Re: fontconfig: Branch 'master'

[Raimund Steger <rs@xxxxxxxx>]

Behdad Esfahbod wrote:
> [...]
> diff --git a/src/fcdefault.c b/src/fcdefault.c
> index 88978b8..2d7c4f7 100644
> --- a/src/fcdefault.c
> +++ b/src/fcdefault.c
> [...]
> -	char buf[8192];
> +	char buf[PATH_MAX + 1];
>   	unsigned int len;

I think something can still go wrong there: readlink can return -1, but 
due to 'len' being unsigned it can enter the 'if' branch.

If I simulate a readlink failure by using an invalid path:


[...]
(gdb) run
Starting program: /home/rs/testing/fontconfig-git/bin/fc-match
[Thread debugging using libthread_db enabled]

Breakpoint 1, FcGetPrgname () at fcdefault.c:115
115         prgname = fc_atomic_ptr_get (&default_prgname);
(gdb) next
116         if (!prgname)
(gdb) next
152             char *p = NULL;
(gdb) next
154             len = readlink ("/proc/self/exeINVALID", buf, sizeof 
(buf) - 1);
(gdb) next
155             if (len > 0)
(gdb) print len
$1 = 4294967295
(gdb) next
157                 buf[len] = '\0';
(gdb)


It works if I use 'int'. (See patch.)

Raimund









> +	char *p = NULL;
>
> +#if defined (HAVE_GETPROGNAME) && defined (HAVE_REALPATH)
> +	const char *q = getprogname ();
> +	if (q)
> +	    p = realpath (q, buf);
> +#else
>   	len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
>   	if (len > 0)
>   	{
> -	    char *p;
> +	    buf[len] = '\0';
> +	    p = buf;
> +	}
> +#endif
>
> -	    p = strrchr (buf, '/');
> -	    if (p)
> -		p++;
> +	if (p)
> +	{
> +	    char *r = strrchr (p, '/');
> +	    if (r)
> +		r++;
>   	    else
> -		p = buf;
> +		r = p;
>
> -	    prgname = FcStrdup (p);
> +	    prgname = FcStrdup (r);
>   	}
> -#endif
>
>   	if (!prgname)
>   	    prgname = FcStrdup ("");
> @@ -175,6 +176,7 @@ retry:
>   	    free (prgname);
>   	    goto retry;
>   	}
> +#endif
>       }
>
>       if (prgname && !prgname[0])
> _______________________________________________
> Fontconfig mailing list
> Fontconfig@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/fontconfig


--
Worringer Str 31 Duesseldorf 40211 DE  home: <rs@xxxxxxxx>
+49-179-2981632 icq 16845346           work: <rs@xxxxxxxxxxxxxxx>

>From 5a7f441cc7a7c1f1f7667f6169079e195eb17b4b Mon Sep 17 00:00:00 2001
From: Raimund Steger <rs@xxxxxxxxxxxxxxxx>
Date: Fri, 18 Jan 2013 01:48:41 +0100
Subject: [PATCH] 'len' now signed because readlink can return -1

---
 src/fcdefault.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fcdefault.c b/src/fcdefault.c
index ee5eb66..41b98a8 100644
--- a/src/fcdefault.c
+++ b/src/fcdefault.c
@@ -151,7 +151,7 @@ retry:
 	const char *p = getexecname ();
 # else
 	char buf[PATH_MAX + 1];
-	unsigned int len;
+	int len;
 	char *p = NULL;
 
 	len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
-- 
1.8.0.2

_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/fontconfig