Commit 586ac3b6 authored by Akira TAGOH's avatar Akira TAGOH

Fix array access in a null pointer dereference

FcFontSetFont() accesses fs->fonts in that macro though, there was no error checks
if it is null or not.
As a result, there was a code path that it could be a null.
Even though this is unlikely to see in usual use, it might be intentionally created
in a cache.

So if fs->fonts is a null, we should consider a cache is invalid.
parent 51afd09d
......@@ -879,7 +879,7 @@ FcCacheOffsetsValid (FcCache *cache)
if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
return FcFalse;
if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
if (!FcIsEncodedOffset(fs->fonts))
return FcFalse;
for (i = 0; i < fs->nfont; i++)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment