[cairo-commit] src/cairo-cff-subset.c src/cairo-type1-subset.c

Adrian Johnson ajohnson at kemper.freedesktop.org
Tue Oct 30 03:23:51 PDT 2012


 src/cairo-cff-subset.c   |    6 +++---
 src/cairo-type1-subset.c |    2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

New commits:
commit 65176b7380f0d633da514be1febe16f17b99d876
Author: Kevin Tardif <kiyoka at gmail.com>
Date:   Tue Oct 30 00:27:27 2012 -0400

    type1-subset, cff-subset: Plugged 2 memory leaks
    
    - _cairo_type1_font_subset_fini doesn't free font->cleartext
    - _cairo_cff_font_create can exit without freeing font->font_name and/or
      font->data; _cairo_cff_font_load_opentype_cff is called to allocate
      font_name, then _cairo_cff_font_load_cff is called to allocate
      font->data, then _cairo_cff_font_load_cff's return status is checked
      and if it failed, it jumps to fail1. This can cause font_name to leak
      since the fail1 target only frees the font variable. In addition,
      _cairo_cff_font_load_cff can fail -after- allocating data, and then
      data won't be freed either.
    
    Bug 56566

diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
index e3040fc..bd8d5b5 100644
--- a/src/cairo-cff-subset.c
+++ b/src/cairo-cff-subset.c
@@ -2787,7 +2787,7 @@ _cairo_cff_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
     if (backend->is_synthetic && backend->is_synthetic (scaled_font_subset->scaled_font))
 	return CAIRO_INT_STATUS_UNSUPPORTED;
 
-    font = malloc (sizeof (cairo_cff_font_t));
+    font = calloc (1, sizeof (cairo_cff_font_t));
     if (unlikely (font == NULL))
         return _cairo_error (CAIRO_STATUS_NO_MEMORY);
 
@@ -2862,11 +2862,11 @@ fail4:
 fail3:
     free (font->subset_font_name);
 fail2:
-    free (font->data);
-    free (font->font_name);
     free (font->ps_name);
     _cairo_array_fini (&font->output);
 fail1:
+    free (font->data);
+    free (font->font_name);
     free (font);
 
     return status;
diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
index dff4a95..2ec56f1 100644
--- a/src/cairo-type1-subset.c
+++ b/src/cairo-type1-subset.c
@@ -1670,6 +1670,8 @@ _cairo_type1_font_subset_fini (cairo_type1_font_subset_t *font)
 
     free (font->subset_index_to_glyphs);
 
+    free (font->cleartext);
+
     return status;
 }
 


More information about the cairo-commit mailing list