From dceeafa83c7b8b938ce4c8fcfdeadf3da38929e8 Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong1@huawei.com>
Date: Mon, 1 Apr 2024 11:14:04 +0800
Subject: [PATCH] evutil: don't call memset before memcpy

(cherry picked from commit a5714b68ba87adcee2ec47d4e540c6b07d5b9eb4)
---
 ...util-don-t-call-memset-before-memcpy.patch | 39 +++++++++++++++++++
 libevent.spec                                 |  9 ++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 backport-evutil-don-t-call-memset-before-memcpy.patch

diff --git a/backport-evutil-don-t-call-memset-before-memcpy.patch b/backport-evutil-don-t-call-memset-before-memcpy.patch
new file mode 100644
index 0000000..602da9e
--- /dev/null
+++ b/backport-evutil-don-t-call-memset-before-memcpy.patch
@@ -0,0 +1,39 @@
+From 39073df8318364fc868ab6d90a345ea4fc66e864 Mon Sep 17 00:00:00 2001
+From: Liu Dongmiao <liudongmiao@gmail.com>
+Date: Sat, 30 Mar 2024 21:44:50 +0800
+Subject: [PATCH] evutil: don't call memset before memcpy
+
+In `evutil_parse_sockaddr_port`, it would `memset` the `out` to zero,
+however, the `memset` is unnecessary before `memcpy`, and may cause
+undefined behavior if the `outlen` is invalid.
+
+This should close #1573.
+
+Reference:https://github.com/libevent/libevent/commit/39073df8
+---
+ evutil.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 9817f08..cc0133f 100644
+--- a/evutil.c
++++ b/evutil.c
+@@ -2216,7 +2216,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 		if ((int)sizeof(sin6) > *outlen)
+ 			return -1;
+ 		sin6.sin6_scope_id = if_index;
+-		memset(out, 0, *outlen);
+ 		memcpy(out, &sin6, sizeof(sin6));
+ 		*outlen = sizeof(sin6);
+ 		return 0;
+@@ -2235,7 +2234,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 			return -1;
+ 		if ((int)sizeof(sin) > *outlen)
+ 			return -1;
+-		memset(out, 0, *outlen);
+ 		memcpy(out, &sin, sizeof(sin));
+ 		*outlen = sizeof(sin);
+ 		return 0;
+-- 
+2.27.0
+
diff --git a/libevent.spec b/libevent.spec
index a978114..42aba2c 100644
--- a/libevent.spec
+++ b/libevent.spec
@@ -1,6 +1,6 @@
 Name:           libevent
 Version:        2.1.12
-Release:        7
+Release:        8
 Summary:        An event notification library
 
 License:        BSD
@@ -15,6 +15,7 @@ Patch6000: backport-ssl-do-not-trigger-EOF-if-some-data-had-been-successf.patch
 Patch6001: backport-http-eliminate-redundant-bev-fd-manipulating-and-cac.patch
 Patch6002: backport-http-fix-fd-leak-on-fd-reset-by-using-bufferevent_re.patch
 Patch6003: backport-bufferevent-introduce-bufferevent_replacefd-like-set.patch
+Patch6004: backport-evutil-don-t-call-memset-before-memcpy.patch
 
 %description
 Libevent additionally provides a sophisticated framework for buffered network IO, with support for sockets,
@@ -87,6 +88,12 @@ EOF
 
 
 %changelog
+* Mon Apr 01 2024 shixuantong <shixuantong1@huawei.com> - 2.1.12-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:evutil: don't call memset before memcpy
+
 * Mon Sep 18 2023 shixuantong <shixuantong1@huawei.com> - 2.1.12-7
 - Type:bugfix
 - CVE:NA
-- 
Gitee