src/fccache.c | 10 +++++++---
src/fccfg.c | 28 +++++++++++++++++-----------
src/fcfreetype.c | 2 +-
src/fclist.c | 3 +++
src/fcmatch.c | 13 ++++++++-----
src/fcname.c | 4 ++--
src/fcstat.c | 9 +++++++++
src/fcxml.c | 4 +++-
8 files changed, 50 insertions(+), 23 deletions(-)
New commits:
commit 38569f2f2e2abc0f2a543f48a286e464d5052546
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 08:31:59 2018 +0000
Fix allocating insufficient memory for terminating null of the string
diff --git a/src/fcname.c b/src/fcname.c
index c9320ae..711bb9b 100644
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -334,8 +334,8 @@ FcNameConvert (FcType type, FcChar8 *string)
size_t len = strlen ((const char *) string);
int si, ei;
- sc = malloc (len);
- ec = malloc (len);
+ sc = malloc (len + 1);
+ ec = malloc (len + 1);
if (sc && ec && sscanf ((char *) string, "[%s %[^]]]", sc, ec) == 2)
{
if (FcNameConstant ((const FcChar8 *) sc, &si) &&
commit b1762935c3db2bc611750c61ce9cb38b9008db6b
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 08:31:14 2018 +0000
Fix possibly dereferencing a null pointer
diff --git a/src/fcmatch.c b/src/fcmatch.c
index cab38ca..c3d2b8a 100644
--- a/src/fcmatch.c
+++ b/src/fcmatch.c
@@ -814,11 +814,14 @@ FcFontSetMatchInternal (FcFontSet **sets,
len = (p - s);
}
x = malloc (sizeof (char) * (len + 1));
- strcpy (x, s);
- if (FcObjectFromName (x) > 0)
- FcObjectSetAdd (os, x);
- s = p + 1;
- free (x);
+ if (x)
+ {
+ strcpy (x, s);
+ if (FcObjectFromName (x) > 0)
+ FcObjectSetAdd (os, x);
+ s = p + 1;
+ free (x);
+ }
}
free (ss);
}
commit 8e97d745cc21cd2e1459840a63ed13595fcf2acd
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 08:21:33 2018 +0000
Fix a typo
diff --git a/src/fcfreetype.c b/src/fcfreetype.c
index 3924104..07978cf 100644
--- a/src/fcfreetype.c
+++ b/src/fcfreetype.c
@@ -2614,7 +2614,7 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags)
ftglue_stream_frame_exit( stream );
*stags = malloc(script_count * sizeof (FT_ULong));
- if (!stags)
+ if (!*stags)
return 0;
p = 0;
commit efac784b0108d3140d7ec51cf22cb8a4453bd566
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 07:55:40 2018 +0000
Fix dereferencing null pointer
diff --git a/src/fccfg.c b/src/fccfg.c
index 3d0356a..d7c48e8 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2616,12 +2616,13 @@ FcRuleSetAdd (FcRuleSet *rs,
switch (r->type)
{
case FcRuleTest:
- if (r->u.test &&
- r->u.test->kind == FcMatchDefault)
- r->u.test->kind = kind;
-
- if (n < r->u.test->object)
- n = r->u.test->object;
+ if (r->u.test)
+ {
+ if (r->u.test->kind == FcMatchDefault)
+ r->u.test->kind = kind;
+ if (n < r->u.test->object)
+ n = r->u.test->object;
+ }
break;
case FcRuleEdit:
if (n < r->u.edit->object)
commit 1ac2218467260cc2f96f202910ba2e1a97291744
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 07:50:20 2018 +0000
do not pass null pointer to memcpy
diff --git a/src/fccfg.c b/src/fccfg.c
index 31ed238..3d0356a 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2109,7 +2109,8 @@ FcConfigXdgCacheHome (void)
ret = malloc (len + 7 + 1);
if (ret)
{
- memcpy (ret, home, len);
+ if (home)
+ memcpy (ret, home, len);
memcpy (&ret[len], FC_DIR_SEPARATOR_S ".cache", 7);
ret[len + 7] = 0;
}
