diff options
| author |   bluhm <bluhm@openbsd.org> | 2015-01-06 23:11:23 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2015-01-06 23:11:23 +0000 |
| commit | 75f39c9fb438e87f14fa8068af565e07e4e5b87f (patch) | |
| tree | 8a47e5fe728f9c6c0b84eca6ddfd9193fa8ce539 | |
| parent | mips64 architectures moving to static PIE (diff) | |
| download | wireguard-openbsd-75f39c9fb438e87f14fa8068af565e07e4e5b87f.tar.xz wireguard-openbsd-75f39c9fb438e87f14fa8068af565e07e4e5b87f.zip | |
Backout revision 1.37. Setting ev->ev_pncalls to NULL results in
a use after free if the callback has freed the ev. With F in
malloc.conf both tmux and the regression tests triggered a segmentation
fault.
OK nicm@
| -rw-r--r-- | lib/libevent/event.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/lib/libevent/event.c b/lib/libevent/event.c index 57dc365f8d1..61e77b721eb 100644 --- a/lib/libevent/event.c +++ b/lib/libevent/event.c @@ -1,4 +1,4 @@ -/* $OpenBSD: event.c,v 1.37 2015/01/06 11:27:35 bluhm Exp $ */ +/* $OpenBSD: event.c,v 1.38 2015/01/06 23:11:23 bluhm Exp $ */ /* * Copyright (c) 2000-2004 Niels Provos <provos@citi.umich.edu> @@ -348,12 +348,9 @@ event_process_active(struct event_base *base) ncalls--; ev->ev_ncalls = ncalls; (*ev->ev_callback)((int)ev->ev_fd, ev->ev_res, ev->ev_arg); - if (event_gotsig || base->event_break) { - ev->ev_pncalls = NULL; + if (event_gotsig || base->event_break) return; - } } - ev->ev_pncalls = NULL; } } |