From b46cf57d983e559ebd29c4f0749914f3714d8b75 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Thu, 7 Jul 2016 13:52:20 +0200
Subject: [PATCH] event/BufferedSocket: OnSocketReady() returns true after
 close

Fixes use-after-free bug (https://bugs.musicpd.org/view.php?id=4548).
---
 NEWS                         | 1 +
 src/event/BufferedSocket.cxx | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index dc81a79c4..58edf3f64 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ ver 0.19.17 (not yet released)
 * fix spurious seek error "Failed to allocate silence buffer"
 * replay gain: fix "replay_gain_handler mixer" setting
 * DSD: use 0x69 as silence pattern
+* fix use-after-free bug on "close"
 
 ver 0.19.16 (2016/06/13)
 * faster seeking
diff --git a/src/event/BufferedSocket.cxx b/src/event/BufferedSocket.cxx
index 939824baa..1891f18bb 100644
--- a/src/event/BufferedSocket.cxx
+++ b/src/event/BufferedSocket.cxx
@@ -118,9 +118,15 @@ BufferedSocket::OnSocketReady(unsigned flags)
 	if (flags & READ) {
 		assert(!input.IsFull());
 
-		if (!ReadToBuffer() || !ResumeInput())
+		if (!ReadToBuffer())
 			return false;
 
+		if (!ResumeInput())
+			/* we must return "true" here or
+			   SocketMonitor::Dispatch() will call
+			   Cancel() on a freed object */
+			return true;
+
 		if (!input.IsFull())
 			ScheduleRead();
 	}