summaryrefslogtreecommitdiff
path: root/src/cairo-surface-snapshot.c
diff options
context:
space:
mode:
authorAdrian Johnson <ajohnson@redneon.com>2017-07-08 09:28:03 +0930
committerBryce Harrington <bryce@osg.samsung.com>2018-05-07 16:35:51 -0700
commit199823938780c8e50099b627d3e9137acba7a263 (patch)
tree858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-surface-snapshot.c
parent7554822dd0b52d33ec7898e81b59e97164b00142 (diff)
downloadcairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used consistently. This patch replaces many calls to malloc() with _cairo_malloc(). Fixes: fdo# 101547 CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299 Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-surface-snapshot.c')
-rw-r--r--src/cairo-surface-snapshot.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/cairo-surface-snapshot.c b/src/cairo-surface-snapshot.c
index 3477ac574..c8f307843 100644
--- a/src/cairo-surface-snapshot.c
+++ b/src/cairo-surface-snapshot.c
@@ -99,7 +99,7 @@ _cairo_surface_snapshot_acquire_source_image (void *abstract_
struct snapshot_extra *extra;
cairo_status_t status;
- extra = malloc (sizeof (*extra));
+ extra = _cairo_malloc (sizeof (*extra));
if (unlikely (extra == NULL))
return _cairo_error (CAIRO_STATUS_NO_MEMORY);
@@ -258,7 +258,7 @@ _cairo_surface_snapshot (cairo_surface_t *surface)
if (snapshot != NULL)
return cairo_surface_reference (&snapshot->base);
- snapshot = malloc (sizeof (cairo_surface_snapshot_t));
+ snapshot = _cairo_malloc (sizeof (cairo_surface_snapshot_t));
if (unlikely (snapshot == NULL))
return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_SURFACE_FINISHED));
View Lorry Controller Status