Hi,
I think there is still a problem.
On 02/23/15 07:23, Akira TAGOH wrote:
[...]
src/fcstat.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++------
[...]
+int
+FcScandir (const char *dirp,
+ struct dirent ***namelist,
+ int (*filter) (const struct dirent *),
+ int (*compar) (const struct dirent **, const struct dirent **))
in the while loop in FcScandir, if n==lsize-1 -- it won't yet enter the
'if' branch:
[...]
+ if (n >= lsize)
+ {
+ lsize += 128;
+ dlp = (struct dirent **) realloc (dlist, sizeof (struct dirent *) * lsize);
then this will effectively be dlist[lsize], thus unallocated:
[...]
+ }
+ dlist[n++] = p;
+ dlist[n] = NULL;
I think.
maybe "if (n >= lsize-1)" would be better?
Raimund
--
Worringer Str 31 Duesseldorf 40211 DE home: <rs@xxxxxxxx>
+49-179-2981632 icq 16845346 work: <rs@xxxxxxxxxxxxxxx>
_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/fontconfig
