summaryrefslogtreecommitdiff
path: root/src/cairo-array.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/cairo-array.c')
-rw-r--r--src/cairo-array.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/cairo-array.c b/src/cairo-array.c
index b547b121d..053e73ea2 100644
--- a/src/cairo-array.c
+++ b/src/cairo-array.c
@@ -110,15 +110,19 @@ _cairo_array_fini (cairo_array_t *array)
* is always increased by doubling as many times as necessary.
**/
cairo_status_t
-_cairo_array_grow_by (cairo_array_t *array, int additional)
+_cairo_array_grow_by (cairo_array_t *array, unsigned int additional)
{
char *new_elements;
- int old_size = array->size;
- int required_size = array->num_elements + additional;
- int new_size;
+ unsigned int old_size = array->size;
+ unsigned int required_size = array->num_elements + additional;
+ unsigned int new_size;
assert (! array->is_snapshot);
+ /* check for integer overflow */
+ if (required_size > INT_MAX || required_size < array->num_elements)
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+
if (required_size <= old_size)
return CAIRO_STATUS_SUCCESS;
View Lorry Controller Status