[K/N] Fix calls checker use-after-free in main thread deinit

Calls checker was trying to read thread state while unlocking mutex in
unregister thread function. At this point thread is already
unregistered and reference to current thread node is dangling.

To avoid this, we nullify this reference in advance, as its anyway
explicitly passed to unregister function, not read from global.
This commit is contained in:
Pavel Kunyavskiy
2022-11-14 10:35:11 +01:00
committed by Space Team
parent b7b221d261
commit ef54a6d7cb
+8 -7
View File
@@ -113,15 +113,16 @@ extern "C" void DeinitMemory(MemoryState* state, bool destroyRuntime) {
AssertThreadState(state, ThreadState::kNative);
auto* node = mm::FromMemoryState(state);
if (destroyRuntime) {
ThreadStateGuard guard(state, ThreadState::kRunnable);
node->Get()->gc().ScheduleAndWaitFullGCWithFinalizers();
// TODO: Why not just destruct `GC` object and its thread data counterpart entirely?
mm::GlobalData::Instance().gc().StopFinalizerThreadIfRunning();
}
mm::ThreadRegistry::Instance().Unregister(node);
if (destroyRuntime) {
{
ThreadStateGuard guard(state, ThreadState::kRunnable);
node->Get()->gc().ScheduleAndWaitFullGCWithFinalizers();
// TODO: Why not just destruct `GC` object and its thread data counterpart entirely?
mm::GlobalData::Instance().gc().StopFinalizerThreadIfRunning();
}
// we can clear reference in advance, as Unregister function can't use it anyway
mm::ThreadRegistry::ClearCurrentThreadData();
}
mm::ThreadRegistry::Instance().Unregister(node);
}
extern "C" void RestoreMemory(MemoryState*) {