diff options
| author | Mike Blumenkrantz <zmike@samsung.com> | 2018-05-31 13:11:09 -0500 |
|---|---|---|
| committer | Derek Foreman <derekf@osg.samsung.com> | 2018-05-31 13:12:18 -0500 |
| commit | 5b043be1db7cd54018a884072c825a0d94648710 (patch) | |
| tree | b0efedf0364765ec1f128a44b9ff8f8ba0dae86f | |
| parent | 121a85f2fcb9e98cbdc34f5ed71cf59e06c8f1a6 (diff) | |
| download | efl-5b043be1db7cd54018a884072c825a0d94648710.tar.gz | |
gl_common: fix invalid memory access
Summary:
code was added which ignores the comment explicitly warning not to
do what was done here
ref 9e01cf2698d5b24f440d696fd57d469cdc5a6b5f
ref T6970
==4829== Invalid read of size 1
==4829== at 0x246D8F06: evas_gl_common_image_update (evas_gl_image.c:907)
==4829== by 0x246DAA7B: evas_gl_common_image_draw (evas_gl_image.c:1417)
==4829== by 0x246A2AB6: eng_image_draw (evas_engine.c:1240)
==4829== by 0x6A87842: _draw_image (evas_object_image.c:1403)
==4829== by 0x6A8A1BF: _evas_image_render (evas_object_image.c:2171)
==4829== by 0x6A890C1: evas_object_image_render (evas_object_image.c:1868)
==4829== by 0x6B09C82: evas_render_mapped (evas_render.c:2292)
==4829== by 0x6B0CE90: evas_render_updates_internal_loop (evas_render.c:3079)
==4829== by 0x6B0EACA: evas_render_updates_internal (evas_render.c:3522)
==4829== by 0x6B1087C: evas_render_updates_internal_wait (evas_render.c:3946)
==4829== by 0x6B10A4D: _evas_canvas_render_updates (evas_render.c:3971)
==4829== by 0x6A7A234: evas_canvas_render_updates (evas_canvas.eo.c:212)
==4829== by 0x6A7BBD4: evas_render_updates (evas_canvas.eo.c:758)
==4829== by 0x808A7D8: ecore_evas_render (ecore_evas.c:177)
==4829== by 0x808AA58: _ecore_evas_idle_enter (ecore_evas.c:284)
==4829== by 0x5CC1E46: _ecore_call_task_cb (ecore_private.h:442)
==4829== by 0x5CC1EAE: _ecore_factorized_idle_process (ecore_idler.c:35)
==4829== by 0xBFA4DD4: _event_callback_call (eo_base_class.c:1663)
==4829== by 0xBFA50A6: _efl_object_event_callback_call (eo_base_class.c:1747)
==4829== by 0xBFA514C: efl_event_callback_call (eo_base_class.c:1750)
==4829== by 0x5CC661B: _ecore_main_loop_iterate_internal (ecore_main.c:2352)
==4829== by 0x5CC3F65: _ecore_main_loop_begin (ecore_main.c:1175)
==4829== by 0x5CCC856: _efl_loop_begin (efl_loop.c:83)
==4829== by 0x5CCEF6D: efl_loop_begin (efl_loop.eo.c:28)
==4829== by 0x5CC40DF: ecore_main_loop_begin (ecore_main.c:1248)
==4829== by 0x5480EE: main (e_main.c:1090)
==4829== Address 0x2bfc30f8 is 328 bytes inside a block of size 560 free'd
==4829== at 0x4C30D18: free (vg_replace_malloc.c:530)
==4829== by 0x540AE91: _eina_freeq_free_do (eina_freeq.c:118)
==4829== by 0x540B7B0: eina_freeq_ptr_add (eina_freeq.c:372)
==4829== by 0x6BCD23C: _evas_common_rgba_image_delete (evas_image_main.c:555)
==4829== by 0x6B41538: _evas_cache_image_entry_delete (evas_cache_image.c:205)
==4829== by 0x6B43503: evas_cache_image_drop (evas_cache_image.c:945)
==4829== by 0x6B43F4F: evas_cache_image_size_set (evas_cache_image.c:1166)
==4829== by 0x246D6548: evas_gl_common_image_alloc_ensure (evas_gl_image.c:17)
==4829== by 0x246D8EA8: evas_gl_common_image_update (evas_gl_image.c:869)
==4829== by 0x246DAA7B: evas_gl_common_image_draw (evas_gl_image.c:1417)
==4829== by 0x246A2AB6: eng_image_draw (evas_engine.c:1240)
==4829== by 0x6A87842: _draw_image (evas_object_image.c:1403)
==4829== by 0x6A8A1BF: _evas_image_render (evas_object_image.c:2171)
==4829== by 0x6A890C1: evas_object_image_render (evas_object_image.c:1868)
==4829== by 0x6B09C82: evas_render_mapped (evas_render.c:2292)
