diff options
author | Adrian Johnson <ajohnson@redneon.com> | 2017-07-08 09:28:03 +0930 |
---|---|---|
committer | Bryce Harrington <bryce@osg.samsung.com> | 2018-05-07 16:35:51 -0700 |
commit | 199823938780c8e50099b627d3e9137acba7a263 (patch) | |
tree | 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-damage.c | |
parent | 7554822dd0b52d33ec7898e81b59e97164b00142 (diff) | |
download | cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz |
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-damage.c')
-rw-r--r-- | src/cairo-damage.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/cairo-damage.c b/src/cairo-damage.c index 63191fee9..97d9fe909 100644 --- a/src/cairo-damage.c +++ b/src/cairo-damage.c @@ -51,7 +51,7 @@ _cairo_damage_create (void) { cairo_damage_t *damage; - damage = malloc (sizeof (*damage)); + damage = _cairo_malloc (sizeof (*damage)); if (unlikely (damage == NULL)) { _cairo_error_throw(CAIRO_STATUS_NO_MEMORY); return (cairo_damage_t *) &__cairo_damage__nil; @@ -122,7 +122,7 @@ _cairo_damage_add_boxes(cairo_damage_t *damage, if (size < count) size = (count + 64) & ~63; - chunk = malloc (sizeof (*chunk) + sizeof (cairo_box_t) * size); + chunk = _cairo_malloc (sizeof (*chunk) + sizeof (cairo_box_t) * size); if (unlikely (chunk == NULL)) { _cairo_damage_destroy (damage); return (cairo_damage_t *) &__cairo_damage__nil; @@ -210,7 +210,7 @@ _cairo_damage_reduce (cairo_damage_t *damage) boxes = damage->tail->base; if (damage->dirty > damage->tail->size) { - boxes = free_boxes = malloc (damage->dirty * sizeof (cairo_box_t)); + boxes = free_boxes = _cairo_malloc (damage->dirty * sizeof (cairo_box_t)); if (unlikely (boxes == NULL)) { _cairo_damage_destroy (damage); return (cairo_damage_t *) &__cairo_damage__nil; |