[cairo-bugs] [Bug 56566] New: Memory leaks in font-related code

Mon Oct 29 21:42:31 PDT 2012

https://bugs.freedesktop.org/show_bug.cgi?id=56566

          Priority: medium
            Bug ID: 56566
          Assignee: ajohnson at redneon.com
           Summary: Memory leaks in font-related code
        QA Contact: cairo-bugs at cairographics.org
          Severity: major
    Classification: Unclassified
                OS: All
          Reporter: kiyoka at gmail.com
          Hardware: Other
            Status: NEW
           Version: 1.12.6
         Component: pdf backend
           Product: cairo

Created attachment 69279
  --> https://bugs.freedesktop.org/attachment.cgi?id=69279&action=edit
The patch

I've located two memory leaks in the pdf backend.

In cairo-type1-subset.c, _cairo_type1_font_subset_fini doesn't free
font->cleartext (set by cairo_type1_font_subset_decrypt_eexec_segment).

In cairo-cff-subset.c, _cairo_cff_font_create can exit without freeing
font->font_name and/or font->data; _cairo_cff_font_load_opentype_cff is called
to allocate font_name, then _cairo_cff_font_load_cff is called to allocate
font->data, then _cairo_cff_font_load_cff's return status is checked and if it
failed, it jumps to fail1. This can cause font_name to leak since the fail1
target only frees the font variable. In addition, _cairo_cff_font_load_cff can
fail -after- allocating data, and then data won't be freed either.

I've attached a patch against the latest (5a6e1d) commit in the master repo and
a test case with a pdf I found on the web that triggers it.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20121030/83f7928c/attachment.html>