tasn pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=f210e429663d9bdb0eadf46d42c0ae8742bc615c
commit f210e429663d9bdb0eadf46d42c0ae8742bc615c
Author: Youngbok Shin <youngb.s...@samsung.com>
Date: Thu Aug 27 11:04:57 2015 +0100
edje: Fix double free scenario caused by static pointer.
Summary:
The result of evas_object_textblock_cursor_content_get() API has to be
cleaned
by outside. _edje_entry_cursor_content_get() is calling free() inside of
the
function for handle the result using static pointer. But, the caller of
_edje_entry_cursor_content_get() is already handling the result using
free().
It can cause double free problem.
The bigger issue is in elementary. See elm_entry_cursor_content_get() API's
document. The document advice developers to free the result when it is done.
@fix
Test Plan: N/A
Reviewers: tasn, raster, woohyun
Subscribers: cedric
Differential Revision: https://phab.enlightenment.org/D2991
---
src/lib/edje/edje_entry.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index b7289b4..237e49a 100644
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -3871,18 +3871,11 @@ _edje_entry_cursor_is_visible_format_get(Edje_Real_Part
*rp, Edje_Cursor cur)
char *
_edje_entry_cursor_content_get(Edje_Real_Part *rp, Edje_Cursor cur)
{
- static char *s = NULL;
Evas_Textblock_Cursor *c = _cursor_get(rp, cur);
if (!c) return NULL;
- if (s)
- {
- free(s);
- s = NULL;
- }
- s = evas_textblock_cursor_content_get(c);
- return s;
+ return evas_textblock_cursor_content_get(c);
}
void
--
