From 7df51a8cab8e8de0730abd69547674927f1f9ce9 Mon Sep 17 00:00:00 2001 From: Daniel Kolesa Date: Tue, 19 Dec 2017 00:20:40 +0100 Subject: [PATCH] eolian: fix use-after-free in eo_parser Thanks @netstar for finding this. Fixes T6523. --- src/lib/eolian/eo_parser.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lib/eolian/eo_parser.c b/src/lib/eolian/eo_parser.c index b8e721a..882a8be 100644 --- a/src/lib/eolian/eo_parser.c +++ b/src/lib/eolian/eo_parser.c @@ -2499,6 +2499,7 @@ end: Eolian_Unit * eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot, Eolian_Class **fcl) { + Eolian_Unit *ret = NULL; Eolian_Class *cl = eina_hash_find(parent->state->parsed, filename); if (cl) { @@ -2510,7 +2511,7 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot fname = eina_stringshare_add((fsl > bsl) ? (fsl + 1) : (bsl + 1)); if (fname) { - Eolian_Unit *ret = eina_hash_find(parent->state->units, fname); + ret = eina_hash_find(parent->state->units, fname); eina_stringshare_del(fname); return ret; } @@ -2555,12 +2556,13 @@ eo_parser_database_fill(Eolian_Unit *parent, const char *filename, Eina_Bool eot if (fcl) *fcl = cl; done: + ret = ls->unit; eina_hash_set(ls->state->parsed, filename, eot ? (void *)EINA_TRUE : cl); eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); - eina_hash_add(parent->children, filename, ls->unit); + eina_hash_add(parent->children, filename, ret); eo_lexer_free(ls); - return ls->unit; + return ret; error: eina_hash_set(ls->state->parsing, filename, (void *)EINA_FALSE); -- 2.7.4