From 55d163772a556185ce2c569fb39a911bcd482366 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Tue, 6 Jan 2015 23:11:24 +0000 Subject: Backout revision 1.37. Setting ev->ev_pncalls to NULL results in a use after free if the callback has freed the ev. With F in malloc.conf both tmux and the regression tests triggered a segmentation fault. OK nicm@ --- lib/libevent/event.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'lib/libevent') diff --git a/lib/libevent/event.c b/lib/libevent/event.c index 57dc365f8d1..61e77b721eb 100644 --- a/lib/libevent/event.c +++ b/lib/libevent/event.c @@ -1,4 +1,4 @@ -/* $OpenBSD: event.c,v 1.37 2015/01/06 11:27:35 bluhm Exp $ */ +/* $OpenBSD: event.c,v 1.38 2015/01/06 23:11:23 bluhm Exp $ */ /* * Copyright (c) 2000-2004 Niels Provos @@ -348,12 +348,9 @@ event_process_active(struct event_base *base) ncalls--; ev->ev_ncalls = ncalls; (*ev->ev_callback)((int)ev->ev_fd, ev->ev_res, ev->ev_arg); - if (event_gotsig || base->event_break) { - ev->ev_pncalls = NULL; + if (event_gotsig || base->event_break) return; - } } - ev->ev_pncalls = NULL; } } -- cgit v1.2.3