Gracefully handle the case where a cache asserts that it has a negative

number of fonts, causing overflow.
reviewed by: plam

ChangeLog

@@ -1,3 +1,11 @@
+2006-02-03  Dirk Mueller  <dmueller@suse.de>
+	reviewed by: plam
+
+	* src/fcfs.c (FcFontSetUnserialize):
+
+	Gracefully handle the case where a cache asserts that it
+	has a negative number of fonts, causing overflow.
+
 2006-02-03  Patrick Lam  <plam@mit.edu>
 	* src/fccache.c (FcDirCacheUnlink):
 

src/fcfs.c

@@ -159,23 +159,23 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
     nfont = *(int *)block_ptr;
     block_ptr = (int *)block_ptr + 1;
 
-    if (s->sfont < s->nfont + nfont)
-    {
-	int sfont = s->nfont + nfont;
-	FcPattern ** pp;
-	pp = realloc (s->fonts, sfont * sizeof (FcPattern));
-	if (!pp)
-	    return FcFalse;
-	s->fonts = pp;
-	s->sfont = sfont;
-    }
-    n = s->nfont;
-    s->nfont += nfont;
-
     if (nfont > 0)
     {
 	FcPattern * p = (FcPattern *)block_ptr;
 
+	if (s->sfont < s->nfont + nfont)
+	{
+	    int sfont = s->nfont + nfont;
+	    FcPattern ** pp;
+	    pp = realloc (s->fonts, sfont * sizeof (FcPattern));
+	    if (!pp)
+		return FcFalse;
+	    s->fonts = pp;
+	    s->sfont = sfont;
+	}
+	n = s->nfont;
+	s->nfont += nfont;
+
         /* The following line is a bit counterintuitive.  The usual
          * convention is that FcPatternUnserialize is responsible for
          * aligning the FcPattern.  However, the FontSet also stores
@@ -187,7 +187,8 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
 
 	block_ptr = FcPatternUnserialize (metadata, block_ptr);
 	block_ptr = FcObjectUnserialize (metadata, block_ptr);
+	return block_ptr != 0;
     }
 
-    return block_ptr != 0;
+    return FcFalse;
 }