al_run_detached_thread: fix segfault on detaching when the thread is already gone

dos1 · dos1 · commit 89adf14a31f7 · 2019-05-03T02:47:41.000+02:00
detached_thread_func_trampoline freed the outer thread at its end. If outer-&gt;proc
was really fast to finish, _al_thread_detach could get called with &amp;outer-&gt;thread
as its argument after outer was already freed.

Usually it would be fast enough to not ever be overwritten after freeing, but tools
like asan explicitly overwrite freed memory, leading to reproducible crash.
diff --git a/src/threads.c b/src/threads.c
@@ -147,11 +147,12 @@ ALLEGRO_THREAD *al_create_thread_with_stacksize(
 void al_run_detached_thread(void *(*proc)(void *arg), void *arg)
 {
    ALLEGRO_THREAD *outer = create_thread();
+   _AL_THREAD thread;
    outer->thread_state = THREAD_STATE_DETACHED;
    outer->arg = arg;
    outer->proc = proc;
-   _al_thread_create(&outer->thread, detached_thread_func_trampoline, outer);
-   _al_thread_detach(&outer->thread);
+   _al_thread_create(&thread, detached_thread_func_trampoline, outer);
+   _al_thread_detach(&thread);
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -147,11 +147,12 @@ ALLEGRO_THREAD *al_create_thread_with_stacksize(`
`147`	`147`	`void al_run_detached_thread(void (proc)(void arg), void arg)`
`148`	`148`	`{`
`149`	`149`	`ALLEGRO_THREAD *outer = create_thread();`
	`150`	`+ _AL_THREAD thread;`
`150`	`151`	`outer->thread_state = THREAD_STATE_DETACHED;`
`151`	`152`	`outer->arg = arg;`
`152`	`153`	`outer->proc = proc;`
`153`		`- _al_thread_create(&outer->thread, detached_thread_func_trampoline, outer);`
`154`		`- _al_thread_detach(&outer->thread);`
	`154`	`+ _al_thread_create(&thread, detached_thread_func_trampoline, outer);`
	`155`	`+ _al_thread_detach(&thread);`
`155`	`156`	`}`
`156`	`157`
`157`	`158`