From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- .../mono/files/mono-2.10.2-threads-access.patch | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 dev-lang/mono/files/mono-2.10.2-threads-access.patch (limited to 'dev-lang/mono/files/mono-2.10.2-threads-access.patch') diff --git a/dev-lang/mono/files/mono-2.10.2-threads-access.patch b/dev-lang/mono/files/mono-2.10.2-threads-access.patch new file mode 100644 index 000000000000..d677b0113e2d --- /dev/null +++ b/dev-lang/mono/files/mono-2.10.2-threads-access.patch @@ -0,0 +1,40 @@ +From 722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Mon Sep 17 00:00:00 2001 +From: Sebastien Pouliot +Date: Wed, 6 Apr 2011 13:24:31 -0400 +Subject: [PATCH] Fix access to freed members of a dead thread + +* threads.c: Fix access to freed members of a dead thread. Found +and fixed by Rodrigo Kumpera +Ref: CVE-2011-0992 +--- + mono/metadata/threads.c | 11 ++++++++--- + 1 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/mono/metadata/threads.c b/mono/metadata/threads.c +index 3fe4e93..a7a721d 100644 +--- a/mono/metadata/threads.c ++++ b/mono/metadata/threads.c +@@ -1036,12 +1036,17 @@ void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInterna + CloseHandle (thread); + + if (this->synch_cs) { +- DeleteCriticalSection (this->synch_cs); +- g_free (this->synch_cs); ++ CRITICAL_SECTION *synch_cs = this->synch_cs; + this->synch_cs = NULL; ++ DeleteCriticalSection (synch_cs); ++ g_free (synch_cs); + } + +- g_free (this->name); ++ if (this->name) { ++ void *name = this->name; ++ this->name = NULL; ++ g_free (name); ++ } + } + + static void mono_thread_start (MonoThread *thread) +-- +1.7.5.4 + -- cgit v1.2.3