buffer: do not pass NULL to memcpy() from evbuffer_pullup()

UBSAN reports:

evbuffer/remove_buffer_with_empty3: ../buffer.c:1443:3: runtime error: null pointer passed as argument 2, which is decla

buffer: do not pass NULL to memcpy() from evbuffer_pullup()

UBSAN reports:

evbuffer/remove_buffer_with_empty3: ../buffer.c:1443:3: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x7ffff6cd0410 in evbuffer_pullup ../buffer.c:1443
#1 0x5555556d68b9 in test_evbuffer_remove_buffer_with_empty3 ../test/regress_buffer.c:408
#2 0x5555557b95ee in testcase_run_bare_ ../test/tinytest.c:173
#3 0x5555557ba048 in testcase_run_one ../test/tinytest.c:333
#4 0x5555557bc0f8 in tinytest_main ../test/tinytest.c:527
#5 0x555555787702 in main ../test/regress_main.c:528
#6 0x7ffff606c001 in __libc_start_main (/usr/lib/libc.so.6+0x27001)
#7 0x55555569436d in _start (/src/le/libevent/.cmake-debug/bin/regress+0x14036d)

(cherry picked from commit a0c642ac04487d8cda809bd6e233b0fbd043806d)

show more ...

increase segment refcnt only if evbuffer_add_file_segment() succeeds

(cherry picked from commit 114b3836755f1e526e658b248464465136bd87b8)

evbuffer_add_file: fix freeing of segment in the error path

if evbuffer_add_file_segment() fails it returns -1, so we should call
evbuffer_file_segment_free() only on error, and this -1 not 0.

Fixe

evbuffer_add_file: fix freeing of segment in the error path

if evbuffer_add_file_segment() fails it returns -1, so we should call
evbuffer_file_segment_free() only on error, and this -1 not 0.

Fixes: 6a81b1f5 ("Avoid double-free on error in evbuffer_add_file. Found by coverity.")
Backport-to: 2.1
(cherry picked from commit 4727150a54e21725f0ef4f43ca5028cc6f353664)

show more ...

buffer: fix possible NULL dereference in evbuffer_setcb() on ENOMEM

[ @azat:

- add return heredoc for evbuffer_setcb()
- add unit test with event_set_mem_functions()
- look through the report

buffer: fix possible NULL dereference in evbuffer_setcb() on ENOMEM

[ @azat:

- add return heredoc for evbuffer_setcb()
- add unit test with event_set_mem_functions()
- look through the report from abi-compliance-checker/abi-dumper
]

Closes: #855
(cherry picked from commit bdcade47224f154052c927aed3c363a18b37112e)

show more ...

Merge branch 'evbuffer-fixes-806-v2'

* evbuffer-fixes-806-v2:
evbuffer: fix last_with_datap after prepend with empty chain
test: regression for evbuffer_expand_fast_() with invalid last_with_dat

Merge branch 'evbuffer-fixes-806-v2'

* evbuffer-fixes-806-v2:
evbuffer: fix last_with_datap after prepend with empty chain
test: regression for evbuffer_expand_fast_() with invalid last_with_datap
test: cover adjusting of last_with_datap in evbuffer_prepend()

Fixes: #806
(cherry picked from commit 3b1864b625ec37c3051512845982f347f4cc5621)

show more ...

buffer: make evbuffer_prepend() of zero-length array no-op

Refs: #774
(cherry picked from commit c4fbae3ae6166dddfa126734edd63213afa14dce)

Merge branch 'evbuffer-empty-chain-handling'

* evbuffer-empty-chain-handling:
buffer: do not rely on ->off in advance_last_with_data()
buffer: fix evbuffer_remove_buffer() with empty chain in fr

Merge branch 'evbuffer-empty-chain-handling'

* evbuffer-empty-chain-handling:
buffer: do not rely on ->off in advance_last_with_data()
buffer: fix evbuffer_remove_buffer() with empty chain in front
test: verify content of the buffer in evbuffer/remove_buffer_with_empty*

(cherry picked from commit b69524c004fb68bcd9475e7aa61f5a7cdb45d304)

show more ...

Convert evbuffer_strspn() (internal helper) to use size_t

As pointed by @yankeehacker in #590:
Signed to Unsigned Conversion Error - buffer.c:1623

Description: This assignment creates a type mi

Convert evbuffer_strspn() (internal helper) to use size_t

As pointed by @yankeehacker in #590:
Signed to Unsigned Conversion Error - buffer.c:1623

Description: This assignment creates a type mismatch by populating an
unsigned variable with a signed value. The signed integer will be
implicitly cast to an unsigned integer, converting negative values into
positive ones. If an attacker can control the signed value, it may be
possible to trigger a buffer overflow if the value specifies the length
of a memory write.

