al_run_detached_thread: fix segfault on detaching when the thread is …

…already gone detached_thread_func_trampoline freed the outer thread at its end. If outer->proc was really fast to finish, _al_thread_detach could get called with &outer->thread as its argument after outer was already freed. Usually it would be fast enough to not ever be overwritten after freeing, but tools like asan explicitly overwrite freed memory, leading to reproducible crash.
liballeg · May 3, 2019 · 89adf14 · 89adf14
1 parent e816710
commit 89adf14
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/threads.c b/src/threads.c
@@ -147,11 +147,12 @@ ALLEGRO_THREAD *al_create_thread_with_stacksize(
 void al_run_detached_thread(void *(*proc)(void *arg), void *arg)
 {
    ALLEGRO_THREAD *outer = create_thread();
+   _AL_THREAD thread;
    outer->thread_state = THREAD_STATE_DETACHED;
    outer->arg = arg;
    outer->proc = proc;
-   _al_thread_create(&outer->thread, detached_thread_func_trampoline, outer);
-   _al_thread_detach(&outer->thread);
+   _al_thread_create(&thread, detached_thread_func_trampoline, outer);
+   _al_thread_detach(&thread);
 }