[cairo-commit] 2 commits - src/cairo-truetype-subset.c

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Wed Mar 10 16:57:09 UTC 2021


 src/cairo-truetype-subset.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit f604b4ba9250d584fcd0cc7cf1cf1e58ab692be7
Merge: b718dae71 2af4412aa
Author: Tim-Philipp Müller <tim at centricular.com>
Date:   Wed Mar 10 16:57:08 2021 +0000

    Merge branch 'gyf-table-leak' into 'master'
    
    Fix a leak in an error path
    
    See merge request cairo/cairo!144

commit 2af4412aa3702c88da21c1265d9342a46190e078
Author: Uli Schlachter <psychon at znc.in>
Date:   Tue Mar 9 11:14:09 2021 +0100

    Fix a leak in an error path
    
    Tested with valgrind. Before this patch, I got the following "definitely
    lost" entry, which is gone afterwards:
    
    94,416 bytes in 1 blocks are definitely lost in loss record 427 of 427
       at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x4B053F8: cairo_truetype_font_write_glyf_table (cairo-truetype-subset.c:625)
       by 0x4B06219: cairo_truetype_font_generate (cairo-truetype-subset.c:991)
       by 0x4B06917: cairo_truetype_subset_init_internal (cairo-truetype-subset.c:1159)
       by 0x4B06D72: _cairo_truetype_subset_init_pdf (cairo-truetype-subset.c:1255)
       by 0x4B6B113: _cairo_pdf_surface_emit_truetype_font_subset (cairo-pdf-surface.c:5892)
       by 0x4B6C2AD: _cairo_pdf_surface_emit_unscaled_font_subset (cairo-pdf-surface.c:6366)
       by 0x4B02FC7: _cairo_sub_font_collect (cairo-scaled-font-subsets.c:741)
       by 0x4B03A7A: _cairo_scaled_font_subsets_foreach_internal (cairo-scaled-font-subsets.c:1062)
       by 0x4B03B21: _cairo_scaled_font_subsets_foreach_unscaled (cairo-scaled-font-subsets.c:1090)
       by 0x4B6C3ED: _cairo_pdf_surface_emit_font_subsets (cairo-pdf-surface.c:6412)
       by 0x4B62B1A: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2222)
    
    To reproduce, run the test case from the below link.
    
    Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28023
    Signed-off-by: Uli Schlachter <psychon at znc.in>

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index 7f0445df4..f5f06defc 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -628,8 +628,10 @@ cairo_truetype_font_write_glyf_table (cairo_truetype_font_t *font,
 
     status = font->backend->load_truetype_table (font->scaled_font_subset->scaled_font,
                                                  TT_TAG_loca, 0, u.bytes, &size);
-    if (unlikely (status))
+    if (unlikely (status)) {
+	free (u.bytes);
 	return _cairo_truetype_font_set_error (font, status);
+    }
 
     start_offset = _cairo_array_num_elements (&font->output);
     for (i = 0; i < font->num_glyphs; i++) {


More information about the cairo-commit mailing list