Hello.
I'm just investigating some potential NULL dereferencing in elm_widget
and I wanted to get an opinion on that from Glima and maybe the EO devs.
The root problem is this macro:
#define ELM_WIDGET_DATA_GET_NO_INST(o, wd) \
wd = (o && eo_isa(o, ELM_OBJ_WIDGET_CLASS) ? \
eo_data_get(o, ELM_OBJ_WIDGET_CLASS) : \
NULL)
wd can be NULL, but do not take care about this in all cases. I tried to
understand the logic before making my changes and also looked it over
with a co-worker but I wanted someone else to check this as well.
Patch with my suggestions of fixing this is attached. Please be aware
that we already check for as output of this macro in other places. It
might just be that have not done it here so far as nobody got hit by a
NULL dereference. :)
regards
Stefan Schmidt
diff --git a/trunk/elementary/src/lib/elm_widget.c b/trunk/elementary/src/lib/elm_widget.c
index eb7dab5..e58a487 100644
--- a/trunk/elementary/src/lib/elm_widget.c
+++ b/trunk/elementary/src/lib/elm_widget.c
@@ -1001,13 +1001,16 @@ _elm_widget_sub_object_add(Eo *obj, void *_pd, va_list *list)
{
ELM_WIDGET_DATA_GET(sobj, sdc);
- if (sdc->parent_obj == obj) goto end;;
- if (sdc->parent_obj)
+ if (sdc)
{
- if (!elm_widget_sub_object_del(sdc->parent_obj, sobj))
- return;
+ if (sdc->parent_obj == obj) goto end;
+ if (sdc->parent_obj)
+ {
+ if (!elm_widget_sub_object_del(sdc->parent_obj, sobj))
+ return;
+ }
+ sdc->parent_obj = obj;
}
- sdc->parent_obj = obj;
_elm_widget_top_win_focused_set(sobj, sd->top_win_focused);
/* update child focusable-ness on self and parents, now that a
@@ -1021,6 +1024,8 @@ _elm_widget_sub_object_add(Eo *obj, void *_pd, va_list *list)
{
ELM_WIDGET_DATA_GET_NO_INST(sdp->parent_obj, sdp);
+ if (!sdp) break;
+
if (sdp->child_can_focus) break;
sdp->child_can_focus = EINA_TRUE;
@@ -1128,6 +1133,8 @@ _elm_widget_sub_object_del(Eo *obj, void *_pd, va_list *list)
ELM_WIDGET_DATA_GET(parent, sdp);
+ if (!sdp) break;
+
sdp->child_can_focus = EINA_FALSE;
EINA_LIST_FOREACH(sdp->subobjs, l, subobj)
{
@@ -1146,7 +1153,7 @@ _elm_widget_sub_object_del(Eo *obj, void *_pd, va_list *list)
}
ELM_WIDGET_DATA_GET(sobj, sdc);
- sdc->parent_obj = NULL;
+ if (sdc) sdc->parent_obj = NULL;
}
if (sd->resize_obj == sobj) sd->resize_obj = NULL;
@@ -2970,6 +2977,7 @@ _elm_widget_focus_steal(Eo *obj, void *_pd, va_list *list EINA_UNUSED)
o = elm_widget_parent_get(parent);
if (!o) break;
ELM_WIDGET_DATA_GET_NO_INST(o, sd);
+ if (!sd) break;
if (sd->disabled || sd->tree_unfocusable) return;
if (sd->focused) break;
parent = o;
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
