From 600dd9a284bb85093a6b6ea9ab15ac217938587392fc34970de83cd15697ff2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Wed, 20 Jun 2018 09:00:27 +0000 Subject: [PATCH 1/3] Accepting request 617911 from home:zhengqiang:branches:GNOME:Factory - Add replace-malloc-with-cairo-malloc.patch: replace malloc with _cairo_malloc and check cmap size before allocating ( boo#1049092, CVE-2017-9814 ). OBS-URL: https://build.opensuse.org/request/show/617911 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/cairo?expand=0&rev=139 --- cairo.changes | 7 + cairo.spec | 3 + replace-malloc-with-cairo-malloc.patch | 3176 ++++++++++++++++++++++++ 3 files changed, 3186 insertions(+) create mode 100644 replace-malloc-with-cairo-malloc.patch diff --git a/cairo.changes b/cairo.changes index 349d99c..16412a4 100644 --- a/cairo.changes +++ b/cairo.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jun 20 06:26:30 UTC 2018 - qzheng@suse.com + +- Add replace-malloc-with-cairo-malloc.patch: + replace malloc with _cairo_malloc and check cmap size before + allocating ( boo#1049092, CVE-2017-9814 ). + ------------------------------------------------------------------- Tue Apr 24 21:00:53 UTC 2018 - bjorn.lie@gmail.com diff --git a/cairo.spec b/cairo.spec index fb613f0..f751218 100644 --- a/cairo.spec +++ b/cairo.spec @@ -33,6 +33,8 @@ Patch0: cairo-xlib-endianness.patch Patch1: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff # PATCH-FIX-UPSTREAM cairo-fix-assertion-failure-in-freetype-backend.patch fdo#105746 -- Fix assertion failure in the freetype backend Patch2: cairo-fix-assertion-failure-in-freetype-backend.patch +# PATCH-FIX-UPSTREAM replace-malloc-with-cairo-malloc.patch qzheng@suse.com -- replace malloc with _cairo_malloc and check cmap size before allocating. +Patch3: replace-malloc-with-cairo-malloc.patch BuildRequires: gtk-doc BuildRequires: pkgconfig BuildRequires: pkgconfig(fontconfig) @@ -143,6 +145,7 @@ cairo. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %configure \ diff --git a/replace-malloc-with-cairo-malloc.patch b/replace-malloc-with-cairo-malloc.patch new file mode 100644 index 0000000..95131ab --- /dev/null +++ b/replace-malloc-with-cairo-malloc.patch @@ -0,0 +1,3176 @@ +diff --git a/boilerplate/cairo-boilerplate-cogl.c b/boilerplate/cairo-boilerplate-cogl.c +index e39ad33..f653109 100644 +--- a/boilerplate/cairo-boilerplate-cogl.c ++++ b/boilerplate/cairo-boilerplate-cogl.c +@@ -31,7 +31,7 @@ + */ + + #include "cairo-boilerplate-private.h" +- ++#include "cairo-malloc-private.h" + #include + #include + +@@ -92,7 +92,7 @@ _cairo_boilerplate_cogl_create_offscreen_color_surface (const char *name, + -1, 100); + cogl_pop_framebuffer (); + +- closure = malloc (sizeof (cogl_closure_t)); ++ closure = _cairo_malloc (sizeof (cogl_closure_t)); + *abstract_closure = closure; + closure->device = device; + closure->fb = fb; +@@ -138,7 +138,7 @@ _cairo_boilerplate_cogl_create_onscreen_color_surface (const char *name, + -1, 100); + cogl_pop_framebuffer (); + +- closure = malloc (sizeof (cogl_closure_t)); ++ closure = _cairo_malloc (sizeof (cogl_closure_t)); + *abstract_closure = closure; + closure->device = device; + closure->fb = fb; +diff --git a/boilerplate/cairo-boilerplate-vg.c b/boilerplate/cairo-boilerplate-vg.c +index 6927657..9a5e5dc 100644 +--- a/boilerplate/cairo-boilerplate-vg.c ++++ b/boilerplate/cairo-boilerplate-vg.c +@@ -31,7 +31,7 @@ + */ + + #include "cairo-boilerplate-private.h" +- ++#include "cairo-malloc-private.h" + #include + + /* XXX Not sure how to handle library specific context initialization */ +@@ -105,7 +105,7 @@ _cairo_boilerplate_vg_create_surface_glx (const char *name, + cairo_vg_context_t *context; + vg_closure_glx_t *vgc; + +- vgc = malloc (sizeof (vg_closure_glx_t)); ++ vgc = _cairo_malloc (sizeof (vg_closure_glx_t)); + *closure = vgc; + + if (width == 0) +diff --git a/boilerplate/cairo-boilerplate-win32-printing.c b/boilerplate/cairo-boilerplate-win32-printing.c +index 625d52c..91287a1 100644 +--- a/boilerplate/cairo-boilerplate-win32-printing.c ++++ b/boilerplate/cairo-boilerplate-win32-printing.c +@@ -35,7 +35,7 @@ + #endif + + #include "cairo-boilerplate-private.h" +- ++#include "cairo-malloc-private.h" + #if CAIRO_CAN_TEST_WIN32_PRINTING_SURFACE + + #include +@@ -131,7 +131,7 @@ create_printer_dc (win32_target_closure_t *ptc) + + ptc->dc = NULL; + GetDefaultPrinter (NULL, &size); +- printer_name = malloc (size); ++ printer_name = _cairo_malloc (size); + + if (printer_name == NULL) + return; +diff --git a/boilerplate/cairo-boilerplate-xcb.c b/boilerplate/cairo-boilerplate-xcb.c +index cc9b422..b380e29 100644 +--- a/boilerplate/cairo-boilerplate-xcb.c ++++ b/boilerplate/cairo-boilerplate-xcb.c +@@ -25,7 +25,7 @@ + */ + + #include "cairo-boilerplate-private.h" +- ++#include "cairo-malloc-private.h" + #include + + #include +@@ -206,7 +206,7 @@ _cairo_boilerplate_xcb_create_similar (cairo_surface_t *other, + xcb_render_pictforminfo_t *render_format; + int depth; + +- similar = malloc (sizeof (*similar)); ++ similar = _cairo_malloc (sizeof (*similar)); + + switch (content) { + default: +diff --git a/boilerplate/cairo-boilerplate-xlib.c b/boilerplate/cairo-boilerplate-xlib.c +index f3d5598..e77b954 100644 +--- a/boilerplate/cairo-boilerplate-xlib.c ++++ b/boilerplate/cairo-boilerplate-xlib.c +@@ -26,7 +26,7 @@ + + #include "cairo-boilerplate-private.h" + #include "cairo-boilerplate-xlib.h" +- ++#include "cairo-malloc-private.h" + #include + #if CAIRO_HAS_XLIB_XRENDER_SURFACE + #include +@@ -244,7 +244,7 @@ _cairo_boilerplate_xlib_create_similar (cairo_surface_t *other, + struct similar *similar; + cairo_surface_t *surface; + +- similar = malloc (sizeof (*similar)); ++ similar = _cairo_malloc (sizeof (*similar)); + similar->dpy = cairo_xlib_surface_get_display (other); + + switch (content) { +diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c +index 4804dea..a1a0537 100644 +--- a/boilerplate/cairo-boilerplate.c ++++ b/boilerplate/cairo-boilerplate.c +@@ -28,7 +28,7 @@ + + #include "cairo-boilerplate-private.h" + #include "cairo-boilerplate-scaled-font.h" +- ++#include "cairo-malloc-private.h" + #include + + #include +@@ -183,7 +183,7 @@ _cairo_boilerplate_image_create_similar (cairo_surface_t *other, + } + + stride = cairo_format_stride_for_width(format, width); +- ptr = malloc (stride* height); ++ ptr = _cairo_malloc (stride* height); + + surface = cairo_image_surface_create_for_data (ptr, format, + width, height, stride); +@@ -232,7 +232,7 @@ _cairo_boilerplate_image16_create_similar (cairo_surface_t *other, + } + + stride = cairo_format_stride_for_width(format, width); +- ptr = malloc (stride* height); ++ ptr = _cairo_malloc (stride* height); + + surface = cairo_image_surface_create_for_data (ptr, format, + width, height, stride); +diff --git a/src/cairo-analysis-surface.c b/src/cairo-analysis-surface.c +index c07e068..0edccd4 100644 +--- a/src/cairo-analysis-surface.c ++++ b/src/cairo-analysis-surface.c +@@ -45,6 +45,7 @@ + #include "cairo-surface-snapshot-inline.h" + #include "cairo-surface-subsurface-inline.h" + #include "cairo-region-private.h" ++#include "cairo-malloc-private.h" + + typedef struct { + cairo_surface_t base; +@@ -118,7 +119,7 @@ attach_proxy (cairo_surface_t *source, + { + struct proxy *proxy; + +- proxy = malloc (sizeof (*proxy)); ++ proxy = _cairo_malloc (sizeof (*proxy)); + if (unlikely (proxy == NULL)) + return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); + +@@ -830,7 +831,7 @@ _cairo_analysis_surface_create (cairo_surface_t *target) + if (unlikely (status)) + return _cairo_surface_create_in_error (status); + +- surface = malloc (sizeof (cairo_analysis_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_analysis_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1020,7 +1021,7 @@ _cairo_null_surface_create (cairo_content_t content) + { + cairo_surface_t *surface; + +- surface = malloc (sizeof (cairo_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_surface_t)); + if (unlikely (surface == NULL)) { + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + } +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index 390397b..b809a11 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -37,7 +37,7 @@ + #include "cairoint.h" + + #include "cairo-arc-private.h" +- ++#include "cairo-malloc-private.h" + #define MAX_FULL_CIRCLES 65536 + + /* Spline deviation from the circle in radius would be given by: +diff --git a/src/cairo-array.c b/src/cairo-array.c +index 58c9a38..6db0a38 100644 +--- a/src/cairo-array.c ++++ b/src/cairo-array.c +@@ -39,7 +39,7 @@ + #include "cairoint.h" + #include "cairo-array-private.h" + #include "cairo-error-private.h" +- ++#include "cairo-malloc-private.h" + /** + * _cairo_array_init: + * +diff --git a/src/cairo-atomic.c b/src/cairo-atomic.c +index 2af50cd..19101bd 100644 +--- a/src/cairo-atomic.c ++++ b/src/cairo-atomic.c +@@ -32,7 +32,7 @@ + */ + + #include "cairoint.h" +- ++#include "cairo-malloc-private.h" + #include "cairo-atomic-private.h" + #include "cairo-mutex-private.h" + +diff --git a/src/cairo-base64-stream.c b/src/cairo-base64-stream.c +index 6364313..6352545 100644 +--- a/src/cairo-base64-stream.c ++++ b/src/cairo-base64-stream.c +@@ -125,7 +125,7 @@ _cairo_base64_stream_create (cairo_output_stream_t *output) + if (output->status) + return _cairo_output_stream_create_in_error (output->status); + +- stream = malloc (sizeof (cairo_base64_stream_t)); ++ stream = _cairo_malloc (sizeof (cairo_base64_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +diff --git a/src/cairo-base85-stream.c b/src/cairo-base85-stream.c +index f81affb..3202f1e 100644 +--- a/src/cairo-base85-stream.c ++++ b/src/cairo-base85-stream.c +@@ -114,7 +114,7 @@ _cairo_base85_stream_create (cairo_output_stream_t *output) + if (output->status) + return _cairo_output_stream_create_in_error (output->status); + +- stream = malloc (sizeof (cairo_base85_stream_t)); ++ stream = _cairo_malloc (sizeof (cairo_base85_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +diff --git a/src/cairo-beos-surface.cpp b/src/cairo-beos-surface.cpp +index c976416..42fcc93 100644 +--- a/src/cairo-beos-surface.cpp ++++ b/src/cairo-beos-surface.cpp +@@ -915,9 +915,9 @@ _cairo_beos_surface_create_internal (BView* view, + BBitmap* bmp, + bool owns_bitmap_view) + { +- // Must use malloc, because cairo code will use free() on the surface ++ // Must use _cairo_malloc, because cairo code will use free() on the surface + cairo_beos_surface_t *surface = static_cast( +- malloc(sizeof(cairo_beos_surface_t))); ++ _cairo_malloc(sizeof(cairo_beos_surface_t))); + if (surface == NULL) { + _cairo_error (CAIRO_STATUS_NO_MEMORY); + return const_cast(&_cairo_surface_nil); +diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c +index 13fee50..37727ed 100644 +--- a/src/cairo-cff-subset.c ++++ b/src/cairo-cff-subset.c +@@ -547,7 +547,7 @@ cff_index_append_copy (cairo_array_t *index, + + element.length = length; + element.is_copy = TRUE; +- element.data = malloc (element.length); ++ element.data = _cairo_malloc (element.length); + if (unlikely (element.data == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -610,12 +610,12 @@ cff_dict_create_operator (int operator, + { + cff_dict_operator_t *op; + +- op = malloc (sizeof (cff_dict_operator_t)); ++ op = _cairo_malloc (sizeof (cff_dict_operator_t)); + if (unlikely (op == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + + _cairo_dict_init_key (op, operator); +- op->operand = malloc (size); ++ op->operand = _cairo_malloc (size); + if (unlikely (op->operand == NULL)) { + free (op); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +@@ -716,7 +716,7 @@ cff_dict_set_operands (cairo_hash_table_t *dict, + op = _cairo_hash_table_lookup (dict, &key.base); + if (op != NULL) { + free (op->operand); +- op->operand = malloc (size); ++ op->operand = _cairo_malloc (size); + if (unlikely (op->operand == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -870,7 +870,7 @@ cairo_cff_font_read_name (cairo_cff_font_t *font) + len -= 7; + } + } +- font->ps_name = malloc (len + 1); ++ font->ps_name = _cairo_malloc (len + 1); + if (unlikely (font->ps_name == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1858,7 +1858,7 @@ cairo_cff_font_create_cid_fontdict (cairo_cff_font_t *font) + cairo_status_t status; + + font->num_fontdicts = 1; +- font->fd_dict = malloc (sizeof (cairo_hash_table_t *)); ++ font->fd_dict = _cairo_malloc (sizeof (cairo_hash_table_t *)); + if (unlikely (font->fd_dict == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1869,11 +1869,11 @@ cairo_cff_font_create_cid_fontdict (cairo_cff_font_t *font) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } + +- font->fd_subset_map = malloc (sizeof (int)); ++ font->fd_subset_map = _cairo_malloc (sizeof (int)); + if (unlikely (font->fd_subset_map == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +- font->private_dict_offset = malloc (sizeof (int)); ++ font->private_dict_offset = _cairo_malloc (sizeof (int)); + if (unlikely (font->private_dict_offset == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1968,7 +1968,7 @@ cairo_cff_font_subset_font (cairo_cff_font_t *font) + if (unlikely (status)) + return status; + } else { +- font->private_dict_offset = malloc (sizeof (int)); ++ font->private_dict_offset = _cairo_malloc (sizeof (int)); + if (unlikely (font->private_dict_offset == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } +@@ -2560,7 +2560,7 @@ cairo_cff_font_generate (cairo_cff_font_t *font, + + /* If the PS name is not found, create a CairoFont-x-y name. */ + if (font->ps_name == NULL) { +- font->ps_name = malloc (30); ++ font->ps_name = _cairo_malloc (30); + if (unlikely (font->ps_name == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -2710,7 +2710,7 @@ _cairo_cff_font_load_opentype_cff (cairo_cff_font_t *font) + + font->is_opentype = TRUE; + font->data_length = data_length; +- font->data = malloc (data_length); ++ font->data = _cairo_malloc (data_length); + if (unlikely (font->data == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -2745,7 +2745,7 @@ _cairo_cff_font_load_cff (cairo_cff_font_t *font) + font->font_name = NULL; + font->is_opentype = FALSE; + font->data_length = data_length; +- font->data = malloc (data_length); ++ font->data = _cairo_malloc (data_length); + if (unlikely (font->data == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -2981,7 +2981,7 @@ _cairo_cff_subset_init (cairo_cff_subset_t *cff_subset, + cff_subset->ascent = (double)font->ascent/font->units_per_em; + cff_subset->descent = (double)font->descent/font->units_per_em; + +- cff_subset->data = malloc (length); ++ cff_subset->data = _cairo_malloc (length); + if (unlikely (cff_subset->data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail4; +@@ -3040,7 +3040,7 @@ _cairo_cff_scaled_font_is_cid_cff (cairo_scaled_font_t *scaled_font) + (status = backend->load_truetype_table (scaled_font, TT_TAG_CFF, + 0, NULL, &data_length)) == CAIRO_INT_STATUS_SUCCESS) + { +- data = malloc (data_length); ++ data = _cairo_malloc (data_length); + if (unlikely (data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + return FALSE; +@@ -3057,7 +3057,7 @@ _cairo_cff_scaled_font_is_cid_cff (cairo_scaled_font_t *scaled_font) + (status = backend->load_type1_data (scaled_font, + 0, NULL, &data_length)) == CAIRO_INT_STATUS_SUCCESS) + { +- data = malloc (data_length); ++ data = _cairo_malloc (data_length); + if (unlikely (data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + return FALSE; +@@ -3130,7 +3130,7 @@ _cairo_cff_font_fallback_create (cairo_scaled_font_subset_t *scaled_font_subset + cairo_status_t status; + cairo_cff_font_t *font; + +- font = malloc (sizeof (cairo_cff_font_t)); ++ font = _cairo_malloc (sizeof (cairo_cff_font_t)); + if (unlikely (font == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -3316,7 +3316,7 @@ cairo_cff_font_fallback_generate (cairo_cff_font_t *font, + if (unlikely (status)) + return status; + } else { +- font->private_dict_offset = malloc (sizeof (int)); ++ font->private_dict_offset = _cairo_malloc (sizeof (int)); + if (unlikely (font->private_dict_offset == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } +@@ -3393,7 +3393,7 @@ _cairo_cff_fallback_init (cairo_cff_subset_t *cff_subset, + cff_subset->ascent = (double)type2_subset.y_max/1000; + cff_subset->descent = (double)type2_subset.y_min/1000; + +- cff_subset->data = malloc (length); ++ cff_subset->data = _cairo_malloc (length); + if (unlikely (cff_subset->data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail4; +diff --git a/src/cairo-clip-tor-scan-converter.c b/src/cairo-clip-tor-scan-converter.c +index e32a5a9..4545958 100644 +--- a/src/cairo-clip-tor-scan-converter.c ++++ b/src/cairo-clip-tor-scan-converter.c +@@ -242,7 +242,7 @@ struct _pool_chunk { + /* A memory pool. This is supposed to be embedded on the stack or + * within some other structure. It may optionally be followed by an + * embedded array from which requests are fulfilled until +- * malloc needs to be called to allocate a first real chunk. */ ++ * _cairo_malloc needs to be called to allocate a first real chunk. */ + struct pool { + /* Chunk we're allocating from. */ + struct _pool_chunk *current; +@@ -465,7 +465,7 @@ _pool_chunk_create(struct pool *pool, size_t size) + { + struct _pool_chunk *p; + +- p = malloc(size + sizeof(struct _pool_chunk)); ++ p = _cairo_malloc(size + sizeof(struct _pool_chunk)); + if (unlikely (NULL == p)) + longjmp (*pool->jmp, _cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-clip.c b/src/cairo-clip.c +index 0df9b06..d499bf0 100644 +--- a/src/cairo-clip.c ++++ b/src/cairo-clip.c +@@ -62,7 +62,7 @@ _cairo_clip_path_create (cairo_clip_t *clip) + + clip_path = _freed_pool_get (&clip_path_pool); + if (unlikely (clip_path == NULL)) { +- clip_path = malloc (sizeof (cairo_clip_path_t)); ++ clip_path = _cairo_malloc (sizeof (cairo_clip_path_t)); + if (unlikely (clip_path == NULL)) + return NULL; + } +@@ -108,7 +108,7 @@ _cairo_clip_create (void) + + clip = _freed_pool_get (&clip_pool); + if (unlikely (clip == NULL)) { +- clip = malloc (sizeof (cairo_clip_t)); ++ clip = _cairo_malloc (sizeof (cairo_clip_t)); + if (unlikely (clip == NULL)) + return NULL; + } +@@ -735,7 +735,7 @@ _cairo_rectangle_list_create_in_error (cairo_status_t status) + if (status == CAIRO_STATUS_CLIP_NOT_REPRESENTABLE) + return (cairo_rectangle_list_t*) &_cairo_rectangles_not_representable; + +- list = malloc (sizeof (*list)); ++ list = _cairo_malloc (sizeof (*list)); + if (unlikely (list == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + return (cairo_rectangle_list_t*) &_cairo_rectangles_nil; +@@ -795,7 +795,7 @@ _cairo_clip_copy_rectangle_list (cairo_clip_t *clip, cairo_gstate_t *gstate) + } + + DONE: +- list = malloc (sizeof (cairo_rectangle_list_t)); ++ list = _cairo_malloc (sizeof (cairo_rectangle_list_t)); + if (unlikely (list == NULL)) { + free (rectangles); + return ERROR_LIST (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-cogl-context.c b/src/cairo-cogl-context.c +index 0116b0a..c322780 100644 +--- a/src/cairo-cogl-context.c ++++ b/src/cairo-cogl-context.c +@@ -755,7 +755,7 @@ _cairo_cogl_context_create (void *target) + + cr = _freed_pool_get (&context_pool); + if (unlikely (cr == NULL)) { +- cr = malloc (sizeof (cairo_cogl_context_t)); ++ cr = _cairo_malloc (sizeof (cairo_cogl_context_t)); + if (unlikely (cr == NULL)) + return _cairo_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + } +diff --git a/src/cairo-cogl-gradient.c b/src/cairo-cogl-gradient.c +index f8c8004..0923e3b 100644 +--- a/src/cairo-cogl-gradient.c ++++ b/src/cairo-cogl-gradient.c +@@ -397,7 +397,7 @@ _cairo_cogl_get_linear_gradient (cairo_cogl_device_t *device, + } + + if (!gradient) { +- gradient = malloc (sizeof (cairo_cogl_linear_gradient_t) + ++ gradient = _cairo_malloc (sizeof (cairo_cogl_linear_gradient_t) + + sizeof (cairo_gradient_stop_t) * (n_stops - 1)); + if (!gradient) + return CAIRO_INT_STATUS_NO_MEMORY; +@@ -413,7 +413,7 @@ _cairo_cogl_get_linear_gradient (cairo_cogl_device_t *device, + } else + _cairo_cogl_linear_gradient_reference (gradient); + +- entry = malloc (sizeof (cairo_cogl_linear_texture_entry_t)); ++ entry = _cairo_malloc (sizeof (cairo_cogl_linear_texture_entry_t)); + if (!entry) { + status = CAIRO_INT_STATUS_NO_MEMORY; + goto BAIL; +diff --git a/src/cairo-cogl-surface.c b/src/cairo-cogl-surface.c +index f61e16c..712192a 100644 +--- a/src/cairo-cogl-surface.c ++++ b/src/cairo-cogl-surface.c +@@ -1994,7 +1994,7 @@ _cairo_cogl_get_path_stroke_meta (cairo_cogl_surface_t *surface, + CAIRO_REFERENCE_COUNT_INIT (&meta->ref_count, 1); + meta->cache_entry.hash = hash; + meta->counter = 0; +- meta_path = malloc (sizeof (cairo_path_fixed_t)); ++ meta_path = _cairo_malloc (sizeof (cairo_path_fixed_t)); + if (!meta_path) + goto BAIL; + /* FIXME: we should add a ref-counted wrapper for our user_paths +@@ -2248,7 +2248,7 @@ _cairo_cogl_get_path_fill_meta (cairo_cogl_surface_t *surface) + meta->cache_entry.hash = hash; + meta->counter = 0; + CAIRO_REFERENCE_COUNT_INIT (&meta->ref_count, 1); +- meta_path = malloc (sizeof (cairo_path_fixed_t)); ++ meta_path = _cairo_malloc (sizeof (cairo_path_fixed_t)); + if (!meta_path) + goto BAIL; + /* FIXME: we should add a ref-counted wrapper for our user_paths +@@ -2504,7 +2504,7 @@ _cairo_cogl_surface_create_full (cairo_cogl_device_t *dev, + if (unlikely (status)) + return _cairo_surface_create_in_error (status); + +- surface = malloc (sizeof (cairo_cogl_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_cogl_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-compiler-private.h b/src/cairo-compiler-private.h +index 216e71b..ae810ed 100644 +--- a/src/cairo-compiler-private.h ++++ b/src/cairo-compiler-private.h +@@ -46,7 +46,7 @@ + + /* Size in bytes of buffer to use off the stack per functions. + * Mostly used by text functions. For larger allocations, they'll +- * malloc(). */ ++ * _cairo_malloc(). */ + #ifndef CAIRO_STACK_BUFFER_SIZE + #define CAIRO_STACK_BUFFER_SIZE (512 * sizeof (int)) + #endif +diff --git a/src/cairo-damage.c b/src/cairo-damage.c +index 63191fe..97d9fe9 100644 +--- a/src/cairo-damage.c ++++ b/src/cairo-damage.c +@@ -51,7 +51,7 @@ _cairo_damage_create (void) + { + cairo_damage_t *damage; + +- damage = malloc (sizeof (*damage)); ++ damage = _cairo_malloc (sizeof (*damage)); + if (unlikely (damage == NULL)) { + _cairo_error_throw(CAIRO_STATUS_NO_MEMORY); + return (cairo_damage_t *) &__cairo_damage__nil; +@@ -122,7 +122,7 @@ _cairo_damage_add_boxes(cairo_damage_t *damage, + if (size < count) + size = (count + 64) & ~63; + +- chunk = malloc (sizeof (*chunk) + sizeof (cairo_box_t) * size); ++ chunk = _cairo_malloc (sizeof (*chunk) + sizeof (cairo_box_t) * size); + if (unlikely (chunk == NULL)) { + _cairo_damage_destroy (damage); + return (cairo_damage_t *) &__cairo_damage__nil; +@@ -210,7 +210,7 @@ _cairo_damage_reduce (cairo_damage_t *damage) + + boxes = damage->tail->base; + if (damage->dirty > damage->tail->size) { +- boxes = free_boxes = malloc (damage->dirty * sizeof (cairo_box_t)); ++ boxes = free_boxes = _cairo_malloc (damage->dirty * sizeof (cairo_box_t)); + if (unlikely (boxes == NULL)) { + _cairo_damage_destroy (damage); + return (cairo_damage_t *) &__cairo_damage__nil; +diff --git a/src/cairo-default-context.c b/src/cairo-default-context.c +index 694eecf..985215f 100644 +--- a/src/cairo-default-context.c ++++ b/src/cairo-default-context.c +@@ -1481,7 +1481,7 @@ _cairo_default_context_create (void *target) + + cr = _freed_pool_get (&context_pool); + if (unlikely (cr == NULL)) { +- cr = malloc (sizeof (cairo_default_context_t)); ++ cr = _cairo_malloc (sizeof (cairo_default_context_t)); + if (unlikely (cr == NULL)) + return _cairo_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + } +diff --git a/src/cairo-deflate-stream.c b/src/cairo-deflate-stream.c +index ae23bda..b51a639 100644 +--- a/src/cairo-deflate-stream.c ++++ b/src/cairo-deflate-stream.c +@@ -124,7 +124,7 @@ _cairo_deflate_stream_create (cairo_output_stream_t *output) + if (output->status) + return _cairo_output_stream_create_in_error (output->status); + +- stream = malloc (sizeof (cairo_deflate_stream_t)); ++ stream = _cairo_malloc (sizeof (cairo_deflate_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +diff --git a/src/cairo-font-face-twin.c b/src/cairo-font-face-twin.c +index 2ad2630..a0855c9 100644 +--- a/src/cairo-font-face-twin.c ++++ b/src/cairo-font-face-twin.c +@@ -288,7 +288,7 @@ twin_font_face_create_properties (cairo_font_face_t *twin_face) + { + twin_face_properties_t *props; + +- props = malloc (sizeof (twin_face_properties_t)); ++ props = _cairo_malloc (sizeof (twin_face_properties_t)); + if (unlikely (props == NULL)) + return NULL; + +@@ -412,7 +412,7 @@ twin_scaled_font_compute_properties (cairo_scaled_font_t *scaled_font, + cairo_status_t status; + twin_scaled_properties_t *props; + +- props = malloc (sizeof (twin_scaled_properties_t)); ++ props = _cairo_malloc (sizeof (twin_scaled_properties_t)); + if (unlikely (props == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-font-options.c b/src/cairo-font-options.c +index ad28745..4011911 100644 +--- a/src/cairo-font-options.c ++++ b/src/cairo-font-options.c +@@ -106,7 +106,7 @@ cairo_font_options_create (void) + { + cairo_font_options_t *options; + +- options = malloc (sizeof (cairo_font_options_t)); ++ options = _cairo_malloc (sizeof (cairo_font_options_t)); + if (!options) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_font_options_t *) &_cairo_font_options_nil; +@@ -140,7 +140,7 @@ cairo_font_options_copy (const cairo_font_options_t *original) + if (cairo_font_options_status ((cairo_font_options_t *) original)) + return (cairo_font_options_t *) &_cairo_font_options_nil; + +- options = malloc (sizeof (cairo_font_options_t)); ++ options = _cairo_malloc (sizeof (cairo_font_options_t)); + if (!options) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_font_options_t *) &_cairo_font_options_nil; +diff --git a/src/cairo-freelist-private.h b/src/cairo-freelist-private.h +index f85f689..7977d6d 100644 +--- a/src/cairo-freelist-private.h ++++ b/src/cairo-freelist-private.h +@@ -45,7 +45,7 @@ cairo_private void + _cairo_freelist_fini (cairo_freelist_t *freelist); + + /* Allocate a new node from the freelist. If the freelist contains no +- * nodes, a new one will be allocated using malloc(). The caller is ++ * nodes, a new one will be allocated using _cairo_malloc(). The caller is + * responsible for calling _cairo_freelist_free() or free() on the + * returned node. Returns %NULL on memory allocation error. */ + cairo_private void * +diff --git a/src/cairo-freelist.c b/src/cairo-freelist.c +index 631fe48..7f2f3b3 100644 +--- a/src/cairo-freelist.c ++++ b/src/cairo-freelist.c +@@ -61,7 +61,7 @@ _cairo_freelist_alloc (cairo_freelist_t *freelist) + return node; + } + +- return malloc (freelist->nodesize); ++ return _cairo_malloc (freelist->nodesize); + } + + void * +@@ -139,7 +139,7 @@ _cairo_freepool_alloc_from_new_pool (cairo_freepool_t *freepool) + else + poolsize = (128 * freepool->nodesize + 8191) & -8192; + +- pool = malloc (sizeof (cairo_freelist_pool_t) + poolsize); ++ pool = _cairo_malloc (sizeof (cairo_freelist_pool_t) + poolsize); + if (unlikely (pool == NULL)) + return pool; + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 7f23eb7..5abd894 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -285,7 +285,7 @@ _cairo_ft_unscaled_font_map_create (void) + * detect some other call path. */ + assert (cairo_ft_unscaled_font_map == NULL); + +- font_map = malloc (sizeof (cairo_ft_unscaled_font_map_t)); ++ font_map = _cairo_malloc (sizeof (cairo_ft_unscaled_font_map_t)); + if (unlikely (font_map == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -531,7 +531,7 @@ _cairo_ft_unscaled_font_create_internal (cairo_bool_t from_face, + } + + /* Otherwise create it and insert into hash table. */ +- unscaled = malloc (sizeof (cairo_ft_unscaled_font_t)); ++ unscaled = _cairo_malloc (sizeof (cairo_ft_unscaled_font_t)); + if (unlikely (unscaled == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto UNWIND_FONT_MAP_LOCK; +@@ -1957,7 +1957,7 @@ _cairo_ft_font_face_scaled_font_create (void *abstract_font_face, + if (unlikely (face == NULL)) /* backend error */ + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +- scaled_font = malloc (sizeof (cairo_ft_scaled_font_t)); ++ scaled_font = _cairo_malloc (sizeof (cairo_ft_scaled_font_t)); + if (unlikely (scaled_font == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto FAIL; +@@ -3086,7 +3086,7 @@ _cairo_ft_font_face_create_for_pattern (FcPattern *pattern) + { + cairo_ft_font_face_t *font_face; + +- font_face = malloc (sizeof (cairo_ft_font_face_t)); ++ font_face = _cairo_malloc (sizeof (cairo_ft_font_face_t)); + if (unlikely (font_face == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_font_face_t *) &_cairo_font_face_nil; +@@ -3145,7 +3145,7 @@ _cairo_ft_font_face_create (cairo_ft_unscaled_font_t *unscaled, + } + + /* No match found, create a new one */ +- font_face = malloc (sizeof (cairo_ft_font_face_t)); ++ font_face = _cairo_malloc (sizeof (cairo_ft_font_face_t)); + if (unlikely (!font_face)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_font_face_t *)&_cairo_font_face_nil; +diff --git a/src/cairo-gl-device.c b/src/cairo-gl-device.c +index 38582fd..ec919d0 100644 +--- a/src/cairo-gl-device.c ++++ b/src/cairo-gl-device.c +@@ -307,7 +307,7 @@ _cairo_gl_context_init (cairo_gl_context_t *ctx) + + ctx->vbo_size = _cairo_gl_get_vbo_size(); + +- ctx->vb = malloc (ctx->vbo_size); ++ ctx->vb = _cairo_malloc (ctx->vbo_size); + if (unlikely (ctx->vb == NULL)) { + _cairo_cache_fini (&ctx->gradients); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-gl-gradient.c b/src/cairo-gl-gradient.c +index 0ab01ac..28fd7c2 100644 +--- a/src/cairo-gl-gradient.c ++++ b/src/cairo-gl-gradient.c +@@ -248,7 +248,7 @@ _cairo_gl_gradient_create (cairo_gl_context_t *ctx, + return CAIRO_STATUS_SUCCESS; + } + +- gradient = malloc (sizeof (cairo_gl_gradient_t) + sizeof (cairo_gradient_stop_t) * (n_stops - 1)); ++ gradient = _cairo_malloc (sizeof (cairo_gl_gradient_t) + sizeof (cairo_gradient_stop_t) * (n_stops - 1)); + if (gradient == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-gl-shaders.c b/src/cairo-gl-shaders.c +index 7d4fefb..12c83b9 100644 +--- a/src/cairo-gl-shaders.c ++++ b/src/cairo-gl-shaders.c +@@ -1060,7 +1060,7 @@ _cairo_gl_get_shader_by_type (cairo_gl_context_t *ctx, + if (unlikely (status)) + return status; + +- entry = malloc (sizeof (cairo_shader_cache_entry_t)); ++ entry = _cairo_malloc (sizeof (cairo_shader_cache_entry_t)); + if (unlikely (entry == NULL)) { + free (fs_source); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-gl-source.c