qthreads icon indicating copy to clipboard operation
qthreads copied to clipboard
Published 2 months ago verified publisher icon sandialabs

Use After Free In Nemesis Shutdown Code

Open insertinterestingnamehere opened this issue 2 years ago • 1 comments

There's a race condition and use after free bug in the Nemesis threadqueue termination code where a worker thread may access a queue node after the main thread has already freed it. Relevant lines are:

Read from worker thread: https://github.com/sandialabs/qthreads/blob/d6ce514a70c65b74c5e04906615ec51c7f288e0f/src/threadqueues/nemesis_threadqueues.c#L393 Write (free) by main thread: https://github.com/sandialabs/qthreads/blob/d6ce514a70c65b74c5e04906615ec51c7f288e0f/src/threadqueues/nemesis_threadqueues.c#L399

This is part of #149.

insertinterestingnamehere avatar Dec 01 '23 18:12 insertinterestingnamehere

This appears to have been resolved by one of the other thread sanitizer patches. Probably #206. This can also be closed when that one's merged.

insertinterestingnamehere avatar Dec 07 '23 18:12 insertinterestingnamehere