From 7afbdcf25e1def97481605c1455ba45e68dda3ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C5=93ur?= Date: Mon, 6 May 2024 23:31:27 +0800 Subject: [PATCH 1/2] Ensure that event had been removed in event_process_active_single_queue() It should not be possible, since only EVLIST_ACTIVE should be triggered from event_process_active_single_queue, but adding assert will not hurt. --- event.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/event.c b/event.c index 26a18e3ac..afc185b87 100644 --- a/event.c +++ b/event.c @@ -1677,7 +1677,7 @@ event_process_active_single_queue(struct event_base *base, EVUTIL_ASSERT(activeq != NULL); for (evcb = TAILQ_FIRST(activeq); evcb; evcb = TAILQ_FIRST(activeq)) { - struct event *ev=NULL; + struct event *ev = NULL; if (evcb->evcb_flags & EVLIST_INIT) { ev = event_callback_to_event(evcb); @@ -1698,6 +1698,9 @@ event_process_active_single_queue(struct event_base *base, "closure %d, call %p", (void *)evcb, evcb->evcb_closure, (void *)evcb->evcb_cb_union.evcb_callback)); } + // We don't want an infinite loop or use of memory after it is freed. + // Hence, for next loop iteration, it is expected that `event_queue_remove_active` or `event_del_nolock_` have removed current event from the queue at this point. + EVUTIL_ASSERT(evcb != TAILQ_FIRST(activeq)); if (!(evcb->evcb_flags & EVLIST_INTERNAL)) ++count; From 66ee086bf1650713933e8f8a53c188bd8a7af7a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C5=93ur?= Date: Mon, 6 May 2024 23:32:00 +0800 Subject: [PATCH 2/2] Fix conversion loses precision ssize_t to int in evthread_notify_base_default() --- event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/event.c b/event.c index afc185b87..04476409c 100644 --- a/event.c +++ b/event.c @@ -2575,7 +2575,7 @@ static int evthread_notify_base_default(struct event_base *base) { char buf[1]; - int r; + ev_ssize_t r; buf[0] = (char) 0; #ifdef _WIN32 r = send(base->th_notify_fd[1], buf, 1, 0);