From 052fd4554b97d509ac2dba629bff9372a49a4e97 Mon Sep 17 00:00:00 2001 From: "jeremy@chromium.org" Date: Wed, 23 Sep 2009 17:56:25 +0000 Subject: IPC & LibEvent fix * Allow IPC::Listeners to send a message on OnChannelConnected. * Fix a bug in MessagePumpLibevent::WatchFileDescriptor causing a read-after-free. BUG=22451 Review URL: http://codereview.chromium.org/209061 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26946 0039d316-1c4b-4281-b951-d872f2087c98 --- base/message_pump_libevent.cc | 17 +++++++++++++++++ base/message_pump_libevent.h | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) (limited to 'base') diff --git a/base/message_pump_libevent.cc b/base/message_pump_libevent.cc index a940081..e6d2cea 100644 --- a/base/message_pump_libevent.cc +++ b/base/message_pump_libevent.cc @@ -171,6 +171,23 @@ bool MessagePumpLibevent::WatchFileDescriptor(int fd, should_delete_event = false; // Ownership is transferred to the controller. evt.reset(new event); + } else { + // It's illegal to use this function to listen on 2 separate fds with the + // same |controller|. + if (EVENT_FD(evt.get()) != fd) { + NOTREACHED() << "FDs don't match" << EVENT_FD(evt.get()) << "!=" << fd; + return false; + } + + // Make sure we don't pick up any funky internal libevent masks. + int old_interest_mask = evt.get()->ev_events & + (EV_READ | EV_WRITE | EV_PERSIST); + + // Combine old/new event masks. + event_mask |= old_interest_mask; + + // Must disarm the event before we can reuse it. + event_del(evt.get()); } // Set current interest mask and message pump for this event. diff --git a/base/message_pump_libevent.h b/base/message_pump_libevent.h index a2a4e1c..8e2f77c 100644 --- a/base/message_pump_libevent.h +++ b/base/message_pump_libevent.h @@ -68,9 +68,9 @@ class MessagePumpLibevent : public MessagePump { }; // Have the current thread's message loop watch for a a situation in which - // reading/writing to the FD can be performed without Blocking. + // reading/writing to the FD can be performed without blocking. // Callers must provide a preallocated FileDescriptorWatcher object which - // can later be used to manage the Lifetime of this event. + // can later be used to manage the lifetime of this event. // If a FileDescriptorWatcher is passed in which is already attached to // an event, then the effect is cumulative i.e. after the call |controller| // will watch both the previous event and the new one. -- cgit v1.1