From 0b7f42f777a14ee61783fd95dd04e870f02d201e Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 2 Nov 2013 10:23:57 -0700 Subject: [PATCH] Avoid null pointer dereference in FcNameParse if malloc fails Reported by parfait 1.3: Error: Null pointer dereference (CWE 476) Read from null pointer t at line 423 of src/fcname.c in function 'FcNameParse'. Function _FcObjectLookupOtherTypeByName may return constant 'NULL' at line 63, called at line 122 of src/fcobjs.c in function 'FcObjectLookupOtherTypeByName'. Function FcObjectLookupOtherTypeByName may return constant 'NULL' at line 122, called at line 67 of src/fcname.c in function 'FcNameGetObjectType'. Function FcNameGetObjectType may return constant 'NULL' at line 67, called at line 422 in function 'FcNameParse'. Null pointer introduced at line 63 of src/fcobjs.c in function '_FcObjectLookupOtherTypeByName'. Signed-off-by: Alan Coopersmith --- src/fcname.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fcname.c b/src/fcname.c index 712b2fa..f302948 100644 --- a/src/fcname.c +++ b/src/fcname.c @@ -420,6 +420,8 @@ FcNameParse (const FcChar8 *name) if ((c = FcNameGetConstant (save))) { t = FcNameGetObjectType ((char *) c->object); + if (t == NULL) + goto bail2; switch ((int) t->type) { case FcTypeInteger: case FcTypeDouble: