Gracefully handle the case where a cache asserts that it has a negative

number of fonts, causing overflow.
reviewed by: plam
This commit is contained in:
Patrick Lam 2006-02-04 00:04:00 +00:00
parent 1af0f5741a
commit a8e4d9eb39
2 changed files with 23 additions and 14 deletions

View File

@ -1,3 +1,11 @@
2006-02-03 Dirk Mueller <dmueller@suse.de>
reviewed by: plam
* src/fcfs.c (FcFontSetUnserialize):
Gracefully handle the case where a cache asserts that it
has a negative number of fonts, causing overflow.
2006-02-03 Patrick Lam <plam@mit.edu> 2006-02-03 Patrick Lam <plam@mit.edu>
* src/fccache.c (FcDirCacheUnlink): * src/fccache.c (FcDirCacheUnlink):

View File

@ -159,6 +159,10 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
nfont = *(int *)block_ptr; nfont = *(int *)block_ptr;
block_ptr = (int *)block_ptr + 1; block_ptr = (int *)block_ptr + 1;
if (nfont > 0)
{
FcPattern * p = (FcPattern *)block_ptr;
if (s->sfont < s->nfont + nfont) if (s->sfont < s->nfont + nfont)
{ {
int sfont = s->nfont + nfont; int sfont = s->nfont + nfont;
@ -172,10 +176,6 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
n = s->nfont; n = s->nfont;
s->nfont += nfont; s->nfont += nfont;
if (nfont > 0)
{
FcPattern * p = (FcPattern *)block_ptr;
/* The following line is a bit counterintuitive. The usual /* The following line is a bit counterintuitive. The usual
* convention is that FcPatternUnserialize is responsible for * convention is that FcPatternUnserialize is responsible for
* aligning the FcPattern. However, the FontSet also stores * aligning the FcPattern. However, the FontSet also stores
@ -187,7 +187,8 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
block_ptr = FcPatternUnserialize (metadata, block_ptr); block_ptr = FcPatternUnserialize (metadata, block_ptr);
block_ptr = FcObjectUnserialize (metadata, block_ptr); block_ptr = FcObjectUnserialize (metadata, block_ptr);
return block_ptr != 0;
} }
return block_ptr != 0; return FcFalse;
} }