fix use of uninitialized memory with application-provided thread stacks
authorRich Felker <dalias@aerifal.cx>
Fri, 22 Aug 2014 18:05:10 +0000 (14:05 -0400)
committerRich Felker <dalias@aerifal.cx>
Mon, 30 Mar 2015 05:15:43 +0000 (01:15 -0400)
the subsequent code in pthread_create and the code which copies TLS
initialization images to the new thread's TLS space assume that the
memory provided to them is zero-initialized, which is true when it's
obtained by pthread_create using mmap. however, when the caller
provides a stack using pthread_attr_setstack, pthread_create cannot
make any assumptions about the contents. simply zero-filling the
relevant memory in this case is the simplest and safest fix.

(cherry picked from commit a6293285e930dbdb0eff47e29b513ca22537b1a2)

src/thread/pthread_create.c

index 02b966abcafac71ee71332d8b7b104592846b60a..f1d286be92b7b7706685d1531c2d0b619bb52af9 100644 (file)
@@ -3,6 +3,7 @@
 #include "stdio_impl.h"
 #include "libc.h"
 #include <sys/mman.h>
+#include <string.h>
 
 static void dummy_0()
 {
@@ -161,6 +162,7 @@ int pthread_create(pthread_t *restrict res, const pthread_attr_t *restrict attrp
                if (need < size/8 && need < 2048) {
                        tsd = stack - __pthread_tsd_size;
                        stack = tsd - libc.tls_size;
+                       memset(stack, 0, need);
                } else {
                        size = ROUND(need);
                        guard = 0;