From 924edc9f63a7ac47f90809dfcfc96d9dd231f38d Mon Sep 17 00:00:00 2001
From: richardsonnick <nic.rr@icloud.com>
Date: Tue, 23 Dec 2025 15:41:21 -0500
Subject: [PATCH] Fix data race in POOL_create_advanced by protecting
 threadLimit

Fixes a potential data race in `POOL_create_advanced` where `ctx->threadLimit` was being updated without holding the `queueMutex`. Worker threads (`POOL_thread`) could access `threadLimit` before it was fully initialized, leading to undefined behavior.

The update to `ctx->threadLimit` is now mutex-protected to ensure thread safety during initialization.

`ctx->threadCapacity` remains unprotected, as it is only modified by the parent thread during setup.
---
 lib/common/pool.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/common/pool.c b/lib/common/pool.c
index 3adcefc9a50..06c9a52837e 100644
--- a/lib/common/pool.c
+++ b/lib/common/pool.c
@@ -146,15 +146,20 @@ POOL_ctx* POOL_create_advanced(size_t numThreads, size_t queueSize,
     /* Check for errors */
     if (!ctx->threads || !ctx->queue) { POOL_free(ctx); return NULL; }
     /* Initialize the threads */
-    {   size_t i;
+    {   
+        size_t i;
         for (i = 0; i < numThreads; ++i) {
             if (ZSTD_pthread_create(&ctx->threads[i], NULL, &POOL_thread, ctx)) {
                 ctx->threadCapacity = i;
                 POOL_free(ctx);
                 return NULL;
-        }   }
+            }   
+        }
         ctx->threadCapacity = numThreads;
+
+        ZSTD_pthread_mutex_lock(&ctx->queueMutex);
         ctx->threadLimit = numThreads;
+        ZSTD_pthread_mutex_unlock(&ctx->queueMutex);
     }
     return ctx;
 }