Add return and null check for preventing invalid memory access

- Issue:
Sometimes, the code may access invalid memory when the function frees
unused memory.

- Solution:
This is because the logic for free Object_Info structure does not check
whether the pointer is not null. There is missing 'return' on 'next'
label, so sometime the code flow can allow freeing members of
Object_Info structure even if the structure still has no memory.
This patch adds missing 'return' expression and null checker for
'object_info'. Through this change, code prevents invalid memory access.

Change-Id: I02d0652f6e3dfb4a8aa6fa0dc25735eac25dc884
Signed-off-by: Suyeon Hwang <stom.hwang@samsung.com>

diff --git a/src/vc_elm_efl_dump.c b/src/vc_elm_efl_dump.c
index 273687f..0bf91c1 100644 (file)
--- a/src/vc_elm_efl_dump.c
+++ b/src/vc_elm_efl_dump.c
@@ -194,6 +194,23 @@ _edje_file_info_save(Ea_Util_Mgr *util_mgr, const Evas_Object *obj)
        evas_object_del(ed);
 }
 
+static void __free_object_info(Object_Info* object_info)
+{
+       if (NULL == object_info) {
+               return;
+       }
+
+       free(object_info->type);
+       free(object_info->group);
+       free(object_info->color_class);
+       free(object_info->part_name);
+       free(object_info->part_state);
+       free(object_info->image_name);
+       free(object_info->text);
+       free(object_info->edje_file);
+       free(object_info);
+}
+
 static void
 _obj_tree_items(Ea_Util_Mgr *util_mgr, Evas_Object *obj, Object_Info *parent)
 {
@@ -388,15 +405,8 @@ next:
        return;
 
 exit:
-       free(object_info->type);
-       free(object_info->group);
-       free(object_info->color_class);
-       free(object_info->part_name);
-       free(object_info->part_state);
-       free(object_info->image_name);
-       free(object_info->text);
-       free(object_info->edje_file);
-       free(object_info);
+       __free_object_info(object_info);
+       object_info = NULL;
        return;
 }
 
@@ -765,17 +775,12 @@ next:
                if (evas_object_type_match(obj, "elm_popup") || evas_object_type_match(obj, "elm_ctxpopup")) find_popup = 1;
        }
        VC_ELM_LOG_DUMP("   [%d] %s : return", cnt, EVAS_OBJECT_TYPE_GET(obj));
+       return;
 
 exit:
-       free(object_info->type);
-       free(object_info->group);
-       free(object_info->color_class);
-       free(object_info->part_name);
-       free(object_info->part_state);
-       free(object_info->image_name);
-       free(object_info->text);
-       free(object_info->edje_file);
-       free(object_info);
+       __free_object_info(object_info);
+       object_info = NULL;
+       return;
 }
 
 static void