Bug 35161 - Heap corruption in cairo_cff_font_write_cid_fontdict [Patch attached]
Summary: Heap corruption in cairo_cff_font_write_cid_fontdict [Patch attached]
Status: RESOLVED FIXED
Alias: None
Product: cairo
Classification: Unclassified
Component: pdf backend (show other bugs)
Version: 1.10.0
Hardware: All All
: medium critical
Assignee: Adrian Johnson
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-09 14:41 UTC by Florian Reuter
Modified: 2011-03-13 04:06 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
Quick fix which solves the heap corruption. (1.07 KB, patch)
2011-03-09 14:41 UTC, Florian Reuter 		Details | Splinter Review
View All

Description Florian Reuter 2011-03-09 14:41:54 UTC 
Created attachment 44288 [details] [review]
Quick fix which solves the heap corruption.

Due to an interleaved grow(realloc) operation the heap can get corrupted.
I attached a "quick fix" which solves the problem.
Comment 1 Adrian Johnson 2011-03-13 04:06:02 UTC 
Thanks for the bug report. I have committed a different fix that avoids directly accessing cairo_array_t private data.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.