Remediation: Do not rely on implicit casts between signed and unsigned
values because the result can take on an unexpected value and violate
weak assumptions made elsewhere in the program.

Fixes: #590
(cherry picked from commit 931ec2370228e40309af51b86e10fa364a37a20e)

show more ...

buffer: add an assert for last_with_datap to suppress static analyzer

../buffer.c:2231:6: warning: Access to field 'flags' results in a dereference of a null pointer
if (CHAIN_SPACE_LEN(

buffer: add an assert for last_with_datap to suppress static analyzer

../buffer.c:2231:6: warning: Access to field 'flags' results in a dereference of a null pointer
if (CHAIN_SPACE_LEN(*firstchainp) == 0) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../buffer.c:130:30: note: expanded from macro 'CHAIN_SPACE_LEN'
#define CHAIN_SPACE_LEN(ch) ((ch)->flags & EVBUFFER_IMMUTABLE ? \

(cherry picked from commit f83ac92da9fff789135d1e5b9050653cf7fdb517)

show more ...

Fix missing LIST_HEAD

Despite the presence of 'sys/queue.h' in some stdlib implementations
(i.e. uclibc) 'LIST_HEAD' macro can be missing. This fix defines this
macro in the same manner as was done

Fix missing LIST_HEAD

Despite the presence of 'sys/queue.h' in some stdlib implementations
(i.e. uclibc) 'LIST_HEAD' macro can be missing. This fix defines this
macro in the same manner as was done previously for 'TAILQ_'.

Fixes: #539
Closes: #639 (cherry-picked)
Backport: 2.1.9
(cherry picked from commit 95918754d2ba7e6bffe0fc74bebed60bd917c10c)

show more ...

Fix assert() condition in evbuffer_drain() for IOCP

In the case of iocp, in the for loop above, there is a situation where:
remaining == chain->off == 0

And this happens due to CHAIN_PINNED_R() c

Fix assert() condition in evbuffer_drain() for IOCP

In the case of iocp, in the for loop above, there is a situation where:
remaining == chain->off == 0

And this happens due to CHAIN_PINNED_R() case (that is used only in
buffer_iocp.c)

Closes: #630 (picked)
(cherry picked from commit ab3224c3e66cf92779f8bd91ffe90445e636fa50)

show more ...

buffer: fix incorrect unlock of the buffer mutex (for deferred callbacks)

TSAN reports:
WARNING: ThreadSanitizer: unlock of an unlocked mutex (or by a wrong thread) (pid=17111)
#0 pthread_mu

buffer: fix incorrect unlock of the buffer mutex (for deferred callbacks)

TSAN reports:
WARNING: ThreadSanitizer: unlock of an unlocked mutex (or by a wrong thread) (pid=17111)
#0 pthread_mutex_unlock /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3621 (libtsan.so.0+0x00000003b71c)
#1 evbuffer_add <null> (libevent_core-2.2.so.1+0x00000000ddb6)
...

Mutex M392 (0x7b0c00000f00) created at:
#0 pthread_mutex_init /build/gcc/src/gcc/libsanitizer/tsan/tsan_interceptors.cc:1117 (libtsan.so.0+0x0000000291af)
#1 <null> <null> (libevent_pthreads-2.2.so.1+0x000000000d46)
...

$ addr2line -e /lib/libevent_core-2.2.so.1 0x00000000ddb6
/src/libevent/buffer.c:1815 (discriminator 1)

Introduced-in: ae2b84b2575be93d0aebba5c0b78453836f89f3c ("Replace
deferred_cbs with event_callback-based implementation.")

(cherry picked from commit 93913da1c4a528e0a832dc8dc163fa30f3e580d4)

show more ...

Fix wrong assert in evbuffer_drain()

"chain" cannot be NULL here because we have at least one chain (we
handle empty buffer separatelly) and hence loop will be executed at
least once.

Link: https:/

Fix wrong assert in evbuffer_drain()

"chain" cannot be NULL here because we have at least one chain (we
handle empty buffer separatelly) and hence loop will be executed at
least once.

