From e7b13e1de4b29f36ed536bb863e5d81768550490 Mon Sep 17 00:00:00 2001
From: Robin Watts <robin.watts@artifex.com>
Date: Thu, 5 Apr 2012 18:01:54 +0100
Subject: Fix potential problems on malloc failure.

Don't reset the size of arrays until we have successfully resized them.
---
 fitz/dev_text.c | 20 ++++++++++++--------
 fitz/res_text.c | 10 ++++++----
 2 files changed, 18 insertions(+), 12 deletions(-)

(limited to 'fitz')

diff --git a/fitz/dev_text.c b/fitz/dev_text.c
index 5e7f8164..cd76830d 100644
--- a/fitz/dev_text.c
+++ b/fitz/dev_text.c
@@ -129,8 +129,9 @@ append_char(fz_context *ctx, fz_text_span *span, int c, fz_rect bbox)
 {
 	if (span->len == span->cap)
 	{
-		span->cap = MAX(64, span->cap * 2);
-		span->text = fz_resize_array(ctx, span->text, span->cap, sizeof(*span->text));
+		int new_cap = MAX(64, span->cap * 2);
+		span->text = fz_resize_array(ctx, span->text, new_cap, sizeof(*span->text));
+		span->cap = new_cap;
 	}
 	span->bbox = fz_union_rect(span->bbox, bbox);
 	span->text[span->len].c = c;
@@ -154,8 +155,9 @@ append_span(fz_context *ctx, fz_text_line *line, fz_text_span *span)
 		return;
 	if (line->len == line->cap)
 	{
-		line->cap = MAX(8, line->cap * 2);
-		line->spans = fz_resize_array(ctx, line->spans, line->cap, sizeof(*line->spans));
+		int new_cap = MAX(8, line->cap * 2);
+		line->spans = fz_resize_array(ctx, line->spans, new_cap, sizeof(*line->spans));
+		line->cap = new_cap;
 	}
 	line->bbox = fz_union_rect(line->bbox, span->bbox);
 	line->spans[line->len++] = *span;
@@ -174,8 +176,9 @@ append_line(fz_context *ctx, fz_text_block *block, fz_text_line *line)
 {
 	if (block->len == block->cap)
 	{
-		block->cap = MAX(16, block->cap * 2);
-		block->lines = fz_resize_array(ctx, block->lines, block->cap, sizeof *block->lines);
+		int new_cap = MAX(16, block->cap * 2);
+		block->lines = fz_resize_array(ctx, block->lines, new_cap, sizeof *block->lines);
+		block->cap = new_cap;
 	}
 	block->bbox = fz_union_rect(block->bbox, line->bbox);
 	block->lines[block->len++] = *line;
@@ -201,8 +204,9 @@ lookup_block_for_line(fz_context *ctx, fz_text_page *page, fz_text_line *line)
 
 	if (page->len == page->cap)
 	{
-		page->cap = MAX(16, page->cap * 2);
-		page->blocks = fz_resize_array(ctx, page->blocks, page->cap, sizeof(*page->blocks));
+		int new_cap = MAX(16, page->cap * 2);
+		page->blocks = fz_resize_array(ctx, page->blocks, new_cap, sizeof(*page->blocks));
+		page->cap = new_cap;
 	}
 
 	page->blocks[page->len].bbox = fz_empty_rect;
diff --git a/fitz/res_text.c b/fitz/res_text.c
index 643b4c9f..6b5e3e3a 100644
--- a/fitz/res_text.c
+++ b/fitz/res_text.c
@@ -100,11 +100,13 @@ fz_bound_text(fz_context *ctx, fz_text *text, fz_matrix ctm)
 static void
 fz_grow_text(fz_context *ctx, fz_text *text, int n)
 {
-	if (text->len + n < text->cap)
+	int new_cap = text->cap;
+	if (text->len + n < new_cap)
 		return;
-	while (text->len + n > text->cap)
-		text->cap = text->cap + 36;
-	text->items = fz_resize_array(ctx, text->items, text->cap, sizeof(fz_text_item));
+	while (text->len + n > new_cap)
+		new_cap = new_cap + 36;
+	text->items = fz_resize_array(ctx, text->items, new_cap, sizeof(fz_text_item));
+	text->cap = new_cap;
 }
 
 void
-- 
cgit v1.2.3