[v2,2/8] bo: Check null return from _cairo_malloc_ab() (CID #1159556)

Submitted by Bryce Harrington on June 13, 2018, 12:35 a.m.

Details

Message ID 1528850138-30405-3-git-send-email-bryce@bryceharrington.org
State New
Headers show
Series "Coverity fixes" ( rev: 2 ) in Cairo

Not browsing as part of any series.

Commit Message

Bryce Harrington June 13, 2018, 12:35 a.m.
_cairo_malloc_ab() can return NULL under some circumstances, and all
other callers of this routine in the Cairo codebase check its return, so
do so here as well.

Coverity ID: #1159556

Reviewed-by: Uli Schlachter <psychon@znc.in>
Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
---
 src/cairo-bentley-ottmann.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/src/cairo-bentley-ottmann.c b/src/cairo-bentley-ottmann.c
index 91e41f9..afe3a63 100644
--- a/src/cairo-bentley-ottmann.c
+++ b/src/cairo-bentley-ottmann.c
@@ -1484,10 +1484,13 @@  _cairo_bentley_ottmann_tessellate_polygon (cairo_traps_t	 *traps,
 	ymin = _cairo_fixed_integer_floor (polygon->limit.p1.y);
 	ymax = _cairo_fixed_integer_ceil (polygon->limit.p2.y) - ymin;
 
-	if (ymax > 64)
+	if (ymax > 64) {
 	    event_y = _cairo_malloc_ab(sizeof (cairo_bo_event_t*), ymax);
-	else
+	    if (unlikely (event_y == NULL))
+		return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+	} else {
 	    event_y = stack_event_y;
+	}
 	memset (event_y, 0, ymax * sizeof(cairo_bo_event_t *));
     }