Link: https://github.com/libevent/libevent/commit/841ecbd96105c84ac2e7c9594aeadbcc6fb38bc4#commitcomment-23631347
Signed-off-by: Ivan Maidanski <[email protected]>
Signed-off-by: Azat Khuzhin <[email protected]>
(cherry picked from commit b26996a05d9e7aad32e78a7bfab6454d5c11500a)

show more ...

Merge branch 'cmake-configure-fixes-v2'

Fixes in cmake, to make it more like configure and support some
cross-compiling.

* cmake-configure-fixes-v2:
cmake: fix extracting of the version from git

Merge branch 'cmake-configure-fixes-v2'

Fixes in cmake, to make it more like configure and support some
cross-compiling.

* cmake-configure-fixes-v2:
cmake: fix extracting of the version from git (check for number of matches)
Detect arch4random_addrandom() existence
Use off_t instead of ev_off_t for sendfile() (fixes android build)
cmake: detect _GNU_SOURCE not by __GNU_LIBRARY__ only (fallback to _GNU_SOURCE)
Check for WNOWAIT in waitpid() in runtime (not in cmake/configure)
cmake: add <pthread.h> into CMAKE_REQUIRED_INCLUDES for sizeof(pthread_t)
cmake: fix values for #cmakedefine
cmake: drop duplicates from event-config template
cmake: add value for the #cmakedefine macros (like autoconf)
cmake: Fix checking of enum values from sysctl.h

(cherry picked from commit 5aade2d30b6c5eff226cbf7b63fda5a01987ba4f)

show more ...

Fix signedness differ for iov_base (solaris)

buffer: don't mix code and declarations

buffer: fix overflow check in evbuffer_expand_singlechain()

Refs: #306
Fixes: #340
Fixes: 20d6d4458bee5d88bda1511c225c25b2d3198d6c

buffer: evbuffer_add_buffer(): clean empty chains from destination buffer

@EMPanisset reported a problem (#358) with evbuffer_remove_buffer(), but
actually I think that the problem is in evbuffer_ad

buffer: evbuffer_add_buffer(): clean empty chains from destination buffer

@EMPanisset reported a problem (#358) with evbuffer_remove_buffer(), but
actually I think that the problem is in evbuffer_add_buffer() which introduces
this empty chain, all other callers (except evbuffer_prepend_buffer(), but it
doesn't have this problem though) should be safe.

And FWIW the only API that allows empty chains is evbuffer_add_reference(), and
we can add check there to avoid such issues, but for now I leaved this without
fixing, since I think that evbuffer_add_reference() with empty chains can be
used as a barrier (but this can be tricky).

Fixes: regress evbuffer/remove_buffer_with_empty2
v2: introduce/fixes evbuffer/add_buffer_with_empty

show more ...

Fix n_add_for_cb in evbuffer_prepend() in case of new buffer required

Signed-off-by: @luoming1224
Fixes: #349

evbuffer_add: Use last_with_datap if set, not last.

evbuffer_add() would always put data in the last chain, even if there
was available space in a previous chain, and in doing so it also
failed to u

evbuffer_add: Use last_with_datap if set, not last.

evbuffer_add() would always put data in the last chain, even if there
was available space in a previous chain, and in doing so it also
failed to update last_with_datap, causing subsequent calls to other
functions that do look at last_with_datap to add data in the middle
of the evbuffer instead of at the end.

Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and
evbuffer/add3 tests, and also prevents wasting space available in the
chain pointed to by last_with_datap.

show more ...

Don't use BSD u_* types.

These types are not part of POSIX. As we only use them in a small number
of places, we'd better replace them by C standard types. This makes a
larger part of the code build

Don't use BSD u_* types.

These types are not part of POSIX. As we only use them in a small number
of places, we'd better replace them by C standard types. This makes a
larger part of the code build for CloudABI.

show more ...

Fix CVE-2014-6272 in Libevent 2.1

For this fix, we need to make sure that passing too-large inputs to
the evbuffer functions can't make us do bad things with the heap.

Also, lower the maximum chunk

Fix CVE-2014-6272 in Libevent 2.1

For this fix, we need to make sure that passing too-large inputs to
the evbuffer functions can't make us do bad things with the heap.

Also, lower the maximum chunk size to the lower of off_t, size_t maximum.

This is necessary since otherwise we could get into an infinite loop
if we make a chunk that 'misalign' cannot index into.

show more ...

Fix evbuffer_peek() with len==-1 and start_at non-NULL.

Fix evbuffer_peek() with len==-1 and start_at non-NULL.

Fix several memory leaks in the unit tests.

Also add a comment to buffer.c about why we call
evbuffer_file_segment_free on failure to add the segment.