From 87acc90fc770daa6c6fe43e237885d92b625637c Mon Sep 17 00:00:00 2001 From: Cedric Bail Date: Sun, 13 Aug 2017 13:14:31 -0700 Subject: [PATCH] eo: only return NULL when the object is destructed. There is a problem with the previous version. The object can still be alive due to the use of manual_free in evas. So you wouldn't be able for example to remove a callback from an object that hasn't been destroyed yet. If that callback is triggered by the destruction of the object, you would end up with an unexpected and impossible to prevent effect of access after free on a callback that you had removed. Not sure if that still solve the original problem that the code was trying to prevent in Ecore_Evas. --- src/lib/eo/eo.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/eo/eo.c b/src/lib/eo/eo.c index fb9f57f9ae..e47778e4b9 100644 --- a/src/lib/eo/eo.c +++ b/src/lib/eo/eo.c @@ -2053,7 +2053,10 @@ efl_data_scope_safe_get(const Eo *obj_id, const Efl_Class *klass_id) if (!obj_id) return NULL; EO_OBJ_POINTER_RETURN_VAL(obj_id, obj, NULL); EO_CLASS_POINTER_GOTO(klass_id, klass, err_klass); - if (obj->user_refcount <= 0) goto err_klass; + if (obj->destructed) + { + goto err_klass; + } if (_eo_class_mro_has(obj->klass, klass)) ret = _efl_data_scope_safe_get(obj, klass);