policy: Fix use after free

The instance of E_Policy_Client has to be freed even though the member
variable `zone` is null.

The zone of E_Policy_Client instance may be NULL until it receives ecore
event, E_EVENT_CLIENT_ZONE_SET. If the callback of E_CLIENT_HOOK_DEL is
called before E_EVENT_CLIENT_ZONE_SET, the callback would return doing
nothing and the `pc` would be remained in hash table, and this will
cause use-after-free.

Change-Id: I14cde4159a2e0bf108d5dacd9897744459a129f7

diff --git a/src/bin/e_policy.c b/src/bin/e_policy.c
index 63f0c03c2298b93e1c2956f56a93dda469321151..a12031a54d79920680ed62b612955767ac4ef018 100644 (file)
--- a/src/bin/e_policy.c
+++ b/src/bin/e_policy.c
@@ -512,10 +512,11 @@ _e_policy_cb_hook_client_del(void *d EINA_UNUSED, E_Client *ec)
 
    pc = eina_hash_find(hash_policy_clients, &ec);
    if (!pc) return;
-   if (!pc->zone) return;
    if (!pc->ec) return;
 
-   e_tzsh_indicator_srv_ower_win_update(pc->zone);
+   if (pc->zone)
+     e_tzsh_indicator_srv_ower_win_update(pc->zone);
+
    e_policy_wl_win_brightness_apply(pc->ec);
    e_policy_wl_client_del(pc->ec);