Use _cairo_malloc instead of malloc

_cairo_malloc(0) always returns NULL, but has not been used consistently. This patch replaces many calls to malloc() with _cairo_malloc(). Fixes: fdo# 101547 CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299 Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
author: Adrian Johnson <ajohnson@redneon.com> 2017-07-08 09:28:03 +0930
committer: Bryce Harrington <bryce@osg.samsung.com> 2018-05-07 16:35:51 -0700
commit: 199823938780c8e50099b627d3e9137acba7a263 (patch)
tree: 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-output-stream.c
parent: 7554822dd0b52d33ec7898e81b59e97164b00142 (diff)
download: cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz
1 files changed, 7 insertions, 7 deletions
diff --git a/src/cairo-output-stream.c b/src/cairo-output-stream.c
index cbb60c74e..72b81526c 100644
--- a/src/cairo-output-stream.c
+++ b/src/cairo-output-stream.c
@@ -147,7 +147,7 @@ _cairo_output_stream_create (cairo_write_func_t		write_func,
 {
     cairo_output_stream_with_closure_t *stream;
 
-    stream = malloc (sizeof (cairo_output_stream_with_closure_t));
+    stream = _cairo_malloc (sizeof (cairo_output_stream_with_closure_t));
     if (unlikely (stream == NULL)) {
 	_cairo_error_throw (CAIRO_STATUS_NO_MEMORY);
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil;
@@ -173,7 +173,7 @@ _cairo_output_stream_create_in_error (cairo_status_t status)
     if (status == CAIRO_STATUS_WRITE_ERROR)
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil_write_error;
 
-    stream = malloc (sizeof (cairo_output_stream_t));
+    stream = _cairo_malloc (sizeof (cairo_output_stream_t));
     if (unlikely (stream == NULL)) {
 	_cairo_error_throw (CAIRO_STATUS_NO_MEMORY);
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil;
@@ -639,7 +639,7 @@ _cairo_output_stream_create_for_file (FILE *file)
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil_write_error;
     }
 
-    stream = malloc (sizeof *stream);
+    stream = _cairo_malloc (sizeof *stream);
     if (unlikely (stream == NULL)) {
 	_cairo_error_throw (CAIRO_STATUS_NO_MEMORY);
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil;
@@ -678,7 +678,7 @@ _cairo_output_stream_create_for_filename (const char *filename)
 	}
     }
 
-    stream = malloc (sizeof *stream);
+    stream = _cairo_malloc (sizeof *stream);
     if (unlikely (stream == NULL)) {
 	fclose (file);
 	_cairo_error_throw (CAIRO_STATUS_NO_MEMORY);
@@ -722,7 +722,7 @@ _cairo_memory_stream_create (void)
 {
     memory_stream_t *stream;
 
-    stream = malloc (sizeof *stream);
+    stream = _cairo_malloc (sizeof *stream);
     if (unlikely (stream == NULL)) {
 	_cairo_error_throw (CAIRO_STATUS_NO_MEMORY);
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil;
@@ -749,7 +749,7 @@ _cairo_memory_stream_destroy (cairo_output_stream_t *abstract_stream,
     stream = (memory_stream_t *) abstract_stream;
 
     *length_out = _cairo_array_num_elements (&stream->array);
-    *data_out = malloc (*length_out);
+    *data_out = _cairo_malloc (*length_out);
     if (unlikely (*data_out == NULL)) {
 	status = _cairo_output_stream_destroy (abstract_stream);
 	assert (status == CAIRO_STATUS_SUCCESS);
@@ -799,7 +799,7 @@ _cairo_null_stream_create (void)
 {
     cairo_output_stream_t *stream;
 
-    stream = malloc (sizeof *stream);
+    stream = _cairo_malloc (sizeof *stream);
     if (unlikely (stream == NULL)) {
 	_cairo_error_throw (CAIRO_STATUS_NO_MEMORY);
 	return (cairo_output_stream_t *) &_cairo_output_stream_nil;
author	Adrian Johnson <ajohnson@redneon.com>	2017-07-08 09:28:03 +0930
committer	Bryce Harrington <bryce@osg.samsung.com>	2018-05-07 16:35:51 -0700
commit	199823938780c8e50099b627d3e9137acba7a263 (patch)
tree	858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-output-stream.c
parent	7554822dd0b52d33ec7898e81b59e97164b00142 (diff)
download	cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz