summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2019-08-06 17:54:40 +0100
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2019-08-06 17:54:40 +0100
commit0a4f035fb60ca18f6921e5ffeefae64e6252f5d7 (patch)
tree91b2ee88a1b6329ed1466ae27da0a8763fda4945 /src/modules
parent3c7d93059b8d5ebbbfe65e86059bd30200bde79a (diff)
wl dnd - fix more use after free
restructure code a bit to not fall into this trap as easily and remove the falling into the trap where we use buf after freeing it. fixes CID 1403924
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/xwayland/dnd.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/src/modules/xwayland/dnd.c b/src/modules/xwayland/dnd.c
index b8beb16..dd56b22 100644
--- a/src/modules/xwayland/dnd.c
+++ b/src/modules/xwayland/dnd.c
@@ -363,13 +363,9 @@ _xwl_pipe_read(void *data, Ecore_Fd_Handler *fdh)
363 unsigned char *buf; 363 unsigned char *buf;
364 364
365 buf = malloc(INCR_CHUNK_SIZE); 365 buf = malloc(INCR_CHUNK_SIZE);
366 if (!buf) goto err;
367
366 len = read(ecore_main_fd_handler_fd_get(fdh), (void*)buf, INCR_CHUNK_SIZE); 368 len = read(ecore_main_fd_handler_fd_get(fdh), (void*)buf, INCR_CHUNK_SIZE);
367 if (len < 0)
368 {
369 free(buf);
370 _incr_update(p, 0);
371 eina_hash_del_by_key(pipes, &p->win);
372 }
373 if (len == INCR_CHUNK_SIZE) 369 if (len == INCR_CHUNK_SIZE)
374 { 370 {
375 p->buf = eina_binbuf_manage_new(buf, len, 0); 371 p->buf = eina_binbuf_manage_new(buf, len, 0);
@@ -386,22 +382,28 @@ _xwl_pipe_read(void *data, Ecore_Fd_Handler *fdh)
386 ecore_main_fd_handler_active_set(p->fdh, 0); 382 ecore_main_fd_handler_active_set(p->fdh, 0);
387 return ECORE_CALLBACK_RENEW; 383 return ECORE_CALLBACK_RENEW;
388 } 384 }
389 if (len) 385 else if (len > 0)
390 p->buf = eina_binbuf_manage_new(buf, len, 0); 386 {
387 p->buf = eina_binbuf_manage_new(buf, len, 0);
388 }
391 else 389 else
392 { 390 {
393 _incr_update(p, 0); 391 _incr_update(p, 0);
392 eina_hash_del_by_key(pipes, &p->win);
394 free(buf); 393 free(buf);
395 return ECORE_CALLBACK_RENEW; 394 return ECORE_CALLBACK_RENEW;
396 } 395 }
397 _incr_upload(p); 396 _incr_upload(p);
398 if (p->incr) 397 if (p->incr)
399 ecore_main_fd_handler_active_set(p->fdh, 0); 398 {
399 ecore_main_fd_handler_active_set(p->fdh, 0);
400 }
400 else 401 else
401 { 402 {
402 _incr_update(p, 1); 403 _incr_update(p, 1);
403 eina_hash_del_by_key(pipes, &p->win); 404 eina_hash_del_by_key(pipes, &p->win);
404 } 405 }
406err:
405 return ECORE_CALLBACK_RENEW; 407 return ECORE_CALLBACK_RENEW;
406} 408}
407 409