1
0
mirror of git://projects.qi-hardware.com/eda-tools.git synced 2025-01-24 12:41:05 +02:00

eeshow/gui/ (aoi_hover): could cause an access after free

This commit is contained in:
Werner Almesberger 2016-08-20 20:39:08 -03:00
parent dbcacbde0c
commit eeda1c1700
4 changed files with 17 additions and 8 deletions

View File

@ -57,7 +57,15 @@ static bool in_aoi(const struct aoi *aoi, int x, int y)
}
bool aoi_hover(const struct aoi *aois, int x, int y)
/*
* We need a pointer to the anchor of the AoI list here because dehovering may
* delete the AoI *aois points to.
*
* We could just check if hovering == *aois, but that seems risky, because
* hover(..., 0) may destroy more than just the AoI being dehovered.
*/
bool aoi_hover(struct aoi *const *aois, int x, int y)
{
const struct aoi *aoi;
@ -68,7 +76,7 @@ bool aoi_hover(const struct aoi *aois, int x, int y)
hovering = NULL;
}
for (aoi = aois; aoi; aoi = aoi->next)
for (aoi = *aois; aoi; aoi = aoi->next)
if (aoi->hover && in_aoi(aoi, x, y) &&
aoi->hover(aoi->user, 1)) {
hovering = aoi;
@ -118,12 +126,14 @@ void aoi_set_related(struct aoi *aoi, const struct aoi *related)
void aoi_remove(struct aoi **aois, const struct aoi *aoi)
{
assert(aoi);
if (hovering == aoi) {
aoi->hover(aoi->user, 0);
hovering = NULL;
}
while (*aois != aoi)
while (*aois && *aois != aoi)
aois = &(*aois)->next;
assert(*aois);
*aois = aoi->next;
free((void *) aoi);
}
@ -135,4 +145,3 @@ void aoi_dehover(void)
hovering->hover(hovering->user, 0);
hovering = NULL;
}

View File

@ -32,7 +32,7 @@ struct aoi {
struct aoi *aoi_add(struct aoi **aois, const struct aoi *cfg);
void aoi_update(struct aoi *aoi, const struct aoi *cfg);
bool aoi_hover(const struct aoi *aois, int x, int y);
bool aoi_hover(struct aoi *const *aois, int x, int y);
bool aoi_click(const struct aoi *aois, int x, int y);

View File

@ -217,7 +217,7 @@ static bool history_hover_update(void *user, int x, int y)
{
struct gui_ctx *ctx = user;
return aoi_hover(ctx->aois, x, y);
return aoi_hover(&ctx->aois, x, y);
}

View File

@ -419,9 +419,9 @@ static bool sheet_hover_update(void *user, int x, int y)
curr_sheet = find_corresponding_sheet(ctx->old_hist->sheets,
ctx->new_hist->sheets, ctx->curr_sheet);
if (aoi_hover(ctx->aois, x, y))
if (aoi_hover(&ctx->aois, x, y))
return 1;
return aoi_hover(curr_sheet->aois,
return aoi_hover(&curr_sheet->aois,
ex + curr_sheet->xmin, ey + curr_sheet->ymin);
}