From: Youngbok Shin <youngb.shin@samsung.com>
Date: Fri, 13 Oct 2017 02:24:56 +0000 (+0900)
Subject: Add a condition to FcCacheOffsetsValid() for detecting empty data of cache
X-Git-Tag: accepted/tizen/unified/20171025.075138^0
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Ffontconfig.git;a=commitdiff_plain;h=995fff208e528f7dc99fbd9c4f736b0b0695c9ec

Add a condition to FcCacheOffsetsValid() for detecting empty data of cache

This patch was suggested by Akira TAGOH in the following bug report.
https://bugs.freedesktop.org/show_bug.cgi?id=103237

I made TIZEN_ONLY comments because it is not applied in upstream yet.

@tizen_fix

Change-Id: I261a3ae2f6abc37173a861a7cbef48ba68a19fb9
---

diff --git a/src/fccache.c b/src/fccache.c
index 6f3c68a..f9e66e8 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -642,12 +642,22 @@ FcCacheOffsetsValid (FcCache *cache)
             FcValueListPtr	 l;
 	    char                *last_offset;
 
+            /* TIZEN_ONLY(20171013): Add a condition to FcCacheOffsetsValid() for detecting empty data of cache
             if ((char *) font < base ||
                 (char *) font > end - sizeof (FcFontSet) ||
                 font->elts_offset < 0 ||
                 font->elts_offset > end - (char *) font ||
                 font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt))
                 return FcFalse;
+             */
+            if ((char *) font < base ||
+                (char *) font > end - sizeof (FcFontSet) ||
+                font->elts_offset < 0 ||
+                font->elts_offset > end - (char *) font ||
+                font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt) ||
+                !FcRefIsConst (&font->ref))
+                return FcFalse;
+            /* END */
 
 
             e = FcPatternElts(font);