From 6e41cdc16b6e01840c0d54b5d7b09af3f1ed3cf4 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 23 Jan 2012 17:59:16 -0500
Subject: [PATCH] Fix a list corruption bug when using event_reinit() with
 signals present

While re-adding all the events, event_reinit() could add a signal
event, which could then cause evsig_add() to add the
base->sig.ev_signal event.  Later on its merry path through
base->eventqueue, event_reinit() would find that same event and give
it to event_io_add a second time.  This would make the ev_io_next
list for that fd become circular.  Ouch!
---
 event.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/event.c b/event.c
index 14322e50..d7085bc1 100644
--- a/event.c
+++ b/event.c
@@ -856,6 +856,13 @@ event_reinit(struct event_base *base)
 
 	TAILQ_FOREACH(ev, &base->eventqueue, ev_next) {
 		if (ev->ev_events & (EV_READ|EV_WRITE)) {
+			if (ev == &base->sig.ev_signal) {
+				/* If we run into the ev_signal event, it's only
+				 * in eventqueue because some signal event was
+				 * added, which made evsig_add re-add ev_signal.
+				 * So don't double-add it. */
+				continue;
+			}
 			if (evmap_io_add(base, ev->ev_fd, ev) == -1)
 				res = -1;
 		} else if (ev->ev_events & EV_SIGNAL) {