walkero
/
fontconfig
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix a dereference of a null pointer 

When exiting from for loop by not satisfying the condition of `(s = next[i])` at FcCacheRemoveUnlocked()
referring s->alloated will be invalid.
This commit is contained in:
Akira TAGOH 2018-11-30 10:42:26 +00:00
parent 3a45b8ef65
commit b047e29954
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/fccache.c
View File

@ -710,15 +710,18 @@ FcCacheRemoveUnlocked (FcCache *cache)
while (fcCacheMaxLevel > 0 && fcCacheChains[fcCacheMaxLevel - 1] == NULL)
fcCacheMaxLevel--;
allocated = s->allocated;
while (allocated)
if (s)
{
/* First element in allocated chunk is the free list */
next = *(void **)allocated;
free (allocated);
allocated = next;
allocated = s->allocated;
while (allocated)
{
/* First element in allocated chunk is the free list */
next = *(void **)allocated;
free (allocated);
allocated = next;
}
free (s);
}
free (s);
}
static FcCache *