@@ -2136,7 +2137,8 @@ FcConfigXdgConfigHome (void)
ret = malloc (len + 8 + 1);
if (ret)
{
- memcpy (ret, home, len);
+ if (home)
+ memcpy (ret, home, len);
memcpy (&ret[len], FC_DIR_SEPARATOR_S ".config", 8);
ret[len + 8] = 0;
}
@@ -2163,7 +2165,8 @@ FcConfigXdgDataHome (void)
ret = malloc (len + 13 + 1);
if (ret)
{
- memcpy (ret, home, len);
+ if (home)
+ memcpy (ret, home, len);
memcpy (&ret[len], FC_DIR_SEPARATOR_S ".local" FC_DIR_SEPARATOR_S "share", 13);
ret[len + 13] = 0;
}
commit f3981a8bcd97a0388bf150ea7c1b4a1015e5e358
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 16:44:03 2018 +0900
Fix access in a null pointer dereference
diff --git a/src/fccfg.c b/src/fccfg.c
index b61848a..31ed238 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -748,12 +748,12 @@ FcConfigPromote (FcValue v, FcValue u, FcValuePromotionBuffer *buf)
v.u.l = FcLangSetPromote (v.u.s, buf);
v.type = FcTypeLangSet;
}
- else if (v.type == FcTypeVoid && u.type == FcTypeLangSet)
+ else if (buf && v.type == FcTypeVoid && u.type == FcTypeLangSet)
{
v.u.l = FcLangSetPromote (NULL, buf);
v.type = FcTypeLangSet;
}
- else if (v.type == FcTypeVoid && u.type == FcTypeCharSet)
+ else if (buf && v.type == FcTypeVoid && u.type == FcTypeCharSet)
{
v.u.c = FcCharSetPromote (buf);
v.type = FcTypeCharSet;
commit 586ac3b6c0a324ae8545e2e6437f62e851daa203
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 07:09:14 2018 +0000
Fix array access in a null pointer dereference
FcFontSetFont() accesses fs->fonts in that macro though, there was no error checks
if it is null or not.
As a result, there was a code path that it could be a null.
Even though this is unlikely to see in usual use, it might be intentionally created
in a cache.
So if fs->fonts is a null, we should consider a cache is invalid.
diff --git a/src/fccache.c b/src/fccache.c
index 82400cf..2b60401 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -879,7 +879,7 @@ FcCacheOffsetsValid (FcCache *cache)
if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
return FcFalse;
- if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
+ if (!FcIsEncodedOffset(fs->fonts))
return FcFalse;
for (i = 0; i < fs->nfont; i++)
commit 51afd09d62c163ae6a13b856ba46b8e851015f26
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 05:51:02 2018 +0000
Fix unterminated string issue
diff --git a/src/fccache.c b/src/fccache.c
index 6734865..82400cf 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -193,10 +193,13 @@ FcDirCacheReadUUID (FcChar8 *dir,
if ((fd = FcOpen ((char *) uuidname, O_RDONLY)) >= 0)
{
char suuid[37];
+ ssize_t len;
memset (suuid, 0, sizeof (suuid));
- if (read (fd, suuid, 36) > 0)
+ len = read (fd, suuid, 36);
+ if (len != -1)
{
+ suuid[len] = 0;
memset (uuid, 0, sizeof (uuid));
if (uuid_parse (suuid, uuid) == 0)
{
commit 37c9c16dadd02edc3d8211a16a940d6fd2356e3b
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 04:29:01 2018 +0000
Fix memory leak
diff --git a/src/fcxml.c b/src/fcxml.c
index 4f984a7..d27727f 100644
--- a/src/fcxml.c
+++ b/src/fcxml.c
@@ -2190,6 +2190,7 @@ FcParseCacheDir (FcConfigParse *parse)
if (!data)
{
FcConfigMessage (parse, FcSevereError, "out of memory");
+ data = prefix;
goto bail;
}
if (prefix)
@@ -2201,7 +2202,7 @@ FcParseCacheDir (FcConfigParse *parse)
