/* Check whether timer is valid; global mutex must be held. */
static inline int
timer_valid (struct timer_node *timer)
{
return timer && timer->inuse == TIMER_INUSE;
}
if some memory, casted to a timer_node struct, happens to have inuse field
match the value of TIMER_INUSE the validation check passes, and it is attempted
to be used.
What could be done is check if the passed in timer, is actually in
__timer_array, such that we only try to operate on the valid ones.
Not sure what glibc prior to 2.33 did to check/detect it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940296
Title:
SIGSEGV instead of EINVAL with invalid timer id in timer_delete()
glibc 2.33
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1940296/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
