commit 57822cbbbe85410785716fa62667b674b35602df Author: Nick Mathewson nickm@torproject.org Date: Thu Jul 7 11:00:21 2011 -0400
Avoid double-free in bufferevent read/write cbs
Fixes bug 3404; bugfix on 0.2.3.1-alpha. --- changes/bug3404 | 3 +++ src/or/connection.c | 9 ++++++--- 2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/changes/bug3404 b/changes/bug3404 new file mode 100644 index 0000000..4e2e21b --- /dev/null +++ b/changes/bug3404 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix a class of double-mark-for-close bugs when bufferevents + are enabled. Fixes bug 3404; bugfix on 0.2.3.1-alpha. diff --git a/src/or/connection.c b/src/or/connection.c index e8969e0..c84ee04 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -2957,9 +2957,11 @@ connection_handle_read_cb(struct bufferevent *bufev, void *arg) { connection_t *conn = arg; (void) bufev; - if (!conn->marked_for_close) + if (!conn->marked_for_close) { if (connection_process_inbuf(conn, 1)<0) /* XXXX Always 1? */ - connection_mark_for_close(conn); + if (!conn->marked_for_close) + connection_mark_for_close(conn); + } }
/** Callback: invoked whenever a bufferevent has written data. */ @@ -2969,7 +2971,8 @@ connection_handle_write_cb(struct bufferevent *bufev, void *arg) connection_t *conn = arg; struct evbuffer *output; if (connection_flushed_some(conn)<0) { - connection_mark_for_close(conn); + if (!conn->marked_for_close) + connection_mark_for_close(conn); return; }