[cairo-commit] src/cairo-cff-subset.c src/cairo-type1-subset.c
Adrian Johnson
ajohnson at kemper.freedesktop.org
Tue Oct 30 03:23:51 PDT 2012
src/cairo-cff-subset.c | 6 +++---
src/cairo-type1-subset.c | 2 ++
2 files changed, 5 insertions(+), 3 deletions(-)
New commits:
commit 65176b7380f0d633da514be1febe16f17b99d876
Author: Kevin Tardif <kiyoka at gmail.com>
Date: Tue Oct 30 00:27:27 2012 -0400
type1-subset, cff-subset: Plugged 2 memory leaks
- _cairo_type1_font_subset_fini doesn't free font->cleartext
- _cairo_cff_font_create can exit without freeing font->font_name and/or
font->data; _cairo_cff_font_load_opentype_cff is called to allocate
font_name, then _cairo_cff_font_load_cff is called to allocate
font->data, then _cairo_cff_font_load_cff's return status is checked
and if it failed, it jumps to fail1. This can cause font_name to leak
since the fail1 target only frees the font variable. In addition,
_cairo_cff_font_load_cff can fail -after- allocating data, and then
data won't be freed either.
Bug 56566
diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
index e3040fc..bd8d5b5 100644
--- a/src/cairo-cff-subset.c
+++ b/src/cairo-cff-subset.c
@@ -2787,7 +2787,7 @@ _cairo_cff_font_create (cairo_scaled_font_subset_t *scaled_font_subset,
if (backend->is_synthetic && backend->is_synthetic (scaled_font_subset->scaled_font))
return CAIRO_INT_STATUS_UNSUPPORTED;
- font = malloc (sizeof (cairo_cff_font_t));
+ font = calloc (1, sizeof (cairo_cff_font_t));
if (unlikely (font == NULL))
return _cairo_error (CAIRO_STATUS_NO_MEMORY);
@@ -2862,11 +2862,11 @@ fail4:
fail3:
free (font->subset_font_name);
fail2:
- free (font->data);
- free (font->font_name);
free (font->ps_name);
_cairo_array_fini (&font->output);
fail1:
+ free (font->data);
+ free (font->font_name);
free (font);
return status;
diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
index dff4a95..2ec56f1 100644
--- a/src/cairo-type1-subset.c
+++ b/src/cairo-type1-subset.c
@@ -1670,6 +1670,8 @@ _cairo_type1_font_subset_fini (cairo_type1_font_subset_t *font)
free (font->subset_index_to_glyphs);
+ free (font->cleartext);
+
return status;
}
More information about the cairo-commit
mailing list