diff options
| author | Vladimir Vukicevic <vladimir@pobox.com> | 2007-06-19 13:15:21 -0700 |
|---|---|---|
| committer | Vladimir Vukicevic <vladimir@feisty.(none)> | 2007-06-29 09:46:08 -0700 |
| commit | 5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360 (patch) | |
| tree | bb1abcb2f1144059d4444d8db343014e07791593 /src/cairo-spline.c | |
| parent | fc34073464c487405b6e2e0a5fa269a1ae15a02a (diff) | |
| download | cairo-5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360.tar.gz | |
[fix] Avoid int overflow when allocating large buffers
This patch introduces three macros: _cairo_malloc_ab,
_cairo_malloc_abc, _cairo_malloc_ab_plus_c and replaces various calls
to malloc(a*b), malloc(a*b*c), and malloc(a*b+c) with them. The macros
return NULL if int overflow would occur during the allocation. See
CODING_STYLE for more information.
Diffstat (limited to 'src/cairo-spline.c')
| -rw-r--r-- | src/cairo-spline.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cairo-spline.c b/src/cairo-spline.c index bf8777003..db748b30d 100644 --- a/src/cairo-spline.c +++ b/src/cairo-spline.c @@ -109,7 +109,7 @@ _cairo_spline_grow (cairo_spline_t *spline) assert (spline->num_points <= spline->points_size); if (spline->points == spline->points_embedded) { - new_points = malloc (new_size * sizeof (cairo_point_t)); + new_points = _cairo_malloc_ab (new_size, sizeof (cairo_point_t)); if (new_points) memcpy (new_points, spline->points, old_size * sizeof (cairo_point_t)); } else { |