[D-runtime] [dlang/druntime] b22d81: sections_elf_shared: Do not access TLS of dead thr...

Thu Sep 15 23:55:25 PDT 2016

  Branch: refs/heads/master
  Home:   https://github.com/dlang/druntime
  Commit: b22d813d0b16d694d9dbd664b247f7949b4354fa
      https://github.com/dlang/druntime/commit/b22d813d0b16d694d9dbd664b247f7949b4354fa
  Author: David Nadlinger <code at klickverbot.at>
  Date:   2016-09-11 (Sun, 11 Sep 2016)

  Changed paths:
    M src/rt/sections_elf_shared.d

  Log Message:
  -----------
  sections_elf_shared: Do not access TLS of dead thread in finiTLSRanges()

finiTLSRanges() is called from the destructor of core.Thread. At this point,
the OS thread has already ceased to exist, so what was formerly a pointer
to _loadedDSOs is no longer valid.

In other words, `tdsos.reset()` was a use-after-free bug. It is unclear why
the issue didn't surface on Linux/FreeBSD yet; for example, glibc might not
actually re-use the TLS address range after a thread exits. On OS X, however,
this did quite frequently trigger a crash when running the Phobos unit tests,
since `tdsos` would have already been overwritten with unrelated contents.

  Commit: d0d8c6f164d861e85d7f2d25b10f038dccd6626f
      https://github.com/dlang/druntime/commit/d0d8c6f164d861e85d7f2d25b10f038dccd6626f
  Author: Walter Bright <WalterBright at users.noreply.github.com>
  Date:   2016-09-15 (Thu, 15 Sep 2016)

  Changed paths:
    M src/rt/sections_elf_shared.d

  Log Message:
  -----------
  Merge pull request #1655 from klickverbot/thread-dsos-use-after-free

sections_elf_shared: Do not access TLS of dead thread in finiTLSRanges()

Compare: https://github.com/dlang/druntime/compare/c4dc18549042...d0d8c6f164d8