Fix segfault (reported by fcrozat) caused by incorrect input on cache

    files.

diff --git a/ChangeLog b/ChangeLog
index bb5303f407e4ebca3a116c5bb463467de2c71936..840a37275ba44eab8a12c616c7f18244067bdb20 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-02-18  Patrick Lam  <plam@mit.edu>
+       * src/fccache.c (FcDirCacheHasCurrentArch):
+
+       Fix segfault (reported by fcrozat) caused by incorrect
+       input on cache files.
+
 2006-02-17  Patrick Lam  <plam@mit.edu>
        * src/fcint.h  (FC_CACHE_MAGIC):
 

diff --git a/src/fccache.c b/src/fccache.c
index 6385d3ff672152e0e3c27e79eacba5233d6446b2..da4abc7a30073dbb6445bbcd998c14be8ae48760 100644 (file)
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -760,6 +760,7 @@ FcDirCacheHasCurrentArch (const FcChar8 *dir)
     off_t      current_arch_start;
     char       *current_arch_machine_name;
     FcCache    metadata;
+    char       subdirName[FC_MAX_FILE_LEN + 1 + 12 + 1];
 
     fd = FcDirCacheOpen (dir);
     if (fd < 0)
@@ -770,17 +771,19 @@ FcDirCacheHasCurrentArch (const FcChar8 *dir)
 
     if (current_arch_start >= 0)
     {
+       if (lseek (fd, current_arch_start, SEEK_SET) != current_arch_start)
+           goto bail1;
+
+       FcCacheSkipString (fd);
+
+       while (FcCacheReadString (fd, subdirName, sizeof (subdirName)) && strlen (subdirName) > 0)
+           ;
+
         if (read(fd, &metadata, sizeof(FcCache)) != sizeof(FcCache))
-        {
-            close (fd);
-            return FcFalse;
-        }
+           goto bail1;
 
         if (metadata.magic != FC_CACHE_MAGIC)
-        {
-            close (fd);
-            return FcFalse;
-        }
+           goto bail1;
     }
 
     close (fd);
@@ -790,6 +793,8 @@ FcDirCacheHasCurrentArch (const FcChar8 *dir)
     
     return FcTrue;
 
+ bail1:
+    close (fd);
  bail:
     return FcFalse;
 }