From: Patrick Lam <plam@MIT.EDU>
Date: Wed, 12 Apr 2006 03:02:57 +0000 (+0000)
Subject: Fix bad behaviour on realloc resulting in crash.
X-Git-Tag: fc-2_3_95~13
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=a56e89ab4f21aa6288345c63d2c43e55561632e0;p=fontconfig.git

Fix bad behaviour on realloc resulting in crash.
reviewed by: plam
---

diff --git a/ChangeLog b/ChangeLog
index a5eec3f..455e35b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2006-04-11  Ming Zhao  <ming@gentoo.org>
+	reviewed by: plam
+	
+	* src/fcname.c (FcObjectToPtrLookup):
+
+	Fix bad behaviour on realloc resulting in crash.
+
 2006-04-11  Patrick Lam  <plam@mit.edu>
 	* src/fccache.c (FcGlobalCacheReadDir):
 
diff --git a/src/fcname.c b/src/fcname.c
index a0a84a3..aa49475 100644
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -193,7 +193,8 @@ FcObjectToPtrLookup (const char * object)
 {
     FcObjectPtr		    i = 0, n;
     const FcObjectTypeList  *l;
-    FcObjectType	    *t = _FcUserObjectNames;
+    FcObjectType	    *t = _FcUserObjectNames, *origNames;
+    FcBool		    replace;
 
     for (l = _FcObjectTypes; l; l = l->next)
     {
@@ -212,25 +213,27 @@ FcObjectToPtrLookup (const char * object)
 
     /* We didn't match.  Look for the application's FcObjectTypeList
      * and replace it in-place. */
+    origNames = _FcUserObjectNames;
     for (l = _FcObjectTypes; l; l = l->next)
     {
 	if (l->types == _FcUserObjectNames)
 	    break;
     }
 
+    replace = l && l->types == _FcUserObjectNames;
     if (!_FcUserObjectNames || 
-        (l && l->types == _FcUserObjectNames && user_obj_alloc < l->ntypes))
+        (replace && user_obj_alloc <= l->ntypes))
     {
 	int nt = user_obj_alloc + 4;
-        FcObjectType * t = realloc (_FcUserObjectNames, 
+        FcObjectType * tt = realloc (_FcUserObjectNames, 
 				    nt * sizeof (FcObjectType));
-        if (!t)
+        if (!tt)
             return 0;
-	_FcUserObjectNames = t;
+	_FcUserObjectNames = tt;
 	user_obj_alloc = nt;
     }
 
-    if (l && l->types == _FcUserObjectNames)
+    if (replace)
     {
 	n = l->ntypes;
 	FcNameUnregisterObjectTypesFree (l->types, l->ntypes, FcFalse);
@@ -242,7 +245,7 @@ FcObjectToPtrLookup (const char * object)
 
     for (l = _FcObjectTypes; l; l = l->next)
     {
-	if (l->types == _FcUserObjectNames)
+	if (l->types == origNames)
 	{
 	    t = (FcObjectType *)l->types;
 	    break;