768b1217ce
crashes when client and server endian don't match.
44 lines
1.3 KiB
Diff
44 lines
1.3 KiB
Diff
From 4cad9bf9f0744efe17f1b70548cd2059df071e81 Mon Sep 17 00:00:00 2001
|
|
From: Adam Jackson <ajax@redhat.com>
|
|
Date: Wed, 31 Oct 2012 16:12:58 -0400
|
|
Subject: [PATCH 2/2] xcb: Don't crash when swapping a 0-sized glyph
|
|
|
|
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
|
|
a loop of the form do { ... } while (--c), which doesn't do quite what
|
|
you were hoping for when c is initially 0.
|
|
|
|
Since there's nothing to swap in this case, just bomb out.
|
|
|
|
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
---
|
|
src/cairo-xcb-surface-render.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c
|
|
index 27ed113..16d1ef8 100644
|
|
--- a/src/cairo-xcb-surface-render.c
|
|
+++ b/src/cairo-xcb-surface-render.c
|
|
@@ -4461,6 +4461,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
|
|
const uint8_t *d;
|
|
uint8_t *new, *n;
|
|
|
|
+ if (c == 0)
|
|
+ break;
|
|
+
|
|
new = malloc (c);
|
|
if (unlikely (new == NULL)) {
|
|
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
|
|
@@ -4489,6 +4492,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
|
|
const uint32_t *d;
|
|
uint32_t *new, *n;
|
|
|
|
+ if (c == 0)
|
|
+ break;
|
|
+
|
|
new = malloc (4 * c);
|
|
if (unlikely (new == NULL)) {
|
|
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
|
|
--
|
|
1.7.12.1
|
|
|