e_client: fix refcounting for e_client to fix memory corruption.

double-free error has occurred while freeing e_client in _e_client_free.

e_object_unref(ec)
-> _e_client_free(ec)
 -> evas_object_del(ec->frame)
   -> _e_comp_object_intercept_hook_call -> e_object_ref(ec)
   -> _e_comp_object_intercept_hook_call -> e_object_unref(ec) -> _e_client_free -> free
 -> free: double-free

to resolve this problem, we add reference count inc/dec codes to _e_client_free.

Change-Id: I8b2beaa0c4b2882c6421db0bbe0f00e38d3defee

diff --git a/src/bin/e_client.c b/src/bin/e_client.c
index 411105f9dee0e839825e551622ef29ea483d9a09..011f702ad9320617f0477e36e613b8ee8639b4de 100644 (file)
--- a/src/bin/e_client.c
+++ b/src/bin/e_client.c
@@ -456,6 +456,7 @@ _e_client_free(E_Client *ec)
    e_comp_object_redirected_set(ec->frame, 0);
    e_comp_object_render_update_del(ec->frame);
 
+   E_OBJECT(ec)->references++;
    if (ec->fullscreen)
      {
         ec->desk->fullscreen_clients = eina_list_remove(ec->desk->fullscreen_clients, ec);
@@ -549,6 +550,7 @@ _e_client_free(E_Client *ec)
 
    e_hints_client_list_set();
    evas_object_del(ec->frame);
+   E_OBJECT(ec)->references--;
    free(ec);
 }