From 2e3ee0e658f884a126293a8fe41059c0bada5599 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Andre <jp.andre@samsung.com>
Date: Fri, 27 Feb 2015 17:56:49 +0900
Subject: [PATCH] Evas masking: Fix double free() with scaled images

The function image_scaled_update() frees() the old scaled image
passed as input if it doesn't match the old dimensions. This commit
will avoid double frees.
---
 src/lib/evas/canvas/evas_render.c                 |  2 --
 src/modules/evas/engines/gl_generic/evas_engine.c | 13 +++++++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/lib/evas/canvas/evas_render.c b/src/lib/evas/canvas/evas_render.c
index 32c989e8be..a087a45618 100644
--- a/src/lib/evas/canvas/evas_render.c
+++ b/src/lib/evas/canvas/evas_render.c
@@ -1850,8 +1850,6 @@ evas_render_mask_subrender(Evas_Public_Data *evas,
                if (scaled)
                  {
                     done = EINA_TRUE;
-                    if (mdata->surface && (mdata->surface != scaled))
-                      ENFN->image_map_surface_free(ENDT, mdata->surface);
                     mdata->surface = scaled;
                     mdata->w = w;
                     mdata->h = h;
diff --git a/src/modules/evas/engines/gl_generic/evas_engine.c b/src/modules/evas/engines/gl_generic/evas_engine.c
index 95c4c97d2a..edc85b5673 100644
--- a/src/modules/evas/engines/gl_generic/evas_engine.c
+++ b/src/modules/evas/engines/gl_generic/evas_engine.c
@@ -959,6 +959,7 @@ eng_image_scaled_update(void *data EINA_UNUSED, void *scaled, void *image,
    Evas_GL_Image *dst = scaled;
    Evas_GL_Image *src = image;
    Evas_Engine_GL_Context *gc;
+   Eina_Bool reffed = EINA_FALSE;
 
    if (!src) return NULL;
 
@@ -971,7 +972,15 @@ eng_image_scaled_update(void *data EINA_UNUSED, void *scaled, void *image,
        (dst->scaled.w == dst_w) && (dst->scaled.h == dst_h))
      return dst;
 
-   if (dst) evas_gl_common_image_free(dst);
+   if (dst)
+     {
+        if (dst->scaled.origin == src)
+          {
+             src->references++;
+             reffed = EINA_TRUE;
+          }
+        evas_gl_common_image_free(dst);
+     }
    evas_gl_common_image_update(gc, src);
    if (!src->tex)
      {
@@ -992,7 +1001,7 @@ eng_image_scaled_update(void *data EINA_UNUSED, void *scaled, void *image,
    dst->tex->references++;
    dst->tex_only = 1;
 
-   src->references++;
+   if (!reffed) src->references++;
    dst->scaled.origin = src;
    dst->scaled.w = dst_w;
    dst->scaled.h = dst_h;