In win32.c/do_fd_set, if we have called realloc_fd_sets, then the
fd_sets will have moved to new locations and the poniter we have
cached to the readset or writeset will no longer be valid. This was
causing a crash bug in Tor, as the invalid pointer gave a value for
set->fd_count of 0xcdcdcdcd, leading to an access violation when
trying to add the new socket descriptor to the end of the list. Here
is the simple fix.
--- win32.c~ 2005-03-29 07:45:24.000000000 +0100
+++ win32.c 2005-11-26 16:05:04.000000000 +0000
@@ -136,6 +135,8 @@ do_fd_set(struct win32op *op, SOCKET s,
if (set->fd_count == op->fd_setsz) {
if (realloc_fd_sets(op, op->fd_setsz*2))
return (-1);
+ /* set pointer will have changed and needs reiniting! */
+ set = read ? op->readset_in : op->writeset_in;
}
set->fd_array[set->fd_count] = s;
return (set->fd_count++);
regards,
i.m.weasel
_______________________________________________
Libevent-users mailing list
[email protected]
http://monkey.org/mailman/listinfo/libevent-users
