From: Carsten H. (T. R. <ra...@ra...> - 2009-02-25 03:01:58
|
On Tue, 24 Feb 2009 16:52:28 -0300 Gustavo Sverzut Barbieri <bar...@pr...> said: already explained this in gory detail to samaresh :) thanks for re-iterating it :) > On Mon, Feb 23, 2009 at 4:48 PM, Samaresh Singh <sam...@ya...> wrote: > > Hi, > > > > I have the following proposal to improve epeg-0.9.1.042. It is > > currently giving SIGSEGV due to double free if epeg_close is called twice > > consecutively. > > > > === > > EAPI void > > epeg_close(Epeg_Image *im) > > { > > //if (!im) return; > > /*The proposed chnage is the next line instaed of the commented line above*/ > > if ((!im) || !(*im)) return; > > if (im->pixels) free(im->pixels); > > if (im->lines) free(im->lines); > > if (im->in.file) free(im->in.file); > > if (!im->in.file) free(im->in.jinfo.src); > > if (im->in.f || im->in.mem.data) jpeg_destroy_decompress(& > > (im->in.jinfo)); if (im->in.f) fclose(im->in.f); > > if (im->in.comment) free(im->in.comment); > > if (im->in.thumb_info.uri) free(im->in.thumb_info.uri); > > if (im->in.thumb_info.mime) free(im->in.thumb_info.mime); > > if (im->out.file) free(im->out.file); > > if (!im->out.file) free(im->out.jinfo.dest); > > if (im->out.f || im->in.mem.data) jpeg_destroy_compress(&(im->out.jinfo)); > > if (im->out.f) fclose(im->out.f); > > if (im->out.comment) free(im->out.comment); > > free(im); > > /*Another change*/ > > im=NULL; > > } > > === > > > > Basically the changes are in epeg_close function of the > > XXX/src/lib/epeg_main.c file. The SIGSEGV volation stopped if we return not > > on (!im) but on (!(im) || !(*im)). Moreover, it will not hurt but may save > > one from one of those unpredictable issues by the statement: im = NULL, at > > the end. > > Well, first of all EPEG is deprecated, Evas contains all the > functionality there, use evas_object_image_load_size_set(). > > But this patch is very weird. "im" is the pointer, so it cannot be > NULL, fine. But *im is not required to be NULL, and your block > > > /*Another change*/ > > im=NULL; > > is not what you think, it will not make *im == NULL, but rather change > the local variable "im" (just inside the function!) to point > elsewhere. This is known as "dead assignment" as nothing reads value > of "im" after it is written. > > I'd say after "epeg_close()" the given pointer is to be considered > invalid and should not be used anymore. It's like free(ptr), after > this call ptr is now invalid. > > Regards, > > -- > Gustavo Sverzut Barbieri > http://profusion.mobi embedded systems > -------------------------------------- > MSN: bar...@gm... > Skype: gsbarbieri > Mobile: +55 (19) 9225-2202 > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > enlightenment-devel mailing list > enl...@li... > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) ra...@ra... |