ref: bd28952e23bcd268a623ea5202e1cde4a92defe4
parent: 0aca17cf53f099f9ea34b3797949076073b60b5d
author: Werner Lemberg <[email protected]>
date: Tue Aug 22 04:41:03 EDT 2017
[base] Don't zero out allocated memory twice (#51816). Patch applied from bug report. * src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to avoid unnecessary overhead.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
2017-08-22 Werner Lemberg <[email protected]>
+ [base] Don't zero out allocated memory twice (#51816).
+
+ Patch applied from bug report.
+
+ * src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to
+ avoid unnecessary overhead.
+
+2017-08-22 Werner Lemberg <[email protected]>
+
[truetype] Integer overflow.
Changes triggered by
--- a/src/base/ftutil.c
+++ b/src/base/ftutil.c
@@ -135,7 +135,7 @@
ft_mem_free( memory, block );
block = NULL;
}
- else if ( new_count > FT_INT_MAX/item_size )
+ else if ( new_count > FT_INT_MAX / item_size )
{
error = FT_THROW( Array_Too_Large );
}
@@ -143,13 +143,15 @@
{
FT_ASSERT( !block );
- block = ft_mem_alloc( memory, new_count*item_size, &error );
+ block = memory->alloc( memory, new_count * item_size );
+ if ( block == NULL )
+ error = FT_THROW( Out_Of_Memory );
}
else
{
FT_Pointer block2;
- FT_Long cur_size = cur_count*item_size;
- FT_Long new_size = new_count*item_size;
+ FT_Long cur_size = cur_count * item_size;
+ FT_Long new_size = new_count * item_size;
block2 = memory->realloc( memory, cur_size, new_size, block );