Ensure thread library is initialized in pthread_testcancel().

Call _thr_check_init() before reading curthread in pthread_testcancel(). If a constructor in a library creates a semaphore via sem_init() and then waits for it via sem_wait(), the program can core dump in _pthread_testcancel() called from sem_wait(). This is because the semaphore implementation lives in libc, so the library's constructors can be run before libthr's constructors. Reported by: arichardson Reviewed by: kib Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA / AFRL Differential Revision: https://reviews.freebsd.org/D14786
2018-03-21 21:13:26 +00:00 · 2018-03-21 21:13:26 +00:00 · dc3566067a
commit dc3566067a
parent dd388cfd9b
1 changed files with 3 additions and 1 deletions
--- a/lib/libthr/thread/thr_cancel.c
+++ b/lib/libthr/thread/thr_cancel.c
@ -132,8 +132,10 @@ _pthread_setcanceltype(int type, int *oldtype)
 void
 _pthread_testcancel(void)
 {
-	struct pthread *curthread = _get_curthread();
+	struct pthread *curthread;

+	_thr_check_init();
+	curthread = _get_curthread();
 	testcancel(curthread);
 }