From 3c07897b7fe16377c34038e75d16dc243c006acb Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 7 Jul 2010 22:46:21 -0400
Subject: [PATCH] Clean up a pointer-to-stack in event_process_active()

I am 99% sure that there was no way to make the code dereference
ev_pncalls pointing to the stack when event_process_active() was not
running.  Nevertheless, I'll feel safer if the code makes sure that
ev_pncalls stops pointing to the stack when we aren't using it any
longer.
---
 event.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/event.c b/event.c
index 74ba5c4..ee4866c 100644
--- a/event.c
+++ b/event.c
@@ -392,6 +392,8 @@ event_process_active(struct event_base *base)
 		while (ncalls) {
 			ncalls--;
 			ev->ev_ncalls = ncalls;
+			if (ncalls == 0)
+				ev->ev_pncalls = NULL;
 			(*ev->ev_callback)((int)ev->ev_fd, ev->ev_res, ev->ev_arg);
 			if (event_gotsig || base->event_break)
 				return;
@@ -778,6 +780,7 @@ event_add(struct event *ev, const struct timeval *tv)
 			if (ev->ev_ncalls && ev->ev_pncalls) {
 				/* Abort loop */
 				*ev->ev_pncalls = 0;
+				ev->ev_pncalls = NULL;
 			}
 			
 			event_queue_remove(base, ev, EVLIST_ACTIVE);
@@ -820,6 +823,7 @@ event_del(struct event *ev)
 	if (ev->ev_ncalls && ev->ev_pncalls) {
 		/* Abort loop */
 		*ev->ev_pncalls = 0;
+		ev->ev_pncalls = NULL;
 	}
 
 	if (ev->ev_flags & EVLIST_TIMEOUT)
-- 
1.6.0.5