ecore_con: send server_upgrade event *after* clearing pending saves

Summary: The _ecore_con_post_event_server_upgrade() call adds an event to free the server_upgrade object, svr, via _ecore_con_server_free(svr) so we should assume srv is freed after it returns. Thus, perform the pending_slice processing prior to calling it. Otherwise it triggers an illegal access (USE_AFTER_FREE) error in Coverity. @fix CID1373485 Reviewers: barbieri Reviewed By: barbieri Subscribers: cedric, jpeg Differential Revision: https://phab.enlightenment.org/D4785 Signed-off-by: Cedric BAIL <cedric@osg.samsung.com>
2017-04-12 14:38:56 -07:00 · 2017-04-12 14:38:56 -07:00 · 6ea18851ba
parent bb1a8779db
commit 6ea18851ba
1 changed files with 1 additions and 1 deletions
--- a/src/lib/ecore_con/ecore_con_legacy.c
+++ b/src/lib/ecore_con/ecore_con_legacy.c
@ -1347,7 +1347,6 @@ _ecore_con_server_dialer_connected(void *data, const Efl_Event *event EINA_UNUSE
     {
        svr->ssl.upgrading = EINA_FALSE;
        INF("svr=%p upgraded to SSL at %s (%s)", svr, efl_net_dialer_address_dial_get(svr->dialer), efl_net_socket_address_remote_get(svr->dialer));
-        _ecore_con_post_event_server_upgrade(svr);
        if (svr->ssl.pending_send)
          {
             Eina_Slice slice = eina_binbuf_slice_get(svr->ssl.pending_send);
@ -1355,6 +1354,7 @@ _ecore_con_server_dialer_connected(void *data, const Efl_Event *event EINA_UNUSE
             eina_binbuf_free(svr->ssl.pending_send);
             svr->ssl.pending_send = NULL;
          }
+        _ecore_con_post_event_server_upgrade(svr);
        return;
     }