summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2014-08-22 14:05:10 -0400
committerRich Felker <dalias@aerifal.cx>2014-08-22 14:05:10 -0400
commita6293285e930dbdb0eff47e29b513ca22537b1a2 (patch)
tree66a43238db0d04793fd682bf79f5d23745659b20
parent321f4fa9067185aa6bb47403dfba46e8cfe917d3 (diff)
downloadmusl-a6293285e930dbdb0eff47e29b513ca22537b1a2.tar.gz
musl-a6293285e930dbdb0eff47e29b513ca22537b1a2.tar.bz2
musl-a6293285e930dbdb0eff47e29b513ca22537b1a2.tar.xz
musl-a6293285e930dbdb0eff47e29b513ca22537b1a2.zip
fix use of uninitialized memory with application-provided thread stacks
the subsequent code in pthread_create and the code which copies TLS initialization images to the new thread's TLS space assume that the memory provided to them is zero-initialized, which is true when it's obtained by pthread_create using mmap. however, when the caller provides a stack using pthread_attr_setstack, pthread_create cannot make any assumptions about the contents. simply zero-filling the relevant memory in this case is the simplest and safest fix.
-rw-r--r--src/thread/pthread_create.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c
index c8c117b9..1601614a 100644
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@@ -3,6 +3,7 @@
#include "stdio_impl.h"
#include "libc.h"
#include <sys/mman.h>
+#include <string.h>
static void dummy_0()
{
@@ -175,6 +176,7 @@ int pthread_create(pthread_t *restrict res, const pthread_attr_t *restrict attrp
if (need < size/8 && need < 2048) {
tsd = stack - __pthread_tsd_size;
stack = tsd - libc.tls_size;
+ memset(stack, 0, need);
} else {
size = ROUND(need);
guard = 0;