GitHub/libevent
1
0
Fork 0
mirror of https://github.com/libevent/libevent.git synced 2025-01-09 00:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix two unlocked reads in evbuffer.

Browse Source 
Some initializers (in evbuffer_read and evbuffer_commit) were reading
the last and/or previous_to_last fields without grabbing the evbuffer
lock.

This may fix a hard-to-trigger race condition or two.
This commit is contained in:
Nick Mathewson 2010-02-15 21:03:52 -05:00
parent aae7db5256
commit 7116bf2314
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
buffer.c
View File

@ -535,13 +535,15 @@ int
evbuffer_commit_space(struct evbuffer *buf,
struct evbuffer_iovec *vec, int n_vecs)
{
struct evbuffer_chain *prev = buf->previous_to_last;
struct evbuffer_chain *last = buf->last;
struct evbuffer_chain *last, *prev;
int result = -1;
size_t added;
EVBUFFER_LOCK(buf);
prev = buf->previous_to_last;
last = buf->last;
if (buf->freeze_end)
goto done;
if (n_vecs < 1 || n_vecs > 2)
@ -1616,7 +1618,7 @@ _evbuffer_read_setup_vecs(struct evbuffer *buf, ev_ssize_t howmuch,
int
evbuffer_read(struct evbuffer *buf, evutil_socket_t fd, int howmuch)
{
struct evbuffer_chain *chain = buf->last;
struct evbuffer_chain *chain;
int n = EVBUFFER_MAX_READ;
int result;
@ -1631,6 +1633,8 @@ evbuffer_read(struct evbuffer *buf, evutil_socket_t fd, int howmuch)
EVBUFFER_LOCK(buf);
chain = buf->last;
if (buf->freeze_end) {
result = -1;
goto done;