Skip to content

Commit 66aa545

Browse files
sebressebres
committed
merge segfault fix for [43acb96e678a66ef]: avoid access to freed memory in TpoolRelease
2 parents 5e8cc6e + b98be3d commit 66aa545

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

generic/threadPoolCmd.c

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -676,7 +676,9 @@ TpoolCancelObjCmd(
676676
tpoolPtr->workTail = rPtr->prevPtr;
677677
}
678678
SetResult(NULL, rPtr); /* Just to free the result */
679-
Tcl_Free(rPtr->script);
679+
if (rPtr->script) {
680+
Tcl_Free(rPtr->script);
681+
}
680682
Tcl_Free(rPtr);
681683
Tcl_ListObjAppendElement(interp, doneList, wObjv[ii]);
682684
break;
@@ -1241,6 +1243,7 @@ TpoolWorker(
12411243
Tcl_MutexUnlock(&tpoolPtr->mutex);
12421244
TpoolEval(interp, rPtr->script, rPtr->scriptLen, rPtr);
12431245
Tcl_Free(rPtr->script);
1246+
rPtr->script = NULL;
12441247
Tcl_MutexLock(&tpoolPtr->mutex);
12451248
if (!rPtr->detached) {
12461249
int isNew;
@@ -1716,8 +1719,11 @@ TpoolRelease(
17161719
* Cleanup jobs posted but never completed.
17171720
*/
17181721

1719-
for (rPtr = tpoolPtr->workHead; rPtr; rPtr = rPtr->nextPtr) {
1720-
Tcl_Free(rPtr->script);
1722+
for (rPtr = tpoolPtr->workHead; rPtr; rPtr = tpoolPtr->workHead) {
1723+
tpoolPtr->workHead = rPtr->nextPtr;
1724+
if (rPtr->script) {
1725+
Tcl_Free(rPtr->script);
1726+
}
17211727
Tcl_Free(rPtr);
17221728
}
17231729
Tcl_MutexFinalize(&tpoolPtr->mutex);

0 commit comments

Comments
 (0)