From 74b624af0357476daf47c86a2882289484d5936e Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@cloudius-systems.com>
Date: Tue, 21 May 2013 16:21:12 +0300
Subject: [PATCH] sched: fix double-free of detached threads

The detached thread reaper deletes zombies, but our pthread implementation
also deletes dead pthreads (using the container object).

Fix by making the base thread use the set_cleanup() method to set up a
deleter, which is then overridden by pthreads.
---
 core/sched.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/sched.cc b/core/sched.cc
index 3429add9d..22930043f 100644
--- a/core/sched.cc
+++ b/core/sched.cc
@@ -295,6 +295,12 @@ thread::thread(std::function<void ()> func, attr attr, bool main)
     });
     setup_tcb();
     init_stack();
+    if (_attr.detached) {
+        // assumes detached threads directly on heap, not as member.
+        // if untrue, or need a special deleter, the user must call
+        // set_cleanup() with whatever cleanup needs to be done.
+        set_cleanup([=] { delete this; });
+    }
     if (main) {
         _vruntime = 0; // simulate the first schedule into this thread
         _status.store(status::running);
@@ -620,7 +626,6 @@ void thread::reaper::reap()
                 auto z = _zombies.front();
                 _zombies.pop_front();
                 z->join();
-                delete z;
             }
         });
     }
-- 
GitLab