Fix potential TLS-related memory corruption. Avoid writing to uninitialized TLS as a side effect of deallocation. Initializing TLS during deallocation is unsafe because it is possible that a thread never did any allocation, and that TLS has already been deallocated by the threads library, resulting in write-after-free corruption. These fixes affect prof_tdata and quarantine; all other uses of TLS are already safe, whether intentionally (as for tcache) or unintentionally (as for arenas).

commit: bbe29d374d0fa5f4684621f16c099294e56c26ef [log] [tgz]
author: Jason Evans <je@fb.com> Wed Jan 30 15:03:11 2013 -0800
committer: Jason Evans <je@fb.com> Thu Jan 31 14:23:48 2013 -0800
tree: 4ddaf133e68cb14e25127afb7dfd41a5c8562b34
parent: 83789f45307379e096c4e8be81d9e9a51e3f5a4a [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 6578225..ae7d0bf 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,13 @@
     http://www.canonware.com/cgi-bin/gitweb.cgi?p=jemalloc.git
     git://canonware.com/jemalloc.git
 
+* 3.x.x (XXX Not yet released)
+
+  Bug fixes:
+  - Fix TLS-related memory corruption that could occur during thread exit if the
+    thread never allocated memory.  Only the quarantine and prof facilities were
+    susceptible.
+
 * 3.3.0 (January 23, 2013)
 
   This version includes a few minor performance improvements in addition to the
commit	bbe29d374d0fa5f4684621f16c099294e56c26ef	[log] [tgz]
author	Jason Evans <je@fb.com>	Wed Jan 30 15:03:11 2013 -0800
committer	Jason Evans <je@fb.com>	Thu Jan 31 14:23:48 2013 -0800
tree	4ddaf133e68cb14e25127afb7dfd41a5c8562b34
parent	83789f45307379e096c4e8be81d9e9a51e3f5a4a [diff] [blame]