From 84a54880cef5ac3f2d64c144de162e303384e8db Mon Sep 17 00:00:00 2001 From: Maniraj D Date: Mon, 11 Oct 2021 22:37:02 +0530 Subject: [PATCH] egl: set TSD as NULL after deinit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When eglReleaseThread() is called from application's destructor (API with __attribute__((destructor))), it crashes due to invalid memory access. In this case, _egl_TLS is freed in the flow of _eglAtExit() as below but _egl_TLS is not set to NULL. _eglDestroyThreadInfo _eglFiniTSD _eglAtExit _run_exit_handlers exit Later when the eglReleaseThread is called from application's destructor, it ends-up accessing the freed _egl_TLS pointer. eglReleaseThread -> in libEGL_mesa eglReleaseThread -> in libEGL(glvnd) destructor() -> App's destructor To resolve the invalid access, setting the _egl_TLS pointer as NULL after freeing it. Reviewed-by: Eric Engestrom Reviewed-by: Jesse Natalie Reviewed-by: Tapani Pälli Cc: mesa-stable Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5466 Part-of: (cherry picked from commit 796c9ab3fd6b897ae3b3c069568182178c7661d4) --- .pick_status.json | 2 +- src/egl/main/eglcurrent.c | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index 19c1a789eaf..58dc8595676 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -328,7 +328,7 @@ "description": "egl: set TSD as NULL after deinit", "nominated": true, "nomination_type": 0, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": null }, diff --git a/src/egl/main/eglcurrent.c b/src/egl/main/eglcurrent.c index 11277d3e4c0..401515ca396 100644 --- a/src/egl/main/eglcurrent.c +++ b/src/egl/main/eglcurrent.c @@ -130,8 +130,14 @@ _eglCreateThreadInfo(void) static void _eglDestroyThreadInfo(_EGLThreadInfo *t) { - if (t != &dummy_thread) + if (t != &dummy_thread) { free(t); +#ifdef USE_ELF_TLS + /* Reset the TLS also here, otherwise + * it will be having a dangling pointer */ + _egl_TLS = NULL; +#endif + } }