[cairo] [PATCH 2/2] xcb: Don't crash when swapping a 0-sized glyph
Adam Jackson
ajax at redhat.com
Fri Oct 31 10:21:15 PDT 2014
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
a loop of the form do { ... } while (--c), which doesn't do quite what
you were hoping for when c is initially 0.
Since there's nothing to swap in this case, just bomb out.
Signed-off-by: Adam Jackson <ajax at redhat.com>
---
src/cairo-xcb-surface-render.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c
index 27ed113..16d1ef8 100644
--- a/src/cairo-xcb-surface-render.c
+++ b/src/cairo-xcb-surface-render.c
@@ -4461,6 +4461,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
const uint8_t *d;
uint8_t *new, *n;
+ if (c == 0)
+ break;
+
new = malloc (c);
if (unlikely (new == NULL)) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
@@ -4489,6 +4492,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
const uint32_t *d;
uint32_t *new, *n;
+ if (c == 0)
+ break;
+
new = malloc (4 * c);
if (unlikely (new == NULL)) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
--
1.7.12.1
More information about the cairo
mailing list