[cairo-bugs] [Bug 101547] Heap buffer overflow at cairo-truetype-subset.c:1299, CVE-2017-9814
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Jul 8 00:07:33 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=101547
--- Comment #4 from Adrian Johnson <ajohnson at redneon.com> ---
Created attachment 132563
--> https://bugs.freedesktop.org/attachment.cgi?id=132563&action=edit
Replace malloc() with _cairo_malloc()
> The solution could be to check for the size, or to use a malloc wrapper
> that handle the size = 0 case and returns NULL.
We already have a wrapper that checks size = 0: _cairo_malloc(). It has not
been used consistently. The attached patch replaces all calls to malloc() with
_cairo_malloc().
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20170708/ecbe315e/attachment.html>
More information about the cairo-bugs
mailing list