[Libwebsockets] bug in libev backend ?

Andy Green andy at warmcat.com
Wed Mar 29 02:25:57 CEST 2017



On 03/28/2017 10:15 PM, Olivier Basson wrote:
> Hi
>
> I think I've found a bug in libev backend, in function lws_libev_io(). 
> I'm using latest version from master branch.
>
> When deleting a context with active connections via 
> lws_context_destroy(), context->being_destroyed is set to 1 early in 
> the function, before the loop calling lws_close_free_wsi() on each 
> active connection.
> lws_close_free_wsi() calls remove_wsi_socket_from_fds(), which calls 
> lws_libev_io(), and here is my problem :
>
> lws_libev_io() returns without doing anything if 
> context->being_destroyed is set, so libev callbacks for deleted 
> connections file descriptors stay registered after context is 
> destroyed, which may lead to segfault/undefined behaviour if these 
> file descriptors get reused later (which would trigger the callbacks).
>
> I think the "if (!pt->io_loop_ev || context->being_destroyed) return;" 
> statement should be replaced with "if (!pt->io_loop_ev) return;"
>
> This fixes the problem for me and I have not seen any side effect yet. 
> Moreover, libuv backend does not have such a test.
>
> Do you confirm this being a bug or did I misunderstood something ?

Thanks... yes it looks like a bug.  I pushed your fix on v2.2-stable and 
master.

During v2.2 the destroy sequencing got refactored to allow "systemctl 
reload lwsws" functionality, I guess this broke then.

-Andy

>
> Thanks
>
> Olivier
>
>
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets




More information about the Libwebsockets mailing list