if (!p)
{
FcConfigMessage (parse, FcSevereError, "out of memory");
- data = prefix;
+ FcStrFree (prefix);
goto bail;
}
prefix = p;
@@ -2233,6 +2234,7 @@ FcParseCacheDir (FcConfigParse *parse)
else if (strcmp ((const char *) data, "WINDOWSTEMPDIR_FONTCONFIG_CACHE") == 0)
{
int rc;
+
FcStrFree (data);
data = malloc (1000);
if (!data)
commit 433718fb77f527a7f8909ea88f03ed2054f88a7d
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 04:17:21 2018 +0000
Fix memory leak
diff --git a/src/fcstat.c b/src/fcstat.c
index f6e1aaa..5aa1643 100644
--- a/src/fcstat.c
+++ b/src/fcstat.c
@@ -218,6 +218,14 @@ FcScandir (const char *dirp,
size_t dentlen = FcPtrToOffset (dent, dent->d_name) + strlen (dent->d_name) + 1;
dentlen = ((dentlen + ALIGNOF_VOID_P - 1) & ~(ALIGNOF_VOID_P - 1));
p = (struct dirent *) malloc (dentlen);
+ if (!p)
+ {
+ free_dirent (dlist);
+ closedir (d);
+ errno = ENOMEM;
+
+ return -1;
+ }
memcpy (p, dent, dentlen);
if ((n + 1) >= lsize)
{
@@ -225,6 +233,7 @@ FcScandir (const char *dirp,
dlp = (struct dirent **) realloc (dlist, sizeof (struct dirent *) * lsize);
if (!dlp)
{
+ free (p);
free_dirent (dlist);
closedir (d);
errno = ENOMEM;
commit eafa931ff984d13a93343216d3f0fd490270599b
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 12:12:17 2018 +0900
Fix memory leak
diff --git a/src/fclist.c b/src/fclist.c
index d7e8fc0..494bdea 100644
--- a/src/fclist.c
+++ b/src/fclist.c
@@ -568,6 +568,9 @@ FcFontSetList (FcConfig *config,
free (bucket);
}
+ if (destroy_os)
+ FcObjectSetDestroy (os);
+
return ret;
bail2:
commit 12be7973871371c64df3d38f788fe68766503f64
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 12:08:34 2018 +0900
Fix memory leaks
diff --git a/src/fccfg.c b/src/fccfg.c
index 421b47c..b61848a 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -1832,11 +1832,13 @@ FcConfigSubstituteWithPat (FcConfig *config,
if (value[object])
{
FcConfigDel (&elt[object]->values, value[object]);
+ FcValueListDestroy (l);
break;
}
/* fall through ... */
case FcOpDeleteAll:
FcConfigPatternDel (p, r->u.edit->object);
+ FcValueListDestroy (l);
break;
default:
FcValueListDestroy (l);
commit 4b1276e24058a2e8b283767fb11dd2d16de7e547
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 11:40:31 2018 +0900
Fix memory leak
diff --git a/src/fccache.c b/src/fccache.c
index 6919e7a..6734865 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -1348,9 +1348,9 @@ FcDirCacheWrite (FcCache *cache, FcConfig *config)
#endif
FcDirCacheBasenameMD5 (dir, cache_base);
cache_hashed = FcStrBuildFilename (cache_dir, cache_base, NULL);
+ FcStrFree (cache_dir);
if (!cache_hashed)
return FcFalse;
- FcStrFree (cache_dir);
if (FcDebug () & FC_DBG_CACHE)
printf ("FcDirCacheWriteDir dir \"%s\" file \"%s\"\n",
commit e9d317755727c6e71fc0a8bff3ad38197f773b89
Author: Akira TAGOH <akira@xxxxxxxxx>
Date: Thu Jul 19 11:32:50 2018 +0900
Fix the leak of file handle
diff --git a/src/fccache.c b/src/fccache.c
index c6201e4..6919e7a 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -110,6 +110,7 @@ FcDirCacheCreateUUID (FcChar8 *dir,
{
ret = FcFalse;
FcAtomicDeleteNew (atomic);
+ close (fd);
goto bail3;
}
uuid_unparse (uuid, out);
_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/fontconfig
