diff options
author | Tor Andersson <tor@ghostscript.com> | 2011-01-27 22:35:26 +0000 |
---|---|---|
committer | Tor Andersson <tor@ghostscript.com> | 2011-01-27 22:35:26 +0000 |
commit | 3802ebf92723382070258bcd43771b2f4186c03f (patch) | |
tree | cb0ca60a270dd9b73918015ee8e8cd86b1dc0296 | |
parent | 836d6cb3d16e94929be98c000a35255a5ffe37ff (diff) | |
download | mupdf-3802ebf92723382070258bcd43771b2f4186c03f.tar.xz |
Add fz_calloc function to check for integer overflow when allocating arrays, and change the signature of fz_realloc to match.
-rw-r--r-- | apps/pdfclean.c | 10 | ||||
-rw-r--r-- | apps/pdfinfo.c | 16 | ||||
-rw-r--r-- | draw/imagesmooth.c | 2 | ||||
-rw-r--r-- | draw/pathscan.c | 8 | ||||
-rw-r--r-- | fitz/base_hash.c | 4 | ||||
-rw-r--r-- | fitz/base_memory.c | 38 | ||||
-rw-r--r-- | fitz/dev_text.c | 2 | ||||
-rw-r--r-- | fitz/fitz.h | 5 | ||||
-rw-r--r-- | fitz/obj_array.c | 8 | ||||
-rw-r--r-- | fitz/obj_dict.c | 6 | ||||
-rw-r--r-- | fitz/res_font.c | 4 | ||||
-rw-r--r-- | fitz/res_path.c | 4 | ||||
-rw-r--r-- | fitz/res_text.c | 4 | ||||
-rw-r--r-- | fitz/stm_buffer.c | 2 | ||||
-rw-r--r-- | mupdf/pdf_annot.c | 2 | ||||
-rw-r--r-- | mupdf/pdf_cmap.c | 4 | ||||
-rw-r--r-- | mupdf/pdf_font.c | 8 | ||||
-rw-r--r-- | mupdf/pdf_fontmtx.c | 4 | ||||
-rw-r--r-- | mupdf/pdf_function.c | 10 | ||||
-rw-r--r-- | mupdf/pdf_pagetree.c | 8 | ||||
-rw-r--r-- | mupdf/pdf_parse.c | 4 | ||||
-rw-r--r-- | mupdf/pdf_repair.c | 4 | ||||
-rw-r--r-- | mupdf/pdf_shade.c | 6 | ||||
-rw-r--r-- | mupdf/pdf_unicode.c | 2 | ||||
-rw-r--r-- | mupdf/pdf_xref.c | 6 |
25 files changed, 101 insertions, 70 deletions
diff --git a/apps/pdfclean.c b/apps/pdfclean.c index fbea8fd4..8f51157a 100644 --- a/apps/pdfclean.c +++ b/apps/pdfclean.c @@ -241,7 +241,7 @@ static void renumberobjs(void) /* Create new table for the reordered, compacted xref */ oldxref = xref->table; - xref->table = fz_malloc(xref->len * sizeof (pdf_xrefentry)); + xref->table = fz_calloc(xref->len, sizeof(pdf_xrefentry)); xref->table[0] = oldxref[0]; /* Move used objects into the new compacted xref */ @@ -721,10 +721,10 @@ int main(int argc, char **argv) fprintf(out, "%%PDF-%d.%d\n", xref->version / 10, xref->version % 10); fprintf(out, "%%\316\274\341\277\246\n\n"); - uselist = fz_malloc(sizeof (char) * (xref->len + 1)); - ofslist = fz_malloc(sizeof (int) * (xref->len + 1)); - genlist = fz_malloc(sizeof (int) * (xref->len + 1)); - renumbermap = fz_malloc(sizeof (int) * (xref->len + 1)); + uselist = fz_calloc(xref->len + 1, sizeof(char)); + ofslist = fz_calloc(xref->len + 1, sizeof(int)); + genlist = fz_calloc(xref->len + 1, sizeof(int)); + renumbermap = fz_calloc(xref->len + 1, sizeof(int)); for (num = 0; num < xref->len; num++) { diff --git a/apps/pdfinfo.c b/apps/pdfinfo.c index ddcabecb..e85ac00a 100644 --- a/apps/pdfinfo.c +++ b/apps/pdfinfo.c @@ -223,11 +223,11 @@ gatherdimensions(int page, fz_obj *pageref, fz_obj *pageobj) dims++; - dim = fz_realloc(dim, dims * sizeof (struct info)); + dim = fz_realloc(dim, dims, sizeof(struct info)); dim[dims - 1].page = page; dim[dims - 1].pageref = pageref; dim[dims - 1].pageobj = pageobj; - dim[dims - 1].u.dim.bbox = fz_malloc(sizeof (fz_rect)); + dim[dims - 1].u.dim.bbox = fz_malloc(sizeof(fz_rect)); memcpy(dim[dims - 1].u.dim.bbox, &bbox, sizeof (fz_rect)); return; @@ -267,7 +267,7 @@ gatherfonts(int page, fz_obj *pageref, fz_obj *pageobj, fz_obj *dict) fonts++; - font = fz_realloc(font, fonts * sizeof (struct info)); + font = fz_realloc(font, fonts, sizeof(struct info)); font[fonts - 1].page = page; font[fonts - 1].pageref = pageref; font[fonts - 1].pageobj = pageobj; @@ -335,7 +335,7 @@ gatherimages(int page, fz_obj *pageref, fz_obj *pageobj, fz_obj *dict) images++; - image = fz_realloc(image, images * sizeof (struct info)); + image = fz_realloc(image, images, sizeof(struct info)); image[images - 1].page = page; image[images - 1].pageref = pageref; image[images - 1].pageobj = pageobj; @@ -392,7 +392,7 @@ gatherforms(int page, fz_obj *pageref, fz_obj *pageobj, fz_obj *dict) forms++; - form = fz_realloc(form, forms * sizeof (struct info)); + form = fz_realloc(form, forms, sizeof(struct info)); form[forms - 1].page = page; form[forms - 1].pageref = pageref; form[forms - 1].pageobj = pageobj; @@ -436,7 +436,7 @@ gatherpsobjs(int page, fz_obj *pageref, fz_obj *pageobj, fz_obj *dict) psobjs++; - psobj = fz_realloc(psobj, psobjs * sizeof (struct info)); + psobj = fz_realloc(psobj, psobjs, sizeof(struct info)); psobj[psobjs - 1].page = page; psobj[psobjs - 1].pageref = pageref; psobj[psobjs - 1].pageobj = pageobj; @@ -478,7 +478,7 @@ gathershadings(int page, fz_obj *pageref, fz_obj *pageobj, fz_obj *dict) shadings++; - shading = fz_realloc(shading, shadings * sizeof (struct info)); + shading = fz_realloc(shading, shadings, sizeof(struct info)); shading[shadings - 1].page = page; shading[shadings - 1].pageref = pageref; shading[shadings - 1].pageobj = pageobj; @@ -545,7 +545,7 @@ gatherpatterns(int page, fz_obj *pageref, fz_obj *pageobj, fz_obj *dict) patterns++; - pattern = fz_realloc(pattern, patterns * sizeof (struct info)); + pattern = fz_realloc(pattern, patterns, sizeof(struct info)); pattern[patterns - 1].page = page; pattern[patterns - 1].pageref = pageref; pattern[patterns - 1].pageobj = pageobj; diff --git a/draw/imagesmooth.c b/draw/imagesmooth.c index 341e0377..2cbe01f9 100644 --- a/draw/imagesmooth.c +++ b/draw/imagesmooth.c @@ -1108,7 +1108,7 @@ fz_smoothscalepixmap(fz_pixmap *src, float x, float y, float w, float h) temp_span = contrib_cols->count * src->n; temp_rows = contrib_rows->max_len; - temp = fz_malloc(sizeof(int)*temp_span*temp_rows); + temp = fz_calloc(temp_span*temp_rows, sizeof(int)); if (temp == NULL) goto cleanup; switch (src->n) diff --git a/draw/pathscan.c b/draw/pathscan.c index 459dd306..aa956077 100644 --- a/draw/pathscan.c +++ b/draw/pathscan.c @@ -27,7 +27,7 @@ fz_newgel(void) gel = fz_malloc(sizeof(fz_gel)); gel->cap = 512; gel->len = 0; - gel->edges = fz_malloc(sizeof(fz_edge) * gel->cap); + gel->edges = fz_calloc(gel->cap, sizeof(fz_edge)); gel->clip.x0 = gel->clip.y0 = BBOX_MAX; gel->clip.x1 = gel->clip.y1 = BBOX_MIN; @@ -138,7 +138,7 @@ fz_insertgelraw(fz_gel *gel, int x0, int y0, int x1, int y1) if (gel->len + 1 == gel->cap) { gel->cap = gel->cap + 512; - gel->edges = fz_realloc(gel->edges, sizeof(fz_edge) * gel->cap); + gel->edges = fz_realloc(gel->edges, gel->cap, sizeof(fz_edge)); } edge = &gel->edges[gel->len++]; @@ -295,7 +295,7 @@ fz_newael(void) ael = fz_malloc(sizeof(fz_ael)); ael->cap = 64; ael->len = 0; - ael->edges = fz_malloc(sizeof(fz_edge*) * ael->cap); + ael->edges = fz_calloc(ael->cap, sizeof(fz_edge*)); return ael; } @@ -346,7 +346,7 @@ insertael(fz_ael *ael, fz_gel *gel, int y, int *e) while (*e < gel->len && gel->edges[*e].y == y) { if (ael->len + 1 == ael->cap) { int newcap = ael->cap + 64; - fz_edge **newedges = fz_realloc(ael->edges, sizeof(fz_edge*) * newcap); + fz_edge **newedges = fz_realloc(ael->edges, newcap, sizeof(fz_edge*)); ael->edges = newedges; ael->cap = newcap; } diff --git a/fitz/base_hash.c b/fitz/base_hash.c index d4a5133f..e2bf6b04 100644 --- a/fitz/base_hash.c +++ b/fitz/base_hash.c @@ -52,7 +52,7 @@ fz_newhash(int initialsize, int keylen) table->keylen = keylen; table->size = initialsize; table->load = 0; - table->ents = fz_malloc(sizeof(fz_hashentry) * table->size); + table->ents = fz_calloc(table->size, sizeof(fz_hashentry)); memset(table->ents, 0, sizeof(fz_hashentry) * table->size); return table; @@ -104,7 +104,7 @@ fz_resizehash(fz_hashtable *table, int newsize) return; } - table->ents = fz_malloc(sizeof(fz_hashentry) * newsize); + table->ents = fz_calloc(newsize, sizeof(fz_hashentry)); memset(table->ents, 0, sizeof(fz_hashentry) * newsize); table->size = newsize; table->load = 0; diff --git a/fitz/base_memory.c b/fitz/base_memory.c index 1f03faa5..4153f31e 100644 --- a/fitz/base_memory.c +++ b/fitz/base_memory.c @@ -1,9 +1,11 @@ #include "fitz.h" +#define INT_MAX 2147483647 + void * -fz_malloc(int n) +fz_malloc(int size) { - void *p = malloc(n); + void *p = malloc(size); if (!p) { fprintf(stderr, "fatal error: out of memory\n"); @@ -13,9 +15,37 @@ fz_malloc(int n) } void * -fz_realloc(void *p, int n) +fz_calloc(int count, int size) { - void *np = realloc(p, n); + void *p; + + if (count > INT_MAX / size) + { + fprintf(stderr, "fatal error: out of memory (integer overflow)\n"); + abort(); + } + + p = malloc(count * size); + if (!p) + { + fprintf(stderr, "fatal error: out of memory\n"); + abort(); + } + return p; +} + +void * +fz_realloc(void *p, int count, int size) +{ + void *np; + + if (count > INT_MAX / size) + { + fprintf(stderr, "fatal error: out of memory (integer overflow)\n"); + abort(); + } + + np = realloc(p, count * size); if (np == nil) { fprintf(stderr, "fatal error: