[Fontconfig] fontconfig: Branch 'master' - 14 commits

Akira TAGOH tagoh at kemper.freedesktop.org
Thu Jul 19 08:46:17 UTC 2018


 src/fccache.c    |   10 +++++++---
 src/fccfg.c      |   28 +++++++++++++++++-----------
 src/fcfreetype.c |    2 +-
 src/fclist.c     |    3 +++
 src/fcmatch.c    |   13 ++++++++-----
 src/fcname.c     |    4 ++--
 src/fcstat.c     |    9 +++++++++
 src/fcxml.c      |    4 +++-
 8 files changed, 50 insertions(+), 23 deletions(-)

New commits:
commit 38569f2f2e2abc0f2a543f48a286e464d5052546
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 08:31:59 2018 +0000

    Fix allocating insufficient memory for terminating null of the string

diff --git a/src/fcname.c b/src/fcname.c
index c9320ae..711bb9b 100644
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -334,8 +334,8 @@ FcNameConvert (FcType type, FcChar8 *string)
 	    size_t len = strlen ((const char *) string);
 	    int si, ei;
 
-	    sc = malloc (len);
-	    ec = malloc (len);
+	    sc = malloc (len + 1);
+	    ec = malloc (len + 1);
 	    if (sc && ec && sscanf ((char *) string, "[%s %[^]]]", sc, ec) == 2)
 	    {
 		if (FcNameConstant ((const FcChar8 *) sc, &si) &&
commit b1762935c3db2bc611750c61ce9cb38b9008db6b
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 08:31:14 2018 +0000

    Fix possibly dereferencing a null pointer

diff --git a/src/fcmatch.c b/src/fcmatch.c
index cab38ca..c3d2b8a 100644
--- a/src/fcmatch.c
+++ b/src/fcmatch.c
@@ -814,11 +814,14 @@ FcFontSetMatchInternal (FcFontSet   **sets,
 		    len = (p - s);
 		}
 		x = malloc (sizeof (char) * (len + 1));
-		strcpy (x, s);
-		if (FcObjectFromName (x) > 0)
-		    FcObjectSetAdd (os, x);
-		s = p + 1;
-		free (x);
+		if (x)
+		{
+		    strcpy (x, s);
+		    if (FcObjectFromName (x) > 0)
+			FcObjectSetAdd (os, x);
+		    s = p + 1;
+		    free (x);
+		}
 	    }
 	    free (ss);
 	}
commit 8e97d745cc21cd2e1459840a63ed13595fcf2acd
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 08:21:33 2018 +0000

    Fix a typo

diff --git a/src/fcfreetype.c b/src/fcfreetype.c
index 3924104..07978cf 100644
--- a/src/fcfreetype.c
+++ b/src/fcfreetype.c
@@ -2614,7 +2614,7 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags)
     ftglue_stream_frame_exit( stream );
 
     *stags = malloc(script_count * sizeof (FT_ULong));
-    if (!stags)
+    if (!*stags)
 	return 0;
 
     p = 0;
commit efac784b0108d3140d7ec51cf22cb8a4453bd566
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 07:55:40 2018 +0000

    Fix dereferencing null pointer

diff --git a/src/fccfg.c b/src/fccfg.c
index 3d0356a..d7c48e8 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2616,12 +2616,13 @@ FcRuleSetAdd (FcRuleSet		*rs,
 	switch (r->type)
 	{
 	case FcRuleTest:
-	    if (r->u.test &&
-		r->u.test->kind == FcMatchDefault)
-		r->u.test->kind = kind;
-
-	    if (n < r->u.test->object)
-		n = r->u.test->object;
+	    if (r->u.test)
+	    {
+		if (r->u.test->kind == FcMatchDefault)
+		    r->u.test->kind = kind;
+		if (n < r->u.test->object)
+		    n = r->u.test->object;
+	    }
 	    break;
 	case FcRuleEdit:
 	    if (n < r->u.edit->object)
commit 1ac2218467260cc2f96f202910ba2e1a97291744
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 07:50:20 2018 +0000

