From: Jean Guyomarc'h <jean@guyomarch.bzh>
Date: Wed, 5 Oct 2016 10:00:38 +0000 (+0200)
Subject: epp: fix memory corruption when using #warning and #error
X-Git-Tag: submit/tizen/20170221.045909~29
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bcc71c46e75a323ad2d4dfa6c9e044e9ec90f964;p=platform%2Fupstream%2Fefl.git

epp: fix memory corruption when using #warning and #error

The epp instructions #warning and #error would led to a segmentation
fault (invalid free) because the malloced buffer's base pointer was
moved.

@fix

Signed-off-by: Pankaj Mittal <m.pankaj@samsung.com>
Change-Id: I694688fedd6249c0ae34df31ebb8f9670aed847e
---

diff --git a/src/bin/edje/epp/cpplib.c b/src/bin/edje/epp/cpplib.c
index b8e0ff2d64..7351f043b9 100644
--- a/src/bin/edje/epp/cpplib.c
+++ b/src/bin/edje/epp/cpplib.c
@@ -3904,11 +3904,12 @@ do_error(cpp_reader * pfile, struct directive *keyword EINA_UNUSED,
 {
    int                 length = limit - buf;
    unsigned char      *copy = (unsigned char *)xmalloc(length + 1);
+   unsigned char      *msg = copy;
 
    memcpy(copy, buf, length);
    copy[length] = 0;
-   SKIP_WHITE_SPACE(copy);
-   cpp_error(pfile, "#error %s", copy);
+   SKIP_WHITE_SPACE(msg);
+   cpp_error(pfile, "#error %s", msg);
    free(copy);
    return 0;
 }
@@ -3925,11 +3926,12 @@ do_warning(cpp_reader * pfile, struct directive *keyword EINA_UNUSED,
 {
    int                 length = limit - buf;
    unsigned char      *copy = (unsigned char *)xmalloc(length + 1);
+   unsigned char      *msg = copy;
 
    memcpy(copy, buf, length);
    copy[length] = 0;
-   SKIP_WHITE_SPACE(copy);
-   cpp_warning(pfile, "#warning %s", copy);
+   SKIP_WHITE_SPACE(msg);
+   cpp_warning(pfile, "#warning %s", msg);
    free(copy);
    return 0;
 }