From 29a06142c5e7abfeae5d864892490ccc70f6123f Mon Sep 17 00:00:00 2001
From: lingfengPeng <uint8_t@163.com>
Date: Tue, 11 Mar 2025 10:48:29 +0800
Subject: [PATCH] fix dangling pointer in component pthread and dfs_elm (#9976)

* [components/libc/posix][pthreads]fix the risk of dangling pointer

* [components][dfs][dfs_elm]:fix risk of dangling pointer, unmount the temp driver then free the temp FATFS in dfs_elm_mkfs.
---
 components/dfs/dfs_v1/filesystems/elmfat/dfs_elm.c | 2 +-
 components/dfs/dfs_v2/filesystems/elmfat/dfs_elm.c | 2 +-
 components/libc/posix/pthreads/pthread.c           | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/dfs/dfs_v1/filesystems/elmfat/dfs_elm.c b/components/dfs/dfs_v1/filesystems/elmfat/dfs_elm.c
index be6579ab59..43c72c6675 100644
--- a/components/dfs/dfs_v1/filesystems/elmfat/dfs_elm.c
+++ b/components/dfs/dfs_v1/filesystems/elmfat/dfs_elm.c
@@ -280,8 +280,8 @@ int dfs_elm_mkfs(rt_device_t dev_id, const char *fs_name)
     /* check flag status, we need clear the temp driver stored in disk[] */
     if (flag == FSM_STATUS_USE_TEMP_DRIVER)
     {
-        rt_free(fat);
         f_mount(RT_NULL, logic_nbr, (BYTE)index);
+        rt_free(fat);
         disk[index] = RT_NULL;
         /* close device */
         rt_device_close(dev_id);
diff --git a/components/dfs/dfs_v2/filesystems/elmfat/dfs_elm.c b/components/dfs/dfs_v2/filesystems/elmfat/dfs_elm.c
index c8d41f02f7..625a7cec5e 100644
--- a/components/dfs/dfs_v2/filesystems/elmfat/dfs_elm.c
+++ b/components/dfs/dfs_v2/filesystems/elmfat/dfs_elm.c
@@ -319,8 +319,8 @@ int dfs_elm_mkfs(rt_device_t dev_id, const char *fs_name)
     /* check flag status, we need clear the temp driver stored in disk[] */
     if (flag == FSM_STATUS_USE_TEMP_DRIVER)
     {
-        rt_free(fat);
         f_mount(RT_NULL, logic_nbr, (BYTE)index);
+        rt_free(fat);
         disk[index] = RT_NULL;
         /* close device */
         rt_device_close(dev_id);
diff --git a/components/libc/posix/pthreads/pthread.c b/components/libc/posix/pthreads/pthread.c
index 0ad8f9fecd..841bba5c5a 100644
--- a/components/libc/posix/pthreads/pthread.c
+++ b/components/libc/posix/pthreads/pthread.c
@@ -169,9 +169,6 @@ void _pthread_data_destroy(_pthread_data_t *ptd)
         /* clean magic */
         ptd->magic = 0x0;
 
-        /* clear the "ptd->tid->pthread_data" */
-        ptd->tid->pthread_data = RT_NULL;
-
         /* free ptd */
         rt_free(ptd);
     }
@@ -185,6 +182,9 @@ static void _pthread_cleanup(rt_thread_t tid)
     /* restore tid stack */
     rt_free(tid->stack_addr);
 
+    /* clear the "ptd->tid->pthread_data" */
+    tid->pthread_data = RT_NULL;
+
     /* restore tid control block */
     rt_free(tid);
 }