Fix memory corruption in EV_CLOSURE_EVENT_FINALIZE with debug enabled

Call event_debug_note_teardown_ before evcb_evfinalize to avoid possible UAF (if finalizer free's event).
author: Jan Kasiak <jan@cybojanek.net> 2019-08-22 16:36:12 -0400
committer: Azat Khuzhin <azat@libevent.org> 2019-08-28 01:15:39 +0300
commit: 445027a5dcfe0acce431b7d4065d2ac1f6b270d7 (patch)
tree: 4e196d73f22cf1697584d8fbf9042075a618393f /event.c
parent: 70daa93a514075eb0102eec4c6e5002b114264a9 (diff)
download: libevent-445027a5dcfe0acce431b7d4065d2ac1f6b270d7.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/event.c b/event.c
index aa6c6fba..8cae318d 100644
--- a/event.c
+++ b/event.c
@@ -1728,8 +1728,8 @@ event_process_active_single_queue(struct event_base *base,
 			evcb_evfinalize = ev->ev_evcallback.evcb_cb_union.evcb_evfinalize;
 			EVUTIL_ASSERT((evcb->evcb_flags & EVLIST_FINALIZING));
 			EVBASE_RELEASE_LOCK(base, th_base_lock);
-			evcb_evfinalize(ev, ev->ev_arg);
 			event_debug_note_teardown_(ev);
+			evcb_evfinalize(ev, ev->ev_arg);
 			if (evcb_closure == EV_CLOSURE_EVENT_FINALIZE_FREE)
 				mm_free(ev);
 		}
author	Jan Kasiak <jan@cybojanek.net>	2019-08-22 16:36:12 -0400
committer	Azat Khuzhin <azat@libevent.org>	2019-08-28 01:15:39 +0300
commit	445027a5dcfe0acce431b7d4065d2ac1f6b270d7 (patch)
tree	4e196d73f22cf1697584d8fbf9042075a618393f /event.c
parent	70daa93a514075eb0102eec4c6e5002b114264a9 (diff)
download	libevent-445027a5dcfe0acce431b7d4065d2ac1f6b270d7.tar.gz