[cairo-bugs] [Bug 93151] New: _csi_intern_string _csi_perm_alloc invalid free()

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Nov 28 15:14:23 PST 2015


            Bug ID: 93151
           Summary: _csi_intern_string _csi_perm_alloc invalid free()
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: major
          Priority: medium
         Component: general
          Assignee: chris at chris-wilson.co.uk
          Reporter: hvtaifwkbgefbaei at gmail.com
        QA Contact: cairo-bugs at cairographics.org


    if (istring == NULL) {
        istring = _csi_perm_alloc (ctx,
                                   sizeof (csi_intern_string_t) + len + 1);

_csi_perm_alloc is where the fun happens! (cleaned up a bit)
    csi_chunk_t *chunk = _csi_alloc (ctx, sizeof (csi_chunk_t) + chunk_size);
    chunk->ptr = (char *) (chunk + 1);
    ptr = chunk->ptr;
    return ptr;

in _csi_intern_string , if _csi_hash_table_insert fails:
    _csi_free (ctx, istring);

so basically it does malloc(something) and free(something +

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20151128/1913a01a/attachment.html>

More information about the cairo-bugs mailing list