summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--nptl/pthread_join_common.c5
2 files changed, 9 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index fee6c0fd2d..39d44fd671 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-02-15 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #24211]
+ * nptl/pthread_join_common.c (__pthread_timedjoin_ex): Do not read
+ pd->result after the thread descriptor has been freed.
+
2019-02-15 Joseph Myers <joseph@codesourcery.com>
* sunrpc/tst-svc_register.c (rpcbind_address): Remove qualifier
diff --git a/nptl/pthread_join_common.c b/nptl/pthread_join_common.c
index 6efe8efc3f..5224ee2110 100644
--- a/nptl/pthread_join_common.c
+++ b/nptl/pthread_join_common.c
@@ -145,6 +145,7 @@ __pthread_timedjoin_ex (pthread_t threadid, void **thread_return,
pthread_cleanup_pop (0);
}
+ void *pd_result = pd->result;
if (__glibc_likely (result == 0))
{
/* We mark the thread as terminated and as joined. */
@@ -152,7 +153,7 @@ __pthread_timedjoin_ex (pthread_t threadid, void **thread_return,
/* Store the return value if the caller is interested. */
if (thread_return != NULL)
- *thread_return = pd->result;
+ *thread_return = pd_result;
/* Free the TCB. */
__free_tcb (pd);
@@ -160,7 +161,7 @@ __pthread_timedjoin_ex (pthread_t threadid, void **thread_return,
else
pd->joinid = NULL;
- LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result);
+ LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd_result);
return result;
}