[cairo-commit] 2 commits - src/cairo-type3-glyph-surface.c

[GitLab Mirror]

 src/cairo-type3-glyph-surface.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit aeafbf554f4d4dad82960f8fbb7008d009d1bc4d
Merge: 3a60f6e13 488209d9e
Author: Uli Schlachter <psychon at znc.in>
Date:   Sat Dec 31 13:18:03 2022 +0000

    Merge branch 'clipper-memory-leak' into 'master'
    
    Fix memory leak in type3 glyph surface
    
    See merge request cairo/cairo!381

commit 488209d9e9dcd21efaf08729054a8864b9b74f63
Author: Uli Schlachter <psychon at znc.in>
Date:   Sat Dec 31 13:30:57 2022 +0100

    Fix memory leak in type3 glyph surface
    
    In _cairo_type3_glyph_surface_create(), we call
    _cairo_surface_clipper_init(), but nothing ever called
    _cairo_surface_clipper_reset() in this call. This commit adds that
    missing call.
    
    This fixes a leak of a clip.
    
    Since I have no clue about this code (does _cairo_pdf_operators_fini()
    possible use the clipper?), I did the patch like this. This should avoid
    any possibility for a use-after-free.
    
    Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51043
    Signed-off-by: Uli Schlachter <psychon at znc.in>

diff --git a/src/cairo-type3-glyph-surface.c b/src/cairo-type3-glyph-surface.c
index 05ef417dc..19b2b84fb 100644
--- a/src/cairo-type3-glyph-surface.c
+++ b/src/cairo-type3-glyph-surface.c
@@ -182,7 +182,9 @@ _cairo_type3_glyph_surface_finish (void *abstract_surface)
 {
     cairo_type3_glyph_surface_t *surface = abstract_surface;
 
-    return _cairo_pdf_operators_fini (&surface->pdf_operators);
+    cairo_status_t status = _cairo_pdf_operators_fini (&surface->pdf_operators);
+    _cairo_surface_clipper_reset (&surface->clipper);
+    return status;
 }
 
 static cairo_int_status_t