From a8e4d9eb395b45ab23f0c540f919ec432b46dea8 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Sat, 4 Feb 2006 00:04:00 +0000 Subject: [PATCH] Gracefully handle the case where a cache asserts that it has a negative number of fonts, causing overflow. reviewed by: plam --- ChangeLog | 8 ++++++++ src/fcfs.c | 29 +++++++++++++++-------------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a8dbb9..fa13d7b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2006-02-03 Dirk Mueller + reviewed by: plam + + * src/fcfs.c (FcFontSetUnserialize): + + Gracefully handle the case where a cache asserts that it + has a negative number of fonts, causing overflow. + 2006-02-03 Patrick Lam * src/fccache.c (FcDirCacheUnlink): diff --git a/src/fcfs.c b/src/fcfs.c index a9e300d..3be8c79 100644 --- a/src/fcfs.c +++ b/src/fcfs.c @@ -159,23 +159,23 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr) nfont = *(int *)block_ptr; block_ptr = (int *)block_ptr + 1; - if (s->sfont < s->nfont + nfont) - { - int sfont = s->nfont + nfont; - FcPattern ** pp; - pp = realloc (s->fonts, sfont * sizeof (FcPattern)); - if (!pp) - return FcFalse; - s->fonts = pp; - s->sfont = sfont; - } - n = s->nfont; - s->nfont += nfont; - if (nfont > 0) { FcPattern * p = (FcPattern *)block_ptr; + if (s->sfont < s->nfont + nfont) + { + int sfont = s->nfont + nfont; + FcPattern ** pp; + pp = realloc (s->fonts, sfont * sizeof (FcPattern)); + if (!pp) + return FcFalse; + s->fonts = pp; + s->sfont = sfont; + } + n = s->nfont; + s->nfont += nfont; + /* The following line is a bit counterintuitive. The usual * convention is that FcPatternUnserialize is responsible for * aligning the FcPattern. However, the FontSet also stores @@ -187,7 +187,8 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr) block_ptr = FcPatternUnserialize (metadata, block_ptr); block_ptr = FcObjectUnserialize (metadata, block_ptr); + return block_ptr != 0; } - return block_ptr != 0; + return FcFalse; }