out of memory\n"); diff --git a/fitz/dev_text.c b/fitz/dev_text.c index 2cd4ab11..806fa40c 100644 --- a/fitz/dev_text.c +++ b/fitz/dev_text.c @@ -70,7 +70,7 @@ fz_addtextcharimp(fz_textspan *span, int c, fz_bbox bbox) if (span->len + 1 >= span->cap) { span->cap = span->cap > 1 ? (span->cap * 3) / 2 : 80; - span->text = fz_realloc(span->text, sizeof(fz_textchar) * span->cap); + span->text = fz_realloc(span->text, span->cap, sizeof(fz_textchar)); } span->text[span->len].c = c; span->text[span->len].bbox = bbox; diff --git a/fitz/fitz.h b/fitz/fitz.h index 64a0cd36..fcedbebe 100644 --- a/fitz/fitz.h +++ b/fitz/fitz.h @@ -133,8 +133,9 @@ void fz_catchimpx(fz_error cause, char *fmt, ...) __printflike(2, 3); #define CLAMP(x,a,b) ( (x) > (b) ? (b) : ( (x) < (a) ? (a) : (x) ) ) /* memory allocation */ -void *fz_malloc(int n); -void *fz_realloc(void *p, int n); +void *fz_malloc(int size); +void *fz_calloc(int count, int size); +void *fz_realloc(void *p, int count, int size); void fz_free(void *p); char *fz_strdup(char *s); diff --git a/fitz/obj_array.c b/fitz/obj_array.c index 75f4a6b5..c07312cf 100644 --- a/fitz/obj_array.c +++ b/fitz/obj_array.c @@ -6,14 +6,14 @@ fz_newarray(int initialcap) fz_obj *obj; int i; - obj = fz_malloc(sizeof (fz_obj)); + obj = fz_malloc(sizeof(fz_obj)); obj->refs = 1; obj->kind = FZ_ARRAY; obj->u.a.len = 0; obj->u.a.cap = initialcap > 1 ? initialcap : 6; - obj->u.a.items = fz_malloc(sizeof (fz_obj*) * obj->u.a.cap); + obj->u.a.items = fz_calloc(obj->u.a.cap, sizeof(fz_obj*)); for (i = 0; i < obj->u.a.cap; i++) obj->u.a.items[i] = nil; @@ -94,7 +94,7 @@ fz_arraypush(fz_obj *obj, fz_obj *item) { int i; obj->u.a.cap = (obj->u.a.cap * 3) / 2; - obj->u.a.items = fz_realloc(obj->u.a.items, sizeof (fz_obj*) * obj->u.a.cap); + obj->u.a.items = fz_realloc(obj->u.a.items, obj->u.a.cap, sizeof(fz_obj*)); for (i = obj->u.a.len ; i < obj->u.a.cap; i++) obj->u.a.items[i] = nil; } @@ -116,7 +116,7 @@ fz_arrayinsert(fz_obj *obj, fz_obj *item) { int i; obj->u.a.cap = (obj->u.a.cap * 3) / 2; - obj->u.a.items = fz_realloc(obj->u.a.items, sizeof (fz_obj*) * obj->u.a.cap); + obj->u.a.items = fz_realloc(obj->u.a.items, obj->u.a.cap, sizeof(fz_obj*)); for (i = obj->u.a.len ; i < obj->u.a.cap; i++) obj->u.a.items[i] = nil; } diff --git a/fitz/obj_dict.c b/fitz/obj_dict.c index 4b9fca41..f5d3f733 100644 --- a/fitz/obj_dict.c +++ b/fitz/obj_dict.c @@ -24,7 +24,7 @@ fz_newdict(int initialcap) fz_obj *obj; int i; - obj = fz_malloc(sizeof (fz_obj)); + obj = fz_malloc(sizeof(fz_obj)); obj->refs = 1; obj->kind = FZ_DICT; @@ -32,7 +32,7 @@ fz_newdict(int initialcap) obj->u.d.len = 0; obj->u.d.cap = initialcap > 1 ? initialcap : 10; - obj->u.d.items = fz_malloc(sizeof(fz_keyval) * obj->u.d.cap); + obj->u.d.items = fz_calloc(obj->u.d.cap, sizeof(fz_keyval)); for (i = 0; i < obj->u.d.cap; i++) { obj->u.d.items[i].k = nil; @@ -200,7 +200,7 @@ fz_dictput(fz_obj *obj, fz_obj *key, fz_obj *val) if (obj->u.d.len + 1 > obj->u.d.cap) { obj->u.d.cap = (obj->u.d.cap * 3) / 2; - obj->u.d.items = fz_realloc(obj->u.d.items, sizeof(fz_keyval) * obj->u.d.cap); + obj->u.d.items = fz_realloc(obj->u.d.items, obj->u.d.cap, sizeof(fz_keyval)); for (i = obj->u.d.len; i < obj->u.d.cap; i++) { obj->u.d.items[i].k = nil; diff --git a/fitz/res_font.c b/fitz/res_font.c index eb5e4ef9..cfbb08bf 100644 --- a/fitz/res_font.c +++ b/fitz/res_font.c @@ -434,8 +434,8 @@ fz_newtype3font(char *name, fz_matrix matrix) int i; font = fz_newfont(); - font->t3procs = fz_malloc(sizeof(fz_buffer*) * 256); - font->t3widths = fz_malloc(sizeof(float) * 256); + font->t3procs = fz_calloc(256, sizeof(fz_buffer*)); + font->t3widths = fz_calloc(256, sizeof(float)); fz_strlcpy(font->name, name, sizeof(font->name)); font->t3matrix = matrix; diff --git a/fitz/res_path.c b/fitz/res_path.c index 0fc1882e..6c5f1802 100644 --- a/fitz/res_path.c +++ b/fitz/res_path.c @@ -23,7 +23,7 @@ fz_clonepath(fz_path *old) path->len = old->len; path->cap = path->len; - path->els = fz_malloc(path->cap * sizeof(fz_pathel)); + path->els = fz_calloc(path->cap, sizeof(fz_pathel)); memcpy(path->els, old->els, sizeof(fz_pathel) * path->len); return path; @@ -43,7 +43,7 @@ growpath(fz_path *path, int n) return; while (path->len + n > path->cap) path->cap = path->cap + 36; - path->els = fz_realloc(path->els, sizeof (fz_pathel) * path->cap); + path->els = fz_realloc(path->els, path->cap, sizeof(fz_pathel)); } void diff --git a/fitz/res_text.c b/fitz/res_text.c index 369e7e2a..8ba62669 100644 --- a/fitz/res_text.c +++ b/fitz/res_text.c @@ -35,7 +35,7 @@ fz_clonetext(fz_text *old) text->wmode = old->wmode; text->len = old->len; text->cap = text->len; - text->els = fz_malloc(text->len * sizeof(fz_textel)); + text->els = fz_calloc(text->len, sizeof(fz_textel)); memcpy(text->els, old->els, text->len * sizeof(fz_textel)); return text; @@ -97,7 +97,7 @@ fz_growtext(fz_text *text, int n) return; while (text->len + n > text->cap) text->cap = text->cap + 36; - text->els = fz_realloc(text->els, sizeof (fz_textel) * text->cap); + text->els = fz_realloc(text->els, text->cap, sizeof(fz_textel)); } void diff --git a/fitz/stm_buffer.c b/fitz/stm_buffer.c index 00530071..9b1ee469 100644 --- a/fitz/stm_buffer.c +++ b/fitz/stm_buffer.c @@ -36,7 +36,7 @@ fz_dropbuffer(fz_buffer *buf) void fz_resizebuffer(fz_buffer *buf, int size) { - buf->data = fz_realloc(buf->data, size); + buf->data = fz_realloc(buf->data, size, 1); buf->cap = size; if (buf->len > buf->cap) buf->len = buf->cap; diff --git a/mupdf/pdf_annot.c b/mupdf/pdf_annot.c index 300cf9d0..41588c28 100644 --- a/mupdf/pdf_annot.c +++ b/mupdf/pdf_annot.c @@ -209,7 +209,7 @@ pdf_loadannots(pdf_annot **headp, pdf_xref *xref, fz_obj *annots) continue; } - annot = fz_malloc(sizeof (pdf_annot)); + annot = fz_malloc(sizeof(pdf_annot)); annot->obj = fz_keepobj(obj); annot->rect = pdf_torect(rect); annot->ap = form; diff --git