[poppler] A memory leak in CairoFreeTypeFont::create()?

[mpsuzuki at hiroshima-u.ac.jp]

Hi,

Now I'm playing with pdftoppm (poppler utils) to attach
a shell-like interface, to cropping many fragments from
a signe huge PDF. During the development, I found a
problem that CairoFreeTypeFont::create() does not free
an internal buffer pointed by `ff', and valgrind reports
it as a memory leak.

    362 CairoFreeTypeFont *CairoFreeTypeFont::create(GfxFont *gfxFont, XRef *xref,
    363                                              FT_Library lib, GBool useCIDs) {

    [snip]

    373   FoFiTrueType *ff;

    [snip]

    463   case fontCIDType2:
    464     codeToGID = NULL;
    465     n = 0;
    466     if (((GfxCIDFont *)gfxFont)->getCIDToGID()) {
    467       n = ((GfxCIDFont *)gfxFont)->getCIDToGIDLen();
    468       if (n) {
    469         codeToGID = (Gushort *)gmallocn(n, sizeof(Gushort));
    470         memcpy(codeToGID, ((GfxCIDFont *)gfxFont)->getCIDToGID(),
    471                 n * sizeof(Gushort));
    472       }
    473     } else {
    474       ff = FoFiTrueType::load(fileName->getCString());
    475       if (! ff)
    476         goto err2;
    477       codeToGID = ((GfxCIDFont *)gfxFont)->getCodeToGIDMap(ff, &n);
    478       delete ff;
    479     }
    480     codeToGIDLen = n;
    481     /* Fall through */

    In the case of CIDFontType2, after codeToGID is obtained
    from the font file, `ff' is not needed anymore, and deleted
    at line 478.

    482   case fontTrueType:
    483     if (!(ff = FoFiTrueType::load(fileName->getCString()))) {
    484       error(-1, "failed to load truetype font\n");
    485       goto err2;
    486     }
    487     /* This might be set already for the CIDType2 case */
    488     if (fontType == fontTrueType) {
    489       codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
    490       codeToGIDLen = 256;
    491     }
    492     if (! _ft_new_face (lib, fileName->getCString(), &face, &font_face)) {
    493       error(-1, "could not create truetype face\n");
    494       goto err2;
    495     }
    496     break;

    In the case of TrueType, after codeToGID is obtained
    from the font file, `ff' is not deleted.


It seems that the buffer pointed by `ff' is not passed to
the caller (or others), and it might be orphaned. Is it
possible to delete it, aslike CIDFontType2 case deletes it?

Following is my short patch. Please give me comment.

Regards,
mpsuzuki


diff --git a/poppler/CairoFontEngine.cc b/poppler/CairoFontEngine.cc
index 20e6b9e..f08d893 100644
--- a/poppler/CairoFontEngine.cc
+++ b/poppler/CairoFontEngine.cc
@@ -489,6 +489,7 @@ CairoFreeTypeFont *CairoFreeTypeFont::create(GfxFont *gfxFont, XRef *xref,
       codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
       codeToGIDLen = 256;
     }
+    delete ff;
     if (! _ft_new_face (lib, fileName->getCString(), &face, &font_face)) {
       error(-1, "could not create truetype face\n");
       goto err2;