evas: Prevent crash with image_data_get

If the image has no data, it may get an allocated surface of 1x1 but it is not sane to return the pointer to that data, as the user would expect a normally sized image (in my case, 1920x1080). I do not fully understand what is going on with this image. But at least this transforms a crash into a simple ERR in ~/.xessions-errors Two similar crashes happened: - SIGSEGV by writing data outside of the image data - abort() in free() because the malloc metadata has been overridden when writing outside of the image data (newly allocated 1x1). Fixes T5957 @fix
2017-10-18 21:40:01 +09:00 · 2017-10-18 21:40:01 +09:00 · 98622623a0
parent dfd98b3e48
commit 98622623a0
1 changed files with 14 additions and 2 deletions
--- a/src/modules/evas/engines/gl_generic/evas_engine.c
+++ b/src/modules/evas/engines/gl_generic/evas_engine.c
@ -701,11 +701,9 @@ _rotate_image_data(Render_Engine_GL_Generic *re, Evas_GL_Image *im1)
   RGBA_Draw_Context *dc;
   int w, h;

-   gl_context = gl_generic_context_find(re, 1);

   w = im1->w;
   h = im1->h;
-   alpha = eng_image_alpha_get(re, im1);

   if (im1->orient == EVAS_IMAGE_ORIENT_90 ||
       im1->orient == EVAS_IMAGE_ORIENT_270 ||
@ -716,6 +714,10 @@ _rotate_image_data(Render_Engine_GL_Generic *re, Evas_GL_Image *im1)
        h = im1->w;
     }

+   if ((w * h) <= 0) return NULL;
+
+   alpha = eng_image_alpha_get(re, im1);
+   gl_context = gl_generic_context_find(re, 1);
   im2 = evas_gl_common_image_surface_new(gl_context, w, h, alpha, EINA_FALSE);

   evas_gl_common_context_target_surface_set(gl_context, im2);
@ -906,8 +908,18 @@ eng_image_data_get(void *engine, void *image, int to_write, DATA32 **image_data,
 #endif
     error = evas_cache_image_load_data(&im->im->cache_entry);

+   if (err) *err = error;
   if (error != EVAS_LOAD_ERROR_NONE)
     {
+        if (!im->im->image.data ||
+            (im->im->cache_entry.allocated.w != (unsigned) im->w) ||
+            (im->im->cache_entry.allocated.h != (unsigned) im->h))
+          {
+             ERR("GL image has no source data, failed to get pixel data");
+             *image_data = NULL;
+             return im;
+          }
+
        if (tofree && !to_write)
          goto rotate_image;
     }