diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-10-22 17:23:51 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-10-22 17:23:51 +0000 |
commit | 8298d25cf3ac41d71a8533700d929cadac1c360d (patch) | |
tree | 219955226276efd61fd9e67d0f56d45a453c5743 /fxjs | |
parent | af3d6cc8910fbddc7518f9d54f4c4ad0dd25ed40 (diff) | |
download | pdfium-8298d25cf3ac41d71a8533700d929cadac1c360d.tar.xz |
Speculative fix for bad FX_Free() under fuzzer.
A recent change to CFX_CodecMemory prevented it leaking an old
buffer when a realloc() failed. But there is a corner case where
realloc() to size 0 also returns null (as would a failed alloc),
but frees the buffer, rather than leaving it intact.
TBR: thestig@chromium.org
Bug: 897585
Change-Id: Ib1e82088a822008780f11c6ea94b0552fbf51146
Reviewed-on: https://pdfium-review.googlesource.com/c/44451
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'fxjs')
0 files changed, 0 insertions, 0 deletions