diff options
| author | Adrian Johnson <ajohnson@redneon.com> | 2017-07-08 09:28:03 +0930 |
|---|---|---|
| committer | Bryce Harrington <bryce@osg.samsung.com> | 2018-05-07 16:35:51 -0700 |
| commit | 199823938780c8e50099b627d3e9137acba7a263 (patch) | |
| tree | 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-quartz-font.c | |
| parent | 7554822dd0b52d33ec7898e81b59e97164b00142 (diff) | |
| download | cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz | |
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-quartz-font.c')
| -rw-r--r-- | src/cairo-quartz-font.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/cairo-quartz-font.c b/src/cairo-quartz-font.c index 472214216..8cb71434f 100644 --- a/src/cairo-quartz-font.c +++ b/src/cairo-quartz-font.c @@ -196,7 +196,7 @@ _cairo_quartz_font_face_create_for_toy (cairo_toy_font_face_t *toy_face, return _cairo_error (CAIRO_STATUS_NO_MEMORY); family = toy_face->family; - full_name = malloc (strlen (family) + 64); // give us a bit of room to tack on Bold, Oblique, etc. + full_name = _cairo_malloc (strlen (family) + 64); // give us a bit of room to tack on Bold, Oblique, etc. /* handle CSS-ish faces */ if (!strcmp(family, "serif") || !strcmp(family, "Times Roman")) family = "Times"; @@ -283,7 +283,7 @@ _cairo_quartz_font_face_scaled_font_create (void *abstract_face, if (!_cairo_quartz_font_symbols_present) return _cairo_error (CAIRO_STATUS_NO_MEMORY); - font = malloc(sizeof(cairo_quartz_scaled_font_t)); + font = _cairo_malloc (sizeof(cairo_quartz_scaled_font_t)); if (font == NULL) return _cairo_error (CAIRO_STATUS_NO_MEMORY); @@ -375,7 +375,7 @@ cairo_quartz_font_face_create_for_cgfont (CGFontRef font) quartz_font_ensure_symbols(); - font_face = malloc (sizeof (cairo_quartz_font_face_t)); + font_face = _cairo_malloc (sizeof (cairo_quartz_font_face_t)); if (!font_face) { cairo_status_t ignore_status; ignore_status = _cairo_error (CAIRO_STATUS_NO_MEMORY); |