UAF / Use-After-Destroy for Mutexes #1100
Description
This would equally apply to using a mutex after pthread_mutex_destroy has been called, and also using a condition variable after pthread_cond_destroy has been called. The additional complication is that these appear mostly in multi-threaded code, so it is not immediately obvious if @vogler's automata based approach would work here.
In fact, there one would probably require that due to MHP information it can be excluded that any accesses happen after the destroy has happened.
Originally posted by @michael-schwarz in #200 (comment)
Since #200 was solved by #1050, I transferred this to a separate issue. The same techniques developed for #1050 (and its extension to multi-threaded programs which is still to come) could probably be adapted to this usage too.