bu5hm4n pushed a commit to branch efl-1.22.
http://git.enlightenment.org/core/efl.git/commit/?id=59384283bbc61c94a5c0396ab5d4a63eb9fe6072
commit 59384283bbc61c94a5c0396ab5d4a63eb9fe6072
Author: Marcel Hollerbach <m...@marcel-hollerbach.de>
Date: Sun Jun 9 13:14:57 2019 +0200
edje_cc: protect array lookup
it seems with those two actions here in the commit, do use id in a
different way the other actions do. This is commit protects against
this.
Differential Revision: https://phab.enlightenment.org/D9078
---
src/bin/edje/edje_cc_out.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/bin/edje/edje_cc_out.c b/src/bin/edje/edje_cc_out.c
index 02d4ab1968..9725d22684 100644
--- a/src/bin/edje/edje_cc_out.c
+++ b/src/bin/edje/edje_cc_out.c
@@ -752,6 +752,14 @@ check_program(Edje_Part_Collection *pc, Edje_Program *ep,
Eet_File *ef)
{
Edje_Part *part;
+ /*
+ * we are accessing part with an id,
+ * if actions is ACTION_STOP or ACTION_TYPE_SCRIPT, then id is from
the parts array.
+ * In order to not crash here, we should continue here.
+ */
+ if (ep->action != EDJE_ACTION_TYPE_ACTION_STOP || ep->action !=
EDJE_ACTION_TYPE_SCRIPT)
+ continue;
+
if (et->id >= (int) pc->parts_count)
{
ERR("Target id '%d' greater than possible index '%d'.", et->id,
(int) pc->parts_count - 1);
--
