From f076169d19574c6c548764d574a33bc4fe022ffb Mon Sep 17 00:00:00 2001
From: Patrick Lam <plam@MIT.EDU>
Date: Mon, 6 Feb 2006 14:14:21 +0000
Subject: [PATCH] Insert check for integer overflow in # of fonts. reviewed by:
 plam

---
 ChangeLog  | 7 +++++++
 src/fcfs.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 4af5f5d..8b9c55d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2006-02-06  Dirk Mueller  <dmueller@suse.de>
+	reviewed by: plam
+
+	* src/fcfs.c (FcFontSetUnserialize):
+
+	Insert check for integer overflow in # of fonts.
+
 2006-02-04  Behdad Esfahbod  <behdad@cs.toronto.edu>
 	reviewed by: plam
 
diff --git a/src/fcfs.c b/src/fcfs.c
index 3be8c79..50049ba 100644
--- a/src/fcfs.c
+++ b/src/fcfs.c
@@ -159,7 +159,7 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
     nfont = *(int *)block_ptr;
     block_ptr = (int *)block_ptr + 1;
 
-    if (nfont > 0)
+    if (nfont > 0 && nfont < metadata.count)
     {
 	FcPattern * p = (FcPattern *)block_ptr;