timer23
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

eolian: fix use-after-free in eo_parser 

Thanks @netstar for finding this.

Fixes T6523.
This commit is contained in:
Daniel Kolesa 2017-12-19 00:20:40 +01:00
parent a2309c5083
commit 03e77ea361
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/lib/eolian/eo_parser.c
View File

@ -2499,6 +2499,7 @@ end:
Eolian_Unit * Eolian_Unit *
eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot, Eolian_Class **fcl) eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot, Eolian_Class **fcl)
{ {
Eolian_Unit *ret = NULL;
Eolian_Class *cl = eina_hash_find(parent->state->parsed, filename); Eolian_Class *cl = eina_hash_find(parent->state->parsed, filename);
if (cl) if (cl)
{ {
@ -2510,7 +2511,7 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot
fname = eina_stringshare_add((fsl > bsl) ? (fsl + 1) : (bsl + 1)); fname = eina_stringshare_add((fsl > bsl) ? (fsl + 1) : (bsl + 1));
if (fname) if (fname)
{ {
Eolian_Unit *ret = eina_hash_find(parent->state->units, fname); ret = eina_hash_find(parent->state->units, fname);
eina_stringshare_del(fname); eina_stringshare_del(fname);
return ret; return ret;
} }
@ -2555,12 +2556,13 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot
if (fcl) *fcl = cl; if (fcl) *fcl = cl;
done: done:
ret = ls->unit;
eina_hash_set(ls->state->parsed, filename, eot ? (void *)EINA_TRUE : cl); eina_hash_set(ls->state->parsed, filename, eot ? (void *)EINA_TRUE : cl);
eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE);
eina_hash_add(parent->children, filename, ls->unit); eina_hash_add(parent->children, filename, ret);
eo_lexer_free(ls); eo_lexer_free(ls);
return ls->unit; return ret;
error: error:
eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE);