[PATCH] librt: fix NULL pointer dereference (bug 28213)
Siddhesh Poyarekar
siddhesh@gotplt.org
Mon Aug 9 13:32:35 GMT 2021
On 8/9/21 6:51 PM, Siddhesh Poyarekar wrote:
> On 8/9/21 5:55 PM, Никита Попов via Libc-alpha wrote:
>> Helper thread frees copied attribute on NOTIFY_REMOVED message
>> received from the OS kernel. Unfortunately, it fails to check whether
>> copied attribute actually exists (data.attr != NULL). This worked
>> earlier because free() checks passed pointer before actually
>> attempting to release corresponding memory. But __pthread_attr_destroy
>> assumes pointer is not NULL. So passing NULL pointer to
>> __pthread_attr_destroy will result in segmentation fault. This
>> scenario is possible if notification->sigev_notify_attributes == NULL
>> (which means default thread attributes should be used).
>
> Thank you, the fix looks good to me. Do you have a test case to go with
> it?
Also, I don't know if you have an FSF copyright assignment, but it's no
longer necessary. Please confirm that you're the original author and
are authorized to contribute this patch by adding a DCO, i.e. add a
Signed-off-by to indicate that. See also:
https://developercertificate.org/
Thanks,
Siddhesh
More information about the Libc-alpha
mailing list