Fix array access in a null pointer dereference FcFontSetFont() accesses fs->fonts in that macro though, there was no error checks if it is null or not. As a result, there was a code path that it could be a null. Even though this is unlikely to see in usual use, it might be intentionally created in a cache. So if fs->fonts is a null, we should consider a cache is invalid.

commit: 586ac3b6c0a324ae8545e2e6437f62e851daa203 [log] [tgz]
author: Akira TAGOH <akira@tagoh.org> Thu Jul 19 07:09:14 2018 +0000
committer: Akira TAGOH <akira@tagoh.org> Thu Jul 19 07:09:39 2018 +0000
tree: 4fc9e974876b7bcfc77efa464ef3c5936e6c89e3
parent: 51afd09d62c163ae6a13b856ba46b8e851015f26 [diff]
diff --git a/src/fccache.c b/src/fccache.c
index 82400cf..2b60401 100644
--- a/src/fccache.c
+++ b/src/fccache.c

@@ -879,7 +879,7 @@
         if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
             return FcFalse;
 
-        if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
+        if (!FcIsEncodedOffset(fs->fonts))
             return FcFalse;
 
         for (i = 0; i < fs->nfont; i++)
commit	586ac3b6c0a324ae8545e2e6437f62e851daa203	[log] [tgz]
author	Akira TAGOH <akira@tagoh.org>	Thu Jul 19 07:09:14 2018 +0000
committer	Akira TAGOH <akira@tagoh.org>	Thu Jul 19 07:09:39 2018 +0000
tree	4fc9e974876b7bcfc77efa464ef3c5936e6c89e3
parent	51afd09d62c163ae6a13b856ba46b8e851015f26 [diff]