Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix access to freed members of a dead thread
* threads.c: Fix access to freed members of a dead thread. Found
and fixed by Rodrigo Kumpera <rkumpera@novell.com>
Ref: CVE-2011-0992
  • Loading branch information
Sebastien Pouliot committed Apr 6, 2011
1 parent 7d23d76 commit 722f989
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions mono/metadata/threads.c
Expand Up @@ -1036,12 +1036,17 @@ void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInterna
CloseHandle (thread);

if (this->synch_cs) {
DeleteCriticalSection (this->synch_cs);
g_free (this->synch_cs);
CRITICAL_SECTION *synch_cs = this->synch_cs;
this->synch_cs = NULL;
DeleteCriticalSection (synch_cs);
g_free (synch_cs);
}

g_free (this->name);
if (this->name) {
void *name = this->name;
this->name = NULL;
g_free (name);
}
}

static void mono_thread_start (MonoThread *thread)
Expand Down

0 comments on commit 722f989

Please sign in to comment.