eo: Fix crash in case of API misuse

If efl_object_override() is called with a function that does not exist in the original class, it may lead to a crash on indexing an non-existing array in the vtable. This is really just a safety check, as the usage was wrong: * You are only allowed to override functions that are defined in the * class or any of its interfaces (that is, efl_isa returning true).
2017-04-17 19:39:42 +09:00 · 2017-04-17 19:39:42 +09:00 · d6d4c3c25b
parent 3e494a0a21
commit d6d4c3c25b
1 changed files with 4 additions and 1 deletions
--- a/src/lib/eo/eo.c
+++ b/src/lib/eo/eo.c
@ -232,7 +232,10 @@ _vtable_func_set(Eo_Vtable *vtable, const _Efl_Class *klass, Efl_Object_Op op, E
 {
   op_type_funcs *fsrc;
   size_t idx1 = DICH_CHAIN1(op);
-   Dich_Chain1 *chain1 = &vtable->chain[idx1];
+   Dich_Chain1 *chain1;
+
+   EINA_SAFETY_ON_FALSE_RETURN_VAL(idx1 < vtable->size, EINA_FALSE);
+   chain1 = &vtable->chain[idx1];
   _vtable_chain_write_prepare(chain1);
   fsrc = &chain1->chain2->funcs[DICH_CHAIN_LAST(op)];
   if (!allow_same_override && (fsrc->src == klass))