Set current thread state to NULL in teardown

In the EGL destructor, DestroyThreadState gets called by __eglCurrentTeardown to free the threadState, but the threadState does not get changed to NULL when this happens. The function eglReleaseThread calls __eglDestroyCurrentThreadAPIState, which does set the threadState to NULL, right before calling DestroyThreadState. Both eglReleaseThread and __eglDestroyCurrentThreadAPIState check to make sure the threadState is NULL before continuing. If eglReleaseThread gets externally called after destruction, the threadState is not NULL, so DestroyThreadState will be called to free the threadState that was already freed by the destructor, causing a double free. This change is to add the same setting threadState to NULL in __eglCurrentTeardown as which already __eglDestroyCurrentThreadAPIState, to prevent this double free situation.
2022-03-14 18:51:37 +00:00 · 2022-03-14 18:51:37 +00:00 · 4834bd26e7
parent c8ee0055df
commit 4834bd26e7
1 changed files with 2 additions and 1 deletions
--- a/src/EGL/libeglcurrent.c
+++ b/src/EGL/libeglcurrent.c
@ -94,7 +94,8 @@ void __eglCurrentTeardown(EGLBoolean doReset)
    while (!glvnd_list_is_empty(&currentThreadStateList)) {
        __EGLThreadAPIState *threadState = glvnd_list_first_entry(
                &currentThreadStateList, __EGLThreadAPIState, entry);
-        DestroyThreadState(threadState);
+        __glvndPthreadFuncs.setspecific(threadStateKey, NULL);
+	DestroyThreadState(threadState);
    }

    if (doReset) {