[cairo] Memory leak with font variations

Tobias Fleischer (reduxFX) tobias.fleischer at reduxfx.com
Thu Jun 11 05:18:07 UTC 2020

I think I found a bug concerning non-released memory when using font
I tested against cairo-1.17.2.

The internal function _cairo_gstate_init_copy() is supposed to make a deep
copy of the fields from one instance/state to another, used for example by
cairo_save(). It does however call _cairo_font_options_init_copy(), which
has this line in it:
options->variations = other->variations ? strdup (other->variations) : NULL;

This means that if a font variation string has been set, instead of a copy,
it will always allocate and use a copy of the string (via strdup), which
will then never be freed.
This leads to memory leaks as for example just by calling cairo_save(),
with each call an additional pointer is created that is never released.

Simple sample code to reproduce:
cairo_surface_t* surface = cairo_image_surface_create(CAIRO_FORMAT_ARGB32,
1920, 1080);
cairo_t* cr = cairo_create(surface);
cairo_font_options_t* t = cairo_font_options_create();
cairo_get_font_options(cr, t);
cairo_font_options_set_variations(t, "wght=400");
cairo_set_font_options(cr, t);

I think what is missing is a matching free-and-null call in
If I add the following two lines at the beginning of_cairo_gstate_fini(),
it seems to fix this issue, as every allocated copy gets freed again:
_cairo_font_options_fini (&gstate->font_options);
gstate->font_options.variations = NULL;

Let me know if this makes sense.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo/attachments/20200611/51d08a1f/attachment.htm>

More information about the cairo mailing list