diff options
author | Adam Jackson <ajax@redhat.com> | 2014-10-31 13:21:15 -0400 |
---|---|---|
committer | Bryce Harrington <bryce@osg.samsung.com> | 2014-11-06 12:56:18 -0800 |
commit | a03f2ff72054c9530f98738aac729354a3f56102 (patch) | |
tree | 7d9c4ed1529cd9ac903791e50e2c8c9c1e95f7f7 /src/cairo-xcb-surface-render.c | |
parent | 3cf862f6d973755cd9824c2224fbe0a623c47ff1 (diff) | |
download | cairo-a03f2ff72054c9530f98738aac729354a3f56102.tar.gz |
xcb: Don't crash when swapping a 0-sized glyph
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
a loop of the form do { ... } while (--c), which doesn't do quite what
you were hoping for when c is initially 0.
Since there's nothing to swap in this case, just bomb out.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Diffstat (limited to 'src/cairo-xcb-surface-render.c')
-rw-r--r-- | src/cairo-xcb-surface-render.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c index 21a89cc0f..1a086a24f 100644 --- a/src/cairo-xcb-surface-render.c +++ b/src/cairo-xcb-surface-render.c @@ -4467,6 +4467,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection, const uint8_t *d; uint8_t *new, *n; + if (c == 0) + break; + new = malloc (c); if (unlikely (new == NULL)) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); @@ -4495,6 +4498,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection, const uint32_t *d; uint32_t *new, *n; + if (c == 0) + break; + new = malloc (4 * c); if (unlikely (new == NULL)) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); |