a/mupdf/pdf_cmap.c b/mupdf/pdf_cmap.c index 29504579..3b9b9d80 100644 --- a/mupdf/pdf_cmap.c +++ b/mupdf/pdf_cmap.c @@ -176,7 +176,7 @@ addtable(pdf_cmap *cmap, int value) if (cmap->tlen + 1 > cmap->tcap) { cmap->tcap = cmap->tcap > 1 ? (cmap->tcap * 3) / 2 : 256; - cmap->table = fz_realloc(cmap->table, cmap->tcap * sizeof(unsigned short)); + cmap->table = fz_realloc(cmap->table, cmap->tcap, sizeof(unsigned short)); } cmap->table[cmap->tlen++] = value; } @@ -190,7 +190,7 @@ addrange(pdf_cmap *cmap, int low, int high, int flag, int offset) if (cmap->rlen + 1 > cmap->rcap) { cmap->rcap = cmap->rcap > 1 ? (cmap->rcap * 3) / 2 : 256; - cmap->ranges = fz_realloc(cmap->ranges, cmap->rcap * sizeof(pdf_range)); + cmap->ranges = fz_realloc(cmap->ranges, cmap->rcap, sizeof(pdf_range)); } cmap->ranges[cmap->rlen].low = low; cmap->ranges[cmap->rlen].high = high; diff --git a/mupdf/pdf_font.c b/mupdf/pdf_font.c index b600573d..77478689 100644 --- a/mupdf/pdf_font.c +++ b/mupdf/pdf_font.c @@ -183,7 +183,7 @@ pdf_newfontdesc(void) { pdf_fontdesc *fontdesc; - fontdesc = fz_malloc(sizeof (pdf_fontdesc)); + fontdesc = fz_malloc(sizeof(pdf_fontdesc)); fontdesc->refs = 1; fontdesc->font = nil; @@ -328,7 +328,7 @@ loadsimplefont(pdf_fontdesc **fontdescp, pdf_xref *xref, fz_obj *dict) else fz_warn("freetype could not find any cmaps"); - etable = fz_malloc(sizeof(unsigned short) * 256); + etable = fz_calloc(256, sizeof(unsigned short)); for (i = 0; i < 256; i++) { estrings[i] = nil; @@ -649,7 +649,7 @@ loadcidfont(pdf_fontdesc **fontdescp, pdf_xref *xref, fz_obj *dict, fz_obj *enco goto cleanup; fontdesc->ncidtogid = (buf->len) / 2; - fontdesc->cidtogid = fz_malloc(fontdesc->ncidtogid * sizeof(unsigned short)); + fontdesc->cidtogid = fz_calloc(fontdesc->ncidtogid, sizeof(unsigned short)); for (i = 0; i < fontdesc->ncidtogid; i++) fontdesc->cidtogid[i] = (buf->data[i * 2] << 8) + buf->data[i * 2 + 1]; @@ -921,7 +921,7 @@ pdf_makewidthtable(pdf_fontdesc *fontdesc) } font->widthcount ++; - font->widthtable = fz_malloc(sizeof(int) * font->widthcount); + font->widthtable = fz_calloc(font->widthcount, sizeof(int)); memset(font->widthtable, 0, sizeof(int) * font->widthcount); for (i = 0; i < fontdesc->nhmtx; i++) diff --git a/mupdf/pdf_fontmtx.c b/mupdf/pdf_fontmtx.c index 8611f8ce..e957125a 100644 --- a/mupdf/pdf_fontmtx.c +++ b/mupdf/pdf_fontmtx.c @@ -26,7 +26,7 @@ pdf_addhmtx(pdf_fontdesc *font, int lo, int hi, int w) if (font->nhmtx + 1 >= font->hmtxcap) { font->hmtxcap = font->hmtxcap + 16; - font->hmtx = fz_realloc(font->hmtx, sizeof(pdf_hmtx) * font->hmtxcap); + font->hmtx = fz_realloc(font->hmtx, font->hmtxcap, sizeof(pdf_hmtx)); } font->hmtx[font->nhmtx].lo = lo; @@ -41,7 +41,7 @@ pdf_addvmtx(pdf_fontdesc *font, int lo, int hi, int x, int y, int w) if (font->nvmtx + 1 >= font->vmtxcap) { font->vmtxcap = font->vmtxcap + 16; - font->vmtx = fz_realloc(font->vmtx, sizeof(pdf_vmtx) * font->vmtxcap); + font->vmtx = fz_realloc(font->vmtx, font->vmtxcap, sizeof(pdf_vmtx)); } font->vmtx[font->nvmtx].lo = lo; diff --git a/mupdf/pdf_function.c b/mupdf/pdf_function.c index ee773593..df28b3c5 100644 --- a/mupdf/pdf_function.c +++ b/mupdf/pdf_function.c @@ -349,7 +349,7 @@ resizecode(pdf_function *func, int newsize) if (newsize >= func->u.p.cap) { func->u.p.cap = func->u.p.cap + 64; - func->u.p.code = fz_realloc(func->u.p.code, func->u.p.cap * sizeof(psobj)); + func->u.p.code = fz_realloc(func->u.p.code, func->u.p.cap, sizeof(psobj)); } } @@ -1046,7 +1046,7 @@ loadsamplefunc(pdf_function *func, pdf_xref *xref, fz_obj *dict, int num, int ge pdf_logrsrc("samplecount %d\n", samplecount); - func->u.sa.samples = fz_malloc(samplecount * sizeof(float)); + func->u.sa.samples = fz_calloc(samplecount, sizeof(float)); error = pdf_openstream(&stream, xref, num, gen); if (error) @@ -1322,9 +1322,9 @@ loadstitchingfunc(pdf_function *func, pdf_xref *xref, fz_obj *dict) pdf_logrsrc("k %d\n", func->u.st.k); - func->u.st.funcs = fz_malloc(func->u.st.k * sizeof (pdf_function*)); - func->u.st.bounds = fz_malloc((func->u.st.k - 1) * sizeof (float)); - func->u.st.encode = fz_malloc(func->u.st.k * 2 * sizeof (float)); + func->u.st.funcs = fz_calloc(func->u.st.k, sizeof(pdf_function*)); + func->u.st.bounds = fz_calloc(func->u.st.k - 1, sizeof(float)); + func->u.st.encode = fz_calloc(func->u.st.k * 2, sizeof(float)); funcs = func->u.st.funcs; for (i = 0; i < k; ++i) diff --git a/mupdf/pdf_pagetree.c b/mupdf/pdf_pagetree.c index a6c3c122..df3c8b8a 100644 --- a/mupdf/pdf_pagetree.c +++ b/mupdf/pdf_pagetree.c @@ -102,8 +102,8 @@ pdf_loadpagetreenode(pdf_xref *xref, fz_obj *node, struct info info) { fz_warn("found more pages than expected"); xref->pagecap ++; - xref->pagerefs = fz_realloc(xref->pagerefs, sizeof(fz_obj*) * xref->pagecap); - xref->pageobjs = fz_realloc(xref->pageobjs, sizeof(fz_obj*) * xref->pagecap); + xref->pagerefs = fz_realloc(xref->pagerefs, xref->pagecap, sizeof(fz_obj*)); + xref->pageobjs = fz_realloc(xref->pageobjs, xref->pagecap, sizeof(fz_obj*)); } xref->pagerefs[xref->pagelen] = fz_keepobj(node); @@ -127,8 +127,8 @@ pdf_loadpagetree(pdf_xref *xref) xref->pagecap = fz_toint(count); xref->pagelen = 0; - xref->pagerefs = fz_malloc(sizeof(fz_obj*) * xref->pagecap); - xref->pageobjs = fz_malloc(sizeof(fz_obj*) * xref->pagecap); + xref->pagerefs = fz_calloc(xref->pagecap, sizeof(fz_obj*)); + xref->pageobjs = fz_calloc(xref->pagecap, sizeof(fz_obj*)); info.resources = nil; info.mediabox = nil; diff --git a/mupdf/pdf_parse.c b/mupdf/pdf_parse.c index 2253e4ed..8f47fe8e 100644 --- a/mupdf/pdf_parse.c +++ b/mupdf/pdf_parse.c @@ -82,14 +82,14 @@ pdf_toucs2(fz_obj *src) if (srclen > 2 && srcptr[0] == 254 && srcptr[1] == 255) { - dstptr = dst = fz_malloc(((srclen - 2) / 2 + 1) * sizeof(short)); + dstptr = dst = fz_calloc((srclen - 2) / 2 + 1, sizeof(short)); for (i = 2; i < srclen; i += 2) *dstptr++ = (srcptr[i] << 