From: Shinwoo Kim <cinoo.kim@samsung.com>
Date: Fri, 31 Jan 2020 12:34:49 +0000 (+0900)
Subject: evas filter: fix crash issue
X-Git-Tag: accepted/tizen/unified/20200203.125626~10
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=daab34bafb70ceae25a109fc1543ba35364438cd;p=platform%2Fupstream%2Fefl.git

evas filter: fix crash issue

Summary:
If image object geometry is same with image size, then a crash occurs on both
GL and SW engine.

[Test Code]
evas_object_image_size_get(img, &w, &h);
evas_object_resize(img, w, h);

[GL engine]
eng_ector_buffer_wrap should use output instead of engine for calling
evas_ector_buffer_engine_image, because it expects the output not the engine.

[SW engine]
eng_ector_buffer_wrap should check if im->image.data is NULL because
_evas_ector_software_buffer_evas_ector_buffer_engine_image_set returns before
calling evas_cache_iamge_ref if im->image.data is NULL, and it causes
a segmentation fault finally with following backtrace.

(#0) evas_cache_image_drop (im=0x0)
(#1) _evas_ector_software_buffer_efl_object_destructor
(#2) efl_destructor
(#3) _efl_del_internal
(#4) _efl_unref_internal
(#5) _efl_add_internal_end
(#6) _efl_add_end
(#7) eng_ector_buffer_wrap

Test Plan: {F3841366}

Reviewers: Hermet, jsuya

Reviewed By: Hermet

Subscribers: cedric, #reviewers, #committers

Tags: #efl

Differential Revision: https://phab.enlightenment.org/D11258
---

diff --git a/src/lib/evas/filters/evas_filter.c b/src/lib/evas/filters/evas_filter.c
index 59f56ce..feca12d 100644
--- a/src/lib/evas/filters/evas_filter.c
+++ b/src/lib/evas/filters/evas_filter.c
@@ -607,6 +607,8 @@ evas_filter_buffer_backing_set(Evas_Filter_Context *ctx, int bufid,
    if (fb->is_render) goto end;
 
    buffer = ENFN->ector_buffer_wrap(ENC, ctx->evas->evas, engine_buffer);
+   if (!buffer) return EINA_FALSE;
+
    ret = EINA_TRUE;
 
 end:
diff --git a/src/modules/evas/engines/gl_generic/evas_engine.c b/src/modules/evas/engines/gl_generic/evas_engine.c
index 9b17358..fa4ea65 100755
--- a/src/modules/evas/engines/gl_generic/evas_engine.c
+++ b/src/modules/evas/engines/gl_generic/evas_engine.c
@@ -2834,11 +2834,14 @@ static Ector_Buffer *
 eng_ector_buffer_wrap(void *engine EINA_UNUSED, Evas *evas, void *engine_image)
 {
    Evas_GL_Image *im = engine_image;
+   Render_Output_GL_Generic *output;
 
    EINA_SAFETY_ON_NULL_RETURN_VAL(engine_image, NULL);
+   output = _evgl_output_find(engine);
+   if (!output) return NULL;
 
    return efl_add(EVAS_ECTOR_GL_IMAGE_BUFFER_CLASS, evas,
-                  evas_ector_buffer_engine_image_set(efl_added, evas, im));
+                  evas_ector_buffer_engine_image_set(efl_added, output, im));
 }
 
 //FIXME: Currently Ector GL doens't work properly. Use software instead.
diff --git a/src/modules/evas/engines/software_generic/evas_engine.c b/src/modules/evas/engines/software_generic/evas_engine.c
index fec7290..30fa9ae 100755
--- a/src/modules/evas/engines/software_generic/evas_engine.c
+++ b/src/modules/evas/engines/software_generic/evas_engine.c
@@ -4352,8 +4352,10 @@ eng_ector_buffer_wrap(void *data, Evas *e EINA_UNUSED, void *engine_image)
 {
    Image_Entry *ie = engine_image;
    Ector_Buffer *buf = NULL;
+   RGBA_Image *im = (RGBA_Image *)ie;
 
    if (!ie) return NULL;
+   if (!im->image.data) return NULL;
 
    if (!efl_domain_current_push(EFL_ID_DOMAIN_SHARED))
      return NULL;