[Fontconfig] fontconfig: Branch 'master'

Raimund Steger rs at mytum.de
Thu Jan 17 17:21:10 PST 2013 

Behdad Esfahbod wrote:
> [...]
> diff --git a/src/fcdefault.c b/src/fcdefault.c
> index 88978b8..2d7c4f7 100644
> --- a/src/fcdefault.c
> +++ b/src/fcdefault.c
> [...]
> -	char buf[8192];
> +	char buf[PATH_MAX + 1];
>   	unsigned int len;

I think something can still go wrong there: readlink can return -1, but 
due to 'len' being unsigned it can enter the 'if' branch.

If I simulate a readlink failure by using an invalid path:


[...]
(gdb) run
Starting program: /home/rs/testing/fontconfig-git/bin/fc-match
[Thread debugging using libthread_db enabled]

Breakpoint 1, FcGetPrgname () at fcdefault.c:115
115         prgname = fc_atomic_ptr_get (&default_prgname);
(gdb) next
116         if (!prgname)
(gdb) next
152             char *p = NULL;
(gdb) next
154             len = readlink ("/proc/self/exeINVALID", buf, sizeof 
(buf) - 1);
(gdb) next
155             if (len > 0)
(gdb) print len
$1 = 4294967295
(gdb) next
157                 buf[len] = '\0';
(gdb)


It works if I use 'int'. (See patch.)

Raimund









> +	char *p = NULL;
>
> +#if defined (HAVE_GETPROGNAME) && defined (HAVE_REALPATH)
> +	const char *q = getprogname ();
> +	if (q)
> +	    p = realpath (q, buf);
> +#else
>   	len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
>   	if (len > 0)
>   	{
> -	    char *p;
> +	    buf[len] = '\0';
> +	    p = buf;
> +	}
> +#endif
>
> -	    p = strrchr (buf, '/');
> -	    if (p)
> -		p++;
> +	if (p)
> +	{
> +	    char *r = strrchr (p, '/');
> +	    if (r)
> +		r++;
>   	    else
> -		p = buf;
> +		r = p;
>
> -	    prgname = FcStrdup (p);
> +	    prgname = FcStrdup (r);
>   	}
> -#endif
>
>   	if (!prgname)
>   	    prgname = FcStrdup ("");
> @@ -175,6 +176,7 @@ retry:
>   	    free (prgname);
>   	    goto retry;
>   	}
> +#endif
>       }
>
>       if (prgname && !prgname[0])
> _______________________________________________
> Fontconfig mailing list
> Fontconfig at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/fontconfig
>


-- 
Worringer Str 31 Duesseldorf 40211 DE  home: <rs at mytum.de>
+49-179-2981632 icq 16845346           work: <rs at interface-ag.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-len-now-signed-because-readlink-can-return-1.patch
Type: text/x-patch
Size: 635 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/fontconfig/attachments/20130118/d2a5586b/attachment.bin>

More information about the Fontconfig mailing list