summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam Jackson <ajax@redhat.com>2014-10-31 13:21:14 -0400
committerBryce Harrington <bryce@osg.samsung.com>2014-11-06 12:56:13 -0800
commit3cf862f6d973755cd9824c2224fbe0a623c47ff1 (patch)
tree58ea6b9f5d551323fb09c7140ee330d8d524d13b
parentadbeb3d53c6c6e8ddcc63988200da4c5c9627717 (diff)
xlib: Don't crash when swapping a 0-sized glyph
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter a loop of the form do { ... } while (--c), which doesn't do quite what you were hoping for when c is initially 0. Since there's nothing to swap in this case, just bomb out. Signed-off-by: Adam Jackson <ajax@redhat.com>
-rw-r--r--src/cairo-xlib-render-compositor.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c
index e90df09fd..8a1ec7bd7 100644
--- a/src/cairo-xlib-render-compositor.c
+++ b/src/cairo-xlib-render-compositor.c
@@ -1287,6 +1287,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
unsigned char *d;
unsigned char *new, *n;
+ if (c == 0)
+ break;
+
new = malloc (c);
if (!new) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
@@ -1312,6 +1315,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
const uint32_t *d;
uint32_t *new, *n;
+ if (c == 0)
+ break;
+
new = malloc (4 * c);
if (unlikely (new == NULL)) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);