From ec3939e2dee8e08dfc333e17b4e005285b96907e Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong1@huawei.com>
Date: Mon, 1 Apr 2024 11:17:53 +0800
Subject: [PATCH] evutil: don't call memset before memcpy

(cherry picked from commit fae720c6e0a2c8256e2512d5cfce361c09133c1a)
---
 ...util-don-t-call-memset-before-memcpy.patch | 39 +++++++++++++++++++
 libevent.spec                                 |  9 ++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 backport-evutil-don-t-call-memset-before-memcpy.patch

diff --git a/backport-evutil-don-t-call-memset-before-memcpy.patch b/backport-evutil-don-t-call-memset-before-memcpy.patch
new file mode 100644
index 0000000..602da9e
--- /dev/null
+++ b/backport-evutil-don-t-call-memset-before-memcpy.patch
@@ -0,0 +1,39 @@
+From 39073df8318364fc868ab6d90a345ea4fc66e864 Mon Sep 17 00:00:00 2001
+From: Liu Dongmiao <liudongmiao@gmail.com>
+Date: Sat, 30 Mar 2024 21:44:50 +0800
+Subject: [PATCH] evutil: don't call memset before memcpy
+
+In `evutil_parse_sockaddr_port`, it would `memset` the `out` to zero,
+however, the `memset` is unnecessary before `memcpy`, and may cause
+undefined behavior if the `outlen` is invalid.
+
+This should close #1573.
+
+Reference:https://github.com/libevent/libevent/commit/39073df8
+---
+ evutil.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 9817f08..cc0133f 100644
+--- a/evutil.c
++++ b/evutil.c
+@@ -2216,7 +2216,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 		if ((int)sizeof(sin6) > *outlen)
+ 			return -1;
+ 		sin6.sin6_scope_id = if_index;
+-		memset(out, 0, *outlen);
+ 		memcpy(out, &sin6, sizeof(sin6));
+ 		*outlen = sizeof(sin6);
+ 		return 0;
+@@ -2235,7 +2234,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 			return -1;
+ 		if ((int)sizeof(sin) > *outlen)
+ 			return -1;
+-		memset(out, 0, *outlen);
+ 		memcpy(out, &sin, sizeof(sin));
+ 		*outlen = sizeof(sin);
+ 		return 0;
+-- 
+2.27.0
+
diff --git a/libevent.spec b/libevent.spec
index 8d07542..6e948b8 100644
--- a/libevent.spec
+++ b/libevent.spec
@@ -1,6 +1,6 @@
 Name:           libevent
 Version:        2.1.12
-Release:        3
+Release:        4
 Summary:        An event notification library
 
 License:        BSD
@@ -11,6 +11,7 @@ BuildRequires: gcc doxygen openssl-devel
 
 Patch0: libevent-nonettests.patch
 Patch1: http-add-callback-to-allow-server-to-decline-and-the.patch
+Patch6000: backport-evutil-don-t-call-memset-before-memcpy.patch
 
 %description
 Libevent additionally provides a sophisticated framework for buffered network IO, with support for sockets,
@@ -68,6 +69,12 @@ rm -f %{buildroot}%{_libdir}/*.la
 
 
 %changelog
+* Mon Apr 01 2024 shixuantong <shixuantong1@huawei.com> - 2.1.12-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:evutil: don't call memset before memcpy
+
 * Wed Apr 21 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.1.12-3
 - Type:enhancement
 - ID:NA
-- 
Gitee