evutil: don't call memset before memcpy

2024-04-01 11:17:53 +08:00 · 2024-04-01 11:17:53 +08:00 · fae720c6e0
commit fae720c6e0
parent 19d7ca9195
2 changed files with 47 additions and 1 deletions
--- a/backport-evutil-don-t-call-memset-before-memcpy.patch
+++ b/backport-evutil-don-t-call-memset-before-memcpy.patch
@ -0,0 +1,39 @@
+From 39073df8318364fc868ab6d90a345ea4fc66e864 Mon Sep 17 00:00:00 2001
+From: Liu Dongmiao <liudongmiao@gmail.com>
+Date: Sat, 30 Mar 2024 21:44:50 +0800
+Subject: [PATCH] evutil: don't call memset before memcpy
+
+In `evutil_parse_sockaddr_port`, it would `memset` the `out` to zero,
+however, the `memset` is unnecessary before `memcpy`, and may cause
+undefined behavior if the `outlen` is invalid.
+
+This should close #1573.
+
+Reference:https://github.com/libevent/libevent/commit/39073df8
+---
+ evutil.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 9817f08..cc0133f 100644
+--- a/evutil.c
+++ b/evutil.c
+@@ -2216,7 +2216,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 		if ((int)sizeof(sin6) > *outlen)
+ 			return -1;
+ 		sin6.sin6_scope_id = if_index;
+-		memset(out, 0, *outlen);
+ 		memcpy(out, &sin6, sizeof(sin6));
+ 		*outlen = sizeof(sin6);
+ 		return 0;
+@@ -2235,7 +2234,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 			return -1;
+ 		if ((int)sizeof(sin) > *outlen)
+ 			return -1;
+-		memset(out, 0, *outlen);
+ 		memcpy(out, &sin, sizeof(sin));
+ 		*outlen = sizeof(sin);
+ 		return 0;
+-- 
+2.27.0
+
--- a/libevent.spec
+++ b/libevent.spec
@ -1,6 +1,6 @@
 Name:           libevent
 Version:        2.1.12
-Release:        3
+Release:        4
 Summary:        An event notification library

 License:        BSD
@ -11,6 +11,7 @@ BuildRequires: gcc doxygen openssl-devel

 Patch0: libevent-nonettests.patch
 Patch1: http-add-callback-to-allow-server-to-decline-and-the.patch
+Patch6000: backport-evutil-don-t-call-memset-before-memcpy.patch

 %description
 Libevent additionally provides a sophisticated framework for buffered network IO, with support for sockets,
@ -68,6 +69,12 @@ rm -f %{buildroot}%{_libdir}/*.la


 %changelog
+* Mon Apr 01 2024 shixuantong <shixuantong1@huawei.com> - 2.1.12-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:evutil: don't call memset before memcpy
+
 * Wed Apr 21 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.1.12-3
 - Type:enhancement
 - ID:NA