From 2e1040fa5ce6c02f2ccedb2b29cda381ccd849c1 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Mon, 12 May 2025 10:08:21 +0200 Subject: [PATCH] asny-thrdd: fix detach from running thread When cancelling a threaded resolve and the thread is still running, detach from it under the mutex lock. Otherwise, the detach might happen after the thread finished and access already freed memory. Fixes #17256 Reported-by: Mathieu Garaud Closes #17320 --- lib/asyn-thrdd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/asyn-thrdd.c b/lib/asyn-thrdd.c index 3e705425f8..a95c736b65 100644 --- a/lib/asyn-thrdd.c +++ b/lib/asyn-thrdd.c @@ -323,14 +323,14 @@ static void async_thrdd_destroy(struct Curl_easy *data) CURL_TRC_DNS(data, "resolve, destroy async data, shared ref=%d", addr->ref_count); done = !addr->ref_count; - Curl_mutex_release(&addr->mutx); - if(!done) { - /* thread is still running. Detach the thread, it will + /* thread is still running. Detach the thread while mutexed, it will * trigger the cleanup when it releases its reference. */ Curl_thread_destroy(&addr->thread_hnd); } - else { + Curl_mutex_release(&addr->mutx); + + if(done) { /* thread has released its reference, join it and * release the memory we shared with it. */ if(addr->thread_hnd != curl_thread_t_null) -- 2.47.3