nuttx icon indicating copy to clipboard operation
nuttx copied to clipboard
verified publisher icon apache

poll: fix thread_cancel() caused poll used after free

Open GUIDINGLI opened this issue 1 year ago • 2 comments

Summary

poll: fix thread_cancel() caused poll used after free

    pthread 0          pthread1
    fd 0
    poll_setup
    wait
                       cancel(thread 0)
                       fd 0 close
                       fd 0 notify (sem used after free)
    poll_teardown

Resolve: Use pthread_cleanup / tls_cleanup to fix this

Impact

POLL

Testing

SIM

GUIDINGLI avatar Mar 01 '24 14:03 GUIDINGLI

@liguiding Please rebase to the last master which fix the ci broken.

xiaoxiang781216 avatar Mar 04 '24 03:03 xiaoxiang781216

@GUIDINGLI Is CONFIG_PTHREAD_CLEANUP_STACKSIZE->CONFIG_TLS_NCLEANUP going to break everyone's out of repo code? Should it be marked as a breaking change?

davids5 avatar Mar 05 '24 05:03 davids5