cedric pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=8ceef8c6ca12b00698c7cd13394fba1de8e4c6b7
commit 8ceef8c6ca12b00698c7cd13394fba1de8e4c6b7
Author: Kateryna Fesyna <k.fes...@samsung.com>
Date: Thu Nov 6 06:18:34 2014 +0100
edje: Edje_Edit - fix segfault on copying state of IMAGE part with twins
Summary:
The copying of state of IMAGE part with twins caused the sefmentation fault
due to the extra memory freing in _edje_edit_part_state_copy() that is deleted
with this commit.
The data that is freed was previously copied from the structure of state
'from' and freeing of this data leads to freeing data of 'from' part.
Later, on copying of tweens to 'to' state array of tweens appears
segmentation fault because we try to access freed data of 'from' state.
@fix
Reviewers: cedric, Hermet, raster, seoz
Subscribers: cedric, reutskiy.v.v
Differential Revision: https://phab.enlightenment.org/D1636
Signed-off-by: Cedric BAIL <ced...@osg.samsung.com>
---
src/lib/edje/edje_edit.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/src/lib/edje/edje_edit.c b/src/lib/edje/edje_edit.c
index b7247ac..5b952b0 100644
--- a/src/lib/edje/edje_edit.c
+++ b/src/lib/edje/edje_edit.c
@@ -5085,12 +5085,6 @@ _edje_edit_part_state_copy(Evas_Object *obj, const char
*part, const char *part_
img_to->image = img_from->image;
- /* Update pointers. */
- for (i = 0; i < img_to->image.tweens_count; ++i)
- free(img_to->image.tweens[i]);
- if (img_to->image.tweens_count > 0)
- free(img_to->image.tweens);
-
img_to->image.tweens_count = img_from->image.tweens_count;
img_to->image.tweens = calloc(img_to->image.tweens_count,
sizeof (Edje_Part_Image_Id*));
--
