[Libwebsockets] bug in libev backend ?

Olivier Basson olivier at camtrace.com
Tue Mar 28 16:15:09 CEST 2017


I think I've found a bug in libev backend, in function lws_libev_io(). I'm using latest version from master branch. 

When deleting a context with active connections via lws_context_destroy(), context->being_destroyed is set to 1 early in the function, before the loop calling lws_close_free_wsi() on each active connection. 
lws_close_free_wsi() calls remove_wsi_socket_from_fds(), which calls lws_libev_io(), and here is my problem : 

lws_libev_io() returns without doing anything if context->being_destroyed is set, so libev callbacks for deleted connections file descriptors stay registered after context is destroyed, which may lead to segfault/undefined behaviour if these file descriptors get reused later (which would trigger the callbacks). 

I think the "if (!pt->io_loop_ev || context->being_destroyed) return;" statement should be replaced with " if (!pt->io_loop_ev) return;" 

This fixes the problem for me and I have not seen any side effect yet. Moreover, libuv backend does not have such a test. 

Do you confirm this being a bug or did I misunderstood something ? 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20170328/4cc8abaf/attachment-0001.html>

More information about the Libwebsockets mailing list