2008-05-01 Hans Petter Jansson <hpj@novell.com>
* backend/impress/iksemel.c (sax_core): Fix a free() that should
be an iks_free(). Fix an array overflow in the XML parser that
would occur whenever the number of attributes in a tag was greater
than 0 and divisible by 6. Fixes GNOME bug #530852.
svn path=/trunk/; revision=3029
+2008-05-01 Hans Petter Jansson <hpj@novell.com>
+
+ * backend/impress/iksemel.c (sax_core): Fix a free() that should
+ be an iks_free(). Fix an array overflow in the XML parser that
+ would occur whenever the number of attributes in a tag was greater
+ than 0 and divisible by 6. Fixes GNOME bug #530852.
+
2008-04-29 Carlos Garcia Campos <carlosgc@gnome.org>
* backend/djvu/djvu-document-private.h:
if (prs->attcur >= (prs->attmax * 2)) {
void *tmp;
prs->attmax += 12;
- tmp = iks_malloc (sizeof(char *) * 2 * prs->attmax);
+ tmp = iks_malloc (sizeof(char *) * (2 * prs->attmax + 1));
if (!tmp) return IKS_NOMEM;
- memset (tmp, 0, sizeof(char *) * 2 * prs->attmax);
+ memset (tmp, 0, sizeof(char *) * (2 * prs->attmax + 1));
memcpy (tmp, prs->atts, sizeof(char *) * prs->attcur);
- free (prs->atts);
+ iks_free (prs->atts);
prs->atts = tmp;
}
}
https://www.fi.muni.cz/~kas/git / evince.git / commitdiff