third_party/libevent: don't touch base unless needed.

See referenced bug. I'm assuming that we don't actually have active events
outliving the base, but just that the accesses of the base pointer outside of
the conditional were premature.

This change makes it so that we don't touch the base object unless the event
really is active. This suggests that there's no security problem here and
the crashes are those that are hitting pages that have been unmapped.

BUG=44966
TEST=Valgrind

Review URL: http://codereview.chromium.org/7096012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87338 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 1 insertions, 5 deletions

diff --git a/third_party/libevent/event.c b/third_party/libevent/event.c
index d7ccd3f..1253352 100644
--- a/third_party/libevent/event.c
+++ b/third_party/libevent/event.c
@@ -778,8 +778,6 @@ int
 event_del(struct event *ev)
 {
 	struct event_base *base;
-	const struct eventop *evsel;
-	void *evbase;
 
 	event_debug(("event_del: %p, callback %p",
 		 ev, ev->ev_callback));
@@ -789,8 +787,6 @@ event_del(struct event *ev)
 		return (-1);
 
 	base = ev->ev_base;
-	evsel = base->evsel;
-	evbase = base->evbase;
 
 	assert(!(ev->ev_flags & ~EVLIST_ALL));
 
@@ -808,7 +804,7 @@ event_del(struct event *ev)
 
 	if (ev->ev_flags & EVLIST_INSERTED) {
 		event_queue_remove(base, ev, EVLIST_INSERTED);
-		return (evsel->del(evbase, ev));
+		return (base->evsel->del(base->evbase, ev));
 	}
 
 	return (0);