summaryrefslogtreecommitdiff
path: root/src/cairo-clip.c
diff options
context:
space:
mode:
authorVladimir Vukicevic <vladimir@pobox.com>2007-06-19 13:15:21 -0700
committerVladimir Vukicevic <vladimir@feisty.(none)>2007-06-29 09:46:08 -0700
commit5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360 (patch)
treebb1abcb2f1144059d4444d8db343014e07791593 /src/cairo-clip.c
parentfc34073464c487405b6e2e0a5fa269a1ae15a02a (diff)
[fix] Avoid int overflow when allocating large buffers
This patch introduces three macros: _cairo_malloc_ab, _cairo_malloc_abc, _cairo_malloc_ab_plus_c and replaces various calls to malloc(a*b), malloc(a*b*c), and malloc(a*b+c) with them. The macros return NULL if int overflow would occur during the allocation. See CODING_STYLE for more information.
Diffstat (limited to 'src/cairo-clip.c')
-rw-r--r--src/cairo-clip.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/cairo-clip.c b/src/cairo-clip.c
index 60f2418f..83940774 100644
--- a/src/cairo-clip.c
+++ b/src/cairo-clip.c
@@ -634,9 +634,13 @@ _cairo_clip_copy_rectangle_list (cairo_clip_t *clip, cairo_gstate_t *gstate)
return (cairo_rectangle_list_t*) &_cairo_rectangles_not_representable;
n_boxes = clip->has_region ? pixman_region_num_rects (&clip->region) : 1;
- rectangles = malloc (sizeof (cairo_rectangle_t)*n_boxes);
- if (rectangles == NULL)
- return (cairo_rectangle_list_t*) &_cairo_rectangles_nil;
+ if (n_boxes > 0) {
+ rectangles = _cairo_malloc_ab (n_boxes, sizeof (cairo_rectangle_t));
+ if (rectangles == NULL)
+ return (cairo_rectangle_list_t*) &_cairo_rectangles_nil;
+ } else {
+ rectangles = NULL;
+ }
if (clip->has_region) {
pixman_box16_t *boxes;