SwallowOS/xorg_lib_libfontenc
1
0
Fork 0
mirror of https://github.com/SwallowOS/xorg_lib_libfontenc synced 2025-11-04 13:56:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

libfontenc: setCode(): fix realloc invocation

Browse Source 
This patch fixes two bugs in the realloc invocation in setCode(), which
most likely cause memory corruption when realloc is triggered:

1. Pass *enc to realloc (which is the dynamically-allocated buffer),
   instead of enc (which stores a pointer to the dynamically-allocated
   buffer).

2. Allocate enough memory for (*encsize) shorts, instead of (*encsize)
   bytes; see the call to malloc just above the realloc call.

Signed-off-by: Nickolai Zeldovich <nickolai@csail.mit.edu>
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This commit is contained in:
Nickolai Zeldovich
2013-03-03 23:57:34 -05:00
committed by Alan Coopersmith
parent f5d1208172
commit 624508365e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/encparse.c
View File

@@ -426,7 +426,7 @@ setCode(unsigned from, unsigned to, unsigned row_size,
} }
} else if(*encsize <= index) { } else if(*encsize <= index) {
*encsize = 0x10000; *encsize = 0x10000;
if((newenc = realloc(enc, *encsize))==NULL) if((newenc = realloc(*enc, (*encsize) * sizeof(unsigned short)))==NULL)
return 1; return 1;
*enc = newenc; *enc = newenc;
} }