HomePhabricator

gl_common: fix invalid memory access

Authored by zmike on May 31 2018, 11:11 AM.

Description

gl_common: fix invalid memory access

Summary:
code was added which ignores the comment explicitly warning not to
do what was done here

ref 9e01cf2698d5b24f440d696fd57d469cdc5a6b5f

ref T6970

4829== Invalid read of size 1

4829== at 0x246D8F06: evas_gl_common_image_update (evas_gl_image.c:907)

4829== by 0x246DAA7B: evas_gl_common_image_draw (evas_gl_image.c:1417)

4829== by 0x246A2AB6: eng_image_draw (evas_engine.c:1240)

4829== by 0x6A87842: _draw_image (evas_object_image.c:1403)

4829== by 0x6A8A1BF: _evas_image_render (evas_object_image.c:2171)

4829== by 0x6A890C1: evas_object_image_render (evas_object_image.c:1868)

4829== by 0x6B09C82: evas_render_mapped (evas_render.c:2292)

4829== by 0x6B0CE90: evas_render_updates_internal_loop (evas_render.c:3079)

4829== by 0x6B0EACA: evas_render_updates_internal (evas_render.c:3522)

4829== by 0x6B1087C: evas_render_updates_internal_wait (evas_render.c:3946)

4829== by 0x6B10A4D: _evas_canvas_render_updates (evas_render.c:3971)

4829== by 0x6A7A234: evas_canvas_render_updates (evas_canvas.eo.c:212)

4829== by 0x6A7BBD4: evas_render_updates (evas_canvas.eo.c:758)

4829== by 0x808A7D8: ecore_evas_render (ecore_evas.c:177)

4829== by 0x808AA58: _ecore_evas_idle_enter (ecore_evas.c:284)

4829== by 0x5CC1E46: _ecore_call_task_cb (ecore_private.h:442)

4829== by 0x5CC1EAE: _ecore_factorized_idle_process (ecore_idler.c:35)

4829== by 0xBFA4DD4: _event_callback_call (eo_base_class.c:1663)

4829== by 0xBFA50A6: _efl_object_event_callback_call (eo_base_class.c:1747)

4829== by 0xBFA514C: efl_event_callback_call (eo_base_class.c:1750)

4829== by 0x5CC661B: _ecore_main_loop_iterate_internal (ecore_main.c:2352)

4829== by 0x5CC3F65: _ecore_main_loop_begin (ecore_main.c:1175)

4829== by 0x5CCC856: _efl_loop_begin (efl_loop.c:83)

4829== by 0x5CCEF6D: efl_loop_begin (efl_loop.eo.c:28)

4829== by 0x5CC40DF: ecore_main_loop_begin (ecore_main.c:1248)

4829== by 0x5480EE: main (e_main.c:1090)

4829== Address 0x2bfc30f8 is 328 bytes inside a block of size 560 free'd

4829== at 0x4C30D18: free (vg_replace_malloc.c:530)

4829== by 0x540AE91: _eina_freeq_free_do (eina_freeq.c:118)

4829== by 0x540B7B0: eina_freeq_ptr_add (eina_freeq.c:372)

4829== by 0x6BCD23C: _evas_common_rgba_image_delete (evas_image_main.c:555)

4829== by 0x6B41538: _evas_cache_image_entry_delete (evas_cache_image.c:205)

4829== by 0x6B43503: evas_cache_image_drop (evas_cache_image.c:945)

4829== by 0x6B43F4F: evas_cache_image_size_set (evas_cache_image.c:1166)

4829== by 0x246D6548: evas_gl_common_image_alloc_ensure (evas_gl_image.c:17)

4829== by 0x246D8EA8: evas_gl_common_image_update (evas_gl_image.c:869)

4829== by 0x246DAA7B: evas_gl_common_image_draw (evas_gl_image.c:1417)

4829== by 0x246A2AB6: eng_image_draw (evas_engine.c:1240)

4829== by 0x6A87842: _draw_image (evas_object_image.c:1403)

4829== by 0x6A8A1BF: _evas_image_render (evas_object_image.c:2171)

