From: Carsten Haitzler (Rasterman) <raster@rasterman.com>
Date: Tue, 18 Apr 2017 05:16:53 +0000 (+0900)
Subject: ecore pipe - fix potential use of freed pipe data
X-Git-Tag: upstream/1.20.0~1486
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1eb36e6f8419f12f60e9df37bcce39ae6272e6de;p=platform%2Fupstream%2Fefl.git

ecore pipe - fix potential use of freed pipe data

new thanks to new patches so not an existing bug in the last release
---

diff --git a/src/lib/ecore/ecore_pipe.c b/src/lib/ecore/ecore_pipe.c
index affeaf9..f66c5b3 100644
--- a/src/lib/ecore/ecore_pipe.c
+++ b/src/lib/ecore/ecore_pipe.c
@@ -415,6 +415,8 @@ _ecore_pipe_del(Ecore_Pipe *p)
    epoll_ctl(p->pollfd, EPOLL_CTL_DEL, p->timerfd, NULL);
    if (p->timerfd >= 0) close(p->timerfd);
    if (p->pollfd >= 0) close(p->pollfd);
+   p->timerfd = PIPE_FD_INVALID;
+   p->pollfd = PIPE_FD_INVALID;
 #endif
    p->delete_me = EINA_TRUE;
    if (p->handling > 0) return (void *)p->data;
@@ -429,6 +431,16 @@ _ecore_pipe_del(Ecore_Pipe *p)
    return data;
 }
 
+static void
+_ecore_pipe_unhandle(Ecore_Pipe *p)
+{
+   p->handling--;
+   if (p->delete_me)
+     {
+        _ecore_pipe_del(p);
+     }
+}
+
 #if ! defined(HAVE_SYS_EPOLL_H) || ! defined(HAVE_SYS_TIMERFD_H)
 int
 _ecore_pipe_wait(Ecore_Pipe *p,
@@ -487,10 +499,12 @@ _ecore_pipe_wait(Ecore_Pipe *p,
 
         if (ret > 0)
           {
+             p->handling++;
              _ecore_pipe_read(p, NULL);
              message_count -= p->message;
              total += p->message;
              p->message = 0;
+             _ecore_pipe_unhandle(p);
           }
         else if (ret == 0)
           {
@@ -583,6 +597,7 @@ _ecore_pipe_wait(Ecore_Pipe *p,
                     fd_timer_found = EINA_TRUE;
                }
 
+             p->handling++;
              if (fd_read_found)
                {
                   _ecore_pipe_read(p, NULL);
@@ -594,8 +609,10 @@ _ecore_pipe_wait(Ecore_Pipe *p,
              if (fd_timer_found)
                {
                   pipe_read(p->timerfd, &timerfdbuf, sizeof(timerfdbuf));
+                  _ecore_pipe_unhandle(p);
                   break;
                }
+             _ecore_pipe_unhandle(p);
           }
         else if (ret == 0)
           {
@@ -619,16 +636,6 @@ _ecore_pipe_wait(Ecore_Pipe *p,
 
 #endif
 static void
-_ecore_pipe_unhandle(Ecore_Pipe *p)
-{
-   p->handling--;
-   if (p->delete_me)
-     {
-        _ecore_pipe_del(p);
-     }
-}
-
-static void
 _ecore_pipe_handler_call(Ecore_Pipe *p,
                          unsigned char *buf,
                          size_t len)