walkero
/
fontconfig
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix array access in a null pointer dereference 

FcFontSetFont() accesses fs->fonts in that macro though, there was no error checks
if it is null or not.
As a result, there was a code path that it could be a null.
Even though this is unlikely to see in usual use, it might be intentionally created
in a cache.

So if fs->fonts is a null, we should consider a cache is invalid.
This commit is contained in:
Akira TAGOH 2018-07-19 07:09:14 +00:00
parent 51afd09d62
commit 586ac3b6c0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/fccache.c
View File

@ -879,7 +879,7 @@ FcCacheOffsetsValid (FcCache *cache)
if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
return FcFalse;
if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
if (!FcIsEncodedOffset(fs->fonts))
return FcFalse;
for (i = 0; i < fs->nfont; i++)