Bug 46169 - Pointer error in FcConfigGlobMatch

Fix possibly accessing the invalid memory and a crash in the worst case
when the glob string is longer than the string.

diff --git a/src/fccfg.c b/src/fccfg.c
index 09c5991..9395f74 100644 (file)
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -2023,7 +2023,15 @@ FcConfigGlobMatch (const FcChar8    *glob,
                return FcTrue;
            /* short circuit another common case */
            if (strchr ((char *) glob, '*') == 0)
-               string += strlen ((char *) string) - strlen ((char *) glob);
+           {
+               size_t l1, l2;
+
+               l1 = strlen ((char *) string);
+               l2 = strlen ((char *) glob);
+               if (l1 < l2)
+                   return FcFalse;
+               string += (l1 - l2);
+           }
            while (*string)
            {
                if (FcConfigGlobMatch (glob, string))