From 17ba8515f1c9534ebd47a71adda71db2eff6799a Mon Sep 17 00:00:00 2001 From: Marcel Hollerbach Date: Thu, 21 Nov 2019 18:41:08 +0100 Subject: [PATCH] efl_canvas_object_animation: fix possible invalid pointer now if one of the event handlers calls animation_stop in a callback to EFL_CANVAS_OBJECT_ANIMATION_EVENT_ANIMATION_PROGRESS_UPDATED, then pd->in will be freeed. Which means, in the next event handler the address taken by &pd->in->progress might be invalid, leading to a crash. With this commit this is a address on the stack, which should fix this. --- src/lib/evas/canvas/efl_canvas_object_animation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/evas/canvas/efl_canvas_object_animation.c b/src/lib/evas/canvas/efl_canvas_object_animation.c index 9028677953..5663833a26 100644 --- a/src/lib/evas/canvas/efl_canvas_object_animation.c +++ b/src/lib/evas/canvas/efl_canvas_object_animation.c @@ -59,7 +59,8 @@ _animator_cb(void *data, const Efl_Event *ev EINA_UNUSED) efl_gfx_mapping_reset(obj); efl_animation_apply(pd->in->animation, pd->in->progress, obj); - efl_event_callback_call(obj, EFL_CANVAS_OBJECT_ANIMATION_EVENT_ANIMATION_PROGRESS_UPDATED, &pd->in->progress); + double progress = pd->in->progress; + efl_event_callback_call(obj, EFL_CANVAS_OBJECT_ANIMATION_EVENT_ANIMATION_PROGRESS_UPDATED, &progress); //Check if animation stopped in animation_progress,updated callback. if (!pd->in) return;