jayji pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=6687e8b0c08336ee238deefd9cf8c570ab54570a
commit 6687e8b0c08336ee238deefd9cf8c570ab54570a Author: Jean Guyomarc'h <[email protected]> Date: Wed Oct 5 12:00:38 2016 +0200 epp: fix memory corruption when using #warning and #error The epp instructions #warning and #error would led to a segmentation fault (invalid free) because the malloced buffer's base pointer was moved. @fix --- src/bin/edje/epp/cpplib.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/bin/edje/epp/cpplib.c b/src/bin/edje/epp/cpplib.c index 1e9802f..0d7bb5d 100644 --- a/src/bin/edje/epp/cpplib.c +++ b/src/bin/edje/epp/cpplib.c @@ -3904,11 +3904,12 @@ do_error(cpp_reader * pfile, struct directive *keyword EINA_UNUSED, { int length = limit - buf; unsigned char *copy = (unsigned char *)xmalloc(length + 1); + unsigned char *msg = copy; memcpy(copy, buf, length); copy[length] = 0; - SKIP_WHITE_SPACE(copy); - cpp_error(pfile, "#error %s", copy); + SKIP_WHITE_SPACE(msg); + cpp_error(pfile, "#error %s", msg); free(copy); return 0; } @@ -3925,11 +3926,12 @@ do_warning(cpp_reader * pfile, struct directive *keyword EINA_UNUSED, { int length = limit - buf; unsigned char *copy = (unsigned char *)xmalloc(length + 1); + unsigned char *msg = copy; memcpy(copy, buf, length); copy[length] = 0; - SKIP_WHITE_SPACE(copy); - cpp_warning(pfile, "#warning %s", copy); + SKIP_WHITE_SPACE(msg); + cpp_warning(pfile, "#warning %s", msg); free(copy); return 0; } --
