Evas text: set NULL free'd pointers in evas_object_text_free()

Summary:
_render_pre() function could be called for an object which is
going to be deleted. According to state changes of the object,
text could be recalculated with free'd pointers. It caused an
invalid read and crash.
@fix

Test Plan:
1. Apply D1747.
2. Run elementary_test.
3. Put any character in elm_entry and change paragraph direction.
4. Put any character again.
5. It can cause a crash which is caused by invalid read in Evas Text.

Reviewers: herdsman, woohyun, tasn, raster

Subscribers: cedric, jpeg

Differential Revision: https://phab.enlightenment.org/D3445

Change-Id: Id4c680ac7ecab49a59af365dfcd7b6f5dfcca432

diff --git a/src/lib/evas/canvas/evas_object_text.c b/src/lib/evas/canvas/evas_object_text.c
index f5eb94b..ba730ca 100644 (file)
--- a/src/lib/evas/canvas/evas_object_text.c
+++ b/src/lib/evas/canvas/evas_object_text.c
@@ -1578,8 +1578,16 @@ evas_object_text_free(Evas_Object *eo_obj, Evas_Object_Protected_Data *obj)
    if (o->font && obj->layer && obj->layer->evas)
       evas_font_free(obj->layer->evas->evas, o->font);
    o->font = NULL;
+   o->cur.utf8_text = NULL;
+   o->cur.font = NULL;
+   o->cur.fdesc = NULL;
+   o->cur.source = NULL;
+   o->bidi_delimiters = NULL;
+   o->cur.text = NULL;
+   o->prev = o->cur;
 #ifdef BIDI_SUPPORT
    evas_bidi_paragraph_props_unref(o->bidi_par_props);
+   o->bidi_par_props = NULL;
 #endif
 }