q66 pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=03e77ea3611144b1f3cfebcf84580afd4ba65d89
commit 03e77ea3611144b1f3cfebcf84580afd4ba65d89 Author: Daniel Kolesa <[email protected]> Date: Tue Dec 19 00:20:40 2017 +0100 eolian: fix use-after-free in eo_parser Thanks @netstar for finding this. Fixes T6523. --- src/lib/eolian/eo_parser.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lib/eolian/eo_parser.c b/src/lib/eolian/eo_parser.c index b8e721a11b..882a8bef2c 100644 --- a/src/lib/eolian/eo_parser.c +++ b/src/lib/eolian/eo_parser.c @@ -2499,6 +2499,7 @@ end: Eolian_Unit * eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot, Eolian_Class **fcl) { + Eolian_Unit *ret = NULL; Eolian_Class *cl = eina_hash_find(parent->state->parsed, filename); if (cl) { @@ -2510,7 +2511,7 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot fname = eina_stringshare_add((fsl > bsl) ? (fsl + 1) : (bsl + 1)); if (fname) { - Eolian_Unit *ret = eina_hash_find(parent->state->units, fname); + ret = eina_hash_find(parent->state->units, fname); eina_stringshare_del(fname); return ret; } @@ -2555,12 +2556,13 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot if (fcl) *fcl = cl; done: + ret = ls->unit; eina_hash_set(ls->state->parsed, filename, eot ? (void *)EINA_TRUE : cl); eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); - eina_hash_add(parent->children, filename, ls->unit); + eina_hash_add(parent->children, filename, ret); eo_lexer_free(ls); - return ls->unit; + return ret; error: eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); --
