From a3e405ba10b54e2c1f317a266f32fe94daef8d4a Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Wed, 31 Jul 2019 14:05:06 +0100 Subject: [PATCH] evas events - fix segv if pointer data is freed by cb callback can free what is in context. avoid that problem @fix --- src/lib/evas/canvas/evas_events.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib/evas/canvas/evas_events.c b/src/lib/evas/canvas/evas_events.c index 73267ba..938b7ca 100644 --- a/src/lib/evas/canvas/evas_events.c +++ b/src/lib/evas/canvas/evas_events.c @@ -2329,6 +2329,8 @@ _canvas_event_feed_mouse_move_internal(Evas_Public_Data *e, Efl_Input_Pointer_Da copy = evas_event_list_copy(pdata->seat->object.in); EINA_LIST_FOREACH(copy, l, eo_obj) { + Eina_Bool check_nogrep = EINA_FALSE; + obj = efl_data_scope_get(eo_obj, EFL_CANVAS_OBJECT_CLASS); obj_pdata = _evas_object_pointer_data_get(pdata, obj); if (!obj_pdata) @@ -2337,6 +2339,9 @@ _canvas_event_feed_mouse_move_internal(Evas_Public_Data *e, Efl_Input_Pointer_Da ev->device); continue; } + if ((obj_pdata->pointer_mode == EVAS_OBJECT_POINTER_MODE_NOGRAB_NO_REPEAT_UPDOWN) && + (pdata->seat->nogrep > 0)) + check_nogrep = EINA_TRUE; if ((!e->is_frozen) && _evas_event_object_pointer_allow(eo_obj, obj, obj_pdata) && (!evas_object_is_source_invisible(eo_obj, obj) || @@ -2354,8 +2359,7 @@ _canvas_event_feed_mouse_move_internal(Evas_Public_Data *e, Efl_Input_Pointer_Da } else outs = eina_list_append(outs, eo_obj); - if ((obj_pdata->pointer_mode == EVAS_OBJECT_POINTER_MODE_NOGRAB_NO_REPEAT_UPDOWN) && - (pdata->seat->nogrep > 0)) + if (check_nogrep) { eina_list_free(copy); eina_list_free(outs); -- 2.7.4