4829== by 0x6A890C1: evas_object_image_render (evas_object_image.c:1868)

4829== by 0x6B09C82: evas_render_mapped (evas_render.c:2292)

4829== by 0x6B0CE90: evas_render_updates_internal_loop (evas_render.c:3079)

4829== by 0x6B0EACA: evas_render_updates_internal (evas_render.c:3522)

4829== by 0x6B1087C: evas_render_updates_internal_wait (evas_render.c:3946)

4829== by 0x6B10A4D: _evas_canvas_render_updates (evas_render.c:3971)

4829== by 0x6A7A234: evas_canvas_render_updates (evas_canvas.eo.c:212)

4829== by 0x6A7BBD4: evas_render_updates (evas_canvas.eo.c:758)

4829== by 0x808A7D8: ecore_evas_render (ecore_evas.c:177)

4829== by 0x808AA58: _ecore_evas_idle_enter (ecore_evas.c:284)

4829== by 0x5CC1E46: _ecore_call_task_cb (ecore_private.h:442)

4829== by 0x5CC1EAE: _ecore_factorized_idle_process (ecore_idler.c:35)

4829== by 0xBFA4DD4: _event_callback_call (eo_base_class.c:1663)

4829== by 0xBFA50A6: _efl_object_event_callback_call (eo_base_class.c:1747)

4829== by 0xBFA514C: efl_event_callback_call (eo_base_class.c:1750)

4829== by 0x5CC661B: _ecore_main_loop_iterate_internal (ecore_main.c:2352)

4829== by 0x5CC3F65: _ecore_main_loop_begin (ecore_main.c:1175)

4829== by 0x5CCC856: _efl_loop_begin (efl_loop.c:83)

4829== by 0x5CCEF6D: efl_loop_begin (efl_loop.eo.c:28)

4829== by 0x5CC40DF: ecore_main_loop_begin (ecore_main.c:1248)

4829== by 0x5480EE: main (e_main.c:1090)

4829== Block was alloc'd at

4829== at 0x4C31A1E: calloc (vg_replace_malloc.c:711)

4829== by 0x6BCCF2F: _evas_common_rgba_image_new (evas_image_main.c:509)

4829== by 0x6B41588: _evas_cache_image_entry_new (evas_cache_image.c:261)

4829== by 0x6B44861: evas_cache_image_empty (evas_cache_image.c:1447)

4829== by 0x246D845B: evas_gl_common_image_native_disable (evas_gl_image.c:624)

4829== by 0x253F3C09: eng_image_native_set (evas_engine.c:1234)

4829== by 0x6A86204: _evas_image_native_surface_set (evas_object_image.c:1021)

4829== by 0x6A7E110: evas_object_image_native_surface_set (evas_image_legacy.c:509)

4829== by 0x6A8609A: _on_image_native_surface_del (evas_object_image.c:998)

4829== by 0x6A55190: _eo_evas_object_cb (evas_callbacks.c:184)

4829== by 0xBFA4EB7: _event_callback_call (eo_base_class.c:1686)

4829== by 0xBFA51F8: _efl_object_event_callback_legacy_call (eo_base_class.c:1759)

4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)

4829== by 0x6A968ED: _efl_canvas_object_efl_object_event_callback_legacy_call (evas_object_main.c:1229)

4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)

4829== by 0x6A55C3D: evas_object_event_callback_call (evas_callbacks.c:413)

4829== by 0x6A96D3E: _efl_canvas_object_efl_object_invalidate (evas_object_main.c:1279)

4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)

4829== by 0xBFA0A09: _efl_invalidate (eo_base_class.c:170)

4829== by 0xBFA2737: _efl_object_parent_set (eo_base_class.c:734)

4829== by 0xBFA6BDA: efl_parent_set (efl_object.eo.c:12)

4829== by 0xBFA2537: efl_del (eo_base_class.c:686)

4829== by 0x6A96082: evas_object_del (evas_object_main.c:1041)

4829== by 0x2C9D519F: _bar_icon_preview_del (bar.c:762)

