Use _cairo_malloc instead of malloc

_cairo_malloc(0) always returns NULL, but has not been used consistently. This patch replaces many calls to malloc() with _cairo_malloc(). Fixes: fdo# 101547 CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299 Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
author: Adrian Johnson <ajohnson@redneon.com> 2017-07-08 09:28:03 +0930
committer: Bryce Harrington <bryce@osg.samsung.com> 2018-05-07 16:35:51 -0700
commit: 199823938780c8e50099b627d3e9137acba7a263 (patch)
tree: 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-tor-scan-converter.c
parent: 7554822dd0b52d33ec7898e81b59e97164b00142 (diff)
download: cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/cairo-tor-scan-converter.c b/src/cairo-tor-scan-converter.c
index b1b51872b..28bc2f3fa 100644
--- a/src/cairo-tor-scan-converter.c
+++ b/src/cairo-tor-scan-converter.c
@@ -483,7 +483,7 @@ _pool_chunk_create(struct pool *pool, size_t size)
 {
     struct _pool_chunk *p;
 
-    p = malloc(SIZEOF_POOL_CHUNK + size);
+    p = _cairo_malloc (SIZEOF_POOL_CHUNK + size);
     if (unlikely (NULL == p))
 	longjmp (*pool->jmp, _cairo_error (CAIRO_STATUS_NO_MEMORY));
 
@@ -1872,7 +1872,7 @@ _cairo_tor_scan_converter_create (int			xmin,
     cairo_tor_scan_converter_t *self;
     cairo_status_t status;
 
-    self = malloc (sizeof(struct _cairo_tor_scan_converter));
+    self = _cairo_malloc (sizeof(struct _cairo_tor_scan_converter));
     if (unlikely (self == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto bail_nomem;
author	Adrian Johnson <ajohnson@redneon.com>	2017-07-08 09:28:03 +0930
committer	Bryce Harrington <bryce@osg.samsung.com>	2018-05-07 16:35:51 -0700
commit	199823938780c8e50099b627d3e9137acba7a263 (patch)
tree	858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-tor-scan-converter.c
parent	7554822dd0b52d33ec7898e81b59e97164b00142 (diff)
download	cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz