[cairo] memory leak in _cairo_pattern_create_solid

Nguyen Vu Hung vuhung16plus at gmail.com
Fri Oct 12 01:59:10 PDT 2007 

Hi all,

I think I've found a memory leak in cairo 1.4.10, file cairo-pattern.c,
function _cairo_pattern_create_solid.
In that function, variable *pattern is malloc()'ed but has not free() yet.

I am not so surely this is a bug because I am quite new to C and cairo.
Please excuse me If I am wrong.

As you can see in the following details, I've detected this issue with
valgrind.
If this bug is real, then cairo possiblely contains many similar problems in
other files/functions.

I also include a diff of origin src/cairo-pattern.c and the a ( possible )
FIXED cairo-pattern.c
Please see the following for details.


$cat test/test.cpp.ONLY.rairo
#include <cairo.h>

int
main (int argc, char *argv[])
{
        cairo_surface_t *surface;
        cairo_t *cr;

        surface = cairo_image_surface_create (CAIRO_FORMAT_ARGB32, 240, 80);
        cr = cairo_create (surface);

        cairo_select_font_face (cr, "serif", CAIRO_FONT_SLANT_ITALIC,
CAIRO_FONT_WEIGHT_BOLD);
#if 0
        cairo_set_font_size (cr, 32.0);
        cairo_set_source_rgb (cr, 0.0, 0.0, 1.0);
        cairo_move_to (cr, 10.0, 50.0);
        cairo_show_text (cr, "Hello, world");
#endif
        cairo_destroy (cr);
        cairo_surface_write_to_png (surface, "hello.png");
        cairo_surface_destroy (surface);

        return 0;
}

valgrind --leak-check=full -v --show-reachable=yes ./testImage

[snip]
==31669== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 36 from 1)
--31669--
--31669-- supp:   36 Ubuntu-stripped-ld.so
==31669== malloc/free: in use at exit: 132 bytes in 1 blocks.
==31669== malloc/free: 29 allocs, 28 frees, 362,305 bytes allocated.
==31669==
==31669== searching for pointers to 1 not-freed blocks.
==31669== checked 370,744 bytes.
==31669==
==31669== 132 bytes in 1 blocks are still reachable in loss record 1 of 1
==31669==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==31669==    by 0x805B7BC: _cairo_pattern_create_solid (cairo-pattern.c:309)
==31669==    by 0x804EA54: _cairo_gstate_init (cairo-gstate.c:94)
==31669==    by 0x804A073: cairo_create (cairo.c:210)
==31669==    by 0x8049F86: main (in testImage)
==31669==
==31669== LEAK SUMMARY:
==31669==    definitely lost: 0 bytes in 0 blocks.
==31669==      possibly lost: 0 bytes in 0 blocks.
==31669==    still reachable: 132 bytes in 1 blocks.
==31669==         suppressed: 0 bytes in 0 blocks.
--31669--  memcheck: sanity checks: 47 cheap, 2 expensive
--31669--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--31669--  memcheck: auxmaps: 0 searches, 0 comparisons
--31669--  memcheck: secondaries: 45 issued (2880k, 2M)
--31669--  memcheck: secondaries: 81 accessible and distinguished (5184k,
5M)
--31669--     tt/tc: 7,958 tt lookups requiring 8,215 probes
--31669--     tt/tc: 7,958 fast-cache updates, 3 flushes
--31669-- translate: new        3,761 (81,413 -> 1,340,177; ratio 164:10) [0
scs]
--31669-- translate: dumped     0 (0 -> ??)
--31669-- translate: discarded  9 (216 -> ??)
--31669-- scheduler: 2,383,621 jumps (bb entries).
--31669-- scheduler: 47/4,707 major/minor sched events.
--31669--    sanity: 48 cheap, 2 expensive checks.
--31669--    exectx: 30,011 lists, 62 contexts (avg 0 per list)
--31669--    exectx: 93 searches, 31 full compares (333 per 1000)
--31669--    exectx: 0 cmp2, 76 cmp4, 0 cmpAll

[vuhung@ cairo-1.4.10]$diff src/cairo-pattern.c src/cairo-
pattern.c.2007-10-12.orig
317,321c317
<     cairo_solid_pattern_t tmp_pattern;
<       memcpy(&tmp_pattern, pattern, sizeof(pattern));
<       if (pattern ) free(pattern);
<     return &tmp_pattern.base;
<
---
>     return &pattern->base;
[vuhung@ cairo-1.4.10]$

[vuhung@ Linux]$uname -a
Linux  2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 GNU/Linux
[vuhung@ Linux]$cat /etc/redhat-release
Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
[vuhung@ Linux]$gcc --version
gcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-3)
[vuhung@ Linux]$rpm -qa | grep glibc
glibc-headers-2.3.4-2.25
glibc-common-2.3.4-2.25
glibc-devel-2.3.4-2.25
glibc-2.3.4-2.25
glibc-kernheaders-2.4-9.1.98.EL
[vuhung@ ]$rpm -qa | grep valgr
valgrind-callgrind-0.10.1-2.EL4
valgrind-3.1.1-1.EL4

-- 
Best Regards,
Nguyen Hung Vu
vuhung16plus{remove}@gmail.dot.com
An inquisitive look at Harajuku
http://www.flickr.com/photos/vuhung/sets/72157600109218238/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cairographics.org/archives/cairo/attachments/20071012/0fd2dfee/attachment.htm

More information about the cairo mailing list