    do not pass null pointer to memcpy

diff --git a/src/fccfg.c b/src/fccfg.c
index 31ed238..3d0356a 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2109,7 +2109,8 @@ FcConfigXdgCacheHome (void)
 	ret = malloc (len + 7 + 1);
 	if (ret)
 	{
-	    memcpy (ret, home, len);
+	    if (home)
+		memcpy (ret, home, len);
 	    memcpy (&ret[len], FC_DIR_SEPARATOR_S ".cache", 7);
 	    ret[len + 7] = 0;
 	}
@@ -2136,7 +2137,8 @@ FcConfigXdgConfigHome (void)
 	ret = malloc (len + 8 + 1);
 	if (ret)
 	{
-	    memcpy (ret, home, len);
+	    if (home)
+		memcpy (ret, home, len);
 	    memcpy (&ret[len], FC_DIR_SEPARATOR_S ".config", 8);
 	    ret[len + 8] = 0;
 	}
@@ -2163,7 +2165,8 @@ FcConfigXdgDataHome (void)
 	ret = malloc (len + 13 + 1);
 	if (ret)
 	{
-	    memcpy (ret, home, len);
+	    if (home)
+		memcpy (ret, home, len);
 	    memcpy (&ret[len], FC_DIR_SEPARATOR_S ".local" FC_DIR_SEPARATOR_S "share", 13);
 	    ret[len + 13] = 0;
 	}
commit f3981a8bcd97a0388bf150ea7c1b4a1015e5e358
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 16:44:03 2018 +0900

    Fix access in a null pointer dereference

diff --git a/src/fccfg.c b/src/fccfg.c
index b61848a..31ed238 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -748,12 +748,12 @@ FcConfigPromote (FcValue v, FcValue u, FcValuePromotionBuffer *buf)
 	v.u.l = FcLangSetPromote (v.u.s, buf);
 	v.type = FcTypeLangSet;
     }
-    else if (v.type == FcTypeVoid && u.type == FcTypeLangSet)
+    else if (buf && v.type == FcTypeVoid && u.type == FcTypeLangSet)
     {
 	v.u.l = FcLangSetPromote (NULL, buf);
 	v.type = FcTypeLangSet;
     }
-    else if (v.type == FcTypeVoid && u.type == FcTypeCharSet)
+    else if (buf && v.type == FcTypeVoid && u.type == FcTypeCharSet)
     {
 	v.u.c = FcCharSetPromote (buf);
 	v.type = FcTypeCharSet;
commit 586ac3b6c0a324ae8545e2e6437f62e851daa203
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 07:09:14 2018 +0000

    Fix array access in a null pointer dereference
    
    FcFontSetFont() accesses fs->fonts in that macro though, there was no error checks
    if it is null or not.
    As a result, there was a code path that it could be a null.
    Even though this is unlikely to see in usual use, it might be intentionally created
    in a cache.
    
    So if fs->fonts is a null, we should consider a cache is invalid.

diff --git a/src/fccache.c b/src/fccache.c
index 82400cf..2b60401 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -879,7 +879,7 @@ FcCacheOffsetsValid (FcCache *cache)
         if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
             return FcFalse;
 
-        if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
+        if (!FcIsEncodedOffset(fs->fonts))
             return FcFalse;
 
         for (i = 0; i < fs->nfont; i++)
commit 51afd09d62c163ae6a13b856ba46b8e851015f26
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 05:51:02 2018 +0000

    Fix unterminated string issue

diff --git a/src/fccache.c b/src/fccache.c
index 6734865..82400cf 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -193,10 +193,13 @@ FcDirCacheReadUUID (FcChar8  *dir,
 	if ((fd = FcOpen ((char *) uuidname, O_RDONLY)) >= 0)
 	{
 	    char suuid[37];
+	    ssize_t len;
 
 	    memset (suuid, 0, sizeof (suuid));
-	    if (read (fd, suuid, 36) > 0)
+	    len = read (fd, suuid, 36);
+	    if (len != -1)
 	    {
+		suuid[len] = 0;
 		memset (uuid, 0, sizeof (uuid));
 		if (uuid_parse (suuid, uuid) == 0)
 		{
commit 37c9c16dadd02edc3d8211a16a940d6fd2356e3b
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 04:29:01 2018 +0000

    Fix memory leak

diff --git a/src/fcxml.c b/src/fcxml.c
index 4f984a7..d27727f 100644
--- a/src/fcxml.c
+++ b/src/fcxml.c
@@ -2190,6 +2190,7 @@ FcParseCacheDir (FcConfigParse *parse)
     if (!data)
     {
 	FcConfigMessage (parse, FcSevereError, "out of memory");
+	data = prefix;
 	goto bail;
     }
     if (prefix)
@@ -2201,7 +2202,7 @@ FcParseCacheDir (FcConfigParse *parse)
 	if (!p)
 	{
 	    FcConfigMessage (parse, FcSevereError, "out of memory");
-	    data = prefix;
+	    FcStrFree (prefix);
 	    goto bail;
 	}
 	prefix = p;
@@ -2233,6 +2234,7 @@ FcParseCacheDir (FcConfigParse *parse)
     else if (strcmp ((const char *) data, "WINDOWSTEMPDIR_FONTCONFIG_CACHE") == 0)
     {
 	int rc;
+
 	FcStrFree (data);
 	data = malloc (1000);
 	if (!data)
commit 433718fb77f527a7f8909ea88f03ed2054f88a7d
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 04:17:21 2018 +0000

