diff options
author | Adrian Johnson <ajohnson@redneon.com> | 2017-07-08 09:28:03 +0930 |
---|---|---|
committer | Bryce Harrington <bryce@osg.samsung.com> | 2018-05-07 16:35:51 -0700 |
commit | 199823938780c8e50099b627d3e9137acba7a263 (patch) | |
tree | 858c70f2a9c116ed2a5ffcb05cd9d8d3fe18a4cb /src/cairo-xlib-render-compositor.c | |
parent | 7554822dd0b52d33ec7898e81b59e97164b00142 (diff) | |
download | cairo-199823938780c8e50099b627d3e9137acba7a263.tar.gz |
Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-xlib-render-compositor.c')
-rw-r--r-- | src/cairo-xlib-render-compositor.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c index 4b75109e0..0db59a8a6 100644 --- a/src/cairo-xlib-render-compositor.c +++ b/src/cairo-xlib-render-compositor.c @@ -989,7 +989,7 @@ _cairo_xlib_font_create (cairo_xlib_display_t *display, cairo_xlib_font_t *priv; int i; - priv = malloc (sizeof (cairo_xlib_font_t)); + priv = _cairo_malloc (sizeof (cairo_xlib_font_t)); if (unlikely (priv == NULL)) return NULL; @@ -1089,7 +1089,7 @@ _cairo_xlib_glyph_attach (cairo_xlib_display_t *display, { cairo_xlib_glyph_private_t *priv; - priv = malloc (sizeof (*priv)); + priv = _cairo_malloc (sizeof (*priv)); if (unlikely (priv == NULL)) return _cairo_error (CAIRO_STATUS_NO_MEMORY); @@ -1290,7 +1290,7 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display, if (c == 0) break; - new = malloc (c); + new = _cairo_malloc (c); if (!new) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); goto BAIL; @@ -1318,7 +1318,7 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display, if (c == 0) break; - new = malloc (4 * c); + new = _cairo_malloc (4 * c); if (unlikely (new == NULL)) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); goto BAIL; |