Skip to content

GitLab

Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit 13cc4027 authored by Deucе's avatar Deucе 👌🏾
Browse files
Options

Delete one-shot events before running the callback. 

If a callback deletes the one-shot event that invoked it, the
event pointer in the caller would be to free()d memory with
hilarious results.
parent 83f50984
Pipeline #1906 passed with stage
    in 9 minutes and 17 seconds
    Hide whitespace changes
    Inline Side-by-side
    Showing with 18 additions and 6 deletions
    src/sbbs3/js_internal.c
    View file @ 13cc4027
    ......@@ -1122,6 +1122,8 @@ js_handle_events(JSContext *cx, js_callback_t *cb, volatile int *terminated)
    BOOL input_locked = FALSE;
    js_socket_private_t* jssp;
    socklen_t slen;
    JSFunction* evf;
    JSObject* evo;
    #ifdef PREFER_POLL
    struct pollfd *fds;
    nfds_t sc;
    ......@@ -1369,6 +1371,11 @@ js_handle_events(JSContext *cx, js_callback_t *cb, volatile int *terminated)
    }
    }
    else {
    // Store a copy of object and function pointers
    evf = ev->cb;
    evo = ev->cx;
    JS_AddObjectRoot(cx, &evo);
    // Deal with things before running the callback
    if (ev->type == JS_EVENT_CONSOLE_INPUT) {
    if (input_locked)
    ......@@ -1381,17 +1388,13 @@ js_handle_events(JSContext *cx, js_callback_t *cb, volatile int *terminated)
    }
    }
    ret = JS_CallFunction(cx, ev->cx, ev->cb, 0, NULL, &rval);
    // Clean up/update after call
    // Clean up one-shots before call
    if (ev->type == JS_EVENT_SOCKET_CONNECT) {
    // TODO: call recv() and pass result to callback?
    closesocket(ev->data.connect.sv[0]);
    }
    else if (ev->type == JS_EVENT_INTERVAL)
    ev->data.interval.last += ev->data.interval.period;
    // Remove one-shot events
    // Remove one-shot events before call
    if (ev->type == JS_EVENT_SOCKET_READABLE_ONCE || ev->type == JS_EVENT_SOCKET_WRITABLE_ONCE
    || ev->type == JS_EVENT_SOCKET_CONNECT || ev->type == JS_EVENT_TIMEOUT
    || ev->type == JS_EVENT_CONSOLE_INPUT_ONCE) {
    ......@@ -1403,6 +1406,15 @@ js_handle_events(JSContext *cx, js_callback_t *cb, volatile int *terminated)
    *head = ev->next;
    JS_RemoveObjectRoot(cx, &ev->cx);
    free(ev);
    ev = NULL;
    }
    ret = JS_CallFunction(cx, evo, evf, 0, NULL, &rval);
    JS_RemoveObjectRoot(cx, &evo);
    if (ev) {
    if (ev->type == JS_EVENT_INTERVAL)
    ev->data.interval.last += ev->data.interval.period;
    }
    }
    ......
    Markdown is supported
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment