projects / platform / upstream / efl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd8f585)
edje: Fix double free scenario caused by static pointer.
authorYoungbok Shin <youngb.shin@samsung.com>
Thu, 27 Aug 2015 10:04:57 +0000 (11:04 +0100)
committerTom Hacohen <tom@stosb.com>
Thu, 27 Aug 2015 10:06:23 +0000 (11:06 +0100)
Summary:
The result of evas_object_textblock_cursor_content_get() API has to be cleaned
by outside.  _edje_entry_cursor_content_get() is calling free() inside of the
function for handle the result using static pointer. But, the caller of
_edje_entry_cursor_content_get() is already handling the result using free().
It can cause double free problem.

The bigger issue is in elementary. See elm_entry_cursor_content_get() API's
document. The document advice developers to free the result when it is done.

@fix

Test Plan: N/A

Reviewers: tasn, raster, woohyun

Subscribers: cedric

Differential Revision: https://phab.enlightenment.org/D2991

src/lib/edje/edje_entry.c patch | blob | history

diff --git a/src/lib/edje/edje_entry.c b/src/lib/edje/edje_entry.c
index b7289b4..237e49a 100644 (file)
--- a/src/lib/edje/edje_entry.c
+++ b/src/lib/edje/edje_entry.c
@@ -3871,18 +3871,11 @@ _edje_entry_cursor_is_visible_format_get(Edje_Real_Part *rp, Edje_Cursor cur)
 char *
 _edje_entry_cursor_content_get(Edje_Real_Part *rp, Edje_Cursor cur)
 {
-   static char *s = NULL;
    Evas_Textblock_Cursor *c = _cursor_get(rp, cur);
 
    if (!c) return NULL;
-   if (s)
-     {
-        free(s);
-        s = NULL;
-     }
 
-   s = evas_textblock_cursor_content_get(c);
-   return s;
+   return evas_textblock_cursor_content_get(c);
 }
 
 void
Domain: UI Framework / EFL;