[EGIT] [core/efl] master 01/01: Evas text: set NULL free'd pointers in evas_object_text_free()

Mon, 15 Feb 2016 02:45:07 -0800 

tasn pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=b85ae776335e2e4d8c232c263eba94ecbc309ec5

commit b85ae776335e2e4d8c232c263eba94ecbc309ec5
Author: Youngbok Shin <youngb.s...@samsung.com>
Date:   Mon Feb 15 10:41:37 2016 +0000

    Evas text: set NULL free'd pointers in evas_object_text_free()
    
    Summary:
    _render_pre() function could be called for an object which is
    going to be deleted. According to state changes of the object,
    text could be recalculated with free'd pointers. It caused an
    invalid read and crash.
    @fix
    
    Test Plan:
    1. Apply D1747.
    2. Run elementary_test.
    3. Put any character in elm_entry and change paragraph direction.
    4. Put any character again.
    5. It can cause a crash which is caused by invalid read in Evas Text.
    
    Reviewers: herdsman, woohyun, tasn, raster
    
    Subscribers: cedric, jpeg
    
    Differential Revision: https://phab.enlightenment.org/D3445
---
 src/lib/evas/canvas/evas_object_text.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/lib/evas/canvas/evas_object_text.c 
b/src/lib/evas/canvas/evas_object_text.c
index 3ccac40..91fcfa1 100644
--- a/src/lib/evas/canvas/evas_object_text.c
+++ b/src/lib/evas/canvas/evas_object_text.c
@@ -1631,8 +1631,16 @@ evas_object_text_free(Evas_Object *eo_obj, 
Evas_Object_Protected_Data *obj)
    if (o->font && obj->layer && obj->layer->evas)
       evas_font_free(obj->layer->evas->evas, o->font);
    o->font = NULL;
+   o->cur.utf8_text = NULL;
+   o->cur.font = NULL;
+   o->cur.fdesc = NULL;
+   o->cur.source = NULL;
+   o->bidi_delimiters = NULL;
+   o->cur.text = NULL;
+   o->prev = o->cur;
 #ifdef BIDI_SUPPORT
    evas_bidi_paragraph_props_unref(o->bidi_par_props);
+   o->bidi_par_props = NULL;
 #endif
 }
 

--

Reply via email to