From 8c76bec77985be7f4c81a052ec649232341369f6 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 30 Sep 2020 16:16:11 +0100 Subject: [PATCH] gthread: Destroy value after replacing it in g_private_replace() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the old value is destroyed before updating the TLS value in pthreads (or the Windows equivalent) then there’s a risk of infinite recursion if `g_private_replace()` is called from within the `GDestroyNotify`. Avoid that by destroying the old value after doing the TLS update. Thanks to Matthias Clasen for diagnosing the issue. Signed-off-by: Philip Withnall Fixes: #2210 --- glib/gthread-posix.c | 5 +++-- glib/gthread-win32.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/glib/gthread-posix.c b/glib/gthread-posix.c index f36055925..f09f58a15 100644 --- a/glib/gthread-posix.c +++ b/glib/gthread-posix.c @@ -1116,11 +1116,12 @@ g_private_replace (GPrivate *key, gint status; old = pthread_getspecific (*impl); - if (old && key->notify) - key->notify (old); if G_UNLIKELY ((status = pthread_setspecific (*impl, value)) != 0) g_thread_abort (status, "pthread_setspecific"); + + if (old && key->notify) + key->notify (old); } /* {{{1 GThread */ diff --git a/glib/gthread-win32.c b/glib/gthread-win32.c index 54f74f2f8..0c37dc6c1 100644 --- a/glib/gthread-win32.c +++ b/glib/gthread-win32.c @@ -373,9 +373,9 @@ g_private_replace (GPrivate *key, gpointer old; old = TlsGetValue (impl); + TlsSetValue (impl, value); if (old && key->notify) key->notify (old); - TlsSetValue (impl, value); } /* {{{1 GThread */