Bug 46169 - Pointer error in FcConfigGlobMatch

Fix possibly accessing the invalid memory and a crash in the worst case
when the glob string is longer than the string.
This commit is contained in:
Akira TAGOH 2012-02-22 16:30:05 +09:00
parent 3abf981542
commit 71b14d645f
1 changed files with 9 additions and 1 deletions

View File

@ -2023,7 +2023,15 @@ FcConfigGlobMatch (const FcChar8 *glob,
return FcTrue; return FcTrue;
/* short circuit another common case */ /* short circuit another common case */
if (strchr ((char *) glob, '*') == 0) if (strchr ((char *) glob, '*') == 0)
string += strlen ((char *) string) - strlen ((char *) glob); {
size_t l1, l2;
l1 = strlen ((char *) string);
l2 = strlen ((char *) glob);
if (l1 < l2)
return FcFalse;
string += (l1 - l2);
}
while (*string) while (*string)
{ {
if (FcConfigGlobMatch (glob, string)) if (FcConfigGlobMatch (glob, string))