b/src/cairo-gl-source.c +index ba11b7e..7e0ee4a 100644 +--- a/src/cairo-gl-source.c ++++ b/src/cairo-gl-source.c +@@ -69,7 +69,7 @@ _cairo_gl_pattern_to_source (cairo_surface_t *dst, + if (pattern == NULL) + return _cairo_gl_white_source (); + +- source = malloc (sizeof (*source)); ++ source = _cairo_malloc (sizeof (*source)); + if (unlikely (source == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -97,7 +97,7 @@ _cairo_gl_white_source (void) + { + cairo_gl_source_t *source; + +- source = malloc (sizeof (*source)); ++ source = _cairo_malloc (sizeof (*source)); + if (unlikely (source == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-gl-surface.c b/src/cairo-gl-surface.c +index 6be6d98..0fe283f 100644 +--- a/src/cairo-gl-surface.c ++++ b/src/cairo-gl-surface.c +@@ -1259,7 +1259,7 @@ _cairo_gl_surface_map_to_image (void *abstract_surface, + uint8_t *bot = image->data + (image->height-1)*image->stride; + + if (image->stride > (int)sizeof(stack)) { +- row = malloc (image->stride); ++ row = _cairo_malloc (image->stride); + if (unlikely (row == NULL)) { + cairo_surface_destroy (&image->base); + return _cairo_image_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +diff --git a/src/cairo-gstate.c b/src/cairo-gstate.c +index 40cc4a6..f476f5d 100644 +--- a/src/cairo-gstate.c ++++ b/src/cairo-gstate.c +@@ -241,7 +241,7 @@ _cairo_gstate_save (cairo_gstate_t **gstate, cairo_gstate_t **freelist) + + top = *freelist; + if (top == NULL) { +- top = malloc (sizeof (cairo_gstate_t)); ++ top = _cairo_malloc (sizeof (cairo_gstate_t)); + if (unlikely (top == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } else +diff --git a/src/cairo-hash.c b/src/cairo-hash.c +index 928c74b..5a78990 100644 +--- a/src/cairo-hash.c ++++ b/src/cairo-hash.c +@@ -164,7 +164,7 @@ _cairo_hash_table_create (cairo_hash_keys_equal_func_t keys_equal) + { + cairo_hash_table_t *hash_table; + +- hash_table = malloc (sizeof (cairo_hash_table_t)); ++ hash_table = _cairo_malloc (sizeof (cairo_hash_table_t)); + if (unlikely (hash_table == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return NULL; +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 9f4e0ad..61a442e 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -2917,7 +2917,7 @@ inplace_renderer_init (cairo_image_span_renderer_t *r, + /* Create an effectively unbounded mask by repeating the single line */ + buf = r->_buf; + if (width > SZ_BUF) { +- buf = malloc (width); ++ buf = _cairo_malloc (width); + if (unlikely (buf == NULL)) { + pixman_image_unref (r->src); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-image-source.c b/src/cairo-image-source.c +index 3e3ca28..0b50afc 100644 +--- a/src/cairo-image-source.c ++++ b/src/cairo-image-source.c +@@ -872,7 +872,7 @@ create_separable_convolution (int *n_values, + size_y = (1 << ysubsample) * ywidth; + + *n_values = 4 + size_x + size_y; +- params = malloc (*n_values * sizeof (pixman_fixed_t)); ++ params = _cairo_malloc (*n_values * sizeof (pixman_fixed_t)); + if (!params) return 0; + + params[0] = pixman_int_to_fixed (xwidth); +@@ -1077,7 +1077,7 @@ attach_proxy (cairo_surface_t *source, + { + struct proxy *proxy; + +- proxy = malloc (sizeof (*proxy)); ++ proxy = _cairo_malloc (sizeof (*proxy)); + if (unlikely (proxy == NULL)) + return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1407,7 +1407,7 @@ _pixman_image_for_surface (cairo_image_surface_t *dst, + return NULL; + } + +- cleanup = malloc (sizeof (*cleanup)); ++ cleanup = _cairo_malloc (sizeof (*cleanup)); + if (unlikely (cleanup == NULL)) { + _cairo_surface_release_source_image (pattern->surface, image, extra); + pixman_image_unref (pixman_image); +@@ -1498,7 +1498,7 @@ _pixman_image_for_raster (cairo_image_surface_t *dst, + return NULL; + } + +- cleanup = malloc (sizeof (*cleanup)); ++ cleanup = _cairo_malloc (sizeof (*cleanup)); + if (unlikely (cleanup == NULL)) { + pixman_image_unref (pixman_image); + _cairo_surface_release_source_image (surface, image, extra); +@@ -1594,7 +1594,7 @@ _cairo_image_source_create_for_pattern (cairo_surface_t *dst, + + TRACE ((stderr, "%s\n", __FUNCTION__)); + +- source = malloc (sizeof (cairo_image_source_t)); ++ source = _cairo_malloc (sizeof (cairo_image_source_t)); + if (unlikely (source == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-image-surface.c b/src/cairo-image-surface.c +index f565250..9894335 100644 +--- a/src/cairo-image-surface.c ++++ b/src/cairo-image-surface.c +@@ -182,7 +182,7 @@ _cairo_image_surface_create_for_pixman_image (pixman_image_t *pixman_image, + { + cairo_image_surface_t *surface; + +- surface = malloc (sizeof (cairo_image_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_image_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -427,7 +427,7 @@ _cairo_image_surface_create_with_content (cairo_content_t content, + * cairo_surface_t *surface; + * + * stride = cairo_format_stride_for_width (format, width); +- * data = malloc (stride * height); ++ * data = _cairo_malloc (stride * height); + * surface = cairo_image_surface_create_for_data (data, format, + * width, height, + * stride); +@@ -462,7 +462,7 @@ slim_hidden_def (cairo_format_stride_for_width); + * cairo_image_surface_create_for_data: + * @data: a pointer to a buffer supplied by the application in which + * to write contents. This pointer must be suitably aligned for any +- * kind of variable, (for example, a pointer returned by malloc). ++ * kind of variable, (for example, a pointer returned by _cairo_malloc). + * @format: the format of pixels in the buffer + * @width: the width of the image to be stored in the buffer + * @height: the height of the image to be stored in the buffer +diff --git a/src/cairo-lzw.c b/src/cairo-lzw.c +index de7f999..f27b3c3 100644 +--- a/src/cairo-lzw.c ++++ b/src/cairo-lzw.c +@@ -73,7 +73,7 @@ _lzw_buf_init (lzw_buf_t *buf, int size) + buf->pending = 0; + buf->pending_bits = 0; + +- buf->data = malloc (size); ++ buf->data = _cairo_malloc (size); + if (unlikely (buf->data == NULL)) { + buf->data_size = 0; + buf->status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-mempool.c b/src/cairo-mempool.c +index 751ede3..3505129 100644 +--- a/src/cairo-mempool.c ++++ b/src/cairo-mempool.c +@@ -40,7 +40,7 @@ + #include "cairo-list-inline.h" + + /* a simple buddy allocator for memory pools +- * XXX fragmentation? use Doug Lea's malloc? ++ * XXX fragmentation? use Doug Lea's _cairo_malloc? + */ + + #define BITTEST(p, n) ((p)->map[(n) >> 3] & (128 >> ((n) & 7))) +@@ -316,7 +316,7 @@ _cairo_mempool_init (cairo_mempool_t *pool, + for (i = 0; i < ARRAY_LENGTH (pool->free); i++) + cairo_list_init (&pool->free[i]); + +- pool->map = malloc ((num_blocks + 7) >> 3); ++ pool->map = _cairo_malloc ((num_blocks + 7) >> 3); + if (pool->map == NULL) { + free (pool->blocks); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-misc.c b/src/cairo-misc.c +index 07ffa9f..7fee32e 100644 +--- a/src/cairo-misc.c ++++ b/src/cairo-misc.c +@@ -1032,7 +1032,7 @@ _cairo_intern_string (const char **str_inout, int len) + istring = _cairo_hash_table_lookup (_cairo_intern_string_ht, + &tmpl.hash_entry); + if (istring == NULL) { +- istring = malloc (sizeof (cairo_intern_string_t) + len + 1); ++ istring = _cairo_malloc (sizeof (cairo_intern_string_t) + len + 1); + if (likely (istring != NULL)) { + istring->hash_entry.hash = tmpl.hash_entry.hash; + istring->len = tmpl.len; +diff --git a/src/cairo-mono-scan-converter.c b/src/cairo-mono-scan-converter.c +index 2a9546c..891f435 100644 +--- a/src/cairo-mono-scan-converter.c ++++ b/src/cairo-mono-scan-converter.c +@@ -587,7 +587,7 @@ _cairo_mono_scan_converter_create (int xmin, + cairo_mono_scan_converter_t *self; + cairo_status_t status; + +- self = malloc (sizeof(struct _cairo_mono_scan_converter)); ++ self = _cairo_malloc (sizeof(struct _cairo_mono_scan_converter)); + if (unlikely (self == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto bail_nomem; +diff --git a/src/cairo-os2-surface.c b/src/cairo-os2-surface.c +index 226eec0..b2466b5 100644 +--- a/src/cairo-os2-surface.c ++++ b/src/cairo-os2-surface.c +@@ -167,7 +167,7 @@ cairo_os2_fini (void) + /* + * This function calls the allocation function depending on which + * method was compiled into the library: it can be native allocation +- * (DosAllocMem/DosFreeMem) or C-Library based allocation (malloc/free). ++ * (DosAllocMem/DosFreeMem) or C-Library based allocation (_cairo_malloc/free). + * Actually, for pixel buffers that we use this function for, cairo + * uses _cairo_malloc_abc, so we use that here, too. And use the + * change to check the size argument +@@ -197,8 +197,8 @@ void *_buffer_alloc (size_t a, size_t b, const unsigned int size) + PAG_READ | PAG_WRITE | PAG_COMMIT)) + return NULL; + #else +- /* Clear the malloc'd buffer the way DosAllocMem() does. */ +- buffer = malloc (nbytes); ++ /* Clear the _cairo_malloc'd buffer the way DosAllocMem() does. */ ++ buffer = _cairo_malloc (nbytes); + if (buffer) { + memset (buffer, 0, nbytes); + } +@@ -718,7 +718,7 @@ cairo_os2_surface_create (HPS hps_client_window, + } + + /* Allocate an OS/2 surface structure. */ +- local_os2_surface = (cairo_os2_surface_t *) malloc (sizeof (cairo_os2_surface_t)); ++ local_os2_surface = (cairo_os2_surface_t *) _cairo_malloc (sizeof (cairo_os2_surface_t)); + if (!local_os2_surface) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto error_exit; +diff --git a/src/cairo-output-stream.c b/src/cairo-output-stream.c +index cbb60c7..72b8152 100644 +--- a/src/cairo-output-stream.c ++++ b/src/cairo-output-stream.c +@@ -147,7 +147,7 @@ _cairo_output_stream_create (cairo_write_func_t write_func, + { + cairo_output_stream_with_closure_t *stream; + +- stream = malloc (sizeof (cairo_output_stream_with_closure_t)); ++ stream = _cairo_malloc (sizeof (cairo_output_stream_with_closure_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +@@ -173,7 +173,7 @@ _cairo_output_stream_create_in_error (cairo_status_t status) + if (status == CAIRO_STATUS_WRITE_ERROR) + return (cairo_output_stream_t *) &_cairo_output_stream_nil_write_error; + +- stream = malloc (sizeof (cairo_output_stream_t)); ++ stream = _cairo_malloc (sizeof (cairo_output_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +@@ -639,7 +639,7 @@ _cairo_output_stream_create_for_file (FILE *file) + return (cairo_output_stream_t *) &_cairo_output_stream_nil_write_error; + } + +- stream = malloc (sizeof *stream); ++ stream = _cairo_malloc (sizeof *stream); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +@@ -678,7 +678,7 @@ _cairo_output_stream_create_for_filename (const char *filename) + } + } + +- stream = malloc (sizeof *stream); ++ stream = _cairo_malloc (sizeof *stream); + if (unlikely (stream == NULL)) { + fclose (file); + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); +@@ -722,7 +722,7 @@ _cairo_memory_stream_create (void) + { + memory_stream_t *stream; + +- stream = malloc (sizeof *stream); ++ stream = _cairo_malloc (sizeof *stream); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +@@ -749,7 +749,7 @@ _cairo_memory_stream_destroy (cairo_output_stream_t *abstract_stream, + stream = (memory_stream_t *) abstract_stream; + + *length_out = _cairo_array_num_elements (&stream->array); +- *data_out = malloc (*length_out); ++ *data_out = _cairo_malloc (*length_out); + if (unlikely (*data_out == NULL)) { + status = _cairo_output_stream_destroy (abstract_stream); + assert (status == CAIRO_STATUS_SUCCESS); +@@ -799,7 +799,7 @@ _cairo_null_stream_create (void) + { + cairo_output_stream_t *stream; + +- stream = malloc (sizeof *stream); ++ stream = _cairo_malloc (sizeof *stream); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +diff --git a/src/cairo-paginated-surface.c b/src/cairo-paginated-surface.c +index e9454d4..fc16f79 100644 +--- a/src/cairo-paginated-surface.c ++++ b/src/cairo-paginated-surface.c +@@ -98,7 +98,7 @@ _cairo_paginated_surface_create (cairo_surface_t *target, + cairo_paginated_surface_t *surface; + cairo_status_t status; + +- surface = malloc (sizeof (cairo_paginated_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_paginated_surface_t)); + if (unlikely (surface == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto FAIL; +diff --git a/src/cairo-path-fixed.c b/src/cairo-path-fixed.c +index ac44bb7..9e9166c 100644 +--- a/src/cairo-path-fixed.c ++++ b/src/cairo-path-fixed.c +@@ -325,7 +325,7 @@ _cairo_path_fixed_create (void) + { + cairo_path_fixed_t *path; + +- path = malloc (sizeof (cairo_path_fixed_t)); ++ path = _cairo_malloc (sizeof (cairo_path_fixed_t)); + if (!path) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return NULL; +diff --git a/src/cairo-path.c b/src/cairo-path.c +index 43cd175..566e86f 100644 +--- a/src/cairo-path.c ++++ b/src/cairo-path.c +@@ -294,7 +294,7 @@ _cairo_path_create_in_error (cairo_status_t status) + if (status == CAIRO_STATUS_NO_MEMORY) + return (cairo_path_t*) &_cairo_path_nil; + +- path = malloc (sizeof (cairo_path_t)); ++ path = _cairo_malloc (sizeof (cairo_path_t)); + if (unlikely (path == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_path_t*) &_cairo_path_nil; +@@ -314,7 +314,7 @@ _cairo_path_create_internal (cairo_path_fixed_t *path_fixed, + { + cairo_path_t *path; + +- path = malloc (sizeof (cairo_path_t)); ++ path = _cairo_malloc (sizeof (cairo_path_t)); + if (unlikely (path == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_path_t*) &_cairo_path_nil; +diff --git a/src/cairo-pattern.c b/src/cairo-pattern.c +index 11637fc..745b950 100644 +--- a/src/cairo-pattern.c ++++ b/src/cairo-pattern.c +@@ -498,22 +498,22 @@ _cairo_pattern_create_copy (cairo_pattern_t **pattern_out, + + switch (other->type) { + case CAIRO_PATTERN_TYPE_SOLID: +- pattern = malloc (sizeof (cairo_solid_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_solid_pattern_t)); + break; + case CAIRO_PATTERN_TYPE_SURFACE: +- pattern = malloc (sizeof (cairo_surface_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_surface_pattern_t)); + break; + case CAIRO_PATTERN_TYPE_LINEAR: +- pattern = malloc (sizeof (cairo_linear_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_linear_pattern_t)); + break; + case CAIRO_PATTERN_TYPE_RADIAL: +- pattern = malloc (sizeof (cairo_radial_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_radial_pattern_t)); + break; + case CAIRO_PATTERN_TYPE_MESH: +- pattern = malloc (sizeof (cairo_mesh_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_mesh_pattern_t)); + break; + case CAIRO_PATTERN_TYPE_RASTER_SOURCE: +- pattern = malloc (sizeof (cairo_raster_source_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_raster_source_pattern_t)); + break; + default: + ASSERT_NOT_REACHED; +@@ -604,7 +604,7 @@ _cairo_pattern_create_solid (const cairo_color_t *color) + _freed_pool_get (&freed_pattern_pool[CAIRO_PATTERN_TYPE_SOLID]); + if (unlikely (pattern == NULL)) { + /* None cached, need to create a new pattern. */ +- pattern = malloc (sizeof (cairo_solid_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_solid_pattern_t)); + if (unlikely (pattern == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_pattern_t *) &_cairo_pattern_nil; +@@ -738,7 +738,7 @@ cairo_pattern_create_for_surface (cairo_surface_t *surface) + pattern = + _freed_pool_get (&freed_pattern_pool[CAIRO_PATTERN_TYPE_SURFACE]); + if (unlikely (pattern == NULL)) { +- pattern = malloc (sizeof (cairo_surface_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_surface_pattern_t)); + if (unlikely (pattern == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_pattern_t *)&_cairo_pattern_nil.base; +@@ -790,7 +790,7 @@ cairo_pattern_create_linear (double x0, double y0, double x1, double y1) + pattern = + _freed_pool_get (&freed_pattern_pool[CAIRO_PATTERN_TYPE_LINEAR]); + if (unlikely (pattern == NULL)) { +- pattern = malloc (sizeof (cairo_linear_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_linear_pattern_t)); + if (unlikely (pattern == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_pattern_t *) &_cairo_pattern_nil.base; +@@ -844,7 +844,7 @@ cairo_pattern_create_radial (double cx0, double cy0, double radius0, + pattern = + _freed_pool_get (&freed_pattern_pool[CAIRO_PATTERN_TYPE_RADIAL]); + if (unlikely (pattern == NULL)) { +- pattern = malloc (sizeof (cairo_radial_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_radial_pattern_t)); + if (unlikely (pattern == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_pattern_t *) &_cairo_pattern_nil.base; +@@ -1022,7 +1022,7 @@ cairo_pattern_create_mesh (void) + pattern = + _freed_pool_get (&freed_pattern_pool[CAIRO_PATTERN_TYPE_MESH]); + if (unlikely (pattern == NULL)) { +- pattern = malloc (sizeof (cairo_mesh_pattern_t)); ++ pattern = _cairo_malloc (sizeof (cairo_mesh_pattern_t)); + if (unlikely (pattern == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_pattern_t *) &_cairo_pattern_nil.base; +@@ -4480,7 +4480,7 @@ cairo_mesh_pattern_get_path (cairo_pattern_t *pattern, + + patch = _cairo_array_index_const (&mesh->patches, patch_num); + +- path = malloc (sizeof (cairo_path_t)); ++ path = _cairo_malloc (sizeof (cairo_path_t)); + if (path == NULL) + return _cairo_path_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-pdf-interchange.c b/src/cairo-pdf-interchange.c +index ea51666..e0955b2 100644 +--- a/src/cairo-pdf-interchange.c ++++ b/src/cairo-pdf-interchange.c +@@ -100,7 +100,7 @@ add_tree_node (cairo_pdf_surface_t *surface, + { + cairo_pdf_struct_tree_node_t *node; + +- node = malloc (sizeof(cairo_pdf_struct_tree_node_t)); ++ node = _cairo_malloc (sizeof(cairo_pdf_struct_tree_node_t)); + if (unlikely (node == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -177,7 +177,7 @@ add_annotation (cairo_pdf_surface_t *surface, + cairo_pdf_interchange_t *ic = &surface->interchange; + cairo_pdf_annotation_t *annot; + +- annot = malloc (sizeof(cairo_pdf_annotation_t)); ++ annot = _cairo_malloc (sizeof(cairo_pdf_annotation_t)); + if (unlikely (annot == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-pdf-operators.c b/src/cairo-pdf-operators.c +index b4ac253..f72dfff 100644 +--- a/src/cairo-pdf-operators.c ++++ b/src/cairo-pdf-operators.c +@@ -359,7 +359,7 @@ _word_wrap_stream_create (cairo_output_stream_t *output, cairo_bool_t ps, int ma + if (output->status) + return _cairo_output_stream_create_in_error (output->status); + +- stream = malloc (sizeof (word_wrap_stream_t)); ++ stream = _cairo_malloc (sizeof (word_wrap_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +diff --git a/src/cairo-pdf-shading.c b/src/cairo-pdf-shading.c +index 646e2cd..b114b31 100644 +--- a/src/cairo-pdf-shading.c ++++ b/src/cairo-pdf-shading.c +@@ -170,7 +170,7 @@ _cairo_pdf_shading_generate_data (cairo_pdf_shading_t *shading, + * 4 colors. Each color is stored in 2 bytes * num_color_components. + */ + shading->data_length = num_patches * (1 + 16 * 2 * 4 + 4 * 2 * num_color_components); +- shading->data = malloc (shading->data_length); ++ shading->data = _cairo_malloc (shading->data_length); + if (unlikely (shading->data == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c +index bf01fba..7a35735 100644 +--- a/src/cairo-pdf-surface.c ++++ b/src/cairo-pdf-surface.c +@@ -397,7 +397,7 @@ _cairo_pdf_surface_create_for_stream_internal (cairo_output_stream_t *output, + cairo_pdf_surface_t *surface; + cairo_status_t status, status_ignored; + +- surface = malloc (sizeof (cairo_pdf_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_pdf_surface_t)); + if (unlikely (surface == NULL)) { + /* destroy stream on behalf of caller */ + status = _cairo_output_stream_destroy (output); +@@ -1591,7 +1591,7 @@ _cairo_pdf_surface_add_source_surface (cairo_pdf_surface_t *surface, + unique_id_length = 0; + } + +- surface_entry = malloc (sizeof (cairo_pdf_source_surface_entry_t)); ++ surface_entry = _cairo_malloc (sizeof (cairo_pdf_source_surface_entry_t)); + if (surface_entry == NULL) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail1; +@@ -2875,7 +2875,7 @@ _cairo_pdf_surface_lookup_jbig2_global (cairo_pdf_surface_t *surface, + } + } + +- global.id = malloc(global_id_length); ++ global.id = _cairo_malloc(global_id_length); + if (unlikely (global.id == NULL)) { + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } +@@ -3221,7 +3221,7 @@ _cairo_pdf_surface_emit_ccitt_image (cairo_pdf_surface_t *surface, + return CAIRO_INT_STATUS_UNSUPPORTED; + + /* ensure params_string is null terminated */ +- params = malloc (ccitt_params_string_len + 1); ++ params = _cairo_malloc (ccitt_params_string_len + 1); + memcpy (params, ccitt_params_string, ccitt_params_string_len); + params[ccitt_params_string_len] = 0; + status = _cairo_tag_parse_ccitt_params (params, &ccitt_params); +@@ -5166,7 +5166,7 @@ _cairo_utf8_to_pdf_string (const char *utf8, char **str_out) + } + + if (ascii) { +- str = malloc (len + 3); ++ str = _cairo_malloc (len + 3); + if (str == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -5183,7 +5183,7 @@ _cairo_utf8_to_pdf_string (const char *utf8, char **str_out) + if (unlikely (status)) + return status; + +- str = malloc (utf16_len*4 + 7); ++ str = _cairo_malloc (utf16_len*4 + 7); + if (str == NULL) { + free (utf16); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +@@ -8332,7 +8332,7 @@ _cairo_pdf_surface_show_text_glyphs (void *abstract_surface, + group->source_res = pattern_res; + + if (utf8_len) { +- group->utf8 = malloc (utf8_len); ++ group->utf8 = _cairo_malloc (utf8_len); + if (unlikely (group->utf8 == NULL)) { + _cairo_pdf_smask_group_destroy (group); + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-ps-surface.c b/src/cairo-ps-surface.c +index 80b8b02..7042fe5 100644 +--- a/src/cairo-ps-surface.c ++++ b/src/cairo-ps-surface.c +@@ -1103,7 +1103,7 @@ _cairo_ps_surface_get_page_media (cairo_ps_surface_t *surface) + } + } + +- page = malloc (sizeof (cairo_page_media_t)); ++ page = _cairo_malloc (sizeof (cairo_page_media_t)); + if (unlikely (page == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return NULL; +@@ -1139,7 +1139,7 @@ _cairo_ps_surface_create_for_stream_internal (cairo_output_stream_t *stream, + cairo_status_t status, status_ignored; + cairo_ps_surface_t *surface; + +- surface = malloc (sizeof (cairo_ps_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_ps_surface_t)); + if (unlikely (surface == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP; +@@ -2378,7 +2378,7 @@ _base85_strings_stream_create (cairo_output_stream_t *output) + { + string_array_stream_t *stream; + +- stream = malloc (sizeof (string_array_stream_t)); ++ stream = _cairo_malloc (sizeof (string_array_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +@@ -2408,7 +2408,7 @@ _base85_wrap_stream_create (cairo_output_stream_t *output) + { + string_array_stream_t *stream; + +- stream = malloc (sizeof (string_array_stream_t)); ++ stream = _cairo_malloc (sizeof (string_array_stream_t)); + if (unlikely (stream == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_output_stream_t *) &_cairo_output_stream_nil; +@@ -2673,7 +2673,7 @@ _cairo_ps_surface_emit_image (cairo_ps_surface_t *surface, + if (use_mask) + data_size += (ps_image->width + 7)/8; + data_size *= ps_image->height; +- data = malloc (data_size); ++ data = _cairo_malloc (data_size); + if (unlikely (data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto bail1; +@@ -3085,7 +3085,7 @@ _cairo_ps_surface_emit_ccitt_image (cairo_ps_surface_t *surface, + return CAIRO_INT_STATUS_UNSUPPORTED; + + /* ensure params_string is null terminated */ +- ccitt_params_string = malloc (ccitt_params_data_len + 1); ++ ccitt_params_string = _cairo_malloc (ccitt_params_data_len + 1); + memcpy (ccitt_params_string, ccitt_params_data, ccitt_params_data_len); + ccitt_params_string[ccitt_params_data_len] = 0; + status = _cairo_tag_parse_ccitt_params (ccitt_params_string, &ccitt_params); +@@ -3270,7 +3270,7 @@ _cairo_ps_surface_emit_eps (cairo_ps_surface_t *surface, + return CAIRO_INT_STATUS_UNSUPPORTED; + + /* ensure params_string is null terminated */ +- params_string = malloc (eps_params_string_len + 1); ++ params_string = _cairo_malloc (eps_params_string_len + 1); + memcpy (params_string, eps_params_string, eps_params_string_len); + params_string[eps_params_string_len] = 0; + status = _cairo_tag_parse_eps_params (params_string, &eps_params); +diff --git a/src/cairo-qt-surface.cpp b/src/cairo-qt-surface.cpp +index 25c60a8..5f669d8 100644 +--- a/src/cairo-qt-surface.cpp ++++ b/src/cairo-qt-surface.cpp +@@ -631,7 +631,7 @@ map_qimage_to_image (QImage *qimg, const cairo_rectangle_int_t *extents) + return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); + } + +- surface = (struct _qimage_surface *) malloc (sizeof(*surface)); ++ surface = (struct _qimage_surface *) _cairo_malloc (sizeof(*surface)); + if (unlikely (surface == NULL)) { + pixman_image_unref (pixman_image); + delete qimg; +@@ -1530,7 +1530,7 @@ cairo_qt_surface_create (QPainter *painter) + { + cairo_qt_surface_t *qs; + +- qs = (cairo_qt_surface_t *) malloc (sizeof(cairo_qt_surface_t)); ++ qs = (cairo_qt_surface_t *) _cairo_malloc (sizeof(cairo_qt_surface_t)); + if (qs == NULL) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1569,7 +1569,7 @@ cairo_qt_surface_create_with_qimage (cairo_format_t format, + { + cairo_qt_surface_t *qs; + +- qs = (cairo_qt_surface_t *) malloc (sizeof(cairo_qt_surface_t)); ++ qs = (cairo_qt_surface_t *) _cairo_malloc (sizeof(cairo_qt_surface_t)); + if (qs == NULL) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1618,7 +1618,7 @@ cairo_qt_surface_create_with_qpixmap (cairo_content_t content, + if ((content & CAIRO_CONTENT_COLOR) == 0) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_CONTENT)); + +- qs = (cairo_qt_surface_t *) malloc (sizeof(cairo_qt_surface_t)); ++ qs = (cairo_qt_surface_t *) _cairo_malloc (sizeof(cairo_qt_surface_t)); + if (qs == NULL) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-quartz-font.c b/src/cairo-quartz-font.c +index 4722142..f7ef21e 100644 +--- a/src/cairo-quartz-font.c ++++ b/src/cairo-quartz-font.c +@@ -196,7 +196,7 @@ _cairo_quartz_font_face_create_for_toy (cairo_toy_font_face_t *toy_face, + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + + family = toy_face->family; +- full_name = malloc (strlen (family) + 64); // give us a bit of room to tack on Bold, Oblique, etc. ++ full_name = _cairo_malloc (strlen (family) + 64); // give us a bit of room to tack on Bold, Oblique, etc. + /* handle CSS-ish faces */ + if (!strcmp(family, "serif") || !strcmp(family, "Times Roman")) + family = "Times"; +@@ -283,7 +283,7 @@ _cairo_quartz_font_face_scaled_font_create (void *abstract_face, + if (!_cairo_quartz_font_symbols_present) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +- font = malloc(sizeof(cairo_quartz_scaled_font_t)); ++ font = _cairo_malloc(sizeof(cairo_quartz_scaled_font_t)); + if (font == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -375,7 +375,7 @@ cairo_quartz_font_face_create_for_cgfont (CGFontRef font) + + quartz_font_ensure_symbols(); + +- font_face = malloc (sizeof (cairo_quartz_font_face_t)); ++ font_face = _cairo_malloc (sizeof (cairo_quartz_font_face_t)); + if (!font_face) { + cairo_status_t ignore_status; + ignore_status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-quartz-image-surface.c b/src/cairo-quartz-image-surface.c +index 8dc3c79..c423854 100644 +--- a/src/cairo-quartz-image-surface.c ++++ b/src/cairo-quartz-image-surface.c +@@ -332,7 +332,7 @@ cairo_quartz_image_surface_create (cairo_surface_t *surface) + if (format != CAIRO_FORMAT_ARGB32 && format != CAIRO_FORMAT_RGB24) + return SURFACE_ERROR_INVALID_FORMAT; + +- qisurf = malloc(sizeof(cairo_quartz_image_surface_t)); ++ qisurf = _cairo_malloc(sizeof(cairo_quartz_image_surface_t)); + if (qisurf == NULL) + return SURFACE_ERROR_NO_MEMORY; + +diff --git a/src/cairo-quartz-surface.c b/src/cairo-quartz-surface.c +index e047b22..06b48bb 100644 +--- a/src/cairo-quartz-surface.c ++++ b/src/cairo-quartz-surface.c +@@ -826,7 +826,7 @@ _cairo_surface_to_cgimage (cairo_surface_t *source, + } + } + +- source_img = malloc (sizeof (quartz_source_image_t)); ++ source_img = _cairo_malloc (sizeof (quartz_source_image_t)); + if (unlikely (source_img == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -984,7 +984,7 @@ _cairo_quartz_cairo_repeating_surface_pattern_to_quartz (cairo_quartz_surface_t + if (unlikely (status)) + return status; + +- info = malloc (sizeof (SurfacePatternDrawInfo)); ++ info = _cairo_malloc (sizeof (SurfacePatternDrawInfo)); + if (unlikely (!info)) + return CAIRO_STATUS_NO_MEMORY; + +@@ -2253,7 +2253,7 @@ _cairo_quartz_surface_create_internal (CGContextRef cgContext, + quartz_ensure_symbols (); + + /* Init the base surface */ +- surface = malloc (sizeof (cairo_quartz_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_quartz_surface_t)); + if (unlikely (surface == NULL)) + return (cairo_quartz_surface_t*) _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -2401,7 +2401,7 @@ cairo_quartz_surface_create (cairo_format_t format, + } + + /* The Apple docs say that for best performance, the stride and the data +- * pointer should be 16-byte aligned. malloc already aligns to 16-bytes, ++ * pointer should be 16-byte aligned. _cairo_malloc already aligns to 16-bytes, + * so we don't have to anything special on allocation. + */ + stride = (stride + 15) & ~15; +diff --git a/src/cairo-recording-surface.c b/src/cairo-recording-surface.c +index 8444952..6df8b08 100644 +--- a/src/cairo-recording-surface.c ++++ b/src/cairo-recording-surface.c +@@ -158,7 +158,7 @@ static int bbtree_left_or_right (struct bbtree *bbt, + static struct bbtree * + bbtree_new (const cairo_box_t *box, cairo_command_header_t *chain) + { +- struct bbtree *bbt = malloc (sizeof (*bbt)); ++ struct bbtree *bbt = _cairo_malloc (sizeof (*bbt)); + if (bbt == NULL) + return NULL; + bbt->extents = *box; +@@ -386,7 +386,7 @@ cairo_recording_surface_create (cairo_content_t content, + { + cairo_recording_surface_t *surface; + +- surface = malloc (sizeof (cairo_recording_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_recording_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -562,7 +562,7 @@ attach_proxy (cairo_surface_t *source, + { + struct proxy *proxy; + +- proxy = malloc (sizeof (*proxy)); ++ proxy = _cairo_malloc (sizeof (*proxy)); + if (unlikely (proxy == NULL)) + return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); + +@@ -728,7 +728,7 @@ _cairo_recording_surface_paint (void *abstract_surface, + if (unlikely (status)) + return status; + +- command = malloc (sizeof (cairo_command_paint_t)); ++ command = _cairo_malloc (sizeof (cairo_command_paint_t)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_COMPOSITE; +@@ -784,7 +784,7 @@ _cairo_recording_surface_mask (void *abstract_surface, + if (unlikely (status)) + return status; + +- command = malloc (sizeof (cairo_command_mask_t)); ++ command = _cairo_malloc (sizeof (cairo_command_mask_t)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_COMPOSITE; +@@ -852,7 +852,7 @@ _cairo_recording_surface_stroke (void *abstract_surface, + if (unlikely (status)) + return status; + +- command = malloc (sizeof (cairo_command_stroke_t)); ++ command = _cairo_malloc (sizeof (cairo_command_stroke_t)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_COMPOSITE; +@@ -928,7 +928,7 @@ _cairo_recording_surface_fill (void *abstract_surface, + if (unlikely (status)) + return status; + +- command = malloc (sizeof (cairo_command_fill_t)); ++ command = _cairo_malloc (sizeof (cairo_command_fill_t)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_COMPOSITE; +@@ -1010,7 +1010,7 @@ _cairo_recording_surface_show_text_glyphs (void *abstract_surface, + if (unlikely (status)) + return status; + +- command = malloc (sizeof (cairo_command_show_text_glyphs_t)); ++ command = _cairo_malloc (sizeof (cairo_command_show_text_glyphs_t)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_COMPOSITE; +@@ -1034,7 +1034,7 @@ _cairo_recording_surface_show_text_glyphs (void *abstract_surface, + command->num_clusters = num_clusters; + + if (utf8_len) { +- command->utf8 = malloc (utf8_len); ++ command->utf8 = _cairo_malloc (utf8_len); + if (unlikely (command->utf8 == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_ARRAYS; +@@ -1192,7 +1192,7 @@ _cairo_recording_surface_copy__paint (cairo_recording_surface_t *surface, + cairo_command_paint_t *command; + cairo_status_t status; + +- command = malloc (sizeof (*command)); ++ command = _cairo_malloc (sizeof (*command)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto err; +@@ -1226,7 +1226,7 @@ _cairo_recording_surface_copy__mask (cairo_recording_surface_t *surface, + cairo_command_mask_t *command; + cairo_status_t status; + +- command = malloc (sizeof (*command)); ++ command = _cairo_malloc (sizeof (*command)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto err; +@@ -1267,7 +1267,7 @@ _cairo_recording_surface_copy__stroke (cairo_recording_surface_t *surface, + cairo_command_stroke_t *command; + cairo_status_t status; + +- command = malloc (sizeof (*command)); ++ command = _cairo_malloc (sizeof (*command)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto err; +@@ -1319,7 +1319,7 @@ _cairo_recording_surface_copy__fill (cairo_recording_surface_t *surface, + cairo_command_fill_t *command; + cairo_status_t status; + +- command = malloc (sizeof (*command)); ++ command = _cairo_malloc (sizeof (*command)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto err; +@@ -1363,7 +1363,7 @@ _cairo_recording_surface_copy__glyphs (cairo_recording_surface_t *surface, + cairo_command_show_text_glyphs_t *command; + cairo_status_t status; + +- command = malloc (sizeof (*command)); ++ command = _cairo_malloc (sizeof (*command)); + if (unlikely (command == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto err; +@@ -1384,7 +1384,7 @@ _cairo_recording_surface_copy__glyphs (cairo_recording_surface_t *surface, + command->num_clusters = src->show_text_glyphs.num_clusters; + + if (command->utf8_len) { +- command->utf8 = malloc (command->utf8_len); ++ command->utf8 = _cairo_malloc (command->utf8_len); + if (unlikely (command->utf8 == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto err_arrays; +@@ -1560,7 +1560,7 @@ _cairo_recording_surface_snapshot (void *abstract_other) + cairo_recording_surface_t *surface; + cairo_status_t status; + +- surface = malloc (sizeof (cairo_recording_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_recording_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-scaled-font-subsets.c b/src/cairo-scaled-font-subsets.c +index a239ec9..5c1afd2 100644 +--- a/src/cairo-scaled-font-subsets.c ++++ b/src/cairo-scaled-font-subsets.c +@@ -167,7 +167,7 @@ _cairo_sub_font_glyph_create (unsigned long scaled_font_glyph_index, + { + cairo_sub_font_glyph_t *sub_font_glyph; + +- sub_font_glyph = malloc (sizeof (cairo_sub_font_glyph_t)); ++ sub_font_glyph = _cairo_malloc (sizeof (cairo_sub_font_glyph_t)); + if (unlikely (sub_font_glyph == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return NULL; +@@ -277,7 +277,7 @@ _cairo_sub_font_create (cairo_scaled_font_subsets_t *parent, + cairo_sub_font_t *sub_font; + int i; + +- sub_font = malloc (sizeof (cairo_sub_font_t)); ++ sub_font = _cairo_malloc (sizeof (cairo_sub_font_t)); + if (unlikely (sub_font == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -404,7 +404,7 @@ _cairo_sub_font_glyph_lookup_unicode (cairo_scaled_font_t *scaled_font, + if (unicode != (uint32_t) -1) { + len = _cairo_ucs4_to_utf8 (unicode, buf); + if (len > 0) { +- *utf8_out = malloc (len + 1); ++ *utf8_out = _cairo_malloc (len + 1); + if (unlikely (*utf8_out == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -441,7 +441,7 @@ _cairo_sub_font_glyph_map_to_unicode (cairo_sub_font_glyph_t *sub_font_glyph, + } + } else { + /* No existing mapping. Use the requested mapping */ +- sub_font_glyph->utf8 = malloc (utf8_len + 1); ++ sub_font_glyph->utf8 = _cairo_malloc (utf8_len + 1); + if (unlikely (sub_font_glyph->utf8 == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -611,7 +611,7 @@ _cairo_sub_font_map_glyph (cairo_sub_font_t *sub_font, + if (ucs4_len == 1) { + font_unicode = ucs4[0]; + free (font_utf8); +- font_utf8 = malloc (text_utf8_len + 1); ++ font_utf8 = _cairo_malloc (text_utf8_len + 1); + if (font_utf8 == NULL) { + free (ucs4); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +@@ -762,7 +762,7 @@ _cairo_scaled_font_subsets_create_internal (cairo_subsets_type_t type) + { + cairo_scaled_font_subsets_t *subsets; + +- subsets = malloc (sizeof (cairo_scaled_font_subsets_t)); ++ subsets = _cairo_malloc (sizeof (cairo_scaled_font_subsets_t)); + if (unlikely (subsets == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return NULL; +@@ -1217,7 +1217,7 @@ _cairo_string_init_key (cairo_string_entry_t *key, char *s) + static cairo_status_t + create_string_entry (char *s, cairo_string_entry_t **entry) + { +- *entry = malloc (sizeof (cairo_string_entry_t)); ++ *entry = _cairo_malloc (sizeof (cairo_string_entry_t)); + if (unlikely (*entry == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-scaled-font.c b/src/cairo-scaled-font.c +index 4588570..f7a36c1 100644 +--- a/src/cairo-scaled-font.c ++++ b/src/cairo-scaled-font.c +@@ -368,7 +368,7 @@ _cairo_scaled_font_map_lock (void) + CAIRO_MUTEX_LOCK (_cairo_scaled_font_map_mutex); + + if (cairo_scaled_font_map == NULL) { +- cairo_scaled_font_map = malloc (sizeof (cairo_scaled_font_map_t)); ++ cairo_scaled_font_map = _cairo_malloc (sizeof (cairo_scaled_font_map_t)); + if (unlikely (cairo_scaled_font_map == NULL)) + goto CLEANUP_MUTEX_LOCK; + +@@ -509,7 +509,7 @@ _cairo_scaled_font_register_placeholder_and_unlock_font_map (cairo_scaled_font_t + if (unlikely (status)) + return status; + +- placeholder_scaled_font = malloc (sizeof (cairo_scaled_font_t)); ++ placeholder_scaled_font = _cairo_malloc (sizeof (cairo_scaled_font_t)); + if (unlikely (placeholder_scaled_font == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1226,7 +1226,7 @@ _cairo_scaled_font_create_in_error (cairo_status_t status) + CAIRO_MUTEX_LOCK (_cairo_scaled_font_error_mutex); + scaled_font = _cairo_scaled_font_nil_objects[status]; + if (unlikely (scaled_font == NULL)) { +- scaled_font = malloc (sizeof (cairo_scaled_font_t)); ++ scaled_font = _cairo_malloc (sizeof (cairo_scaled_font_t)); + if (unlikely (scaled_font == NULL)) { + CAIRO_MUTEX_UNLOCK (_cairo_scaled_font_error_mutex); + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); +@@ -2875,7 +2875,7 @@ _cairo_scaled_font_allocate_glyph (cairo_scaled_font_t *scaled_font, + } + } + +- page = malloc (sizeof (cairo_scaled_glyph_page_t)); ++ page = _cairo_malloc (sizeof (cairo_scaled_glyph_page_t)); + if (unlikely (page == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c +index 91e4baa..e715cae 100644 +--- a/src/cairo-script-surface.c ++++ b/src/cairo-script-surface.c +@@ -263,7 +263,7 @@ _bitmap_next_id (struct _bitmap *b, + b = b->next; + } while (b != NULL); + +- bb = malloc (sizeof (struct _bitmap)); ++ bb = _cairo_malloc (sizeof (struct _bitmap)); + if (unlikely (bb == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1104,7 +1104,7 @@ attach_snapshot (cairo_script_context_t *ctx, + if (! ctx->attach_snapshots) + return; + +- surface = malloc (sizeof (*surface)); ++ surface = _cairo_malloc (sizeof (*surface)); + if (unlikely (surface == NULL)) + return; + +@@ -1255,7 +1255,7 @@ _write_image_surface (cairo_output_stream_t *output, + } + #else + if (stride > ARRAY_LENGTH (row_stack)) { +- rowdata = malloc (stride); ++ rowdata = _cairo_malloc (stride); + if (unlikely (rowdata == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } else +@@ -2178,7 +2178,7 @@ _cairo_script_surface_finish (void *abstract_surface) + } + cairo_list_del (&surface->operand.link); + } else { +- struct deferred_finish *link = malloc (sizeof (*link)); ++ struct deferred_finish *link = _cairo_malloc (sizeof (*link)); + if (link == NULL) { + status2 = _cairo_error (CAIRO_STATUS_NO_MEMORY); + if (status == CAIRO_STATUS_SUCCESS) +@@ -2857,7 +2857,7 @@ _emit_type42_font (cairo_script_surface_t *surface, + if (unlikely (status)) + return status; + +- buf = malloc (size); ++ buf = _cairo_malloc (size); + if (unlikely (buf == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -2913,7 +2913,7 @@ _emit_scaled_font_init (cairo_script_surface_t *surface, + cairo_script_font_t *font_private; + cairo_int_status_t status; + +- font_private = malloc (sizeof (cairo_script_font_t)); ++ font_private = _cairo_malloc (sizeof (cairo_script_font_t)); + if (unlikely (font_private == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -3643,7 +3643,7 @@ _cairo_script_surface_create_internal (cairo_script_context_t *ctx, + if (unlikely (ctx == NULL)) + return (cairo_script_surface_t *) _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NULL_POINTER)); + +- surface = malloc (sizeof (cairo_script_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_script_surface_t)); + if (unlikely (surface == NULL)) + return (cairo_script_surface_t *) _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -3692,7 +3692,7 @@ _cairo_script_context_create_internal (cairo_output_stream_t *stream) + { + cairo_script_context_t *ctx; + +- ctx = malloc (sizeof (cairo_script_context_t)); ++ ctx = _cairo_malloc (sizeof (cairo_script_context_t)); + if (unlikely (ctx == NULL)) + return _cairo_device_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-surface-observer.c b/src/cairo-surface-observer.c +index 89c7525..9c4432e 100644 +--- a/src/cairo-surface-observer.c ++++ b/src/cairo-surface-observer.c +@@ -348,7 +348,7 @@ _cairo_device_create_observer_internal (cairo_device_t *target, + cairo_device_observer_t *device; + cairo_status_t status; + +- device = malloc (sizeof (cairo_device_observer_t)); ++ device = _cairo_malloc (sizeof (cairo_device_observer_t)); + if (unlikely (device == NULL)) + return _cairo_device_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -379,7 +379,7 @@ _cairo_surface_create_observer_internal (cairo_device_t *device, + cairo_surface_observer_t *surface; + cairo_status_t status; + +- surface = malloc (sizeof (cairo_surface_observer_t)); ++ surface = _cairo_malloc (sizeof (cairo_surface_observer_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1418,7 +1418,7 @@ _cairo_surface_observer_add_callback (cairo_list_t *head, + { + struct callback_list *cb; + +- cb = malloc (sizeof (*cb)); ++ cb = _cairo_malloc (sizeof (*cb)); + if (unlikely (cb == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-surface-snapshot.c b/src/cairo-surface-snapshot.c +index 3477ac5..c8f3078 100644 +--- a/src/cairo-surface-snapshot.c ++++ b/src/cairo-surface-snapshot.c +@@ -99,7 +99,7 @@ _cairo_surface_snapshot_acquire_source_image (void *abstract_ + struct snapshot_extra *extra; + cairo_status_t status; + +- extra = malloc (sizeof (*extra)); ++ extra = _cairo_malloc (sizeof (*extra)); + if (unlikely (extra == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -258,7 +258,7 @@ _cairo_surface_snapshot (cairo_surface_t *surface) + if (snapshot != NULL) + return cairo_surface_reference (&snapshot->base); + +- snapshot = malloc (sizeof (cairo_surface_snapshot_t)); ++ snapshot = _cairo_malloc (sizeof (cairo_surface_snapshot_t)); + if (unlikely (snapshot == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_SURFACE_FINISHED)); + +diff --git a/src/cairo-surface-subsurface.c b/src/cairo-surface-subsurface.c +index 5b7ce0c..b2a10e9 100644 +--- a/src/cairo-surface-subsurface.c ++++ b/src/cairo-surface-subsurface.c +@@ -462,7 +462,7 @@ cairo_surface_create_for_rectangle (cairo_surface_t *target, + if (unlikely (target->finished)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_SURFACE_FINISHED)); + +- surface = malloc (sizeof (cairo_surface_subsurface_t)); ++ surface = _cairo_malloc (sizeof (cairo_surface_subsurface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -522,7 +522,7 @@ _cairo_surface_create_for_rectangle_int (cairo_surface_t *target, + + assert (target->backend->type != CAIRO_SURFACE_TYPE_SUBSURFACE); + +- surface = malloc (sizeof (cairo_surface_subsurface_t)); ++ surface = _cairo_malloc (sizeof (cairo_surface_subsurface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-surface.c b/src/cairo-surface.c +index 961894a..c5dc3b3 100644 +--- a/src/cairo-surface.c ++++ b/src/cairo-surface.c +@@ -1438,7 +1438,7 @@ cairo_surface_set_mime_data (cairo_surface_t *surface, + return _cairo_surface_set_error (surface, status); + + if (data != NULL) { +- mime_data = malloc (sizeof (cairo_mime_data_t)); ++ mime_data = _cairo_malloc (sizeof (cairo_mime_data_t)); + if (unlikely (mime_data == NULL)) + return _cairo_surface_set_error (surface, _cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-svg-surface.c b/src/cairo-svg-surface.c +index 1b56854..9a51782 100644 +--- a/src/cairo-svg-surface.c ++++ b/src/cairo-svg-surface.c +@@ -554,7 +554,7 @@ _cairo_svg_surface_add_source_surface (cairo_svg_surface_t *surface, + unique_id_length = 0; + } + +- source_entry = malloc (sizeof (cairo_svg_source_surface_t)); ++ source_entry = _cairo_malloc (sizeof (cairo_svg_source_surface_t)); + if (source_entry == NULL) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail; +@@ -656,7 +656,7 @@ _cairo_svg_surface_create_for_document (cairo_svg_document_t *document, + cairo_surface_t *paginated; + cairo_status_t status, status_ignored; + +- surface = malloc (sizeof (cairo_svg_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_svg_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -2862,7 +2862,7 @@ _cairo_svg_document_create (cairo_output_stream_t *output_stream, + if (output_stream->status) + return output_stream->status; + +- document = malloc (sizeof (cairo_svg_document_t)); ++ document = _cairo_malloc (sizeof (cairo_svg_document_t)); + if (unlikely (document == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-tag-attributes.c b/src/cairo-tag-attributes.c +index 91cd5ae..44b1147 100644 +--- a/src/cairo-tag-attributes.c ++++ b/src/cairo-tag-attributes.c +@@ -267,7 +267,7 @@ parse_string (const char *p, char **s) + if (!end) + return NULL; + +- *s = malloc (len + 1); ++ *s = _cairo_malloc (len + 1); + decode_string (p, &len, *s); + (*s)[len] = 0; + +@@ -341,7 +341,7 @@ parse_name (const char *p, const char **end, char **s) + p2++; + + len = p2 - p; +- name = malloc (len + 1); ++ name = _cairo_malloc (len + 1); + if (unlikely (name == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-tag-stack.c b/src/cairo-tag-stack.c +index e7c4909..7c2d524 100644 +--- a/src/cairo-tag-stack.c ++++ b/src/cairo-tag-stack.c +@@ -182,7 +182,7 @@ _cairo_tag_stack_push (cairo_tag_stack_t *stack, + } + } + +- elem = malloc (sizeof(cairo_tag_stack_elem_t)); ++ elem = _cairo_malloc (sizeof(cairo_tag_stack_elem_t)); + if (unlikely (elem == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-tee-surface.c b/src/cairo-tee-surface.c +index 48e9d43..7a94c9b 100644 +--- a/src/cairo-tee-surface.c ++++ b/src/cairo-tee-surface.c +@@ -428,7 +428,7 @@ cairo_tee_surface_create (cairo_surface_t *master) + if (unlikely (master->status)) + return _cairo_surface_create_in_error (master->status); + +- surface = malloc (sizeof (cairo_tee_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_tee_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-tor-scan-converter.c b/src/cairo-tor-scan-converter.c +index b1b5187..c11948e 100644 +--- a/src/cairo-tor-scan-converter.c ++++ b/src/cairo-tor-scan-converter.c +@@ -288,7 +288,7 @@ struct _pool_chunk { + /* A memory pool. This is supposed to be embedded on the stack or + * within some other structure. It may optionally be followed by an + * embedded array from which requests are fulfilled until +- * malloc needs to be called to allocate a first real chunk. */ ++ * _cairo_malloc needs to be called to allocate a first real chunk. */ + struct pool { + /* Chunk we're allocating from. */ + struct _pool_chunk *current; +@@ -483,7 +483,7 @@ _pool_chunk_create(struct pool *pool, size_t size) + { + struct _pool_chunk *p; + +- p = malloc(SIZEOF_POOL_CHUNK + size); ++ p = _cairo_malloc(SIZEOF_POOL_CHUNK + size); + if (unlikely (NULL == p)) + longjmp (*pool->jmp, _cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1872,7 +1872,7 @@ _cairo_tor_scan_converter_create (int xmin, + cairo_tor_scan_converter_t *self; + cairo_status_t status; + +- self = malloc (sizeof(struct _cairo_tor_scan_converter)); ++ self = _cairo_malloc (sizeof(struct _cairo_tor_scan_converter)); + if (unlikely (self == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto bail_nomem; +diff --git a/src/cairo-tor22-scan-converter.c b/src/cairo-tor22-scan-converter.c +index 4cec5ee..f91c70e 100644 +--- a/src/cairo-tor22-scan-converter.c ++++ b/src/cairo-tor22-scan-converter.c +@@ -287,7 +287,7 @@ struct _pool_chunk { + /* A memory pool. This is supposed to be embedded on the stack or + * within some other structure. It may optionally be followed by an + * embedded array from which requests are fulfilled until +- * malloc needs to be called to allocate a first real chunk. */ ++ * _cairo_malloc needs to be called to allocate a first real chunk. */ + struct pool { + /* Chunk we're allocating from. */ + struct _pool_chunk *current; +@@ -504,7 +504,7 @@ _pool_chunk_create(struct pool *pool, size_t size) + { + struct _pool_chunk *p; + +- p = malloc(size + sizeof(struct _pool_chunk)); ++ p = _cairo_malloc(size + sizeof(struct _pool_chunk)); + if (unlikely (NULL == p)) + longjmp (*pool->jmp, _cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1682,7 +1682,7 @@ _cairo_tor22_scan_converter_create (int xmin, + cairo_tor22_scan_converter_t *self; + cairo_status_t status; + +- self = malloc (sizeof(struct _cairo_tor22_scan_converter)); ++ self = _cairo_malloc (sizeof(struct _cairo_tor22_scan_converter)); + if (unlikely (self == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto bail_nomem; +diff --git a/src/cairo-toy-font-face.c b/src/cairo-toy-font-face.c +index 516f391..3d2217d 100644 +--- a/src/cairo-toy-font-face.c ++++ b/src/cairo-toy-font-face.c +@@ -312,7 +312,7 @@ cairo_toy_font_face_create (const char *family, + } + + /* Otherwise create it and insert into hash table. */ +- font_face = malloc (sizeof (cairo_toy_font_face_t)); ++ font_face = _cairo_malloc (sizeof (cairo_toy_font_face_t)); + if (unlikely (font_face == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto UNWIND_HASH_TABLE_LOCK; +diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c +index cbf85fa..1338a57 100644 +--- a/src/cairo-truetype-subset.c ++++ b/src/cairo-truetype-subset.c +@@ -193,7 +193,7 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t *scaled_font_subset, + if (unlikely (status)) + return status; + +- font = malloc (sizeof (cairo_truetype_font_t)); ++ font = _cairo_malloc (sizeof (cairo_truetype_font_t)); + if (unlikely (font == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -246,7 +246,7 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t *scaled_font_subset, + + /* If the PS name is not found, create a CairoFont-x-y name. */ + if (font->base.ps_name == NULL) { +- font->base.ps_name = malloc (30); ++ font->base.ps_name = _cairo_malloc (30); + if (unlikely (font->base.ps_name == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail3; +@@ -622,7 +622,7 @@ cairo_truetype_font_write_glyf_table (cairo_truetype_font_t *font, + else + size = sizeof (int32_t) * (font->base.num_glyphs_in_face + 1); + +- u.bytes = malloc (size); ++ u.bytes = _cairo_malloc (size); + if (unlikely (u.bytes == NULL)) + return _cairo_truetype_font_set_error (font, CAIRO_STATUS_NO_MEMORY); + +@@ -1195,7 +1195,7 @@ cairo_truetype_subset_init_internal (cairo_truetype_subset_t *truetype_subse + truetype_subset->descent = (double)font->base.descent/font->base.units_per_em; + + if (length) { +- truetype_subset->data = malloc (length); ++ truetype_subset->data = _cairo_malloc (length); + if (unlikely (truetype_subset->data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail4; +@@ -1208,7 +1208,7 @@ cairo_truetype_subset_init_internal (cairo_truetype_subset_t *truetype_subse + + if (num_strings) { + offsets_length = num_strings * sizeof (unsigned long); +- truetype_subset->string_offsets = malloc (offsets_length); ++ truetype_subset->string_offsets = _cairo_malloc (offsets_length); + if (unlikely (truetype_subset->string_offsets == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail5; +@@ -1296,7 +1296,11 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font, + return CAIRO_INT_STATUS_UNSUPPORTED; + + size = be16_to_cpu (map->length); +- map = malloc (size); ++ /* minimum table size is 24 bytes */ ++ if (size < 24) ++ return CAIRO_INT_STATUS_UNSUPPORTED; ++ ++ map = _cairo_malloc (size); + if (unlikely (map == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1462,7 +1466,7 @@ find_name (tt_name_t *name, int name_id, int platform, int encoding, int languag + if (len > MAX_FONT_NAME_LENGTH) + break; + +- str = malloc (len + 1); ++ str = _cairo_malloc (len + 1); + if (str == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1488,7 +1492,7 @@ find_name (tt_name_t *name, int name_id, int platform, int encoding, int languag + for (i = 0; i < u_len; i++) + size += _cairo_ucs4_to_utf8 (be16_to_cpu(u[i]), NULL); + +- utf8 = malloc (size + 1); ++ utf8 = _cairo_malloc (size + 1); + if (utf8 == NULL) { + status =_cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail; +@@ -1523,7 +1527,7 @@ find_name (tt_name_t *name, int name_id, int platform, int encoding, int languag + } + } + if (has_tag) { +- p = malloc (len - 6); ++ p = _cairo_malloc (len - 6); + if (unlikely (p == NULL)) { + status =_cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail; +@@ -1568,7 +1572,7 @@ _cairo_truetype_read_font_name (cairo_scaled_font_t *scaled_font, + if (status) + return status; + +- name = malloc (size); ++ name = _cairo_malloc (size); + if (name == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-type1-fallback.c b/src/cairo-type1-fallback.c +index c8e7e90..0b8e66c 100644 +--- a/src/cairo-type1-fallback.c ++++ b/src/cairo-type1-fallback.c +@@ -760,7 +760,7 @@ _cairo_type1_fallback_init_internal (cairo_type1_subset_t *type1_subset, + + length = font->header_size + font->data_size + + font->trailer_size; +- type1_subset->data = malloc (length); ++ type1_subset->data = _cairo_malloc (length); + if (unlikely (type1_subset->data == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto fail3; +diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c +index 4dd7ac1..89cb96f 100644 +--- a/src/cairo-type1-subset.c ++++ b/src/cairo-type1-subset.c +@@ -326,7 +326,7 @@ cairo_type1_font_subset_get_matrix (cairo_type1_font_subset_t *font, + return CAIRO_INT_STATUS_UNSUPPORTED; + + s_max = end - start + 5*decimal_point_len + 1; +- s = malloc (s_max); ++ s = _cairo_malloc (s_max); + if (unlikely (s == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -420,7 +420,7 @@ cairo_type1_font_subset_get_fontname (cairo_type1_font_subset_t *font) + while (end > start && _cairo_isspace(end[-1])) + end--; + +- s = malloc (end - start + 1); ++ s = _cairo_malloc (end - start + 1); + if (unlikely (s == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -624,7 +624,7 @@ cairo_type1_font_subset_decrypt_eexec_segment (cairo_type1_font_subset_t *font) + in = (unsigned char *) font->eexec_segment; + end = (unsigned char *) in + font->eexec_segment_size; + +- font->cleartext = malloc (font->eexec_segment_size + 1); ++ font->cleartext = _cairo_malloc (font->eexec_segment_size + 1); + if (unlikely (font->cleartext == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -783,7 +783,7 @@ cairo_type1_font_subset_parse_charstring (cairo_type1_font_subset_t *font, + const unsigned char *p; + int command; + +- charstring = malloc (encrypted_charstring_length); ++ charstring = _cairo_malloc (encrypted_charstring_length); + if (unlikely (charstring == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1096,7 +1096,7 @@ cairo_type1_font_subset_build_glyph_list (cairo_type1_font_subset_t *font, + glyph_data_t glyph; + cairo_status_t status; + +- s = malloc (name_length + 1); ++ s = _cairo_malloc (name_length + 1); + if (unlikely (s == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1285,7 +1285,7 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font, + if (lenIV_end == NULL) + return CAIRO_INT_STATUS_UNSUPPORTED; + +- lenIV_str = malloc (lenIV_end - lenIV_start + 1); ++ lenIV_str = _cairo_malloc (lenIV_end - lenIV_start + 1); + if (unlikely (lenIV_str == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1642,7 +1642,7 @@ cairo_type1_font_subset_generate (void *abstract_font, + return CAIRO_INT_STATUS_UNSUPPORTED; + + font->type1_length = data_length; +- font->type1_data = malloc (font->type1_length); ++ font->type1_data = _cairo_malloc (font->type1_length); + if (unlikely (font->type1_data == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1768,7 +1768,7 @@ _cairo_type1_subset_init (cairo_type1_subset_t *type1_subset, + length = font.base.header_size + + font.base.data_size + + font.base.trailer_size; +- type1_subset->data = malloc (length); ++ type1_subset->data = _cairo_malloc (length); + if (unlikely (type1_subset->data == NULL)) + goto fail3; + +diff --git a/src/cairo-type3-glyph-surface.c b/src/cairo-type3-glyph-surface.c +index 86c24ed..6b21023 100644 +--- a/src/cairo-type3-glyph-surface.c ++++ b/src/cairo-type3-glyph-surface.c +@@ -82,7 +82,7 @@ _cairo_type3_glyph_surface_create (cairo_scaled_font_t *scaled_font, + if (unlikely (stream != NULL && stream->status)) + return _cairo_surface_create_in_error (stream->status); + +- surface = malloc (sizeof (cairo_type3_glyph_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_type3_glyph_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-user-font.c b/src/cairo-user-font.c +index 6d2de20..a26fb57 100644 +--- a/src/cairo-user-font.c ++++ b/src/cairo-user-font.c +@@ -402,7 +402,7 @@ _cairo_user_font_face_scaled_font_create (void *abstract_ + + font_face->immutable = TRUE; + +- user_scaled_font = malloc (sizeof (cairo_user_scaled_font_t)); ++ user_scaled_font = _cairo_malloc (sizeof (cairo_user_scaled_font_t)); + if (unlikely (user_scaled_font == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -544,7 +544,7 @@ cairo_user_font_face_create (void) + { + cairo_user_font_face_t *font_face; + +- font_face = malloc (sizeof (cairo_user_font_face_t)); ++ font_face = _cairo_malloc (sizeof (cairo_user_font_face_t)); + if (!font_face) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return (cairo_font_face_t *)&_cairo_font_face_nil; +diff --git a/src/cairo-vg-surface.c b/src/cairo-vg-surface.c +index b94b7aa..7798633 100644 +--- a/src/cairo-vg-surface.c ++++ b/src/cairo-vg-surface.c +@@ -1517,7 +1517,7 @@ _vg_surface_create_internal (cairo_vg_context_t *context, + { + cairo_vg_surface_t *surface; + +- surface = malloc (sizeof (cairo_vg_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_vg_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1712,7 +1712,7 @@ cairo_vg_context_create_for_glx (Display *dpy, GLXContext ctx) + cairo_vg_context_t *context; + cairo_status_t status; + +- context = malloc (sizeof (*context)); ++ context = _cairo_malloc (sizeof (*context)); + if (unlikely (context == NULL)) + return (cairo_vg_context_t *) &_vg_context_nil; + +@@ -1817,7 +1817,7 @@ cairo_vg_context_create_for_egl (EGLDisplay egl_display, + cairo_vg_context_t *context; + cairo_status_t status; + +- context = malloc (sizeof (*context)); ++ context = _cairo_malloc (sizeof (*context)); + if (unlikely (context == NULL)) + return (cairo_vg_context_t *) &_vg_context_nil; + +diff --git a/src/cairo-xcb-connection.c b/src/cairo-xcb-connection.c +index 67897fa..51f5ee3 100644 +--- a/src/cairo-xcb-connection.c ++++ b/src/cairo-xcb-connection.c +@@ -111,7 +111,7 @@ _cairo_xcb_connection_find_visual_formats (cairo_xcb_connection_t *connection, + cairo_xcb_xrender_format_t *f; + cairo_status_t status; + +- f = malloc (sizeof (cairo_xcb_xrender_format_t)); ++ f = _cairo_malloc (sizeof (cairo_xcb_xrender_format_t)); + if (unlikely (f == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -177,7 +177,7 @@ _cairo_xcb_connection_parse_xrender_formats (cairo_xcb_connection_t *connection, + if (! _cairo_hash_table_lookup (connection->xrender_formats, &key)) { + cairo_xcb_xrender_format_t *f; + +- f = malloc (sizeof (cairo_xcb_xrender_format_t)); ++ f = _cairo_malloc (sizeof (cairo_xcb_xrender_format_t)); + if (unlikely (f == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -634,7 +634,7 @@ _cairo_xcb_connection_get (xcb_connection_t *xcb_connection) + } + } + +- connection = malloc (sizeof (cairo_xcb_connection_t)); ++ connection = _cairo_malloc (sizeof (cairo_xcb_connection_t)); + if (unlikely (connection == NULL)) + goto unlock; + +diff --git a/src/cairo-xcb-screen.c b/src/cairo-xcb-screen.c +index d0019f9..0d23ad3 100644 +--- a/src/cairo-xcb-screen.c ++++ b/src/cairo-xcb-screen.c +@@ -249,7 +249,7 @@ _cairo_xcb_screen_get (xcb_connection_t *xcb_connection, + } + } + +- screen = malloc (sizeof (cairo_xcb_screen_t)); ++ screen = _cairo_malloc (sizeof (cairo_xcb_screen_t)); + if (unlikely (screen == NULL)) + goto unlock; + +diff --git a/src/cairo-xcb-shm.c b/src/cairo-xcb-shm.c +index 2be2dac..f6c05d8 100644 +--- a/src/cairo-xcb-shm.c ++++ b/src/cairo-xcb-shm.c +@@ -50,7 +50,7 @@ + #define CAIRO_MAX_SHM_MEMORY (16*1024*1024) + + /* a simple buddy allocator for memory pools +- * XXX fragmentation? use Doug Lea's malloc? ++ * XXX fragmentation? use Doug Lea's _cairo_malloc? + */ + + typedef struct _cairo_xcb_shm_mem_block cairo_xcb_shm_mem_block_t; +@@ -209,7 +209,7 @@ _cairo_xcb_connection_allocate_shm_info (cairo_xcb_connection_t *connection, + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } + +- pool = malloc (sizeof (cairo_xcb_shm_mem_pool_t)); ++ pool = _cairo_malloc (sizeof (cairo_xcb_shm_mem_pool_t)); + if (unlikely (pool == NULL)) { + CAIRO_MUTEX_UNLOCK (connection->shm_mutex); + return _cairo_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-xcb-surface-core.c b/src/cairo-xcb-surface-core.c +index 40d0ca4..91c0ff9 100644 +--- a/src/cairo-xcb-surface-core.c ++++ b/src/cairo-xcb-surface-core.c +@@ -85,7 +85,7 @@ _cairo_xcb_pixmap_create (cairo_xcb_surface_t *target, + { + cairo_xcb_pixmap_t *surface; + +- surface = malloc (sizeof (cairo_xcb_pixmap_t)); ++ surface = _cairo_malloc (sizeof (cairo_xcb_pixmap_t)); + if (unlikely (surface == NULL)) + return (cairo_xcb_pixmap_t *) + _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +@@ -119,7 +119,7 @@ _cairo_xcb_pixmap_copy (cairo_xcb_surface_t *target) + { + cairo_xcb_pixmap_t *surface; + +- surface = malloc (sizeof (cairo_xcb_pixmap_t)); ++ surface = _cairo_malloc (sizeof (cairo_xcb_pixmap_t)); + if (unlikely (surface == NULL)) + return (cairo_xcb_pixmap_t *) + _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c +index a4969c9..42f27c7 100644 +--- a/src/cairo-xcb-surface-render.c ++++ b/src/cairo-xcb-surface-render.c +@@ -114,7 +114,7 @@ _cairo_xcb_picture_create (cairo_xcb_screen_t *screen, + { + cairo_xcb_picture_t *surface; + +- surface = malloc (sizeof (cairo_xcb_picture_t)); ++ surface = _cairo_malloc (sizeof (cairo_xcb_picture_t)); + if (unlikely (surface == NULL)) + return (cairo_xcb_picture_t *) + _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +@@ -4141,7 +4141,7 @@ _cairo_xcb_font_create (cairo_xcb_connection_t *connection, + cairo_xcb_font_t *priv; + int i; + +- priv = malloc (sizeof (cairo_xcb_font_t)); ++ priv = _cairo_malloc (sizeof (cairo_xcb_font_t)); + if (unlikely (priv == NULL)) + return NULL; + +@@ -4334,7 +4334,7 @@ _cairo_xcb_glyph_fini (cairo_scaled_glyph_private_t *glyph_private, + } + + if (to_free == NULL) { +- to_free = malloc (sizeof (cairo_xcb_font_glyphset_free_glyphs_t)); ++ to_free = _cairo_malloc (sizeof (cairo_xcb_font_glyphset_free_glyphs_t)); + if (unlikely (to_free == NULL)) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + return; /* XXX cannot propagate failure */ +@@ -4361,7 +4361,7 @@ _cairo_xcb_glyph_attach (cairo_xcb_connection_t *c, + { + cairo_xcb_glyph_private_t *priv; + +- priv = malloc (sizeof (*priv)); ++ priv = _cairo_malloc (sizeof (*priv)); + if (unlikely (priv == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -4472,7 +4472,7 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection, + if (c == 0) + break; + +- new = malloc (c); ++ new = _cairo_malloc (c); + if (unlikely (new == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto BAIL; +@@ -4503,7 +4503,7 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection, + if (c == 0) + break; + +- new = malloc (4 * c); ++ new = _cairo_malloc (4 * c); + if (unlikely (new == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto BAIL; +@@ -4585,7 +4585,7 @@ _emit_glyphs_chunk (cairo_xcb_surface_t *dst, + int i; + + if (estimated_req_size > ARRAY_LENGTH (stack_buf)) { +- buf = malloc (estimated_req_size); ++ buf = _cairo_malloc (estimated_req_size); + if (unlikely (buf == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } +diff --git a/src/cairo-xcb-surface.c b/src/cairo-xcb-surface.c +index 39127c1..7f601bb 100644 +--- a/src/cairo-xcb-surface.c ++++ b/src/cairo-xcb-surface.c +@@ -1075,7 +1075,7 @@ _cairo_xcb_surface_create_internal (cairo_xcb_screen_t *screen, + { + cairo_xcb_surface_t *surface; + +- surface = malloc (sizeof (cairo_xcb_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_xcb_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-xlib-display.c b/src/cairo-xlib-display.c +index a2a3bc7..add4229 100644 +--- a/src/cairo-xlib-display.c ++++ b/src/cairo-xlib-display.c +@@ -207,7 +207,7 @@ _cairo_xlib_device_create (Display *dpy) + } + } + +- display = malloc (sizeof (cairo_xlib_display_t)); ++ display = _cairo_malloc (sizeof (cairo_xlib_display_t)); + if (unlikely (display == NULL)) { + device = _cairo_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + goto UNLOCK; +diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c +index 4352b44..483fb21 100644 +--- a/src/cairo-xlib-render-compositor.c ++++ b/src/cairo-xlib-render-compositor.c +@@ -989,7 +989,7 @@ _cairo_xlib_font_create (cairo_xlib_display_t *display, + cairo_xlib_font_t *priv; + int i; + +- priv = malloc (sizeof (cairo_xlib_font_t)); ++ priv = _cairo_malloc (sizeof (cairo_xlib_font_t)); + if (unlikely (priv == NULL)) + return NULL; + +@@ -1089,7 +1089,7 @@ _cairo_xlib_glyph_attach (cairo_xlib_display_t *display, + { + cairo_xlib_glyph_private_t *priv; + +- priv = malloc (sizeof (*priv)); ++ priv = _cairo_malloc (sizeof (*priv)); + if (unlikely (priv == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1290,7 +1290,7 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display, + if (c == 0) + break; + +- new = malloc (c); ++ new = _cairo_malloc (c); + if (!new) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto BAIL; +@@ -1318,7 +1318,7 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display, + if (c == 0) + break; + +- new = malloc (4 * c); ++ new = _cairo_malloc (4 * c); + if (unlikely (new == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto BAIL; +diff --git a/src/cairo-xlib-screen.c b/src/cairo-xlib-screen.c +index 57beeaa..ff3bdfc 100644 +--- a/src/cairo-xlib-screen.c ++++ b/src/cairo-xlib-screen.c +@@ -330,7 +330,7 @@ _cairo_xlib_screen_get (Display *dpy, + goto CLEANUP_DISPLAY; + } + +- info = malloc (sizeof (cairo_xlib_screen_t)); ++ info = _cairo_malloc (sizeof (cairo_xlib_screen_t)); + if (unlikely (info == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_DISPLAY; +diff --git a/src/cairo-xlib-source.c b/src/cairo-xlib-source.c +index d6ea06a..6269edc 100644 +--- a/src/cairo-xlib-source.c ++++ b/src/cairo-xlib-source.c +@@ -109,7 +109,7 @@ source (cairo_xlib_surface_t *dst, Picture picture, Pixmap pixmap) + if (picture == None) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +- source = malloc (sizeof (*source)); ++ source = _cairo_malloc (sizeof (*source)); + if (unlikely (source == NULL)) { + XRenderFreePicture (dst->display->display, picture); + if (pixmap) +@@ -966,7 +966,7 @@ surface_source (cairo_xlib_surface_t *dst, + _cairo_xlib_shm_surface_get_pixmap (src)) { + cairo_xlib_proxy_t *proxy; + +- proxy = malloc (sizeof(*proxy)); ++ proxy = _cairo_malloc (sizeof(*proxy)); + if (unlikely (proxy == NULL)) + return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-xlib-surface-shm.c b/src/cairo-xlib-surface-shm.c +index a339d0c..1ee1e3d 100644 +--- a/src/cairo-xlib-surface-shm.c ++++ b/src/cairo-xlib-surface-shm.c +@@ -573,7 +573,7 @@ _cairo_xlib_shm_pool_create(cairo_xlib_display_t *display, + size_t bytes, maxbits = 16, minbits = MIN_BITS; + Status success; + +- pool = malloc (sizeof (cairo_xlib_shm_t)); ++ pool = _cairo_malloc (sizeof (cairo_xlib_shm_t)); + if (pool == NULL) + return NULL; + +@@ -650,7 +650,7 @@ _cairo_xlib_shm_info_create (cairo_xlib_display_t *display, + + assert (mem != NULL); + +- info = malloc (sizeof (*info)); ++ info = _cairo_malloc (sizeof (*info)); + if (info == NULL) { + _cairo_mempool_free (&pool->mem, mem); + return NULL; +@@ -814,7 +814,7 @@ _cairo_xlib_shm_surface_create (cairo_xlib_surface_t *other, + if (size < MIN_SIZE) + return NULL; + +- shm = malloc (sizeof (*shm)); ++ shm = _cairo_malloc (sizeof (*shm)); + if (unlikely (shm == NULL)) + return (cairo_xlib_shm_surface_t *)_cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1387,7 +1387,7 @@ _cairo_xlib_display_init_shm (cairo_xlib_display_t *display) + if (!can_use_shm (display->display, &has_pixmap)) + return; + +- shm = malloc (sizeof (*shm)); ++ shm = _cairo_malloc (sizeof (*shm)); + if (unlikely (shm == NULL)) + return; + +diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c +index 908d76d..7832737 100644 +--- a/src/cairo-xlib-surface.c ++++ b/src/cairo-xlib-surface.c +@@ -1766,7 +1766,7 @@ found: + ; + } + +- surface = malloc (sizeof (cairo_xlib_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_xlib_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/cairo-xlib-visual.c b/src/cairo-xlib-visual.c +index 863822e..979cd5b 100644 +--- a/src/cairo-xlib-visual.c ++++ b/src/cairo-xlib-visual.c +@@ -82,7 +82,7 @@ _cairo_xlib_visual_info_create (Display *dpy, + for (i = 0; i < RAMP_SIZE; i++) + ramp_index_to_short[i] = (0xffff * i + ((RAMP_SIZE-1)>>1)) / (RAMP_SIZE-1); + +- info = malloc (sizeof (cairo_xlib_visual_info_t)); ++ info = _cairo_malloc (sizeof (cairo_xlib_visual_info_t)); + if (unlikely (info == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/cairo-xlib-xcb-surface.c b/src/cairo-xlib-xcb-surface.c +index 0bf4261..4fa9f28 100644 +--- a/src/cairo-xlib-xcb-surface.c ++++ b/src/cairo-xlib-xcb-surface.c +@@ -391,7 +391,7 @@ _cairo_xlib_xcb_device_create (Display *dpy, cairo_device_t *xcb_device) + } + } + +- display = malloc (sizeof (cairo_xlib_xcb_display_t)); ++ display = _cairo_malloc (sizeof (cairo_xlib_xcb_display_t)); + if (unlikely (display == NULL)) { + device = _cairo_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + goto unlock; +@@ -438,7 +438,7 @@ _cairo_xlib_xcb_surface_create (void *dpy, + if (unlikely (xcb->status)) + return xcb; + +- surface = malloc (sizeof (*surface)); ++ surface = _cairo_malloc (sizeof (*surface)); + if (unlikely (surface == NULL)) { + cairo_surface_destroy (xcb); + return _cairo_surface_create_in_error (CAIRO_STATUS_NO_MEMORY); +diff --git a/src/cairo-xml-surface.c b/src/cairo-xml-surface.c +index b885fff..9c3a958 100644 +--- a/src/cairo-xml-surface.c ++++ b/src/cairo-xml-surface.c +@@ -258,7 +258,7 @@ _cairo_xml_create_internal (cairo_output_stream_t *stream) + { + cairo_xml_t *xml; + +- xml = malloc (sizeof (cairo_xml_t)); ++ xml = _cairo_malloc (sizeof (cairo_xml_t)); + if (unlikely (xml == NULL)) + return _cairo_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + +@@ -933,7 +933,7 @@ _cairo_xml_emit_type42_font (cairo_xml_t *xml, + if (unlikely (status)) + return status; + +- buf = malloc (size); ++ buf = _cairo_malloc (size); + if (unlikely (buf == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1098,7 +1098,7 @@ _cairo_xml_surface_create_internal (cairo_device_t *device, + { + cairo_xml_surface_t *surface; + +- surface = malloc (sizeof (cairo_xml_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_xml_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/drm/cairo-drm-gallium-surface.c b/src/drm/cairo-drm-gallium-surface.c +index 164ab03..ca18f73 100644 +--- a/src/drm/cairo-drm-gallium-surface.c ++++ b/src/drm/cairo-drm-gallium-surface.c +@@ -529,7 +529,7 @@ _gallium_fake_bo_create (uint32_t size, uint32_t name) + + /* XXX integrate with winsys handle */ + +- bo = malloc (sizeof (cairo_drm_bo_t)); ++ bo = _cairo_malloc (sizeof (cairo_drm_bo_t)); + + CAIRO_REFERENCE_COUNT_INIT (&bo->ref_count, 1); + bo->name = name; +@@ -556,7 +556,7 @@ gallium_surface_create_internal (gallium_device_t *device, + cairo_format_t format; + int stride, size; + +- surface = malloc (sizeof (gallium_surface_t)); ++ surface = _cairo_malloc (sizeof (gallium_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -641,7 +641,7 @@ gallium_surface_create_for_name (cairo_drm_device_t *base_dev, + cairo_status_t status; + cairo_content_t content; + +- surface = malloc (sizeof (gallium_surface_t)); ++ surface = _cairo_malloc (sizeof (gallium_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -768,7 +768,7 @@ _cairo_drm_gallium_device_create (int fd, dev_t dev, int vendor_id, int chip_id) + return NULL; + } + +- device = malloc (sizeof (gallium_device_t)); ++ device = _cairo_malloc (sizeof (gallium_device_t)); + if (device == NULL) { + dlclose (handle); + return _cairo_drm_device_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +diff --git a/src/drm/cairo-drm-i915-shader.c b/src/drm/cairo-drm-i915-shader.c +index 65e75c5..045ca52 100644 +--- a/src/drm/cairo-drm-i915-shader.c ++++ b/src/drm/cairo-drm-i915-shader.c +@@ -85,7 +85,7 @@ i915_packed_pixel_surface_create (i915_device_t *device, + if (width > 2048 || height > 2048) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_SIZE)); + +- surface = malloc (sizeof (i915_packed_pixel_surface_t)); ++ surface = _cairo_malloc (sizeof (i915_packed_pixel_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/drm/cairo-drm-i915-spans.c b/src/drm/cairo-drm-i915-spans.c +index b3f4e0a..f40bb2f 100644 +--- a/src/drm/cairo-drm-i915-spans.c ++++ b/src/drm/cairo-drm-i915-spans.c +@@ -98,7 +98,7 @@ i915_accumulate_rectangle (i915_spans_t *spans) + if (unlikely (spans->vbo_offset + size > I915_VBO_SIZE)) { + struct vbo *vbo; + +- vbo = malloc (sizeof (struct vbo)); ++ vbo = _cairo_malloc (sizeof (struct vbo)); + if (unlikely (vbo == NULL)) { + /* throw error! */ + } +diff --git a/src/drm/cairo-drm-i915-surface.c b/src/drm/cairo-drm-i915-surface.c +index cdbf258..8fc5f7a 100644 +--- a/src/drm/cairo-drm-i915-surface.c ++++ b/src/drm/cairo-drm-i915-surface.c +@@ -2432,7 +2432,7 @@ i915_surface_create_internal (cairo_drm_device_t *base_dev, + i915_surface_t *surface; + cairo_status_t status_ignored; + +- surface = malloc (sizeof (i915_surface_t)); ++ surface = _cairo_malloc (sizeof (i915_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -2542,7 +2542,7 @@ i915_surface_create_for_name (cairo_drm_device_t *base_dev, + break; + } + +- surface = malloc (sizeof (i915_surface_t)); ++ surface = _cairo_malloc (sizeof (i915_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -2698,7 +2698,7 @@ i915_surface_create_from_cacheable_image_internal (i915_device_t *device, + break; + } + if (node == NULL) { +- cache = malloc (sizeof (intel_buffer_cache_t)); ++ cache = _cairo_malloc (sizeof (intel_buffer_cache_t)); + if (unlikely (cache == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_DEVICE; +@@ -2735,7 +2735,7 @@ i915_surface_create_from_cacheable_image_internal (i915_device_t *device, + if (unlikely (status)) + goto CLEANUP_CACHE; + +- surface = malloc (sizeof (i915_surface_t)); ++ surface = _cairo_malloc (sizeof (i915_surface_t)); + if (unlikely (surface == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_CACHE; +@@ -2879,7 +2879,7 @@ _cairo_drm_i915_device_create (int fd, dev_t dev_id, int vendor_id, int chip_id) + if (! intel_info (fd, >t_size)) + return NULL; + +- device = malloc (sizeof (i915_device_t)); ++ device = _cairo_malloc (sizeof (i915_device_t)); + if (device == NULL) + return (cairo_drm_device_t *) _cairo_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/drm/cairo-drm-i965-glyphs.c b/src/drm/cairo-drm-i965-glyphs.c +index c66a63d..1ef0a6f 100644 +--- a/src/drm/cairo-drm-i965-glyphs.c ++++ b/src/drm/cairo-drm-i965-glyphs.c +@@ -71,7 +71,7 @@ i965_glyphs_accumulate_rectangle (i965_glyphs_t *glyphs) + if (unlikely (glyphs->vbo_offset + size > I965_VERTEX_SIZE)) { + struct i965_vbo *vbo; + +- vbo = malloc (sizeof (struct i965_vbo)); ++ vbo = _cairo_malloc (sizeof (struct i965_vbo)); + if (unlikely (vbo == NULL)) { + /* throw error! */ + } +diff --git