raster pushed a commit to branch master. http://git.enlightenment.org/core/enlightenment.git/commit/?id=0a4f035fb60ca18f6921e5ffeefae64e6252f5d7
commit 0a4f035fb60ca18f6921e5ffeefae64e6252f5d7 Author: Carsten Haitzler (Rasterman) <[email protected]> Date: Tue Aug 6 17:54:40 2019 +0100 wl dnd - fix more use after free restructure code a bit to not fall into this trap as easily and remove the falling into the trap where we use buf after freeing it. fixes CID 1403924 --- src/modules/xwayland/dnd.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/modules/xwayland/dnd.c b/src/modules/xwayland/dnd.c index b8beb162c..dd56b22a3 100644 --- a/src/modules/xwayland/dnd.c +++ b/src/modules/xwayland/dnd.c @@ -363,13 +363,9 @@ _xwl_pipe_read(void *data, Ecore_Fd_Handler *fdh) unsigned char *buf; buf = malloc(INCR_CHUNK_SIZE); + if (!buf) goto err; + len = read(ecore_main_fd_handler_fd_get(fdh), (void*)buf, INCR_CHUNK_SIZE); - if (len < 0) - { - free(buf); - _incr_update(p, 0); - eina_hash_del_by_key(pipes, &p->win); - } if (len == INCR_CHUNK_SIZE) { p->buf = eina_binbuf_manage_new(buf, len, 0); @@ -386,22 +382,28 @@ _xwl_pipe_read(void *data, Ecore_Fd_Handler *fdh) ecore_main_fd_handler_active_set(p->fdh, 0); return ECORE_CALLBACK_RENEW; } - if (len) - p->buf = eina_binbuf_manage_new(buf, len, 0); + else if (len > 0) + { + p->buf = eina_binbuf_manage_new(buf, len, 0); + } else { _incr_update(p, 0); + eina_hash_del_by_key(pipes, &p->win); free(buf); return ECORE_CALLBACK_RENEW; } _incr_upload(p); if (p->incr) - ecore_main_fd_handler_active_set(p->fdh, 0); + { + ecore_main_fd_handler_active_set(p->fdh, 0); + } else { _incr_update(p, 1); eina_hash_del_by_key(pipes, &p->win); } +err: return ECORE_CALLBACK_RENEW; } --
