Avoid null pointer dereference in FcNameParse if malloc fails

Reported by parfait 1.3:
Error: Null pointer dereference (CWE 476)
   Read from null pointer t
        at line 423 of src/fcname.c in function 'FcNameParse'.
          Function _FcObjectLookupOtherTypeByName may return constant 'NULL'
           at line 63, called at line 122 of src/fcobjs.c in function
           'FcObjectLookupOtherTypeByName'.
          Function FcObjectLookupOtherTypeByName may return constant 'NULL'
           at line 122, called at line 67 of src/fcname.c in function
           'FcNameGetObjectType'.
          Function FcNameGetObjectType may return constant 'NULL' at line 67,
           called at line 422 in function 'FcNameParse'.
          Null pointer introduced at line 63 of src/fcobjs.c in function
           '_FcObjectLookupOtherTypeByName'.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

diff --git a/src/fcname.c b/src/fcname.c
index 712b2fa..f302948 100644 (file)
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -420,6 +420,8 @@ FcNameParse (const FcChar8 *name)
                if ((c = FcNameGetConstant (save)))
                {
                    t = FcNameGetObjectType ((char *) c->object);
+                   if (t == NULL)
+                       goto bail2;
                    switch ((int) t->type) {
                    case FcTypeInteger:
                    case FcTypeDouble: