[cairo-bugs] [Bug 91396] New: Memory leak in cairo-script-surface

Sun Jul 19 07:38:00 PDT 2015

https://bugs.freedesktop.org/show_bug.cgi?id=91396

            Bug ID: 91396
           Summary: Memory leak in cairo-script-surface
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: chris at chris-wilson.co.uk
          Reporter: sixtysix at inwind.it
        QA Contact: cairo-bugs at cairographics.org

Created attachment 117248
  --> https://bugs.freedesktop.org/attachment.cgi?id=117248&action=edit
plug a memory leak

The bug is that in '_emit_recording_surface_pattern' the current cr is
saved on the stack in 'old_cr':

http://cgit.freedesktop.org/cairo/tree/src/cairo-script-surface.c#n1173

if replaying the recording surface 'emit_source' is called it is possible
that the 'current_source' member of surface->cr is finished and in its
place is copied the new source, (for surface_patterns this means that the new
source surface ref count is incremented):

http://cgit.freedesktop.org/cairo/tree/src/cairo-script-surface.c#n1741

but exiting the recursion 'old_cr' is assigned/raw-copied onto surface->cr and
current_source is overwritten without the matching ref count decrement.

compiling cairo with -fsanitize=address Gcc option and running

(cd test; CAIRO_TEST_TARGET=recording ./cairo-test-suite -f user-font-mask )

the report ends with:
... 
SUMMARY: AddressSanitizer: 7632 byte(s) leaked in 27 allocation(s).

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20150719/586d2779/attachment.html>