diff options
| author | Adrian Johnson <ajohnson@redneon.com> | 2017-07-08 09:28:03 +0930 |
|---|---|---|
| committer | Bryce Harrington <bryce@osg.samsung.com> | 2018-05-07 16:35:51 -0700 |
| commit | 199823938780c8e50099b627d3e9137acba7a263 (patch) | |
| tree | 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-image-source.c | |
| parent | 7554822dd0b52d33ec7898e81b59e97164b00142 (diff) | |
| download | cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz | |
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-image-source.c')
| -rw-r--r-- | src/cairo-image-source.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/cairo-image-source.c b/src/cairo-image-source.c index 3e3ca2814..0b50afcad 100644 --- a/src/cairo-image-source.c +++ b/src/cairo-image-source.c @@ -872,7 +872,7 @@ create_separable_convolution (int *n_values, size_y = (1 << ysubsample) * ywidth; *n_values = 4 + size_x + size_y; - params = malloc (*n_values * sizeof (pixman_fixed_t)); + params = _cairo_malloc (*n_values * sizeof (pixman_fixed_t)); if (!params) return 0; params[0] = pixman_int_to_fixed (xwidth); @@ -1077,7 +1077,7 @@ attach_proxy (cairo_surface_t *source, { struct proxy *proxy; - proxy = malloc (sizeof (*proxy)); + proxy = _cairo_malloc (sizeof (*proxy)); if (unlikely (proxy == NULL)) return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); @@ -1407,7 +1407,7 @@ _pixman_image_for_surface (cairo_image_surface_t *dst, return NULL; } - cleanup = malloc (sizeof (*cleanup)); + cleanup = _cairo_malloc (sizeof (*cleanup)); if (unlikely (cleanup == NULL)) { _cairo_surface_release_source_image (pattern->surface, image, extra); pixman_image_unref (pixman_image); @@ -1498,7 +1498,7 @@ _pixman_image_for_raster (cairo_image_surface_t *dst, return NULL; } - cleanup = malloc (sizeof (*cleanup)); + cleanup = _cairo_malloc (sizeof (*cleanup)); if (unlikely (cleanup == NULL)) { pixman_image_unref (pixman_image); _cairo_surface_release_source_image (surface, image, extra); @@ -1594,7 +1594,7 @@ _cairo_image_source_create_for_pattern (cairo_surface_t *dst, TRACE ((stderr, "%s\n", __FUNCTION__)); - source = malloc (sizeof (cairo_image_source_t)); + source = _cairo_malloc (sizeof (cairo_image_source_t)); if (unlikely (source == NULL)) return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); |