From fe6e734f76b696176c30f76f0361a0b766309298 Mon Sep 17 00:00:00 2001 From: Jan Vorlicek Date: Thu, 2 Apr 2020 02:57:02 +0200 Subject: [PATCH] Fix write behind allocated memory in thread name setting (#34424) The code in CorUnix::InternalSetThreadDescription is writing behind the end of the allocated memory in case the name is shorter than 16 characters. That is causing memory heap corruption. --- src/coreclr/src/pal/src/thread/thread.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/coreclr/src/pal/src/thread/thread.cpp b/src/coreclr/src/pal/src/thread/thread.cpp index 1473601c512523..159ef03cf0b605 100644 --- a/src/coreclr/src/pal/src/thread/thread.cpp +++ b/src/coreclr/src/pal/src/thread/thread.cpp @@ -1666,7 +1666,10 @@ CorUnix::InternalSetThreadDescription( // Null terminate early. // pthread_setname_np only accepts up to 16 chars. - nameBuf[15] = '\0'; + if (nameSize > 15) + { + nameBuf[15] = '\0'; + } error = pthread_setname_np(pTargetThread->GetPThreadSelf(), nameBuf);