diff options
author | Adrian Johnson <ajohnson@redneon.com> | 2017-07-08 09:28:03 +0930 |
---|---|---|
committer | Bryce Harrington <bryce@osg.samsung.com> | 2018-05-07 16:35:51 -0700 |
commit | 199823938780c8e50099b627d3e9137acba7a263 (patch) | |
tree | 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-output-stream.c | |
parent | 7554822dd0b52d33ec7898e81b59e97164b00142 (diff) | |
download | cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz |
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-output-stream.c')
-rw-r--r-- | src/cairo-output-stream.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/cairo-output-stream.c b/src/cairo-output-stream.c index cbb60c74e..72b81526c 100644 --- a/src/cairo-output-stream.c +++ b/src/cairo-output-stream.c @@ -147,7 +147,7 @@ _cairo_output_stream_create (cairo_write_func_t write_func, { cairo_output_stream_with_closure_t *stream; - stream = malloc (sizeof (cairo_output_stream_with_closure_t)); + stream = _cairo_malloc (sizeof (cairo_output_stream_with_closure_t)); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; @@ -173,7 +173,7 @@ _cairo_output_stream_create_in_error (cairo_status_t status) if (status == CAIRO_STATUS_WRITE_ERROR) return (cairo_output_stream_t *) &_cairo_output_stream_nil_write_error; - stream = malloc (sizeof (cairo_output_stream_t)); + stream = _cairo_malloc (sizeof (cairo_output_stream_t)); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; @@ -639,7 +639,7 @@ _cairo_output_stream_create_for_file (FILE *file) return (cairo_output_stream_t *) &_cairo_output_stream_nil_write_error; } - stream = malloc (sizeof *stream); + stream = _cairo_malloc (sizeof *stream); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; @@ -678,7 +678,7 @@ _cairo_output_stream_create_for_filename (const char *filename) } } - stream = malloc (sizeof *stream); + stream = _cairo_malloc (sizeof *stream); if (unlikely (stream == NULL)) { fclose (file); _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); @@ -722,7 +722,7 @@ _cairo_memory_stream_create (void) { memory_stream_t *stream; - stream = malloc (sizeof *stream); + stream = _cairo_malloc (sizeof *stream); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; @@ -749,7 +749,7 @@ _cairo_memory_stream_destroy (cairo_output_stream_t *abstract_stream, stream = (memory_stream_t *) abstract_stream; *length_out = _cairo_array_num_elements (&stream->array); - *data_out = malloc (*length_out); + *data_out = _cairo_malloc (*length_out); if (unlikely (*data_out == NULL)) { status = _cairo_output_stream_destroy (abstract_stream); assert (status == CAIRO_STATUS_SUCCESS); @@ -799,7 +799,7 @@ _cairo_null_stream_create (void) { cairo_output_stream_t *stream; - stream = malloc (sizeof *stream); + stream = _cairo_malloc (sizeof *stream); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; |