libthread: fix use after free of first thread in each proc

This was causing sporadic but frequent crashes at startup in 9pserve on the new M1 Macs, correctly diagnosing a use-after-free.
2025-01-12 11:10:07 +00:00 · 2020-12-15 00:05:17 -05:00 · 2020-12-15 00:05:17 -05:00 · 2991442aef
commit 2991442aef
parent a012d17433
1 changed files with 9 additions and 1 deletions
--- a/src/libthread/thread.c
+++ b/src/libthread/thread.c
@ -411,7 +411,14 @@ Top:
 		p->nthread--;
 /*print("nthread %d\n", p->nthread); */
 		_threadstkfree(t->stk, t->stksize);
-		free(t);
+		/*
+		 * Cannot free p->thread0 yet: it is used for the
+		 * context switches back to the scheduler.
+		 * Instead, we will free it at the end of this function.
+		 * But all the other threads can be freed now.
+		 */
+		if(t != p->thread0)
+			free(t);
 	}

 	for(;;){
@ -490,6 +497,7 @@ Out:
 	unlock(&threadnproclock);
 	unlock(&p->lock);
 	_threadsetproc(nil);
+	free(p->thread0);
 	free(p);
 	_threadpexit();
 }