[PATCH] libfontenc: setCode(): fix realloc invocation
Aaron Plattner
aplattner at nvidia.com
Mon Mar 4 08:28:34 PST 2013
On 03/03/2013 08:57 PM, Nickolai Zeldovich wrote:
> This patch fixes two bugs in the realloc invocation in setCode(), which
> most likely cause memory corruption when realloc is triggered:
>
> 1. Pass *enc to realloc (which is the dynamically-allocated buffer),
> instead of enc (which stores a pointer to the dynamically-allocated
> buffer).
>
> 2. Allocate enough memory for (*encsize) shorts, instead of (*encsize)
> bytes; see the call to malloc just above the realloc call.
>
> Signed-off-by: Nickolai Zeldovich <nickolai at csail.mit.edu>
Yikes, that's pretty bad!
Reviewed-by: Aaron Plattner <aplattner at nvidia.com>
Do you need someone to apply this for you?
> ---
> src/encparse.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/encparse.c b/src/encparse.c
> index cbcac80..ee18b3f 100644
> --- a/src/encparse.c
> +++ b/src/encparse.c
> @@ -426,7 +426,7 @@ setCode(unsigned from, unsigned to, unsigned row_size,
> }
> } else if(*encsize <= index) {
> *encsize = 0x10000;
> - if((newenc = realloc(enc, *encsize))==NULL)
> + if((newenc = realloc(*enc, (*encsize) * sizeof(unsigned short)))==NULL)
> return 1;
> *enc = newenc;
> }
>
--
Aaron
More information about the xorg-devel
mailing list