[Fontconfig] [PATCH 3/3] Avoid null pointer dereference in FcNameParse if malloc fails
Alan Coopersmith
alan.coopersmith at oracle.com
Sat Nov 2 18:23:57 CET 2013
Reported by parfait 1.3:
Error: Null pointer dereference (CWE 476)
Read from null pointer t
at line 423 of src/fcname.c in function 'FcNameParse'.
Function _FcObjectLookupOtherTypeByName may return constant 'NULL'
at line 63, called at line 122 of src/fcobjs.c in function
'FcObjectLookupOtherTypeByName'.
Function FcObjectLookupOtherTypeByName may return constant 'NULL'
at line 122, called at line 67 of src/fcname.c in function
'FcNameGetObjectType'.
Function FcNameGetObjectType may return constant 'NULL' at line 67,
called at line 422 in function 'FcNameParse'.
Null pointer introduced at line 63 of src/fcobjs.c in function
'_FcObjectLookupOtherTypeByName'.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/fcname.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/fcname.c b/src/fcname.c
index 712b2fa..f302948 100644
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -420,6 +420,8 @@ FcNameParse (const FcChar8 *name)
if ((c = FcNameGetConstant (save)))
{
t = FcNameGetObjectType ((char *) c->object);
+ if (t == NULL)
+ goto bail2;
switch ((int) t->type) {
case FcTypeInteger:
case FcTypeDouble:
--
1.7.9.2
More information about the Fontconfig
mailing list