[Fontconfig] fontconfig: Branch 'master'

Tue Feb 21 23:31:38 PST 2012

src/fccfg.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

New commits:
commit 71b14d645f524637579d87ea99720c123d728e1f
Author: Akira TAGOH <akira at tagoh.org>
Date:   Wed Feb 22 16:30:05 2012 +0900

    Bug 46169 - Pointer error in FcConfigGlobMatch
    
    Fix possibly accessing the invalid memory and a crash in the worst case
    when the glob string is longer than the string.

diff --git a/src/fccfg.c b/src/fccfg.c
index 09c5991..9395f74 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2023,7 +2023,15 @@ FcConfigGlobMatch (const FcChar8    *glob,
 		return FcTrue;
 	    /* short circuit another common case */
 	    if (strchr ((char *) glob, '*') == 0)
-		string += strlen ((char *) string) - strlen ((char *) glob);
+	    {
+		size_t l1, l2;
+
+		l1 = strlen ((char *) string);
+		l2 = strlen ((char *) glob);
+		if (l1 < l2)
+		    return FcFalse;
+		string += (l1 - l2);
+	    }
 	    while (*string)
 	    {
 		if (FcConfigGlobMatch (glob, string))
