diff options
| author | Adrian Johnson <ajohnson@redneon.com> | 2017-07-08 09:28:03 +0930 |
|---|---|---|
| committer | Bryce Harrington <bryce@osg.samsung.com> | 2018-05-07 16:35:51 -0700 |
| commit | 199823938780c8e50099b627d3e9137acba7a263 (patch) | |
| tree | 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-ps-surface.c | |
| parent | 7554822dd0b52d33ec7898e81b59e97164b00142 (diff) | |
| download | cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz | |
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-ps-surface.c')
| -rw-r--r-- | src/cairo-ps-surface.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/cairo-ps-surface.c b/src/cairo-ps-surface.c index 27a51953e..599eff4d4 100644 --- a/src/cairo-ps-surface.c +++ b/src/cairo-ps-surface.c @@ -1103,7 +1103,7 @@ _cairo_ps_surface_get_page_media (cairo_ps_surface_t *surface) } } - page = malloc (sizeof (cairo_page_media_t)); + page = _cairo_malloc (sizeof (cairo_page_media_t)); if (unlikely (page == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return NULL; @@ -1139,7 +1139,7 @@ _cairo_ps_surface_create_for_stream_internal (cairo_output_stream_t *stream, cairo_status_t status, status_ignored; cairo_ps_surface_t *surface; - surface = malloc (sizeof (cairo_ps_surface_t)); + surface = _cairo_malloc (sizeof (cairo_ps_surface_t)); if (unlikely (surface == NULL)) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); goto CLEANUP; @@ -2378,7 +2378,7 @@ _base85_strings_stream_create (cairo_output_stream_t *output) { string_array_stream_t *stream; - stream = malloc (sizeof (string_array_stream_t)); + stream = _cairo_malloc (sizeof (string_array_stream_t)); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; @@ -2408,7 +2408,7 @@ _base85_wrap_stream_create (cairo_output_stream_t *output) { string_array_stream_t *stream; - stream = malloc (sizeof (string_array_stream_t)); + stream = _cairo_malloc (sizeof (string_array_stream_t)); if (unlikely (stream == NULL)) { _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); return (cairo_output_stream_t *) &_cairo_output_stream_nil; @@ -2673,7 +2673,7 @@ _cairo_ps_surface_emit_image (cairo_ps_surface_t *surface, if (use_mask) data_size += (ps_image->width + 7)/8; data_size *= ps_image->height; - data = malloc (data_size); + data = _cairo_malloc (data_size); if (unlikely (data == NULL)) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); goto bail1; |