libfontenc: setCode(): fix realloc invocation

This patch fixes two bugs in the realloc invocation in setCode(), which most likely cause memory corruption when realloc is triggered: 1. Pass *enc to realloc (which is the dynamically-allocated buffer), instead of enc (which stores a pointer to the dynamically-allocated buffer). 2. Allocate enough memory for (*encsize) shorts, instead of (*encsize) bytes; see the call to malloc just above the realloc call. Signed-off-by: Nickolai Zeldovich <nickolai@csail.mit.edu> Reviewed-by: Aaron Plattner <aplattner@nvidia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Nickolai Zeldovich <nickolai@csail.mit.edu> 2013-03-03 23:57:34 -0500
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2013-03-04 08:48:29 -0800
commit: 624508365ec3279bc74ce523d024533e062629e1 (patch)
tree: 4d3fe690c5d09df12a3a48a47beafb46ee1d28e2
parent: f5d1208172e965fdd7fae8927bd3e29b3cc3a975 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/encparse.c b/src/encparse.c
index cbcac80..ee18b3f 100644
--- a/src/encparse.c
+++ b/src/encparse.c
@@ -426,7 +426,7 @@ setCode(unsigned from, unsigned to, unsigned row_size,
         }
     } else if(*encsize <= index) {
         *encsize = 0x10000;
-        if((newenc = realloc(enc, *encsize))==NULL)
+        if((newenc = realloc(*enc, (*encsize) * sizeof(unsigned short)))==NULL)
             return 1;
         *enc = newenc;
     }
author	Nickolai Zeldovich <nickolai@csail.mit.edu>	2013-03-03 23:57:34 -0500
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2013-03-04 08:48:29 -0800
commit	624508365ec3279bc74ce523d024533e062629e1 (patch)
tree	4d3fe690c5d09df12a3a48a47beafb46ee1d28e2
parent	f5d1208172e965fdd7fae8927bd3e29b3cc3a975 (diff)