==4829== by 0x6B0CE90: evas_render_updates_internal_loop (evas_render.c:3079)
==4829== by 0x6B0EACA: evas_render_updates_internal (evas_render.c:3522)
==4829== by 0x6B1087C: evas_render_updates_internal_wait (evas_render.c:3946)
==4829== by 0x6B10A4D: _evas_canvas_render_updates (evas_render.c:3971)
==4829== by 0x6A7A234: evas_canvas_render_updates (evas_canvas.eo.c:212)
==4829== by 0x6A7BBD4: evas_render_updates (evas_canvas.eo.c:758)
==4829== by 0x808A7D8: ecore_evas_render (ecore_evas.c:177)
==4829== by 0x808AA58: _ecore_evas_idle_enter (ecore_evas.c:284)
==4829== by 0x5CC1E46: _ecore_call_task_cb (ecore_private.h:442)
==4829== by 0x5CC1EAE: _ecore_factorized_idle_process (ecore_idler.c:35)
==4829== by 0xBFA4DD4: _event_callback_call (eo_base_class.c:1663)
==4829== by 0xBFA50A6: _efl_object_event_callback_call (eo_base_class.c:1747)
==4829== by 0xBFA514C: efl_event_callback_call (eo_base_class.c:1750)
==4829== by 0x5CC661B: _ecore_main_loop_iterate_internal (ecore_main.c:2352)
==4829== by 0x5CC3F65: _ecore_main_loop_begin (ecore_main.c:1175)
==4829== by 0x5CCC856: _efl_loop_begin (efl_loop.c:83)
==4829== by 0x5CCEF6D: efl_loop_begin (efl_loop.eo.c:28)
==4829== by 0x5CC40DF: ecore_main_loop_begin (ecore_main.c:1248)
==4829== by 0x5480EE: main (e_main.c:1090)
==4829== Block was alloc'd at
==4829== at 0x4C31A1E: calloc (vg_replace_malloc.c:711)
==4829== by 0x6BCCF2F: _evas_common_rgba_image_new (evas_image_main.c:509)
==4829== by 0x6B41588: _evas_cache_image_entry_new (evas_cache_image.c:261)
==4829== by 0x6B44861: evas_cache_image_empty (evas_cache_image.c:1447)
==4829== by 0x246D845B: evas_gl_common_image_native_disable (evas_gl_image.c:624)
==4829== by 0x253F3C09: eng_image_native_set (evas_engine.c:1234)
==4829== by 0x6A86204: _evas_image_native_surface_set (evas_object_image.c:1021)
==4829== by 0x6A7E110: evas_object_image_native_surface_set (evas_image_legacy.c:509)
==4829== by 0x6A8609A: _on_image_native_surface_del (evas_object_image.c:998)
==4829== by 0x6A55190: _eo_evas_object_cb (evas_callbacks.c:184)
==4829== by 0xBFA4EB7: _event_callback_call (eo_base_class.c:1686)
==4829== by 0xBFA51F8: _efl_object_event_callback_legacy_call (eo_base_class.c:1759)
==4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)
==4829== by 0x6A968ED: _efl_canvas_object_efl_object_event_callback_legacy_call (evas_object_main.c:1229)
==4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)
==4829== by 0x6A55C3D: evas_object_event_callback_call (evas_callbacks.c:413)
==4829== by 0x6A96D3E: _efl_canvas_object_efl_object_invalidate (evas_object_main.c:1279)
==4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)
==4829== by 0xBFA0A09: _efl_invalidate (eo_base_class.c:170)
==4829== by 0xBFA2737: _efl_object_parent_set (eo_base_class.c:734)
==4829== by 0xBFA6BDA: efl_parent_set (efl_object.eo.c:12)
==4829== by 0xBFA2537: efl_del (eo_base_class.c:686)
==4829== by 0x6A96082: evas_object_del (evas_object_main.c:1041)
==4829== by 0x2C9D519F: _bar_icon_preview_del (bar.c:762)
==4829== by 0x6A55190: _eo_evas_object_cb (evas_callbacks.c:184)
==4829== by 0xBFA4EB7: _event_callback_call (eo_base_class.c:1686)
==4829== by 0xBFA51F8: _efl_object_event_callback_legacy_call (eo_base_class.c:1759)
==4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)
==4829== by 0x6A968ED: _efl_canvas_object_efl_object_event_callback_legacy_call (evas_object_main.c:1229)
==4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)
==4829== by 0x6A55C3D: evas_object_event_callback_call (evas_callbacks.c:413)
==4829== by 0x6A96D3E: _efl_canvas_object_efl_object_invalidate (evas_object_main.c:1279)
