Signal before unlocking proxy context mutex in emscripten_proxy_finish (#26582)

dschuff · web-flow · commit f3fef05bf5d6 · 2026-04-01T01:09:43.000Z
When finishing a proxied call, the following race condition can happen: thread 1 in [emscripten_proxy_finish](https://github.com/emscripten-core/emscripten/blob/main/system/lib/pthread/proxying.c#L337): ``` pthread_mutex_lock(&ctx->sync.mutex); ctx->sync.state = DONE; remove_active_ctx(ctx); pthread_mutex_unlock(&ctx->sync.mutex); --> thread is preempted or suspends here <--- pthread_cond_signal(&ctx->sync.cond); ``` thread 2 in emscripten_proxy_sync_with_ctx: (ctx is on this thread's stack) ``` pthread_mutex_lock(&ctx.sync.mutex); <-- locks after unlock above while (ctx.sync.state == PENDING) { <--- reads sync.state == DONE pthread_cond_wait(&ctx.sync.cond, &ctx.sync.mutex); <-- doesn't run } pthread_mutex_unlock(&ctx.sync.mutex); int ret = ctx.sync.state == DONE; em_proxying_ctx_deinit(&ctx); <--- frees ctx and returns ``` Then thread 1 tries to run pthread_cond_signal on the freed ctx. This same logic applies to cancel_ctx which is also called on the target thread.
diff --git a/system/lib/pthread/proxying.c b/system/lib/pthread/proxying.c
@@ -339,8 +339,11 @@ void emscripten_proxy_finish(em_proxying_ctx* ctx) {
     pthread_mutex_lock(&ctx->sync.mutex);
     ctx->sync.state = DONE;
     remove_active_ctx(ctx);
-    pthread_mutex_unlock(&ctx->sync.mutex);
+    // Signal must come before unlock to avoid emscripten_proxy_sync_with ctx
+    // seeing the state as DONE and freeing the ctx before we call unlock.
+    // See https://github.com/emscripten-core/emscripten/pull/26582
     pthread_cond_signal(&ctx->sync.cond);
+    pthread_mutex_unlock(&ctx->sync.mutex);
   } else {
     // Schedule the callback on the caller thread. If the caller thread has
     // already died or dies before the callback is executed, then at least make
@@ -365,8 +368,9 @@ static void cancel_ctx(void* arg) {
   if (ctx->kind == SYNC) {
     pthread_mutex_lock(&ctx->sync.mutex);
     ctx->sync.state = CANCELED;
-    pthread_mutex_unlock(&ctx->sync.mutex);
+    // Signal must be first, see comment in emscripten_proxy_finish.
     pthread_cond_signal(&ctx->sync.cond);
+    pthread_mutex_unlock(&ctx->sync.mutex);
   } else {
     if (ctx->cb.cancel == NULL ||
         !do_proxy(ctx->cb.queue,
diff --git a/test/codesize/test_codesize_minimal_pthreads.json b/test/codesize/test_codesize_minimal_pthreads.json
@@ -2,9 +2,9 @@
   "a.out.js": 7363,
   "a.out.js.gz": 3604,
   "a.out.nodebug.wasm": 19046,
-  "a.out.nodebug.wasm.gz": 8822,
+  "a.out.nodebug.wasm.gz": 8821,
   "total": 26409,
-  "total_gz": 12426,
+  "total_gz": 12425,
   "sent": [
     "a (memory)",
     "b (exit)",
diff --git a/test/codesize/test_codesize_minimal_pthreads_memgrowth.json b/test/codesize/test_codesize_minimal_pthreads_memgrowth.json
@@ -2,9 +2,9 @@
   "a.out.js": 7765,
   "a.out.js.gz": 3810,
   "a.out.nodebug.wasm": 19047,
-  "a.out.nodebug.wasm.gz": 8823,
+  "a.out.nodebug.wasm.gz": 8822,
   "total": 26812,
-  "total_gz": 12633,
+  "total_gz": 12632,
   "sent": [
     "a (memory)",
     "b (exit)",
