summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYoungbok Shin <youngb.shin@samsung.com>2015-08-27 11:04:57 +0100
committerTom Hacohen <tom@stosb.com>2015-08-27 11:06:23 +0100
commitf210e429663d9bdb0eadf46d42c0ae8742bc615c (patch)
treef3f49f9cb1cf8733321b06414edfe0db0f266316
parentbd8f585d74f472f686ea9f348f3dbded0d056a87 (diff)
edje: Fix double free scenario caused by static pointer.
Summary: The result of evas_object_textblock_cursor_content_get() API has to be cleaned by outside. _edje_entry_cursor_content_get() is calling free() inside of the function for handle the result using static pointer. But, the caller of _edje_entry_cursor_content_get() is already handling the result using free(). It can cause double free problem. The bigger issue is in elementary. See elm_entry_cursor_content_get() API's document. The document advice developers to free the result when it is done. @fix Test Plan: N/A Reviewers: tasn, raster, woohyun Subscribers: cedric Differential Revision: https://phab.enlightenment.org/D2991
-rw-r--r--src/lib/edje/edje_entry.c9
1 files changed, 1 insertions, 8 deletions
diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index b7289b4cfe..237e49a340 100644
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -3871,18 +3871,11 @@ _edje_entry_cursor_is_visible_format_get(Edje_Real_Part *rp, Edje_Cursor cur)
3871char * 3871char *
3872_edje_entry_cursor_content_get(Edje_Real_Part *rp, Edje_Cursor cur) 3872_edje_entry_cursor_content_get(Edje_Real_Part *rp, Edje_Cursor cur)
3873{ 3873{
3874 static char *s = NULL;
3875 Evas_Textblock_Cursor *c = _cursor_get(rp, cur); 3874 Evas_Textblock_Cursor *c = _cursor_get(rp, cur);
3876 3875
3877 if (!c) return NULL; 3876 if (!c) return NULL;
3878 if (s)
3879 {
3880 free(s);
3881 s = NULL;
3882 }
3883 3877
3884 s = evas_textblock_cursor_content_get(c); 3878 return evas_textblock_cursor_content_get(c);
3885 return s;
3886} 3879}
3887 3880
3888void 3881void