8) | srcptr[i+1]; } else { - dstptr = dst = fz_malloc((srclen + 1) * sizeof(short)); + dstptr = dst = fz_calloc(srclen + 1, sizeof(short)); for (i = 0; i < srclen; i++) *dstptr++ = pdf_docencoding[srcptr[i]]; } diff --git a/mupdf/pdf_repair.c b/mupdf/pdf_repair.c index 9c2a3fd5..4705c350 100644 --- a/mupdf/pdf_repair.c +++ b/mupdf/pdf_repair.c @@ -207,7 +207,7 @@ pdf_repairxref(pdf_xref *xref, char *buf, int bufsize) listlen = 0; listcap = 1024; - list = fz_malloc(listcap * sizeof(struct entry)); + list = fz_calloc(listcap, sizeof(struct entry)); /* look for '%PDF' version marker within first kilobyte of file */ n = fz_read(xref->file, (unsigned char *)buf, MAX(bufsize, 1024)); @@ -262,7 +262,7 @@ pdf_repairxref(pdf_xref *xref, char *buf, int bufsize) if (listlen + 1 == listcap) { listcap = (listcap * 3) / 2; - list = fz_realloc(list, listcap * sizeof(struct entry)); + list = fz_realloc(list, listcap, sizeof(struct entry)); } list[listlen].num = num; diff --git a/mupdf/pdf_shade.c b/mupdf/pdf_shade.c index ef19d1a4..db96a46a 100644 --- a/mupdf/pdf_shade.c +++ b/mupdf/pdf_shade.c @@ -24,7 +24,7 @@ pdf_growmesh(fz_shade *shade, int amount) while (shade->meshlen + amount > shade->meshcap) shade->meshcap = (shade->meshcap * 3) / 2; - shade->mesh = fz_realloc(shade->mesh, sizeof(float) * shade->meshcap); + shade->mesh = fz_realloc(shade->mesh, shade->meshcap, sizeof(float)); } static void @@ -758,8 +758,8 @@ pdf_loadtype5shade(fz_shade *shade, pdf_xref *xref, fz_obj *dict, else ncomp = shade->cs->n; - ref = fz_malloc(p.vprow * sizeof(struct vertex)); - buf = fz_malloc(p.vprow * sizeof(struct vertex)); + ref = fz_calloc(p.vprow, sizeof(struct vertex)); + buf = fz_calloc(p.vprow, sizeof(struct vertex)); first = 1; while (fz_peekbyte(stream) != EOF) diff --git a/mupdf/pdf_unicode.c b/mupdf/pdf_unicode.c index 608a69ba..6c2d6372 100644 --- a/mupdf/pdf_unicode.c +++ b/mupdf/pdf_unicode.c @@ -70,7 +70,7 @@ pdf_loadtounicode(pdf_fontdesc *font, pdf_xref *xref, /* TODO one-to-many mappings */ font->ncidtoucs = 256; - font->cidtoucs = fz_malloc(256 * sizeof(unsigned short)); + font->cidtoucs = fz_calloc(256, sizeof(unsigned short)); for (i = 0; i < 256; i++) { diff --git a/mupdf/pdf_xref.c b/mupdf/pdf_xref.c index 7c457899..940963a5 100644 --- a/mupdf/pdf_xref.c +++ b/mupdf/pdf_xref.c @@ -180,7 +180,7 @@ pdf_resizexref(pdf_xref *xref, int newlen) { int i; - xref->table = fz_realloc(xref->table, newlen * sizeof(pdf_xrefentry)); + xref->table = fz_realloc(xref->table, newlen, sizeof(pdf_xrefentry)); for (i = xref->len; i < newlen; i++) { xref->table[i].type = 0; @@ -717,8 +717,8 @@ pdf_loadobjstm(pdf_xref *xref, int num, int gen, char *buf, int cap) pdf_logxref("\tcount %d\n", count); - numbuf = fz_malloc(count * sizeof(int)); - ofsbuf = fz_malloc(count * sizeof(int)); + numbuf = fz_calloc(count, sizeof(int)); + ofsbuf = fz_calloc(count, sizeof(int)); error = pdf_openstream(&stm, xref, num, gen); if (error) |