diff options
author | Jan Kasiak <jan@cybojanek.net> | 2019-08-22 16:36:12 -0400 |
---|---|---|
committer | Azat Khuzhin <azat@libevent.org> | 2019-08-28 01:15:39 +0300 |
commit | 445027a5dcfe0acce431b7d4065d2ac1f6b270d7 (patch) | |
tree | 4e196d73f22cf1697584d8fbf9042075a618393f /event.c | |
parent | 70daa93a514075eb0102eec4c6e5002b114264a9 (diff) | |
download | libevent-445027a5dcfe0acce431b7d4065d2ac1f6b270d7.tar.gz |
Fix memory corruption in EV_CLOSURE_EVENT_FINALIZE with debug enabled
Call event_debug_note_teardown_ before evcb_evfinalize to avoid possible
UAF (if finalizer free's event).
Diffstat (limited to 'event.c')
-rw-r--r-- | event.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1728,8 +1728,8 @@ event_process_active_single_queue(struct event_base *base, evcb_evfinalize = ev->ev_evcallback.evcb_cb_union.evcb_evfinalize; EVUTIL_ASSERT((evcb->evcb_flags & EVLIST_FINALIZING)); EVBASE_RELEASE_LOCK(base, th_base_lock); - evcb_evfinalize(ev, ev->ev_arg); event_debug_note_teardown_(ev); + evcb_evfinalize(ev, ev->ev_arg); if (evcb_closure == EV_CLOSURE_EVENT_FINALIZE_FREE) mm_free(ev); } |