==4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)
==4829== by 0x7BE9326: _efl_access_object_efl_object_invalidate (efl_access_object.c:634)
==4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)
==4829== by 0xBFA0A09: _efl_invalidate (eo_base_class.c:170)
==4829== by 0xBFA2737: _efl_object_parent_set (eo_base_class.c:734)
==4829== by 0xBFA6BDA: efl_parent_set (efl_object.eo.c:12)
==4829== by 0xBFA2537: efl_del (eo_base_class.c:686)
==4829== by 0x6A96082: evas_object_del (evas_object_main.c:1041)
==4829== by 0x7CD5F2C: _efl_ui_widget_efl_canvas_group_group_del (efl_ui_widget.c:855)
==4829== by 0x6AAD303: efl_canvas_group_del (evas_object_smart.c:1862)
==4829== by 0x7AFF104: _elm_box_efl_canvas_group_group_del (elm_box.c:362)
==4829== by 0x6AAD303: efl_canvas_group_del (evas_object_smart.c:1862)
==4829== by 0x6AABB79: evas_object_smart_del (evas_object_smart.c:1288)
==4829== by 0x6A97179: _efl_canvas_object_efl_object_invalidate (evas_object_main.c:1336)
==4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)
==4829== by 0x7BE9326: _efl_access_object_efl_object_invalidate (efl_access_object.c:634)
==4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)
==4829== by 0xBFA0A09: _efl_invalidate (eo_base_class.c:170)
==4829== by 0xBFA2737: _efl_object_parent_set (eo_base_class.c:734)
==4829== by 0xBFA6BDA: efl_parent_set (efl_object.eo.c:12)
==4829== by 0xBFA2537: efl_del (eo_base_class.c:686)
==4829== by 0x6A96082: evas_object_del (evas_object_main.c:1041)
==4829== by 0x2C9D41DA: _bar_icon_preview_hide (bar.c:450)
==4829== by 0x5CFE14C: _ecore_call_task_cb (ecore_private.h:442)
==4829== by 0x5CFE5C4: _ecore_timer_legacy_tick (ecore_timer.c:160)
==4829== by 0xBFA4DD4: _event_callback_call (eo_base_class.c:1663)
==4829== by 0xBFA50A6: _efl_object_event_callback_call (eo_base_class.c:1747)
==4829== by 0xBFA514C: efl_event_callback_call (eo_base_class.c:1750)
==4829== by 0x5CFF880: _efl_loop_timer_expired_call (ecore_timer.c:634)
==4829== by 0x5CFF6AF: _efl_loop_timer_expired_timers_call (ecore_timer.c:587)
==4829== by 0x5CC6522: _ecore_main_loop_iterate_internal (ecore_main.c:2317)
==4829== by 0x5CC3F65: _ecore_main_loop_begin (ecore_main.c:1175)
==4829== by 0x5CCC856: _efl_loop_begin (efl_loop.c:83)
==4829== by 0x5CCEF6D: efl_loop_begin (efl_loop.eo.c:28)
==4829== by 0x5CC40DF: ecore_main_loop_begin (ecore_main.c:1248)
==4829== by 0x5480EE: main (e_main.c:1090)
Reviewers: ManMower
Reviewed By: ManMower
Subscribers: cedric, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D6234
| -rw-r--r-- | src/modules/evas/engines/gl_common/evas_gl_image.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/modules/evas/engines/gl_common/evas_gl_image.c b/src/modules/evas/engines/gl_common/evas_gl_image.c index 11ec705b9c..c3a33e9b79 100644 --- a/src/modules/evas/engines/gl_common/evas_gl_image.c +++ b/src/modules/evas/engines/gl_common/evas_gl_image.c @@ -858,7 +858,6 @@ evas_gl_common_image_update(Evas_Engine_GL_Context *gc, Evas_GL_Image *im) Image_Entry *ie; if (!im->im) return; - // alloc ensure can change im->im, so only get the local variable later. ie = &im->im->cache_entry; if (!im->tex) { @@ -867,6 +866,8 @@ evas_gl_common_image_update(Evas_Engine_GL_Context *gc, Evas_GL_Image *im) im->h = ie->h; } evas_gl_common_image_alloc_ensure(im); + // alloc ensure can change im->im, so only get the local variable later. + ie = &im->im->cache_entry; /* if ((im->cs.space == EVAS_COLORSPACE_YCBCR422P601_PL) || (im->cs.space == EVAS_COLORSPACE_YCBCR422P709_PL)) |