From 563c28dd66d8dbfeca44fa56b40edf7d057c5937 Mon Sep 17 00:00:00 2001 From: Christian Speckner Date: Sun, 11 Aug 2024 11:31:43 +0200 Subject: [PATCH] Fix race condition with use-after-free in TimerManager. --- src/common/TimerManager.cxx | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/common/TimerManager.cxx b/src/common/TimerManager.cxx index ff4ac8a8a..847bd7725 100644 --- a/src/common/TimerManager.cxx +++ b/src/common/TimerManager.cxx @@ -179,8 +179,11 @@ void TimerManager::timerThreadWorker() } else { - // Wait until the timer is ready or a timer creation notifies - wakeUp.wait_until(lock, timer.next); + // Wait until the timer is ready or a timer creation notifies. Note that wait until accesses + // time_point by reference, so we make a copy in case the current time is deleted while the + // thread sleeps. + const auto next = timer.next; + wakeUp.wait_until(lock, next); } } }