From owner-svn-src-head@freebsd.org Fri Jun 16 01:26:03 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0FEABF340B; Fri, 16 Jun 2017 01:26:02 +0000 (UTC) (envelope-from araujo@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B7A57670D3; Fri, 16 Jun 2017 01:26:02 +0000 (UTC) (envelope-from araujo@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v5G1Q1L1079134; Fri, 16 Jun 2017 01:26:01 GMT (envelope-from araujo@FreeBSD.org) Received: (from araujo@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v5G1Q1Fm079133; Fri, 16 Jun 2017 01:26:01 GMT (envelope-from araujo@FreeBSD.org) Message-Id: <201706160126.v5G1Q1Fm079133@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: araujo set sender to araujo@FreeBSD.org using -f From: Marcelo Araujo Date: Fri, 16 Jun 2017 01:26:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r319995 - head/usr.sbin/bhyve X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jun 2017 01:26:03 -0000 Author: araujo Date: Fri Jun 16 01:26:01 2017 New Revision: 319995 URL: https://svnweb.freebsd.org/changeset/base/319995 Log: Check if pthread_create(3) successfully created the thread prior to call pthread_join(3). The variable tid is not yet initialized in case the authentication fails at early stage, that would lead pthread_join be called with an uninitialized variable. CID: 1375950 Reported by: Coverity, cem Reviewed by: cem MFC after: 3 weeks. Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D11150 Modified: head/usr.sbin/bhyve/rfb.c Modified: head/usr.sbin/bhyve/rfb.c ============================================================================== --- head/usr.sbin/bhyve/rfb.c Fri Jun 16 00:44:23 2017 (r319994) +++ head/usr.sbin/bhyve/rfb.c Fri Jun 16 01:26:01 2017 (r319995) @@ -769,6 +769,7 @@ rfb_handle(struct rfb_softc *rc, int cfd) pthread_t tid; uint32_t sres = 0; int len; + int perror = 1; rc->cfd = cfd; @@ -878,8 +879,9 @@ rfb_handle(struct rfb_softc *rc, int cfd) rfb_send_screen(rc, cfd, 1); - pthread_create(&tid, NULL, rfb_wr_thr, rc); - pthread_set_name_np(tid, "rfbout"); + perror = pthread_create(&tid, NULL, rfb_wr_thr, rc); + if (perror == 0) + pthread_set_name_np(tid, "rfbout"); /* Now read in client requests. 1st byte identifies type */ for (;;) { @@ -915,7 +917,8 @@ rfb_handle(struct rfb_softc *rc, int cfd) } done: rc->cfd = -1; - pthread_join(tid, NULL); + if (perror == 0) + pthread_join(tid, NULL); if (rc->enc_zlib_ok) deflateEnd(&rc->zstream); }