From 91ab84286a87521fea9f7eba587e0a095c8dcc5d Mon Sep 17 00:00:00 2001
From: Hosang Kim <hosang12.kim@samsung.com>
Date: Tue, 17 Mar 2020 09:52:59 -0400
Subject: [PATCH] edje_message_queue: decrease number of messages when message
 is removed.

Summary:
Sometimes edje_message_del is called while processing edje message.
It makes double free corruption.

Reviewers: raster, bu5hm4n, zmike

Reviewed By: zmike

Subscribers: bu5hm4n, zmike, cedric, #reviewers, #committers

Tags: #efl

Differential Revision: https://phab.enlightenment.org/D11393
---
 src/lib/edje/edje_message_queue.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/edje/edje_message_queue.c b/src/lib/edje/edje_message_queue.c
index 020f89b46d..d92601073b 100644
--- a/src/lib/edje/edje_message_queue.c
+++ b/src/lib/edje/edje_message_queue.c
@@ -223,6 +223,7 @@ again:
         if (!lookup_ed) continue;
         tmp_msgq = eina_inlist_remove(tmp_msgq, &(em->inlist_main));
         lookup_ed->messages = eina_inlist_remove(lookup_ed->messages, &(em->inlist_edje));
+        lookup_ed->message.num--;
         if (!lookup_ed->delete_me)
           {
              lookup_ed->processing_messages++;