Commit 0cf1431e5d85411ac8174ffe3b802c6a37f6e3a8
2010-03-13T01:04:30
Avoid an (untriggerable so far) crash bug in bufferevent_free() We were saying mm_free(bufev - bufev->be_ops->mem_offset); when we should have said mm_free(((char*)bufev) - bufev->be_ops->mem_offset); In other words, if mem_offset had ever been nonzero, then instead of backing up mem_offset bytes to find the thing we were supposed to free, we would have backed up mem_offset*sizeof(struct bufferevent) bytes, and freed something completely crazy. Spotted thanks to a conversation with Jardel Weyrich