Skip to content

Fix use-after-scope in RandomX job thread task lambda#2

Merged
MoneroOcean merged 2 commits into
mainfrom
codex/fix-use-after-scope-vulnerability-in-randomx
May 27, 2026
Merged

Fix use-after-scope in RandomX job thread task lambda#2
MoneroOcean merged 2 commits into
mainfrom
codex/fix-use-after-scope-vulnerability-in-randomx

Conversation

@MoneroOcean

Copy link
Copy Markdown
Owner

Motivation

  • Fix a high-severity use-after-scope bug where a stack-local std::atomic<int> unique_counter was captured by reference in thread-pool tasks and could be accessed after set_job() returned.
  • The dangling counter produced stale thread_id values that were then used to index new_inputs and m_vm, risking crashes or native memory corruption.

Description

  • Remove the local unique_counter from Core::set_job() to eliminate the dangling reference risk.
  • Change the worker lambda to accept the int thread_id parameter supplied by ctpl::thread_pool and stop capturing the counter.
  • Preserve all existing hashing logic and control flow so runtime behavior remains the same while removing the unsafe pattern.

Testing

  • Ran automated source searches with rg to confirm unique_counter is no longer referenced and rx_thread_id usage remains consistent, and the searches succeeded.
  • Inspected the modified region with sed -n '300,350p' moner-job.cpp and nl -ba moner-job.cpp | sed -n '330,360p' to verify the lambda signature and captures were updated as intended.
  • Verified the diff shows the counter removal and lambda change; these automated checks completed successfully.

Codex Task

@MoneroOcean
MoneroOcean merged commit 4f3a7bd into main May 27, 2026
1 check passed
@MoneroOcean
MoneroOcean deleted the codex/fix-use-after-scope-vulnerability-in-randomx branch May 27, 2026 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant