Fix a dereference of a null pointer When exiting from for loop by not satisfying the condition of `(s = next[i])` at FcCacheRemoveUnlocked() referring s->alloated will be invalid.

commit: b047e299546ac3abb79cf0bac3c67f5c2dfc7fb6 [log] [tgz]
author: Akira TAGOH <akira@tagoh.org> Fri Nov 30 10:42:26 2018 +0000
committer: Akira TAGOH <akira@tagoh.org> Fri Nov 30 10:42:26 2018 +0000
tree: bae6b6f707ae95e40b532d331826fd6158db25b8
parent: 3a45b8ef6511aee22b48c2a54f59faf6172a5071 [diff]
diff --git a/src/fccache.c b/src/fccache.c
index 87073ba..3352a66 100644
--- a/src/fccache.c
+++ b/src/fccache.c

@@ -710,15 +710,18 @@
     while (fcCacheMaxLevel > 0 && fcCacheChains[fcCacheMaxLevel - 1] == NULL)
 	fcCacheMaxLevel--;
 
-    allocated = s->allocated;
-    while (allocated)
+    if (s)
     {
-	/* First element in allocated chunk is the free list */
-	next = *(void **)allocated;
-	free (allocated);
-	allocated = next;
+	allocated = s->allocated;
+	while (allocated)
+	{
+	    /* First element in allocated chunk is the free list */
+	    next = *(void **)allocated;
+	    free (allocated);
+	    allocated = next;
+	}
+	free (s);
     }
-    free (s);
 }
 
 static FcCache *
commit	b047e299546ac3abb79cf0bac3c67f5c2dfc7fb6	[log] [tgz]
author	Akira TAGOH <akira@tagoh.org>	Fri Nov 30 10:42:26 2018 +0000
committer	Akira TAGOH <akira@tagoh.org>	Fri Nov 30 10:42:26 2018 +0000
tree	bae6b6f707ae95e40b532d331826fd6158db25b8
parent	3a45b8ef6511aee22b48c2a54f59faf6172a5071 [diff]