    Fix memory leak

diff --git a/src/fcstat.c b/src/fcstat.c
index f6e1aaa..5aa1643 100644
--- a/src/fcstat.c
+++ b/src/fcstat.c
@@ -218,6 +218,14 @@ FcScandir (const char		*dirp,
 	    size_t dentlen = FcPtrToOffset (dent, dent->d_name) + strlen (dent->d_name) + 1;
 	    dentlen = ((dentlen + ALIGNOF_VOID_P - 1) & ~(ALIGNOF_VOID_P - 1));
 	    p = (struct dirent *) malloc (dentlen);
+	    if (!p)
+	    {
+		free_dirent (dlist);
+		closedir (d);
+		errno = ENOMEM;
+
+		return -1;
+	    }
 	    memcpy (p, dent, dentlen);
 	    if ((n + 1) >= lsize)
 	    {
@@ -225,6 +233,7 @@ FcScandir (const char		*dirp,
 		dlp = (struct dirent **) realloc (dlist, sizeof (struct dirent *) * lsize);
 		if (!dlp)
 		{
+		    free (p);
 		    free_dirent (dlist);
 		    closedir (d);
 		    errno = ENOMEM;
commit eafa931ff984d13a93343216d3f0fd490270599b
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 12:12:17 2018 +0900

    Fix memory leak

diff --git a/src/fclist.c b/src/fclist.c
index d7e8fc0..494bdea 100644
--- a/src/fclist.c
+++ b/src/fclist.c
@@ -568,6 +568,9 @@ FcFontSetList (FcConfig	    *config,
 	    free (bucket);
 	}
 
+    if (destroy_os)
+        FcObjectSetDestroy (os);
+
     return ret;
 
 bail2:
commit 12be7973871371c64df3d38f788fe68766503f64
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 12:08:34 2018 +0900

    Fix memory leaks

diff --git a/src/fccfg.c b/src/fccfg.c
index 421b47c..b61848a 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -1832,11 +1832,13 @@ FcConfigSubstituteWithPat (FcConfig    *config,
 			if (value[object])
 			{
 			    FcConfigDel (&elt[object]->values, value[object]);
+			    FcValueListDestroy (l);
 			    break;
 			}
 			/* fall through ... */
 		    case FcOpDeleteAll:
 			FcConfigPatternDel (p, r->u.edit->object);
+			FcValueListDestroy (l);
 			break;
 		    default:
 			FcValueListDestroy (l);
commit 4b1276e24058a2e8b283767fb11dd2d16de7e547
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 11:40:31 2018 +0900

    Fix memory leak

diff --git a/src/fccache.c b/src/fccache.c
index 6919e7a..6734865 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -1348,9 +1348,9 @@ FcDirCacheWrite (FcCache *cache, FcConfig *config)
 #endif
 	FcDirCacheBasenameMD5 (dir, cache_base);
     cache_hashed = FcStrBuildFilename (cache_dir, cache_base, NULL);
+    FcStrFree (cache_dir);
     if (!cache_hashed)
         return FcFalse;
-    FcStrFree (cache_dir);
 
     if (FcDebug () & FC_DBG_CACHE)
         printf ("FcDirCacheWriteDir dir \"%s\" file \"%s\"\n",
commit e9d317755727c6e71fc0a8bff3ad38197f773b89
Author: Akira TAGOH <akira at tagoh.org>
Date:   Thu Jul 19 11:32:50 2018 +0900

    Fix the leak of file handle

diff --git a/src/fccache.c b/src/fccache.c
index c6201e4..6919e7a 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -110,6 +110,7 @@ FcDirCacheCreateUUID (FcChar8  *dir,
 	{
 	    ret = FcFalse;
 	    FcAtomicDeleteNew (atomic);
+	    close (fd);
 	    goto bail3;
 	}
 	uuid_unparse (uuid, out);


More information about the Fontconfig mailing list