diff --git a/src/loaders/lottie/tvgLottieModel.h b/src/loaders/lottie/tvgLottieModel.h index 934ecfb1..12e8206a 100644 --- a/src/loaders/lottie/tvgLottieModel.h +++ b/src/loaders/lottie/tvgLottieModel.h @@ -937,6 +937,7 @@ struct LottieSlot // used for expression LottieLayer* layer = nullptr; + LottieObject* parent = nullptr; }; diff --git a/src/loaders/lottie/tvgLottieParser.cpp b/src/loaders/lottie/tvgLottieParser.cpp index 05b06b52..35429f0f 100644 --- a/src/loaders/lottie/tvgLottieParser.cpp +++ b/src/loaders/lottie/tvgLottieParser.cpp @@ -26,7 +26,6 @@ #include "tvgLottieParser.h" #include "tvgLottieExpressions.h" - /************************************************************************/ /* Internal Class Implementation */ /************************************************************************/ @@ -469,6 +468,7 @@ void LottieParser::registerSlot(LottieObject* obj, const char* sid) auto slot = new LottieSlot(strdup(sid), obj, type); slot->layer = context.layer; + slot->parent = context.parent; comp->slots.push(slot); } @@ -1501,41 +1501,42 @@ bool LottieParser::apply(LottieSlot* slot, bool byDefault) //OPTIMIZE: we can create the property directly, without object LottieObject* obj = nullptr; //slot object context.layer = slot->layer; + context.parent = slot->parent; switch (slot->type) { case LottieProperty::Type::Position: { obj = new LottieTransform; - context.parent = obj; + // context.parent = obj; parseSlotProperty(static_cast(obj)->position); break; } case LottieProperty::Type::Point: { obj = new LottieTransform; - context.parent = obj; + // context.parent = obj; parseSlotProperty(static_cast(obj)->scale); break; } case LottieProperty::Type::Float: { obj = new LottieTransform; - context.parent = obj; + // context.parent = obj; parseSlotProperty(static_cast(obj)->rotation); break; } case LottieProperty::Type::Opacity: { obj = new LottieSolid; - context.parent = obj; + // context.parent = obj; parseSlotProperty(static_cast(obj)->opacity); break; } case LottieProperty::Type::Color: { obj = new LottieSolid; - context.parent = obj; + // context.parent = obj; parseSlotProperty(static_cast(obj)->color); break; } case LottieProperty::Type::ColorStop: { obj = new LottieGradient; - context.parent = obj; + // context.parent = obj; while (auto key = nextObjectKey()) { if (KEY_AS("p")) parseColorStop(static_cast(obj)); else skip(); @@ -1544,7 +1545,7 @@ bool LottieParser::apply(LottieSlot* slot, bool byDefault) } case LottieProperty::Type::TextDoc: { obj = new LottieText; - context.parent = obj; + // context.parent = obj; parseSlotProperty(static_cast(obj)->doc); break; } @@ -1553,7 +1554,7 @@ bool LottieParser::apply(LottieSlot* slot, bool byDefault) if (KEY_AS("p")) obj = parseAsset(); else skip(); } - context.parent = obj; + // context.parent = obj; break; } default: break; @@ -1566,7 +1567,7 @@ bool LottieParser::apply(LottieSlot* slot, bool byDefault) slot->assign(obj, byDefault); - // delete(obj); // 여기서 expression을 위한 property가 free 됨 (수정필요) + delete(obj); return true; } diff --git a/src/loaders/lottie/tvgLottieProperty.h b/src/loaders/lottie/tvgLottieProperty.h index 763c5535..c5629420 100644 --- a/src/loaders/lottie/tvgLottieProperty.h +++ b/src/loaders/lottie/tvgLottieProperty.h @@ -369,6 +369,7 @@ struct LottieGenericProperty : LottieProperty // TODO: 슬롯 데이터 이전 로직에 expression에 대한 정보 추가 필요 if (rhs.exp) { exp = rhs.exp; + exp->property = this; // Slot JSON obj의 프로퍼티를 바라보면 안되므로, exp를 덮어씌울 때는 반드시 원본 obj의 property를 지정해주어야함. otherwise heap UAF const_cast&>(rhs).exp = nullptr; } }