Insert check for integer overflow in # of fonts.

author Patrick Lam <plam@MIT.EDU>

Mon, 6 Feb 2006 14:14:21 +0000 (14:14 +0000)

committer Patrick Lam <plam@MIT.EDU>

Mon, 6 Feb 2006 14:14:21 +0000 (14:14 +0000)
author Patrick Lam <plam@MIT.EDU>
Mon, 6 Feb 2006 14:14:21 +0000 (14:14 +0000)
committer Patrick Lam <plam@MIT.EDU>
Mon, 6 Feb 2006 14:14:21 +0000 (14:14 +0000)
diff --git a/ChangeLog b/ChangeLog

index 4af5f5d8ab2a2b1aaeb327f6c7deb712243bd235..8b9c55d36c4f6efa4cc92450ab986589f9048c84 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2006-02-06  Dirk Mueller  <dmueller@suse.de>
+       reviewed by: plam
+
+       * src/fcfs.c (FcFontSetUnserialize):
+
+       Insert check for integer overflow in # of fonts.
+
  2006-02-04  Behdad Esfahbod  <behdad@cs.toronto.edu>
         reviewed by: plam
  
diff --git a/src/fcfs.c b/src/fcfs.c

index 3be8c79d7ab9eae603b64bd2e540799c47895800..50049bac3833ff4e6cb9f00502610e40f3ecb8fb 100644 (file)
--- a/src/fcfs.c
+++ b/src/fcfs.c
@@ -159,7 +159,7 @@ FcFontSetUnserialize(FcCache * metadata, FcFontSet * s, void * block_ptr)
      nfont = *(int *)block_ptr;
      block_ptr = (int *)block_ptr + 1;
  
-    if (nfont > 0)
+    if (nfont > 0 && nfont < metadata.count)
      {
         FcPattern * p = (FcPattern *)block_ptr;
author	Patrick Lam <plam@MIT.EDU>
	Mon, 6 Feb 2006 14:14:21 +0000 (14:14 +0000)
committer	Patrick Lam <plam@MIT.EDU>
	Mon, 6 Feb 2006 14:14:21 +0000 (14:14 +0000)
ChangeLog		patch \| blob \| blame \| history
src/fcfs.c		patch \| blob \| blame \| history