jayji pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=6687e8b0c08336ee238deefd9cf8c570ab54570a
commit 6687e8b0c08336ee238deefd9cf8c570ab54570a
Author: Jean Guyomarc'h <j...@guyomarch.bzh>
Date: Wed Oct 5 12:00:38 2016 +0200
epp: fix memory corruption when using #warning and #error
The epp instructions #warning and #error would led to a segmentation
fault (invalid free) because the malloced buffer's base pointer was
moved.
@fix
---
src/bin/edje/epp/cpplib.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/bin/edje/epp/cpplib.c b/src/bin/edje/epp/cpplib.c
index 1e9802f..0d7bb5d 100644
--- a/src/bin/edje/epp/cpplib.c
+++ b/src/bin/edje/epp/cpplib.c
@@ -3904,11 +3904,12 @@ do_error(cpp_reader * pfile, struct directive *keyword
EINA_UNUSED,
{
int length = limit - buf;
unsigned char *copy = (unsigned char *)xmalloc(length + 1);
+ unsigned char *msg = copy;
memcpy(copy, buf, length);
copy[length] = 0;
- SKIP_WHITE_SPACE(copy);
- cpp_error(pfile, "#error %s", copy);
+ SKIP_WHITE_SPACE(msg);
+ cpp_error(pfile, "#error %s", msg);
free(copy);
return 0;
}
@@ -3925,11 +3926,12 @@ do_warning(cpp_reader * pfile, struct directive
*keyword EINA_UNUSED,
{
int length = limit - buf;
unsigned char *copy = (unsigned char *)xmalloc(length + 1);
+ unsigned char *msg = copy;
memcpy(copy, buf, length);
copy[length] = 0;
- SKIP_WHITE_SPACE(copy);
- cpp_warning(pfile, "#warning %s", copy);
+ SKIP_WHITE_SPACE(msg);
+ cpp_warning(pfile, "#warning %s", msg);
free(copy);
return 0;
}
--
