[cairo-commit] 3 commits - boilerplate/cairo-boilerplate.c boilerplate/cairo-boilerplate-cogl.c boilerplate/cairo-boilerplate-vg.c boilerplate/cairo-boilerplate-win32-printing.c boilerplate/cairo-boilerplate-xcb.c boilerplate/cairo-boilerplate-xlib.c src/cairo-truetype-subset.c

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Fri Jul 23 12:09:52 UTC 2021 

 boilerplate/cairo-boilerplate-cogl.c           |    5 +++--
 boilerplate/cairo-boilerplate-vg.c             |    3 ++-
 boilerplate/cairo-boilerplate-win32-printing.c |    3 ++-
 boilerplate/cairo-boilerplate-xcb.c            |    3 ++-
 boilerplate/cairo-boilerplate-xlib.c           |    3 ++-
 boilerplate/cairo-boilerplate.c                |    7 ++++---
 src/cairo-truetype-subset.c                    |    4 ++++
 7 files changed, 19 insertions(+), 9 deletions(-)

New commits:
commit bfedda6a187a0d6f8e1e98bda9d74b220b0dea59
Merge: 014707b7b c91ae5c5a
Author: Uli Schlachter <psychon at znc.in>
Date:   Fri Jul 23 12:09:51 2021 +0000

    Merge branch 'issue-264' into 'master'
    
    Patches from #264
    
    Closes #264
    
    See merge request cairo/cairo!207

commit c91ae5c5a06d1b0f558f9a83637ba5df99cd2af5
Author: Bryce Harrington <bryce at osg.samsung.com>
Date:   Mon May 7 17:11:24 2018 -0700

    boilerplate: Use _cairo_malloc instead of malloc
    
    This changes most instances of malloc() calls to use Cairo's safer
    _cairo_malloc().  The malloc() call in the implementation of
    boilerplate's xmalloc() is not changed since it already includes a
    size=0 check.
    
    Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>

diff --git a/boilerplate/cairo-boilerplate-cogl.c b/boilerplate/cairo-boilerplate-cogl.c
index 0982e4133..2339dd883 100644
--- a/boilerplate/cairo-boilerplate-cogl.c
+++ b/boilerplate/cairo-boilerplate-cogl.c
@@ -31,6 +31,7 @@
  */
 
 #include "cairo-boilerplate-private.h"
+#include "cairo-malloc-private.h"
 
 #include <cairo-cogl.h>
 #include <cogl/cogl2-experimental.h>
@@ -80,7 +81,7 @@ _cairo_boilerplate_cogl_create_offscreen_color_surface (const char		*name,
     /* The device will take a reference on the context */
     cogl_object_unref (context);
 
-    closure = malloc (sizeof (cogl_closure_t));
+    closure = _cairo_malloc (sizeof (cogl_closure_t));
     *abstract_closure = closure;
     closure->device = device;
     closure->surface = cairo_cogl_offscreen_surface_create (device,
@@ -151,7 +152,7 @@ _cairo_boilerplate_cogl_create_onscreen_color_surface (const char	       *name,
     /* The device will take a reference on the context */
     cogl_object_unref (context);
 
-    closure = malloc (sizeof (cogl_closure_t));
+    closure = _cairo_malloc (sizeof (cogl_closure_t));
     *abstract_closure = closure;
     closure->device = device;
     closure->surface = cairo_cogl_onscreen_surface_create (device,
diff --git a/boilerplate/cairo-boilerplate-vg.c b/boilerplate/cairo-boilerplate-vg.c
index 692765745..4ea6ba46b 100644
--- a/boilerplate/cairo-boilerplate-vg.c
+++ b/boilerplate/cairo-boilerplate-vg.c
@@ -31,6 +31,7 @@
  */
 
 #include "cairo-boilerplate-private.h"
+#include "cairo-malloc-private.h"
 
 #include <cairo-vg.h>
 
@@ -105,7 +106,7 @@ _cairo_boilerplate_vg_create_surface_glx (const char		    *name,
     cairo_vg_context_t *context;
     vg_closure_glx_t *vgc;
 
-    vgc = malloc (sizeof (vg_closure_glx_t));
+    vgc = _cairo_malloc (sizeof (vg_closure_glx_t));
     *closure = vgc;
 
     if (width == 0)
diff --git a/boilerplate/cairo-boilerplate-win32-printing.c b/boilerplate/cairo-boilerplate-win32-printing.c
index 4bc1dd459..3d815167f 100644
--- a/boilerplate/cairo-boilerplate-win32-printing.c
+++ b/boilerplate/cairo-boilerplate-win32-printing.c
@@ -35,6 +35,7 @@
 #endif
 
