jpeg pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=0ae529ac196a5b212e2b7386aef9978c4cfa095c
commit 0ae529ac196a5b212e2b7386aef9978c4cfa095c Author: Jean-Philippe Andre <[email protected]> Date: Tue Sep 26 17:00:27 2017 +0900 eo: Fix crashes with call cache after init cycle It's not enough to check the init generation count, if the cache data is not reset properly. This patch adds safety in two ways: 1. Actually reset the op call cache when we detect a new generation 2. Verify that we don't return NULL function pointer The 1st point is absolutely necessary, 2nd is optional (extra cost of one if()). @fix --- src/lib/eo/Eo.h | 1 + src/lib/eo/eo.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/lib/eo/Eo.h b/src/lib/eo/Eo.h index fe5a550316..ea924ab927 100644 --- a/src/lib/eo/Eo.h +++ b/src/lib/eo/Eo.h @@ -1231,6 +1231,7 @@ typedef struct _Efl_Object_Call_Cache // hits. #define EFL_FUNC_COMMON_OP_END(Obj, Name, DefRet) \ __##Name##_op_create: \ + if (EINA_UNLIKELY(___cache.op != EFL_NOOP)) memset(&___cache, 0, sizeof(___cache)); \ ___cache.op = _efl_object_op_api_id_get(EFL_FUNC_COMMON_OP_FUNC(Name), Obj, #Name, __FILE__, __LINE__); \ if (___cache.op == EFL_NOOP) return DefRet; \ ___cache.generation = _efl_object_init_generation; \ diff --git a/src/lib/eo/eo.c b/src/lib/eo/eo.c index b4bd760b44..f7358db12f 100644 --- a/src/lib/eo/eo.c +++ b/src/lib/eo/eo.c @@ -498,6 +498,7 @@ ok_klass_back: call->func = func->func; if (is_obj) call->data = (char *)obj + cache->off[i].off; + if (EINA_UNLIKELY(!call->func)) goto err_cache_op; return EINA_TRUE; } } --
