From a220154b010cc943de53bf7c9fdd86324f4119fe Mon Sep 17 00:00:00 2001
From: Youngbok Shin <youngb.shin@samsung.com>
Date: Fri, 13 Oct 2017 11:24:56 +0900
Subject: Add a condition to FcCacheOffsetsValid() for detecting empty data of
 cache

This patch was suggested by Akira TAGOH in the following bug report.
https://bugs.freedesktop.org/show_bug.cgi?id=103237

I made TIZEN_ONLY comments because it is not applied in upstream yet.

@tizen_fix

Change-Id: I261a3ae2f6abc37173a861a7cbef48ba68a19fb9
(cherry picked from commit 995fff208e528f7dc99fbd9c4f736b0b0695c9ec)
---
 src/fccache.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/fccache.c b/src/fccache.c
index 02ec3013..1e7ba170 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -641,12 +641,22 @@ FcCacheOffsetsValid (FcCache *cache)
             FcPatternElt	*e;
             FcValueListPtr	 l;
 
+            /* TIZEN_ONLY(20171013): Add a condition to FcCacheOffsetsValid() for detecting empty data of cache
             if ((char *) font < base ||
                 (char *) font > end - sizeof (FcFontSet) ||
                 font->elts_offset < 0 ||
                 font->elts_offset > end - (char *) font ||
                 font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt))
                 return FcFalse;
+             */
+            if ((char *) font < base ||
+                (char *) font > end - sizeof (FcFontSet) ||
+                font->elts_offset < 0 ||
+                font->elts_offset > end - (char *) font ||
+                font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt) ||
+                !FcRefIsConst (&font->ref))
+                return FcFalse;
+            /* END */
 
 
             e = FcPatternElts(font);
-- 
cgit v1.2.3