 #include "cairo-boilerplate-private.h"
+#include "cairo-malloc-private.h"
 
 #if CAIRO_CAN_TEST_WIN32_PRINTING_SURFACE
 
@@ -131,7 +132,7 @@ create_printer_dc (win32_target_closure_t *ptc)
 
     ptc->dc = NULL;
     GetDefaultPrinter (NULL, &size);
-    printer_name = malloc (size);
+    printer_name = _cairo_malloc (size);
 
     if (printer_name == NULL)
 	return;
diff --git a/boilerplate/cairo-boilerplate-xcb.c b/boilerplate/cairo-boilerplate-xcb.c
index 98b39ec58..d54c0b54b 100644
--- a/boilerplate/cairo-boilerplate-xcb.c
+++ b/boilerplate/cairo-boilerplate-xcb.c
@@ -25,6 +25,7 @@
  */
 
 #include "cairo-boilerplate-private.h"
+#include "cairo-malloc-private.h"
 
 #include <cairo-xcb.h>
 
@@ -207,7 +208,7 @@ _cairo_boilerplate_xcb_create_similar (cairo_surface_t *other,
     xcb_render_pictforminfo_t *render_format;
     int depth;
 
-    similar = malloc (sizeof (*similar));
+    similar = _cairo_malloc (sizeof (*similar));
 
     switch (content) {
     default:
diff --git a/boilerplate/cairo-boilerplate-xlib.c b/boilerplate/cairo-boilerplate-xlib.c
index f3d559806..5d2498ccd 100644
--- a/boilerplate/cairo-boilerplate-xlib.c
+++ b/boilerplate/cairo-boilerplate-xlib.c
@@ -26,6 +26,7 @@
 
 #include "cairo-boilerplate-private.h"
 #include "cairo-boilerplate-xlib.h"
+#include "cairo-malloc-private.h"
 
 #include <cairo-xlib.h>
 #if CAIRO_HAS_XLIB_XRENDER_SURFACE
@@ -244,7 +245,7 @@ _cairo_boilerplate_xlib_create_similar (cairo_surface_t		*other,
     struct similar *similar;
     cairo_surface_t *surface;
 
-    similar = malloc (sizeof (*similar));
+    similar = _cairo_malloc (sizeof (*similar));
     similar->dpy = cairo_xlib_surface_get_display (other);
 
     switch (content) {
diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
index 024870a83..c5d3ad236 100644
--- a/boilerplate/cairo-boilerplate.c
+++ b/boilerplate/cairo-boilerplate.c
@@ -26,6 +26,7 @@
 
 #include "cairo-boilerplate-private.h"
 #include "cairo-boilerplate-scaled-font.h"
+#include "cairo-malloc-private.h"
 
 #include <pixman.h>
 
@@ -177,7 +178,7 @@ _cairo_boilerplate_image_create_similar (cairo_surface_t *other,
     }
 
     stride = cairo_format_stride_for_width(format, width);
-    ptr = malloc (stride* height);
+    ptr = _cairo_malloc (stride * height);
 
     surface = cairo_image_surface_create_for_data (ptr, format,
 						   width, height, stride);
@@ -226,7 +227,7 @@ _cairo_boilerplate_image16_create_similar (cairo_surface_t *other,
     }
 
     stride = cairo_format_stride_for_width(format, width);
-    ptr = malloc (stride* height);
+    ptr = _cairo_malloc (stride * height);
 
     surface = cairo_image_surface_create_for_data (ptr, format,
 						   width, height, stride);
@@ -239,7 +240,7 @@ static char *
 _cairo_boilerplate_image_describe (void *closure)
 {
     char *s;
-  
+
     xasprintf (&s, "pixman %s", pixman_version_string ());
 
     return s;
commit ae04679a08f39597907c28c317062b1f22ecf8f8
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Fri Jul 23 18:32:44 2021 +0930

    truetype: check cmap size before allocating memory
    
    Fixes #264

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index f5f06defc..efb67f9a6 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -1297,6 +1297,10 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font,
 	return CAIRO_INT_STATUS_UNSUPPORTED;
 
     size = be16_to_cpu (map_header.length);
+    /* minimum table size is 24 bytes */
+    if (size < 24)
+	return CAIRO_INT_STATUS_UNSUPPORTED;
+
     map = _cairo_malloc (size);
     if (unlikely (map == NULL))
 	return _cairo_error (CAIRO_STATUS_NO_MEMORY);

More information about the cairo-commit mailing list