[cairo-commit] 2 commits - src/cairo-svg-glyph-render.c
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Jan 5 20:00:31 UTC 2023
src/cairo-svg-glyph-render.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit 387d2f07394061882ec0319b114a789e48ec5380
Merge: 13a047464 3a7bb1358
Author: Uli Schlachter <psychon at znc.in>
Date: Thu Jan 5 20:00:29 2023 +0000
Merge branch 'svg-glyph-renderer-leak' into 'master'
Fix a leak in the cairo-svg-glyph-renderer
See merge request cairo/cairo!394
commit 3a7bb13582190812184ca7bf4f338e34a17a7896
Author: Uli Schlachter <psychon at znc.in>
Date: Thu Jan 5 17:14:34 2023 +0100
Fix a leak in the cairo-svg-glyph-renderer
This svg
<svg /><path stroke-dasharray=""fill="url(# "id=""/>
Lead to two memory leaks like the following:
98 bytes in 98 blocks are definitely lost in loss record 2 of 11
at 0x48407B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4EB8789: strdup (strdup.c:42)
by 0x493C450: save_graphics_state (cairo-svg-glyph-render.c:2894)
This happened because the value of gs->dash_array was replaced without
freeing the previous value. This commit adds the missing free and fixes
the leak.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54830
Signed-off-by: Uli Schlachter <psychon at znc.in>
diff --git a/src/cairo-svg-glyph-render.c b/src/cairo-svg-glyph-render.c
index 6ed3b8cc8..9f9d9dafa 100644
--- a/src/cairo-svg-glyph-render.c
+++ b/src/cairo-svg-glyph-render.c
@@ -2818,8 +2818,10 @@ update_graphics_state (cairo_svg_glyph_render_t *svg_render,
cairo_set_miter_limit (svg_render->cr, value);
p = get_attribute (element, "stroke-dasharray");
- if (p)
+ if (p) {
+ free (gs->dash_array);
gs->dash_array = strdup (p);
+ }
get_float_or_percent_attribute (element, "stroke-dashoffset", svg_render->width, &gs->dash_offset);
update_dash (svg_render, element);
More information about the cairo-commit
mailing list