On Mon, Feb 23, 2009 at 4:48 PM, Samaresh Singh <samare...@yahoo.com> wrote:
> Hi,
>
> I have the following proposal to improve epeg-0.9.1.042. It is currently
> giving SIGSEGV due to double free if epeg_close is called twice consecutively.
>
> ===
> EAPI void
> epeg_close(Epeg_Image *im)
> {
> //if (!im) return;
> /*The proposed chnage is the next line instaed of the commented line above*/
> if ((!im) || !(*im)) return;
> if (im->pixels) free(im->pixels);
> if (im->lines) free(im->lines);
> if (im->in.file) free(im->in.file);
> if (!im->in.file) free(im->in.jinfo.src);
> if (im->in.f || im->in.mem.data) jpeg_destroy_decompress(&(im->in.jinfo));
> if (im->in.f) fclose(im->in.f);
> if (im->in.comment) free(im->in.comment);
> if (im->in.thumb_info.uri) free(im->in.thumb_info.uri);
> if (im->in.thumb_info.mime) free(im->in.thumb_info.mime);
> if (im->out.file) free(im->out.file);
> if (!im->out.file) free(im->out.jinfo.dest);
> if (im->out.f || im->in.mem.data) jpeg_destroy_compress(&(im->out.jinfo));
> if (im->out.f) fclose(im->out.f);
> if (im->out.comment) free(im->out.comment);
> free(im);
> /*Another change*/
> im=NULL;
> }
> ===
>
> Basically the changes are in epeg_close function of the
> XXX/src/lib/epeg_main.c file. The SIGSEGV volation stopped if we return not
> on (!im) but on (!(im) || !(*im)). Moreover, it will not hurt but may save
> one from one of those unpredictable issues by the statement: im = NULL, at
> the end.
Well, first of all EPEG is deprecated, Evas contains all the
functionality there, use evas_object_image_load_size_set().
But this patch is very weird. "im" is the pointer, so it cannot be
NULL, fine. But *im is not required to be NULL, and your block
> /*Another change*/
> im=NULL;
is not what you think, it will not make *im == NULL, but rather change
the local variable "im" (just inside the function!) to point
elsewhere. This is known as "dead assignment" as nothing reads value
of "im" after it is written.
I'd say after "epeg_close()" the given pointer is to be considered
invalid and should not be used anymore. It's like free(ptr), after
this call ptr is now invalid.
Regards,
--
Gustavo Sverzut Barbieri
http://profusion.mobi embedded systems
--------------------------------------
MSN: barbi...@gmail.com
Skype: gsbarbieri
Mobile: +55 (19) 9225-2202
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
