From 199823938780c8e50099b627d3e9137acba7a263 Mon Sep 17 00:00:00 2001
From: Adrian Johnson <ajohnson@redneon.com>
Date: Sat, 8 Jul 2017 09:28:03 +0930
Subject: Use _cairo_malloc instead of malloc

_cairo_malloc(0) always returns NULL, but has not been used
consistently.  This patch replaces many calls to malloc() with
_cairo_malloc().

Fixes:  fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
---
 src/cairo-mono-scan-converter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/cairo-mono-scan-converter.c')

diff --git a/src/cairo-mono-scan-converter.c b/src/cairo-mono-scan-converter.c
index 2a9546cf8..891f435c9 100644
--- a/src/cairo-mono-scan-converter.c
+++ b/src/cairo-mono-scan-converter.c
@@ -587,7 +587,7 @@ _cairo_mono_scan_converter_create (int			xmin,
     cairo_mono_scan_converter_t *self;
     cairo_status_t status;
 
-    self = malloc (sizeof(struct _cairo_mono_scan_converter));
+    self = _cairo_malloc (sizeof(struct _cairo_mono_scan_converter));
     if (unlikely (self == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto bail_nomem;
-- 
cgit v1.2.1