src/fccfg.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
New commits:
commit 71b14d645f524637579d87ea99720c123d728e1f
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Wed Feb 22 16:30:05 2012 +0900
Bug 46169 - Pointer error in FcConfigGlobMatch
Fix possibly accessing the invalid memory and a crash in the worst case
when the glob string is longer than the string.
diff --git a/src/fccfg.c b/src/fccfg.c
index 09c5991..9395f74 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2023,7 +2023,15 @@ FcConfigGlobMatch (const FcChar8 *glob,
return FcTrue;
/* short circuit another common case */
if (strchr ((char *) glob, '*') == 0)
- string += strlen ((char *) string) - strlen ((char *) glob);
+ {
+ size_t l1, l2;
+
+ l1 = strlen ((char *) string);
+ l2 = strlen ((char *) glob);
+ if (l1 < l2)
+ return FcFalse;
+ string += (l1 - l2);
+ }
while (*string)
{
if (FcConfigGlobMatch (glob, string))
_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/fontconfig
