Use _cairo_malloc instead of malloc

_cairo_malloc(0) always returns NULL, but has not been used
consistently.  This patch replaces many calls to malloc() with
_cairo_malloc().

Fixes:  fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/cairo-damage.c b/src/cairo-damage.c
index 63191fee9..97d9fe909 100644
--- a/src/cairo-damage.c
+++ b/src/cairo-damage.c
@@ -51,7 +51,7 @@ _cairo_damage_create (void)
 {
     cairo_damage_t *damage;
 
-    damage = malloc (sizeof (*damage));
+    damage = _cairo_malloc (sizeof (*damage));
     if (unlikely (damage == NULL)) {
 	_cairo_error_throw(CAIRO_STATUS_NO_MEMORY);
 	return (cairo_damage_t *) &__cairo_damage__nil;
@@ -122,7 +122,7 @@ _cairo_damage_add_boxes(cairo_damage_t *damage,
     if (size < count)
 	size = (count + 64) & ~63;
 
-    chunk = malloc (sizeof (*chunk) + sizeof (cairo_box_t) * size);
+    chunk = _cairo_malloc (sizeof (*chunk) + sizeof (cairo_box_t) * size);
     if (unlikely (chunk == NULL)) {
 	_cairo_damage_destroy (damage);
 	return (cairo_damage_t *) &__cairo_damage__nil;
@@ -210,7 +210,7 @@ _cairo_damage_reduce (cairo_damage_t *damage)
 
     boxes = damage->tail->base;
     if (damage->dirty > damage->tail->size) {
-	boxes = free_boxes = malloc (damage->dirty * sizeof (cairo_box_t));
+	boxes = free_boxes = _cairo_malloc (damage->dirty * sizeof (cairo_box_t));
 	if (unlikely (boxes == NULL)) {
 	    _cairo_damage_destroy (damage);
 	    return (cairo_damage_t *) &__cairo_damage__nil;