[poppler] A memory leak in CairoFreeTypeFont::create()?

Carlos Garcia Campos carlosgc at gnome.org
Sun Jan 24 04:36:44 PST 2010 

Excerpts from mpsuzuki's message of vie ene 08 05:48:18 +0100 2010:
> Hi,
> 
> Now I'm playing with pdftoppm (poppler utils) to attach
> a shell-like interface, to cropping many fragments from
> a signe huge PDF. During the development, I found a
> problem that CairoFreeTypeFont::create() does not free
> an internal buffer pointed by `ff', and valgrind reports
> it as a memory leak.
> 
>     362 CairoFreeTypeFont *CairoFreeTypeFont::create(GfxFont *gfxFont, XRef
> *xref,
>     363                                              FT_Library lib, GBool
> useCIDs) {
> 
>     [snip]
> 
>     373   FoFiTrueType *ff;
> 
>     [snip]
> 
>     463   case fontCIDType2:
>     464     codeToGID = NULL;
>     465     n = 0;
>     466     if (((GfxCIDFont *)gfxFont)->getCIDToGID()) {
>     467       n = ((GfxCIDFont *)gfxFont)->getCIDToGIDLen();
>     468       if (n) {
>     469         codeToGID = (Gushort *)gmallocn(n, sizeof(Gushort));
>     470         memcpy(codeToGID, ((GfxCIDFont *)gfxFont)->getCIDToGID(),
>     471                 n * sizeof(Gushort));
>     472       }
>     473     } else {
>     474       ff = FoFiTrueType::load(fileName->getCString());
>     475       if (! ff)
>     476         goto err2;
>     477       codeToGID = ((GfxCIDFont *)gfxFont)->getCodeToGIDMap(ff, &n);
>     478       delete ff;
>     479     }
>     480     codeToGIDLen = n;
>     481     /* Fall through */
> 
>     In the case of CIDFontType2, after codeToGID is obtained
>     from the font file, `ff' is not needed anymore, and deleted
>     at line 478.
> 
>     482   case fontTrueType:
>     483     if (!(ff = FoFiTrueType::load(fileName->getCString()))) {
>     484       error(-1, "failed to load truetype font\n");
>     485       goto err2;
>     486     }
>     487     /* This might be set already for the CIDType2 case */
>     488     if (fontType == fontTrueType) {
>     489       codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
>     490       codeToGIDLen = 256;
>     491     }
>     492     if (! _ft_new_face (lib, fileName->getCString(), &face,
> &font_face)) {
>     493       error(-1, "could not create truetype face\n");
>     494       goto err2;
>     495     }
>     496     break;
> 
>     In the case of TrueType, after codeToGID is obtained
>     from the font file, `ff' is not deleted.
> 
> 
> It seems that the buffer pointed by `ff' is not passed to
> the caller (or others), and it might be orphaned. Is it
> possible to delete it, aslike CIDFontType2 case deletes it?
> 
> Following is my short patch. Please give me comment.

Applied to git master and 0.12 branch. Thank you very much. 

> Regards,
> mpsuzuki
> 
> 
> diff --git a/poppler/CairoFontEngine.cc b/poppler/CairoFontEngine.cc
> index 20e6b9e..f08d893 100644
> --- a/poppler/CairoFontEngine.cc
> +++ b/poppler/CairoFontEngine.cc
> @@ -489,6 +489,7 @@ CairoFreeTypeFont *CairoFreeTypeFont::create(GfxFont
> *gfxFont, XRef *xref,
>        codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
>        codeToGIDLen = 256;
>      }
> +    delete ff;
>      if (! _ft_new_face (lib, fileName->getCString(), &face, &font_face)) {
>        error(-1, "could not create truetype face\n");
>        goto err2;
-- 
Carlos Garcia Campos
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x523E6462

More information about the poppler mailing list