[PATCH] libfontenc: setCode(): fix realloc invocation
Nickolai Zeldovich
nickolai at csail.mit.edu
Sun Mar 3 20:57:34 PST 2013
This patch fixes two bugs in the realloc invocation in setCode(), which
most likely cause memory corruption when realloc is triggered:
1. Pass *enc to realloc (which is the dynamically-allocated buffer),
instead of enc (which stores a pointer to the dynamically-allocated
buffer).
2. Allocate enough memory for (*encsize) shorts, instead of (*encsize)
bytes; see the call to malloc just above the realloc call.
Signed-off-by: Nickolai Zeldovich <nickolai at csail.mit.edu>
---
src/encparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/encparse.c b/src/encparse.c
index cbcac80..ee18b3f 100644
--- a/src/encparse.c
+++ b/src/encparse.c
@@ -426,7 +426,7 @@ setCode(unsigned from, unsigned to, unsigned row_size,
}
} else if(*encsize <= index) {
*encsize = 0x10000;
- if((newenc = realloc(enc, *encsize))==NULL)
+ if((newenc = realloc(*enc, (*encsize) * sizeof(unsigned short)))==NULL)
return 1;
*enc = newenc;
}
--
1.7.10.4
More information about the xorg-devel
mailing list