[cairo] [PATCH cairo 2/3] bo: Check null return from _cairo_malloc_ab() (CID #1159556)

Uli Schlachter psychon at znc.in
Sat Jun 9 06:58:29 UTC 2018


Reviewed-by: Uli Schlachter <psychon at znc.in>

(Sigh, that code leaks memory; there is a following call to
_cairo_malloc_ab_plus_c() in this function and if that fails, it returns
an error without first freeing event_y (after checking if it has to be
freed))

On 09.06.2018 07:34, Bryce Harrington wrote:
> _cairo_malloc_ab() can return NULL under some circumstances, and all
> other callers of this routine in the Cairo codebase check its return, so
> do so here as well.
> 
> (I'm not sure that cairo-bentley-ottmann.c is actually plugged in
> anywhere for actual use, so this change may be more to quell Coverity
> than fix an actual likely bug.  However, the bo code has been used as a
> starting point when writing compositors so perhaps is a useful thing to
> cleanup.)
> 
> Coverity ID: #1159556
> 
> Signed-off-by: Bryce Harrington <bryce at bryceharrington.org>
> ---
>  src/cairo-bentley-ottmann.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/src/cairo-bentley-ottmann.c b/src/cairo-bentley-ottmann.c
> index 91e41f9..afe3a63 100644
> --- a/src/cairo-bentley-ottmann.c
> +++ b/src/cairo-bentley-ottmann.c
> @@ -1484,10 +1484,13 @@ _cairo_bentley_ottmann_tessellate_polygon (cairo_traps_t	 *traps,
>  	ymin = _cairo_fixed_integer_floor (polygon->limit.p1.y);
>  	ymax = _cairo_fixed_integer_ceil (polygon->limit.p2.y) - ymin;
>  
> -	if (ymax > 64)
> +	if (ymax > 64) {
>  	    event_y = _cairo_malloc_ab(sizeof (cairo_bo_event_t*), ymax);
> -	else
> +	    if (unlikely (event_y == NULL))
> +		return _cairo_error (CAIRO_STATUS_NO_MEMORY);
> +	} else {
>  	    event_y = stack_event_y;
> +	}
>  	memset (event_y, 0, ymax * sizeof(cairo_bo_event_t *));
>      }
>  
> 


-- 
Bruce Schneier can read and understand Perl programs.


More information about the cairo mailing list