a/src/drm/cairo-drm-i965-spans.c b/src/drm/cairo-drm-i965-spans.c +index 5cba7ce..4d1f491 100644 +--- a/src/drm/cairo-drm-i965-spans.c ++++ b/src/drm/cairo-drm-i965-spans.c +@@ -87,7 +87,7 @@ i965_spans_accumulate_rectangle (i965_spans_t *spans) + if (unlikely (spans->vbo_offset + size > I965_VERTEX_SIZE)) { + struct i965_vbo *vbo; + +- vbo = malloc (sizeof (struct i965_vbo)); ++ vbo = _cairo_malloc (sizeof (struct i965_vbo)); + if (unlikely (vbo == NULL)) { + /* throw error! */ + } +diff --git a/src/drm/cairo-drm-i965-surface.c b/src/drm/cairo-drm-i965-surface.c +index 04050ef..9d29e47 100644 +--- a/src/drm/cairo-drm-i965-surface.c ++++ b/src/drm/cairo-drm-i965-surface.c +@@ -1568,7 +1568,7 @@ i965_surface_create_internal (cairo_drm_device_t *base_dev, + i965_surface_t *surface; + cairo_status_t status_ignored; + +- surface = malloc (sizeof (i965_surface_t)); ++ surface = _cairo_malloc (sizeof (i965_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1657,7 +1657,7 @@ i965_surface_create_for_name (cairo_drm_device_t *base_dev, + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_FORMAT)); + } + +- surface = malloc (sizeof (i965_surface_t)); ++ surface = _cairo_malloc (sizeof (i965_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -1808,7 +1808,7 @@ _cairo_drm_i965_device_create (int fd, dev_t dev, int vendor_id, int chip_id) + if (! intel_info (fd, >t_size)) + return NULL; + +- device = malloc (sizeof (i965_device_t)); ++ device = _cairo_malloc (sizeof (i965_device_t)); + if (unlikely (device == NULL)) + return (cairo_drm_device_t *) _cairo_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/drm/cairo-drm-intel-surface.c b/src/drm/cairo-drm-intel-surface.c +index e295b62..8fe2c3a 100644 +--- a/src/drm/cairo-drm-intel-surface.c ++++ b/src/drm/cairo-drm-intel-surface.c +@@ -312,7 +312,7 @@ intel_surface_create (cairo_drm_device_t *device, + intel_surface_t *surface; + cairo_status_t status; + +- surface = malloc (sizeof (intel_surface_t)); ++ surface = _cairo_malloc (sizeof (intel_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -363,7 +363,7 @@ intel_surface_create_for_name (cairo_drm_device_t *device, + if (stride < cairo_format_stride_for_width (format, width)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_STRIDE)); + +- surface = malloc (sizeof (intel_surface_t)); ++ surface = _cairo_malloc (sizeof (intel_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -425,7 +425,7 @@ _cairo_drm_intel_device_create (int fd, dev_t dev, int vendor_id, int chip_id) + if (! intel_info (fd, NULL)) + return NULL; + +- device = malloc (sizeof (intel_device_t)); ++ device = _cairo_malloc (sizeof (intel_device_t)); + if (unlikely (device == NULL)) + return (cairo_drm_device_t *) _cairo_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/drm/cairo-drm-intel.c b/src/drm/cairo-drm-intel.c +index b5459d9..e6fb83d 100644 +--- a/src/drm/cairo-drm-intel.c ++++ b/src/drm/cairo-drm-intel.c +@@ -576,7 +576,7 @@ _intel_bo_put_a1_image (intel_device_t *device, + uint8_t *dst; + + if (width > (int) sizeof (buf)) { +- a8 = malloc (width); ++ a8 = _cairo_malloc (width); + if (a8 == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } +@@ -844,7 +844,7 @@ intel_glyph_cache_add_glyph (intel_device_t *device, + int x; + + if (width > (int) sizeof (buf)) { +- a8 = malloc (width); ++ a8 = _cairo_malloc (width); + if (unlikely (a8 == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } +diff --git a/src/drm/cairo-drm-radeon-surface.c b/src/drm/cairo-drm-radeon-surface.c +index 687d4f2..9c9f852 100644 +--- a/src/drm/cairo-drm-radeon-surface.c ++++ b/src/drm/cairo-drm-radeon-surface.c +@@ -317,7 +317,7 @@ radeon_surface_create_internal (cairo_drm_device_t *device, + radeon_surface_t *surface; + cairo_status_t status; + +- surface = malloc (sizeof (radeon_surface_t)); ++ surface = _cairo_malloc (sizeof (radeon_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -385,7 +385,7 @@ radeon_surface_create_for_name (cairo_drm_device_t *device, + if (stride < cairo_format_stride_for_width (format, width)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_STRIDE)); + +- surface = malloc (sizeof (radeon_surface_t)); ++ surface = _cairo_malloc (sizeof (radeon_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -427,7 +427,7 @@ _cairo_drm_radeon_device_create (int fd, dev_t dev, int vendor_id, int chip_id) + if (! radeon_info (fd, &gart_size, &vram_size)) + return NULL; + +- device = malloc (sizeof (radeon_device_t)); ++ device = _cairo_malloc (sizeof (radeon_device_t)); + if (device == NULL) + return _cairo_drm_device_create_in_error (CAIRO_STATUS_NO_MEMORY); + +diff --git a/src/test-compositor-surface.c b/src/test-compositor-surface.c +index 945d65b..d6e04a1 100644 +--- a/src/test-compositor-surface.c ++++ b/src/test-compositor-surface.c +@@ -78,7 +78,7 @@ test_compositor_surface_create (const cairo_compositor_t *compositor, + if (unlikely (pixman_image == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +- surface = malloc (sizeof (test_compositor_surface_t)); ++ surface = _cairo_malloc (sizeof (test_compositor_surface_t)); + if (unlikely (surface == NULL)) { + pixman_image_unref (pixman_image); + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +diff --git a/src/test-null-compositor-surface.c b/src/test-null-compositor-surface.c +index 6b8d4ee..35913a2 100644 +--- a/src/test-null-compositor-surface.c ++++ b/src/test-null-compositor-surface.c +@@ -81,7 +81,7 @@ test_compositor_surface_create (const cairo_compositor_t *compositor, + if (unlikely (pixman_image == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +- surface = malloc (sizeof (test_compositor_surface_t)); ++ surface = _cairo_malloc (sizeof (test_compositor_surface_t)); + if (unlikely (surface == NULL)) { + pixman_image_unref (pixman_image); + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); +diff --git a/src/test-paginated-surface.c b/src/test-paginated-surface.c +index a9f073f..7967f74 100644 +--- a/src/test-paginated-surface.c ++++ b/src/test-paginated-surface.c +@@ -74,7 +74,7 @@ _cairo_test_paginated_surface_create (cairo_surface_t *target) + if (unlikely (status)) + return _cairo_surface_create_in_error (status); + +- surface = malloc (sizeof (test_paginated_surface_t)); ++ surface = _cairo_malloc (sizeof (test_paginated_surface_t)); + if (unlikely (surface == NULL)) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/win32/cairo-win32-debug.c b/src/win32/cairo-win32-debug.c +index ff7aeaf..5c49601 100644 +--- a/src/win32/cairo-win32-debug.c ++++ b/src/win32/cairo-win32-debug.c +@@ -66,7 +66,7 @@ _cairo_win32_debug_dump_hrgn (HRGN rgn, char *header) + } + + z = GetRegionData(rgn, 0, NULL); +- rd = (RGNDATA*) malloc(z); ++ rd = (RGNDATA*) _cairo_malloc(z); + z = GetRegionData(rgn, z, rd); + + fprintf (stderr, " %ld rects, bounds: %ld %ld %ld %ld\n", +diff --git a/src/win32/cairo-win32-device.c b/src/win32/cairo-win32-device.c +index c60c494..f0df15e 100644 +--- a/src/win32/cairo-win32-device.c ++++ b/src/win32/cairo-win32-device.c +@@ -136,7 +136,7 @@ _cairo_win32_device_get (void) + if (__cairo_win32_device) + return cairo_device_reference (__cairo_win32_device); + +- device = malloc (sizeof (*device)); ++ device = _cairo_malloc (sizeof (*device)); + + _cairo_device_init (&device->base, &_cairo_win32_device_backend); + +diff --git a/src/win32/cairo-win32-display-surface.c b/src/win32/cairo-win32-display-surface.c +index 92d1f6c..04c5d16 100644 +--- a/src/win32/cairo-win32-display-surface.c ++++ b/src/win32/cairo-win32-display-surface.c +@@ -298,7 +298,7 @@ _cairo_win32_display_surface_create_for_dc (HDC original_dc, + unsigned char *bits; + int rowstride; + +- surface = malloc (sizeof (*surface)); ++ surface = _cairo_malloc (sizeof (*surface)); + if (surface == NULL) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +@@ -685,7 +685,7 @@ _cairo_win32_display_surface_set_clip (cairo_win32_display_surface_t *surface, + + data_size = sizeof (RGNDATAHEADER) + num_rects * sizeof (RECT); + if (data_size > sizeof (stack)) { +- data = malloc (data_size); ++ data = _cairo_malloc (data_size); + if (!data) + return _cairo_error(CAIRO_STATUS_NO_MEMORY); + } else +@@ -954,7 +954,7 @@ cairo_win32_surface_create_with_format (HDC hdc, cairo_format_t format) + break; + } + +- surface = malloc (sizeof (*surface)); ++ surface = _cairo_malloc (sizeof (*surface)); + if (surface == NULL) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + +diff --git a/src/win32/cairo-win32-font.c b/src/win32/cairo-win32-font.c +index 1b86b81..a031c13 100644 +--- a/src/win32/cairo-win32-font.c ++++ b/src/win32/cairo-win32-font.c +@@ -323,7 +323,7 @@ _win32_scaled_font_create (LOGFONTW *logfont, + if (hdc == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +- f = malloc (sizeof(cairo_win32_scaled_font_t)); ++ f = _cairo_malloc (sizeof(cairo_win32_scaled_font_t)); + if (f == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -472,7 +472,7 @@ _win32_scaled_font_get_unscaled_hfont (cairo_win32_scaled_font_t *scaled_font, + if (! otm_size) + return _cairo_win32_print_gdi_error ("_win32_scaled_font_get_unscaled_hfont:GetOutlineTextMetrics"); + +- otm = malloc (otm_size); ++ otm = _cairo_malloc (otm_size); + if (otm == NULL) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + +@@ -1388,7 +1388,7 @@ _cairo_win32_scaled_font_index_to_ucs4 (void *abstract_font, + goto exit1; + } + +- glyph_set = malloc (res); ++ glyph_set = _cairo_malloc (res); + if (glyph_set == NULL) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto exit1; +@@ -1696,7 +1696,7 @@ _cairo_win32_scaled_font_init_glyph_path (cairo_win32_scaled_font_t *scaled_font + goto CLEANUP_FONT; + } + +- ptr = buffer = malloc (bytesGlyph); ++ ptr = buffer = _cairo_malloc (bytesGlyph); + if (!buffer) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); + goto CLEANUP_FONT; +@@ -2071,7 +2071,7 @@ cairo_win32_font_face_create_for_logfontw_hfont (LOGFONTW *logfont, HFONT font) + } + + /* Otherwise create it and insert into hash table. */ +- font_face = malloc (sizeof (cairo_win32_font_face_t)); ++ font_face = _cairo_malloc (sizeof (cairo_win32_font_face_t)); + if (!font_face) { + _cairo_error_throw (CAIRO_STATUS_NO_MEMORY); + goto FAIL; +diff --git a/src/win32/cairo-win32-printing-surface.c b/src/win32/cairo-win32-printing-surface.c +index 68321c8..7f88cd1 100644 +--- a/src/win32/cairo-win32-printing-surface.c ++++ b/src/win32/cairo-win32-printing-surface.c +@@ -1020,8 +1020,8 @@ _cairo_win32_printing_surface_paint_linear_pattern (cairo_win32_printing_surface + num_rects = num_stops - 1; + + /* Add an extra four points and two rectangles for EXTEND_PAD */ +- vert = malloc (sizeof (TRIVERTEX) * (num_rects*2*num_ranges + 4)); +- rect = malloc (sizeof (GRADIENT_RECT) * (num_rects*num_ranges + 2)); ++ vert = _cairo_malloc (sizeof (TRIVERTEX) * (num_rects*2*num_ranges + 4)); ++ rect = _cairo_malloc (sizeof (GRADIENT_RECT) * (num_rects*num_ranges + 2)); + + for (i = 0; i < num_ranges*num_rects; i++) { + vert[i*2].y = (LONG) clip.top; +@@ -2131,7 +2131,7 @@ cairo_win32_printing_surface_create (HDC hdc) + cairo_win32_printing_surface_t *surface; + cairo_surface_t *paginated; + +- surface = malloc (sizeof (cairo_win32_printing_surface_t)); ++ surface = _cairo_malloc (sizeof (cairo_win32_printing_surface_t)); + if (surface == NULL) + return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY)); + From 888239feb22fdae42849eb629249eb9bc7817e463309b8b9e9f19e1f38d97d38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Wed, 20 Jun 2018 09:01:08 +0000 Subject: [PATCH 2/3] OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/cairo?expand=0&rev=140 --- cairo.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cairo.changes b/cairo.changes index 16412a4..1939b21 100644 --- a/cairo.changes +++ b/cairo.changes @@ -3,7 +3,7 @@ Wed Jun 20 06:26:30 UTC 2018 - qzheng@suse.com - Add replace-malloc-with-cairo-malloc.patch: replace malloc with _cairo_malloc and check cmap size before - allocating ( boo#1049092, CVE-2017-9814 ). + allocating (boo#1049092, CVE-2017-9814). ------------------------------------------------------------------- Tue Apr 24 21:00:53 UTC 2018 - bjorn.lie@gmail.com From a2a01827dc0ac3b851a265505f6b7184c6388dcd5fe95ddb18e9bcbf8838e8f4 Mon Sep 17 00:00:00 2001 From: Luciano Santos Date: Thu, 21 Jun 2018 04:08:19 +0000 Subject: [PATCH 3/3] Accepting request 618162 from home:zhengqiang:branches:GNOME:Factory - Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (boo#1049092, CVE-2017-9814, fdo#101547). OBS-URL: https://build.opensuse.org/request/show/618162 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/cairo?expand=0&rev=141 --- ...cairo-malloc.patch => cairo-CVE-2017-9814.patch | 14 ++++++++++++++ cairo.changes | 6 +++--- cairo.spec | 4 ++-- 3 files changed, 19 insertions(+), 5 deletions(-) rename replace-malloc-with-cairo-malloc.patch => cairo-CVE-2017-9814.patch (99%) diff --git a/replace-malloc-with-cairo-malloc.patch b/cairo-CVE-2017-9814.patch similarity index 99% rename from replace-malloc-with-cairo-malloc.patch rename to cairo-CVE-2017-9814.patch index 95131ab..9a2b2b3 100644 --- a/replace-malloc-with-cairo-malloc.patch +++ b/cairo-CVE-2017-9814.patch @@ -1,3 +1,17 @@ +From 199823938780c8e50099b627d3e9137acba7a263 Mon Sep 17 00:00:00 2001 +From: Adrian Johnson +Date: Sat, 8 Jul 2017 09:28:03 +0930 +Subject: [PATCH] Use _cairo_malloc instead of malloc + +_cairo_malloc(0) always returns NULL, but has not been used +consistently. This patch replaces many calls to malloc() with +_cairo_malloc(). + +Fixes: fdo# 101547 +CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299 +Reviewed-by: Bryce Harrington +--- + diff --git a/boilerplate/cairo-boilerplate-cogl.c b/boilerplate/cairo-boilerplate-cogl.c index e39ad33..f653109 100644 --- a/boilerplate/cairo-boilerplate-cogl.c diff --git a/cairo.changes b/cairo.changes index 1939b21..6f6cacf 100644 --- a/cairo.changes +++ b/cairo.changes @@ -1,9 +1,9 @@ ------------------------------------------------------------------- Wed Jun 20 06:26:30 UTC 2018 - qzheng@suse.com -- Add replace-malloc-with-cairo-malloc.patch: - replace malloc with _cairo_malloc and check cmap size before - allocating (boo#1049092, CVE-2017-9814). +- Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc + and check cmap size before allocating (boo#1049092, + CVE-2017-9814, fdo#101547). ------------------------------------------------------------------- Tue Apr 24 21:00:53 UTC 2018 - bjorn.lie@gmail.com diff --git a/cairo.spec b/cairo.spec index f751218..72b2ddd 100644 --- a/cairo.spec +++ b/cairo.spec @@ -33,8 +33,8 @@ Patch0: cairo-xlib-endianness.patch Patch1: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff # PATCH-FIX-UPSTREAM cairo-fix-assertion-failure-in-freetype-backend.patch fdo#105746 -- Fix assertion failure in the freetype backend Patch2: cairo-fix-assertion-failure-in-freetype-backend.patch -# PATCH-FIX-UPSTREAM replace-malloc-with-cairo-malloc.patch qzheng@suse.com -- replace malloc with _cairo_malloc and check cmap size before allocating. -Patch3: replace-malloc-with-cairo-malloc.patch +# PATCH-FIX-UPSTREAM cairo-CVE-2017-9814.patch boo#1049092 CVE-2017-9814 fdo#101547 qzheng@suse.com -- Replace malloc with _cairo_malloc and check cmap size before allocating. +Patch3: cairo-CVE-2017-9814.patch BuildRequires: gtk-doc BuildRequires: pkgconfig BuildRequires: pkgconfig(fontconfig)