summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean-Philippe Andre <jp.andre@samsung.com>2017-10-18 21:40:01 +0900
committerJean-Philippe Andre <jp.andre@samsung.com>2017-10-18 22:12:57 +0900
commit98622623a0865c525ede12ef5759ab6f5b3af407 (patch)
treec0740452d4d743be2ad17a0b3b7adc9fd40f32a9
parentdfd98b3e48a02c35fbbe14b709cbe72e65ea9500 (diff)
evas: Prevent crash with image_data_get
If the image has no data, it may get an allocated surface of 1x1 but it is not sane to return the pointer to that data, as the user would expect a normally sized image (in my case, 1920x1080). I do not fully understand what is going on with this image. But at least this transforms a crash into a simple ERR in ~/.xessions-errors Two similar crashes happened: - SIGSEGV by writing data outside of the image data - abort() in free() because the malloc metadata has been overridden when writing outside of the image data (newly allocated 1x1). Fixes T5957 @fix
-rw-r--r--src/modules/evas/engines/gl_generic/evas_engine.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/src/modules/evas/engines/gl_generic/evas_engine.c b/src/modules/evas/engines/gl_generic/evas_engine.c
index a8ef044d51..a6b229a5c6 100644
--- a/src/modules/evas/engines/gl_generic/evas_engine.c
+++ b/src/modules/evas/engines/gl_generic/evas_engine.c
@@ -701,11 +701,9 @@ _rotate_image_data(Render_Engine_GL_Generic *re, Evas_GL_Image *im1)
701 RGBA_Draw_Context *dc; 701 RGBA_Draw_Context *dc;
702 int w, h; 702 int w, h;
703 703
704 gl_context = gl_generic_context_find(re, 1);
705 704
706 w = im1->w; 705 w = im1->w;
707 h = im1->h; 706 h = im1->h;
708 alpha = eng_image_alpha_get(re, im1);
709 707
710 if (im1->orient == EVAS_IMAGE_ORIENT_90 || 708 if (im1->orient == EVAS_IMAGE_ORIENT_90 ||
711 im1->orient == EVAS_IMAGE_ORIENT_270 || 709 im1->orient == EVAS_IMAGE_ORIENT_270 ||
@@ -716,6 +714,10 @@ _rotate_image_data(Render_Engine_GL_Generic *re, Evas_GL_Image *im1)
716 h = im1->w; 714 h = im1->w;
717 } 715 }
718 716
717 if ((w * h) <= 0) return NULL;
718
719 alpha = eng_image_alpha_get(re, im1);
720 gl_context = gl_generic_context_find(re, 1);
719 im2 = evas_gl_common_image_surface_new(gl_context, w, h, alpha, EINA_FALSE); 721 im2 = evas_gl_common_image_surface_new(gl_context, w, h, alpha, EINA_FALSE);
720 722
721 evas_gl_common_context_target_surface_set(gl_context, im2); 723 evas_gl_common_context_target_surface_set(gl_context, im2);
@@ -906,8 +908,18 @@ eng_image_data_get(void *engine, void *image, int to_write, DATA32 **image_data,
906#endif 908#endif
907 error = evas_cache_image_load_data(&im->im->cache_entry); 909 error = evas_cache_image_load_data(&im->im->cache_entry);
908 910
911 if (err) *err = error;
909 if (error != EVAS_LOAD_ERROR_NONE) 912 if (error != EVAS_LOAD_ERROR_NONE)
910 { 913 {
914 if (!im->im->image.data ||
915 (im->im->cache_entry.allocated.w != (unsigned) im->w) ||
916 (im->im->cache_entry.allocated.h != (unsigned) im->h))
917 {
918 ERR("GL image has no source data, failed to get pixel data");
919 *image_data = NULL;
920 return im;
921 }
922
911 if (tofree && !to_write) 923 if (tofree && !to_write)
912 goto rotate_image; 924 goto rotate_image;
913 } 925 }