThreadData();
|
||||
}
|
||||
mm::ThreadRegistry::Instance().Unregister(node);
|
||||
}
|
||||
|
||||
extern "C" void RestoreMemory(MemoryState*) {
|
||||
|
||||
Reference in New Issue
Block a user