From 0bfeba2d9a0f7d76e3a93ec79734c50512ea7048 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Mon, 21 Aug 2017 18:40:52 +0200
Subject: win32: fix massive memory corruption (take 2)

As pointed out by uau on IRC, the pointer to info is still used outside
of the lock. An extremely small race condition window, but still a race
condition.
---
 osdep/win32/pthread.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'osdep')

diff --git a/osdep/win32/pthread.c b/osdep/win32/pthread.c
index d4a5ddc22a..141ecfc5e0 100644
--- a/osdep/win32/pthread.c
+++ b/osdep/win32/pthread.c
@@ -206,11 +206,12 @@ int pthread_detach(pthread_t thread)
 static DWORD WINAPI run_thread(LPVOID lpParameter)
 {
     pthread_mutex_lock(&pthread_table_lock);
-    struct m_thread_info *info = find_thread_info(pthread_self());
-    assert(info);
+    struct m_thread_info *pinfo = find_thread_info(pthread_self());
+    assert(pinfo);
+    struct m_thread_info info = *pinfo;
     pthread_mutex_unlock(&pthread_table_lock);
 
-    pthread_exit(info->user_fn(info->user_arg));
+    pthread_exit(info.user_fn(info.user_arg));
     abort(); // not reached
 }
 
-- 
cgit v1.2.3