q66
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

edje: Edje_Edit - fix segfault on copying state of IMAGE part with twins 

Summary:
The copying of state of IMAGE part with twins caused the sefmentation fault due to the extra memory freing in _edje_edit_part_state_copy() that is deleted with this commit.
The data that is freed was previously copied from the structure of state 'from' and freeing of this data leads to freeing data of 'from' part.
Later, on copying of tweens to 'to' state array of tweens appears segmentation fault because we try to access freed data of 'from' state.

@fix

Reviewers: cedric, Hermet, raster, seoz

Subscribers: cedric, reutskiy.v.v

Differential Revision: https://phab.enlightenment.org/D1636

Signed-off-by: Cedric BAIL <cedric@osg.samsung.com>
This commit is contained in:
Kateryna Fesyna 2014-11-06 06:18:34 +01:00 committed by Cedric BAIL
parent 41ea6e81d6
commit 8ceef8c6ca
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/lib/edje/edje_edit.c
View File

@ -5085,12 +5085,6 @@ _edje_edit_part_state_copy(Evas_Object *obj, const char *part, const char *part_
img_to->image = img_from->image;
/* Update pointers. */
for (i = 0; i < img_to->image.tweens_count; ++i)
free(img_to->image.tweens[i]);
if (img_to->image.tweens_count > 0)
free(img_to->image.tweens);
img_to->image.tweens_count = img_from->image.tweens_count;
img_to->image.tweens = calloc(img_to->image.tweens_count,
sizeof (Edje_Part_Image_Id*));