summaryrefslogtreecommitdiffstats
path: root/third_party/libevent
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-05-31 19:13:37 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-05-31 19:13:37 +0000
commite67d3f76868b793a3bb00d63d491fd008f4c0b15 (patch)
tree80b56a6be18558a056a596fca328534a9cbd640b /third_party/libevent
parent061598c08b5bd8468c6377a3dce6628cd5bc3d6b (diff)
downloadchromium_src-e67d3f76868b793a3bb00d63d491fd008f4c0b15.zip
chromium_src-e67d3f76868b793a3bb00d63d491fd008f4c0b15.tar.gz
chromium_src-e67d3f76868b793a3bb00d63d491fd008f4c0b15.tar.bz2
third_party/libevent: don't touch base unless needed.
See referenced bug. I'm assuming that we don't actually have active events outliving the base, but just that the accesses of the base pointer outside of the conditional were premature. This change makes it so that we don't touch the base object unless the event really is active. This suggests that there's no security problem here and the crashes are those that are hitting pages that have been unmapped. BUG=44966 TEST=Valgrind Review URL: http://codereview.chromium.org/7096012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87338 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/libevent')
-rw-r--r--third_party/libevent/README.chromium2
-rw-r--r--third_party/libevent/event.c6
2 files changed, 3 insertions, 5 deletions
diff --git a/third_party/libevent/README.chromium b/third_party/libevent/README.chromium
index c9002be..10780cb 100644
--- a/third_party/libevent/README.chromium
+++ b/third_party/libevent/README.chromium
@@ -2,6 +2,7 @@ Name: libevent
URL: http://www.monkey.org/~provos/libevent/
Version: 1.4.13
License: BSD
+Security Critical: yes
Local Modifications:
Rather than use libevent's own build system, we just build a Chrome
@@ -14,3 +15,4 @@ static library using GYP.
3) chromium.patch is applied to allow libevent to be used without
being installed.
4) The directories WIN32-Code and WIN32-Prj are not included.
+5) Apply rXXXXX (FIXME(agl): update to include eventual revision number)
diff --git a/third_party/libevent/event.c b/third_party/libevent/event.c
index d7ccd3f..1253352 100644
--- a/third_party/libevent/event.c
+++ b/third_party/libevent/event.c
@@ -778,8 +778,6 @@ int
event_del(struct event *ev)
{
struct event_base *base;
- const struct eventop *evsel;
- void *evbase;
event_debug(("event_del: %p, callback %p",
ev, ev->ev_callback));
@@ -789,8 +787,6 @@ event_del(struct event *ev)
return (-1);
base = ev->ev_base;
- evsel = base->evsel;
- evbase = base->evbase;
assert(!(ev->ev_flags & ~EVLIST_ALL));
@@ -808,7 +804,7 @@ event_del(struct event *ev)
if (ev->ev_flags & EVLIST_INSERTED) {
event_queue_remove(base, ev, EVLIST_INSERTED);
- return (evsel->del(evbase, ev));
+ return (base->evsel->del(base->evbase, ev));
}
return (0);