egl: set TSD as NULL after deinit

When eglReleaseThread() is called from application's destructor (API with __attribute__((destructor))), it crashes due to invalid memory access. In this case, _egl_TLS is freed in the flow of _eglAtExit() as below but _egl_TLS is not set to NULL. _eglDestroyThreadInfo _eglFiniTSD _eglAtExit _run_exit_handlers exit Later when the eglReleaseThread is called from application's destructor, it ends-up accessing the freed _egl_TLS pointer. eglReleaseThread -> in libEGL_mesa eglReleaseThread -> in libEGL(glvnd) destructor() -> App's destructor To resolve the invalid access, setting the _egl_TLS pointer as NULL after freeing it. Reviewed-by: Eric Engestrom <eric@engestrom.ch> Reviewed-by: Jesse Natalie <jenatali@microsoft.com> Reviewed-by: Tapani Pälli <tapani.palli@intel.com> Cc: mesa-stable Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5466 Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13302> (cherry picked from commit 796c9ab3fd)
2026-01-15 09:30:19 +01:00 · 2021-10-11 22:37:02 +05:30 · 2021-10-11 22:37:02 +05:30 · 84a54880ce
commit 84a54880ce
parent 12b464b2b8
2 changed files with 8 additions and 2 deletions
--- a/.pick_status.json
+++ b/.pick_status.json
@ -328,7 +328,7 @@
        "description": "egl: set TSD as NULL after deinit",
        "nominated": true,
        "nomination_type": 0,
-        "resolution": 0,
+        "resolution": 1,
        "main_sha": null,
        "because_sha": null
    },
--- a/src/egl/main/eglcurrent.c
+++ b/src/egl/main/eglcurrent.c
@ -130,8 +130,14 @@ _eglCreateThreadInfo(void)
 static void
 _eglDestroyThreadInfo(_EGLThreadInfo *t)
 {
-   if (t != &dummy_thread)
+   if (t != &dummy_thread) {
      free(t);
+#ifdef USE_ELF_TLS
+      /* Reset the TLS also here, otherwise
+       * it will be having a dangling pointer */
+      _egl_TLS = NULL;
+#endif
+   }
 }