4829== by 0x6A55190: _eo_evas_object_cb (evas_callbacks.c:184)

4829== by 0xBFA4EB7: _event_callback_call (eo_base_class.c:1686)

4829== by 0xBFA51F8: _efl_object_event_callback_legacy_call (eo_base_class.c:1759)

4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)

4829== by 0x6A968ED: _efl_canvas_object_efl_object_event_callback_legacy_call (evas_object_main.c:1229)

4829== by 0xBFA529E: efl_event_callback_legacy_call (eo_base_class.c:1762)

4829== by 0x6A55C3D: evas_object_event_callback_call (evas_callbacks.c:413)

4829== by 0x6A96D3E: _efl_canvas_object_efl_object_invalidate (evas_object_main.c:1279)

4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)

4829== by 0x7BE9326: _efl_access_object_efl_object_invalidate (efl_access_object.c:634)

4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)

4829== by 0xBFA0A09: _efl_invalidate (eo_base_class.c:170)

4829== by 0xBFA2737: _efl_object_parent_set (eo_base_class.c:734)

4829== by 0xBFA6BDA: efl_parent_set (efl_object.eo.c:12)

4829== by 0xBFA2537: efl_del (eo_base_class.c:686)

4829== by 0x6A96082: evas_object_del (evas_object_main.c:1041)

4829== by 0x7CD5F2C: _efl_ui_widget_efl_canvas_group_group_del (efl_ui_widget.c:855)

4829== by 0x6AAD303: efl_canvas_group_del (evas_object_smart.c:1862)

4829== by 0x7AFF104: _elm_box_efl_canvas_group_group_del (elm_box.c:362)

4829== by 0x6AAD303: efl_canvas_group_del (evas_object_smart.c:1862)

4829== by 0x6AABB79: evas_object_smart_del (evas_object_smart.c:1288)

4829== by 0x6A97179: _efl_canvas_object_efl_object_invalidate (evas_object_main.c:1336)

4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)

4829== by 0x7BE9326: _efl_access_object_efl_object_invalidate (efl_access_object.c:634)

4829== by 0xBFA7BAB: efl_invalidate (efl_object.eo.c:72)

4829== by 0xBFA0A09: _efl_invalidate (eo_base_class.c:170)

4829== by 0xBFA2737: _efl_object_parent_set (eo_base_class.c:734)

4829== by 0xBFA6BDA: efl_parent_set (efl_object.eo.c:12)

4829== by 0xBFA2537: efl_del (eo_base_class.c:686)

4829== by 0x6A96082: evas_object_del (evas_object_main.c:1041)

4829== by 0x2C9D41DA: _bar_icon_preview_hide (bar.c:450)

4829== by 0x5CFE14C: _ecore_call_task_cb (ecore_private.h:442)

4829== by 0x5CFE5C4: _ecore_timer_legacy_tick (ecore_timer.c:160)

4829== by 0xBFA4DD4: _event_callback_call (eo_base_class.c:1663)

4829== by 0xBFA50A6: _efl_object_event_callback_call (eo_base_class.c:1747)

4829== by 0xBFA514C: efl_event_callback_call (eo_base_class.c:1750)

4829== by 0x5CFF880: _efl_loop_timer_expired_call (ecore_timer.c:634)

4829== by 0x5CFF6AF: _efl_loop_timer_expired_timers_call (ecore_timer.c:587)

4829== by 0x5CC6522: _ecore_main_loop_iterate_internal (ecore_main.c:2317)

4829== by 0x5CC3F65: _ecore_main_loop_begin (ecore_main.c:1175)

4829== by 0x5CCC856: _efl_loop_begin (efl_loop.c:83)

4829== by 0x5CCEF6D: efl_loop_begin (efl_loop.eo.c:28)

4829== by 0x5CC40DF: ecore_main_loop_begin (ecore_main.c:1248)

4829== by 0x5480EE: main (e_main.c:1090)

Reviewers: ManMower

Reviewed By: ManMower

Subscribers: cedric, committers

Tags: efl

Differential Revision: https://phab.enlightenment.org/D6234