Bail gracefully if the cache file does not contain enough data.

[fontconfig.git] / src / fccache.c

diff --git a/src/fccache.c b/src/fccache.c
index 248c6d1584569aa32870f3eb8d2db77f64678fe1..c98c001e2893c3ae2055cc2b562461ac6058f778 100644 (file)
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -236,7 +236,7 @@ FcGlobalCacheLoad (FcGlobalCache    *cache,
             FcCache md;
            off_t off;
 
-           FcStrSetAdd (staleDirs, FcStrCopy ((FcChar8 *)name_buf));
+           FcStrSetAdd (staleDirs, (FcChar8 *)name_buf);
 
            /* skip subdirs */
            while (FcCacheReadString (cache->fd, subdirName, 
@@ -320,8 +320,9 @@ FcGlobalCacheReadDir (FcFontSet *set, FcStrSet *dirs, FcGlobalCache * cache, con
     if (cache->fd == -1)
        return FcFalse;
 
-    if (!(dir = (char *)FcConfigNormalizeFontDir (config, (FcChar8 *)dir)))
-       return FcFalse; /* non-existing directory */
+    if (config)
+       if (!(dir = (char *)FcConfigNormalizeFontDir (config, (FcChar8 *)dir)))
+           return FcFalse; /* non-existing directory */
 
     for (d = cache->dirs; d; d = d->next)
     {
@@ -501,6 +502,8 @@ FcGlobalCacheSave (FcGlobalCache    *cache,
     if (!FcCacheWriteString (fd, header))
        goto bail4;
 
+    free (header);
+
     for (dir = cache->dirs; dir; dir = dir->next)
     {
        int i;
@@ -614,6 +617,10 @@ static int
 FcCacheNextOffset(off_t w)
 {
     static long pagesize = -1;
+
+    if (w == -1)
+        return w;
+
     if (pagesize == -1)
 #if defined (HAVE_SYSCONF)
        pagesize = sysconf(_SC_PAGESIZE);
@@ -852,6 +859,7 @@ FcDirCacheUnlink (const FcChar8 *dir, FcConfig *config)
        fd = open(cache_hashed, O_RDONLY | O_BINARY);
        if (fd == -1)
        {
+           FcStrFree ((FcChar8 *)cache_hashed);
            FcStrFree ((FcChar8 *)cache_file);
            return FcTrue;
        }
@@ -1160,7 +1168,7 @@ FcDirCacheConsume (int fd, const char * dir, FcFontSet *set, FcConfig *config)
 {
     FcCache metadata;
     void * current_dir_block;
-    off_t pos;
+    off_t pos, endpos;
 
     if (read(fd, &metadata, sizeof(FcCache)) != sizeof(FcCache))
        return FcFalse;
@@ -1177,6 +1185,19 @@ FcDirCacheConsume (int fd, const char * dir, FcFontSet *set, FcConfig *config)
     }
 
     pos = FcCacheNextOffset (lseek(fd, 0, SEEK_CUR));
+
+    /* This is not failsafe (multi-arches can break it),
+     * but fd has got to have at least as many bytes as
+     * metadata.count, or something's going to go horribly wrong. */
+    if (pos == (off_t)-1)
+        return FcFalse;
+
+    endpos = lseek (fd, 0, SEEK_END);
+    if (endpos == (off_t)-1 || endpos - pos < metadata.count)
+        return FcFalse;
+    if (lseek (fd, pos, SEEK_SET) == -1)
+        return FcFalse;
+
 #if defined(HAVE_MMAP) || defined(__CYGWIN__)
     current_dir_block = mmap (0, metadata.count, 
                              PROT_READ, MAP_SHARED, fd, pos);
@@ -1311,12 +1332,16 @@ FcDirCacheWrite (FcFontSet *set, FcStrSet *dirs, const FcChar8 *dir)
        if(!FcCacheReadString (fd, name_buf, sizeof (name_buf)) || !strlen(name_buf))
        {
            close (fd);
+            FcStrFree ((FcChar8 *)cache_hashed);
            continue;
        }
        close (fd);
 
-       if (strcmp (name_buf, cache_file) != 0)
+       if (strcmp (name_buf, cache_file) != 0) 
+        {
+            FcStrFree ((FcChar8 *)cache_hashed);
            continue;
+        }
 
        break;
     } while (1);
@@ -1445,7 +1470,7 @@ FcDirCacheWrite (FcFontSet *set, FcStrSet *dirs, const FcChar8 *dir)
     free (header);
     close(fd);
     if (!FcAtomicReplaceOrig(atomic))
-        goto bail5;
+        goto bail3;
     FcStrFree ((FcChar8 *)cache_hashed);
     FcStrFree ((FcChar8 *)cache_file);
     FcAtomicUnlock (atomic);