summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorDaniel Kolesa <d.kolesa@osg.samsung.com>2017-12-19 00:20:40 +0100
committerDaniel Kolesa <d.kolesa@osg.samsung.com>2017-12-19 00:20:40 +0100
commit03e77ea3611144b1f3cfebcf84580afd4ba65d89 (patch)
treed9b4f214d560661dcca45329e60b2b9195b5e34a /src/lib
parenta2309c5083a643011b4e69347d6be4da3a0adee8 (diff)
eolian: fix use-after-free in eo_parser
Thanks @netstar for finding this. Fixes T6523.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/eolian/eo_parser.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/eolian/eo_parser.c b/src/lib/eolian/eo_parser.c
index b8e721a11b..882a8bef2c 100644
--- a/src/lib/eolian/eo_parser.c
+++ b/src/lib/eolian/eo_parser.c
@@ -2499,6 +2499,7 @@ end:
2499Eolian_Unit * 2499Eolian_Unit *
2500eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot, Eolian_Class **fcl) 2500eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot, Eolian_Class **fcl)
2501{ 2501{
2502 Eolian_Unit *ret = NULL;
2502 Eolian_Class *cl = eina_hash_find(parent->state->parsed, filename); 2503 Eolian_Class *cl = eina_hash_find(parent->state->parsed, filename);
2503 if (cl) 2504 if (cl)
2504 { 2505 {
@@ -2510,7 +2511,7 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot
2510 fname = eina_stringshare_add((fsl > bsl) ? (fsl + 1) : (bsl + 1)); 2511 fname = eina_stringshare_add((fsl > bsl) ? (fsl + 1) : (bsl + 1));
2511 if (fname) 2512 if (fname)
2512 { 2513 {
2513 Eolian_Unit *ret = eina_hash_find(parent->state->units, fname); 2514 ret = eina_hash_find(parent->state->units, fname);
2514 eina_stringshare_del(fname); 2515 eina_stringshare_del(fname);
2515 return ret; 2516 return ret;
2516 } 2517 }
@@ -2555,12 +2556,13 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot
2555 if (fcl) *fcl = cl; 2556 if (fcl) *fcl = cl;
2556 2557
2557done: 2558done:
2559 ret = ls->unit;
2558 eina_hash_set(ls->state->parsed, filename, eot ? (void *)EINA_TRUE : cl); 2560 eina_hash_set(ls->state->parsed, filename, eot ? (void *)EINA_TRUE : cl);
2559 eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); 2561 eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE);
2560 eina_hash_add(parent->children, filename, ls->unit); 2562 eina_hash_add(parent->children, filename, ret);
2561 2563
2562 eo_lexer_free(ls); 2564 eo_lexer_free(ls);
2563 return ls->unit; 2565 return ret;
2564 2566
2565error: 2567error:
2566 eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); 2568 eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE);