From ae2aafe6028be658bd1de0fe2dd309799bf575f7 Mon Sep 17 00:00:00 2001
From: Patrick Lam <plam@MIT.EDU>
Date: Mon, 10 Apr 2006 15:46:34 +0000
Subject: [PATCH] Fix double free (spotted by Coverity, CID #1965). Check if
 pattern is not null before using it (Coverity defect #1883). Fix memory leak
 with hash collision (Coverity defect #1829). Fix memory leak when bail cases
 (Coverity defect #1828). Don't leak directory name (Coverity defect #1827).
 reviewed by: plam

---
 ChangeLog           | 18 ++++++++++++++++++
 fc-match/fc-match.c |  6 ++++--
 src/fccache.c       | 10 +++++++---
 src/fccfg.c         |  1 +
 4 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 02171b1..c999df4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2006-04-10  Frederic Crozat  <fcrozat@mandriva.com>
+	reviewed by: plam
+
+	* src/fccache.c: (FcDirCacheWrite):
+	Fix double free (spotted by Coverity, CID #1965).
+
+	* fc-match/fc-match.c: (main):
+	Check if pattern is not null before using it (Coverity defect #1883).
+
+	* src/fccache.c: (FcDirCacheWrite):
+	Fix memory leak with hash collision (Coverity defect #1829).
+
+	* src/fccfg.c: (FcConfigBuildFonts):
+	Fix memory leak when bail cases (Coverity defect #1828).
+
+	* src/fccache.c: (FcGlobalCacheLoad):
+	Don't leak directory name (Coverity defect #1827).
+
 2006-04-07  Dominic Lachowicz  <cinamod@hotmail.com>
 	reviewed by: plam
 	* fc-cache/Makefile.am:
diff --git a/fc-match/fc-match.c b/fc-match/fc-match.c
index 2666620..fa45018 100644
--- a/fc-match/fc-match.c
+++ b/fc-match/fc-match.c
@@ -134,6 +134,9 @@ main (int argc, char **argv)
     else
 	pat = FcPatternCreate ();
 
+    if (!pat)
+	return 1;
+
     FcConfigSubstitute (0, pat, FcMatchPattern);
     FcDefaultSubstitute (pat);
     
@@ -147,8 +150,7 @@ main (int argc, char **argv)
 	if (match)
 	    FcFontSetAdd (fs, match);
     }
-    if (pat)
-	FcPatternDestroy (pat);
+    FcPatternDestroy (pat);
 
     if (fs)
     {
diff --git a/src/fccache.c b/src/fccache.c
index 248c6d1..de95f36 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -236,7 +236,7 @@ FcGlobalCacheLoad (FcGlobalCache    *cache,
             FcCache md;
 	    off_t off;
 
-	    FcStrSetAdd (staleDirs, FcStrCopy ((FcChar8 *)name_buf));
+	    FcStrSetAdd (staleDirs, (FcChar8 *)name_buf);
 
 	    /* skip subdirs */
 	    while (FcCacheReadString (cache->fd, subdirName, 
@@ -1311,12 +1311,16 @@ FcDirCacheWrite (FcFontSet *set, FcStrSet *dirs, const FcChar8 *dir)
 	if(!FcCacheReadString (fd, name_buf, sizeof (name_buf)) || !strlen(name_buf))
 	{
 	    close (fd);
+            FcStrFree ((FcChar8 *)cache_hashed);
 	    continue;
 	}
 	close (fd);
 
-	if (strcmp (name_buf, cache_file) != 0)
+	if (strcmp (name_buf, cache_file) != 0) 
+        {
+            FcStrFree ((FcChar8 *)cache_hashed);
 	    continue;
+        }
 
 	break;
     } while (1);
@@ -1445,7 +1449,7 @@ FcDirCacheWrite (FcFontSet *set, FcStrSet *dirs, const FcChar8 *dir)
     free (header);
     close(fd);
     if (!FcAtomicReplaceOrig(atomic))
-        goto bail5;
+        goto bail3;
     FcStrFree ((FcChar8 *)cache_hashed);
     FcStrFree ((FcChar8 *)cache_file);
     FcAtomicUnlock (atomic);
diff --git a/src/fccfg.c b/src/fccfg.c
index cae41b0..7f8a8ff 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -335,6 +335,7 @@ FcConfigBuildFonts (FcConfig *config)
     
     return FcTrue;
 bail2:
+    FcGlobalCacheDestroy (cache);
     FcStrSetDestroy (oldDirs);
 bail1:
     FcFontSetDestroy (fonts);
-- 
2.39.2