elementary - fixed some logic errors patched by rajeev.r@samsung.com

Hi all, I found few memory related issues in elementary package when performed static analysis on it. These issues include: Array indices getting out of bounds, freed memory address being passed to a function as parameter, memory not getting cleaned up because of earlier return statement. Issues details: 1. In elm_widget.c inside function elm_widget_signal_callback_del(), it is possible that freed memory address esd is passed to the sd->callback_del_func(). I think it should be data, not esd. Moreover what if the callback frees memory for data, then the other problem is that the return value is data from the function elm_widget_signal_callback_del() which in my opinion can be a problem. 2. Inside directory src/edje_externals for files elm_genlist.c, elm_notify.c, elm_list.c, elm_thumb.c and elm_map.c, array indices can go beyound bounary. sizeof() operator for an array of character pointers will return [number of elements in the array * size of (char*)], basically 4 times the number of elements which has been taken care in assertion inside src/edje_extenarnals while performing assertion but has been missed in the next statement in the loop condition. 3. In file src/lib/elm_config.c inside function _elm_config_profiles_list, freeing of file iterator has been missed out. Please review the attached patch and let me know your opinion. Thanks. Regards, Rajeev SVN revision: 63550
2011-09-23 00:02:13 +00:00 · 2011-09-23 00:02:13 +00:00 · 009d533645
parent b8068daee9
commit 009d533645
8 changed files with 8 additions and 9 deletions
--- a/legacy/elementary/src/edje_externals/elm_genlist.c
+++ b/legacy/elementary/src/edje_externals/elm_genlist.c
@ -31,7 +31,7 @@ _list_horizontal_setting_get(const char *horizontal_str)

   assert(sizeof(list_horizontal_choices)/sizeof(list_horizontal_choices[0]) == ELM_LIST_LAST + 1);

-   for (i = 0; i < sizeof(list_horizontal_choices); i++)
+   for (i = 0; i < ELM_LIST_LAST; i++)
     {
 	if (!strcmp(horizontal_str, list_horizontal_choices[i]))
 	  return i;
--- a/legacy/elementary/src/edje_externals/elm_list.c
+++ b/legacy/elementary/src/edje_externals/elm_list.c
@ -18,7 +18,7 @@ typedef struct _Elm_Params_List

 #define CHOICE_GET(CHOICES, STR)                \
  unsigned int i;                               \
-  for (i = 0; i < sizeof(CHOICES); i++)         \
+  for (i = 0; i < (sizeof(CHOICES)/sizeof(CHOICES[0])); i++)         \
    if (strcmp(STR, CHOICES[i]) == 0)           \
      return i

--- a/legacy/elementary/src/edje_externals/elm_map.c
+++ b/legacy/elementary/src/edje_externals/elm_map.c
@ -24,7 +24,7 @@ _zoom_mode_get(const char *map_src)
   assert(sizeof(zoom_choices)/sizeof(zoom_choices[0]) ==
 	  ELM_MAP_ZOOM_MODE_LAST + 1);

-   for (i = 0; i < sizeof(zoom_choices); i++)
+   for (i = 0; i < ELM_MAP_ZOOM_MODE_LAST; i++)
     if (!strcmp(map_src, zoom_choices[i])) return i;

   return ELM_MAP_ZOOM_MODE_LAST;
--- a/legacy/elementary/src/edje_externals/elm_notify.c
+++ b/legacy/elementary/src/edje_externals/elm_notify.c
@ -36,7 +36,7 @@ static Elm_Notify_Orient _orient_get(const char *orient)
   assert(sizeof(orients)/sizeof(orients[0]) ==
 	  ELM_NOTIFY_ORIENT_LAST + 1);

-   for (i = 0; i < sizeof(orients); i++)
+   for (i = 0; i < ELM_NOTIFY_ORIENT_LAST; i++)
     if (!strcmp(orient, orients[i])) return i;

   return ELM_NOTIFY_ORIENT_LAST;
--- a/legacy/elementary/src/edje_externals/elm_photocam.c
+++ b/legacy/elementary/src/edje_externals/elm_photocam.c
@ -22,7 +22,7 @@ _zoom_mode_setting_get(const char *zoom_mode_str)

   assert(sizeof(choices)/sizeof(choices[0]) == ELM_PHOTOCAM_ZOOM_MODE_LAST + 1);

-   for (i = 0; i < sizeof(choices); i++)
+   for (i = 0; i < ELM_PHOTOCAM_ZOOM_MODE_LAST; i++)
     {
 	if (!strcmp(zoom_mode_str, choices[i]))
 	  return i;
--- a/legacy/elementary/src/edje_externals/elm_thumb.c
+++ b/legacy/elementary/src/edje_externals/elm_thumb.c
@ -17,7 +17,7 @@ _anim_setting_get(const char *anim_str)

   assert(sizeof(choices)/sizeof(choices[0]) == ELM_THUMB_ANIMATION_LAST + 1);

-   for (i = 0; i < sizeof(choices); i++)
+   for (i = 0; i < ELM_THUMB_ANIMATION_LAST; i++)
     {
 	if (!strcmp(anim_str, choices[i]))
 	  return i;
--- a/legacy/elementary/src/lib/elm_config.c
+++ b/legacy/elementary/src/lib/elm_config.c
@ -913,9 +913,8 @@ sys:
             continue;
          }
     }
-   return flist;
-
   eina_iterator_free(file_it);
+   return flist;

 list_free:
   EINA_LIST_FREE(flist, dir)
--- a/legacy/elementary/src/lib/elm_widget.c
+++ b/legacy/elementary/src/lib/elm_widget.c
@ -1790,7 +1790,7 @@ elm_widget_signal_callback_del(Evas_Object   *obj,
             break;
          }
     }
-   sd->callback_del_func(obj, emission, source, _edje_signal_callback, esd);
+   sd->callback_del_func(obj, emission, source, _edje_signal_callback, data);
   return data;
 }