Bug 35161

Summary: Heap corruption in cairo_cff_font_write_cid_fontdict [Patch attached]
Product: cairo Reporter: Florian Reuter <flr>
Component: pdf backendAssignee: Adrian Johnson <ajohnson>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: medium    
Version: 1.10.0   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Quick fix which solves the heap corruption.

Description Florian Reuter 2011-03-09 14:41:54 UTC 
Created attachment 44288 [details] [review]
Quick fix which solves the heap corruption.

Due to an interleaved grow(realloc) operation the heap can get corrupted.
I attached a "quick fix" which solves the problem.
Comment 1 Adrian Johnson 2011-03-13 04:06:02 UTC 
Thanks for the bug report. I have committed a different fix that avoids directly accessing cairo_array_t private data.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.