From 722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Mon Sep 17 00:00:00 2001
From: Sebastien Pouliot <sebastien@ximian.com>
Date: Wed, 6 Apr 2011 13:24:31 -0400
Subject: [PATCH] Fix access to freed members of a dead thread

* threads.c: Fix access to freed members of a dead thread. Found
and fixed by Rodrigo Kumpera <rkumpera@novell.com>
Ref: CVE-2011-0992
---
 mono/metadata/threads.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/mono/metadata/threads.c b/mono/metadata/threads.c
index 3fe4e93..a7a721d 100644
--- a/mono/metadata/threads.c
+++ b/mono/metadata/threads.c
@@ -1036,12 +1036,17 @@ void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInterna
 		CloseHandle (thread);
 
 	if (this->synch_cs) {
-		DeleteCriticalSection (this->synch_cs);
-		g_free (this->synch_cs);
+		CRITICAL_SECTION *synch_cs = this->synch_cs;
 		this->synch_cs = NULL;
+		DeleteCriticalSection (synch_cs);
+		g_free (synch_cs);
 	}
 
-	g_free (this->name);
+	if (this->name) {
+		void *name = this->name;
+		this->name = NULL;
+		g_free (name);
+	}
 }
 
 static void mono_thread_start (MonoThread *thread)
-- 
1.7.5.4