Bug Summary

File:mi/mifillrct.c
Location:line 103, column 16
Description:Call to 'malloc' has an allocation size of 0 bytes

Annotated Source Code

1/***********************************************************
2
3Copyright 1987, 1998 The Open Group
4
5Permission to use, copy, modify, distribute, and sell this software and its
6documentation for any purpose is hereby granted without fee, provided that
7the above copyright notice appear in all copies and that both that
8copyright notice and this permission notice appear in supporting
9documentation.
10
11The above copyright notice and this permission notice shall be included in
12all copies or substantial portions of the Software.
13
14THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
18AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
21Except as contained in this notice, the name of The Open Group shall not be
22used in advertising or otherwise to promote the sale, use or other dealings
23in this Software without prior written authorization from The Open Group.
24
25Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts.
26
27 All Rights Reserved
28
29Permission to use, copy, modify, and distribute this software and its
30documentation for any purpose and without fee is hereby granted,
31provided that the above copyright notice appear in all copies and that
32both that copyright notice and this permission notice appear in
33supporting documentation, and that the name of Digital not be
34used in advertising or publicity pertaining to distribution of the
35software without specific, written prior permission.
36
37DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
38ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
39DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
40ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
41WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
42ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
43SOFTWARE.
44
45******************************************************************/
46
47#ifdef HAVE_DIX_CONFIG_H1
48#include <dix-config.h>
49#endif
50
51#include <X11/X.h>
52#include <X11/Xprotostr.h>
53#include "gcstruct.h"
54#include "windowstr.h"
55#include "pixmap.h"
56#include "mi.h"
57#include "misc.h"
58
59/* mi rectangles
60 written by newman, with debts to all and sundry
61*/
62
63/* MIPOLYFILLRECT -- public entry for PolyFillRect request
64 * very straight forward: translate rectangles if necessary
65 * then call FillSpans to fill each rectangle. We let FillSpans worry about
66 * clipping to the destination
67 */
68_X_COLD__attribute__((__cold__)) void
69miPolyFillRect(DrawablePtr pDrawable, GCPtr pGC, int nrectFill, /* number of rectangles to fill */
70 xRectangle *prectInit /* Pointer to first rectangle to fill */
71 )
72{
73 int i;
74 int height;
75 int width;
76 xRectangle *prect;
77 int xorg;
78 int yorg;
79 int maxheight;
80 DDXPointPtr pptFirst;
81 DDXPointPtr ppt;
82 int *pwFirst;
83 int *pw;
84
85 if (pGC->miTranslate) {
1
Taking false branch
86 xorg = pDrawable->x;
87 yorg = pDrawable->y;
88 prect = prectInit;
89 maxheight = 0;
90 for (i = 0; i < nrectFill; i++, prect++) {
91 prect->x += xorg;
92 prect->y += yorg;
93 maxheight = max(maxheight, prect->height)(((maxheight) > (prect->height)) ? (maxheight) : (prect
->height))
;
94 }
95 }
96 else {
97 prect = prectInit;
98 maxheight = 0;
99 for (i = 0; i < nrectFill; i++, prect++)
2
Assuming 'i' is >= 'nrectFill'
3
Loop condition is false. Execution continues on line 103
100 maxheight = max(maxheight, prect->height)(((maxheight) > (prect->height)) ? (maxheight) : (prect
->height))
;
101 }
102
103 pptFirst = malloc(maxheight * sizeof(DDXPointRec));
4
Call to 'malloc' has an allocation size of 0 bytes
104 pwFirst = malloc(maxheight * sizeof(int));
105 if (!pptFirst || !pwFirst) {
106 free(pwFirst);
107 free(pptFirst);
108 return;
109 }
110
111 prect = prectInit;
112 while (nrectFill--) {
113 ppt = pptFirst;
114 pw = pwFirst;
115 height = prect->height;
116 width = prect->width;
117 xorg = prect->x;
118 yorg = prect->y;
119 while (height--) {
120 *pw++ = width;
121 ppt->x = xorg;
122 ppt->y = yorg;
123 ppt++;
124 yorg++;
125 }
126 (*pGC->ops->FillSpans) (pDrawable, pGC,
127 prect->height, pptFirst, pwFirst, 1);
128 prect++;
129 }
130 free(pwFirst);
131 free(pptFirst);
132}