summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Lam <plam@MIT.EDU>2006-02-04 00:04:00 +0000
committerPatrick Lam <plam@MIT.EDU>2006-02-04 00:04:00 +0000
commita8e4d9eb395b45ab23f0c540f919ec432b46dea8 (patch)
treef06bece8a0e982eeb63af64cbfb9adc11cadab88
parent1af0f5741a95eed6f3a54140c360e0422fd13f62 (diff)
Gracefully handle the case where a cache asserts that it has a negative
number of fonts, causing overflow. reviewed by: plam
-rw-r--r--ChangeLog8
-rw-r--r--src/fcfs.c29
2 files changed, 23 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index 0a8dbb9..fa13d7b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2006-02-03 Dirk Mueller <dmueller@suse.de>
+ reviewed by: plam
+
+ * src/fcfs.c (FcFontSetUnserialize):
+
+ Gracefully handle the case where a cache asserts that it
+ has a negative number of fonts, causing overflow.
+
2006-02-03 Patrick Lam <plam@mit.edu>
* src/fccache.c (FcDirCacheUnlink):
diff --git a/src/fcfs.c b/src/fcfs.c
index a9e300d..3be8c79 100644
--- a/src/fcfs.c
+++ b/src/fcfs.c
@@ -159,23 +159,23 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
nfont = *(int *)block_ptr;
block_ptr = (int *)block_ptr + 1;
- if (s->sfont < s->nfont + nfont)
- {
- int sfont = s->nfont + nfont;
- FcPattern ** pp;
- pp = realloc (s->fonts, sfont * sizeof (FcPattern));
- if (!pp)
- return FcFalse;
- s->fonts = pp;
- s->sfont = sfont;
- }
- n = s->nfont;
- s->nfont += nfont;
-
if (nfont > 0)
{
FcPattern * p = (FcPattern *)block_ptr;
+ if (s->sfont < s->nfont + nfont)
+ {
+ int sfont = s->nfont + nfont;
+ FcPattern ** pp;
+ pp = realloc (s->fonts, sfont * sizeof (FcPattern));
+ if (!pp)
+ return FcFalse;
+ s->fonts = pp;
+ s->sfont = sfont;
+ }
+ n = s->nfont;
+ s->nfont += nfont;
+
/* The following line is a bit counterintuitive. The usual
* convention is that FcPatternUnserialize is responsible for
* aligning the FcPattern. However, the FontSet also stores
@@ -187,7 +187,8 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
block_ptr = FcPatternUnserialize (metadata, block_ptr);
block_ptr = FcObjectUnserialize (metadata, block_ptr);
+ return block_ptr != 0;
}
- return block_ptr != 0;
+ return FcFalse;
}