diff options
| author | Uli Schlachter <psychon@znc.in> | 2021-03-09 11:14:09 +0100 |
|---|---|---|
| committer | Uli Schlachter <psychon@znc.in> | 2021-03-09 11:14:09 +0100 |
| commit | 2af4412aa3702c88da21c1265d9342a46190e078 (patch) | |
| tree | e2f0a0a60b7c3b4869299b23e1c3c6bee5c7d702 | |
| parent | 7788000be0551c5cc77057db775f316f9f0e7f29 (diff) | |
Fix a leak in an error path
Tested with valgrind. Before this patch, I got the following "definitely
lost" entry, which is gone afterwards:
94,416 bytes in 1 blocks are definitely lost in loss record 427 of 427
at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4B053F8: cairo_truetype_font_write_glyf_table (cairo-truetype-subset.c:625)
by 0x4B06219: cairo_truetype_font_generate (cairo-truetype-subset.c:991)
by 0x4B06917: cairo_truetype_subset_init_internal (cairo-truetype-subset.c:1159)
by 0x4B06D72: _cairo_truetype_subset_init_pdf (cairo-truetype-subset.c:1255)
by 0x4B6B113: _cairo_pdf_surface_emit_truetype_font_subset (cairo-pdf-surface.c:5892)
by 0x4B6C2AD: _cairo_pdf_surface_emit_unscaled_font_subset (cairo-pdf-surface.c:6366)
by 0x4B02FC7: _cairo_sub_font_collect (cairo-scaled-font-subsets.c:741)
by 0x4B03A7A: _cairo_scaled_font_subsets_foreach_internal (cairo-scaled-font-subsets.c:1062)
by 0x4B03B21: _cairo_scaled_font_subsets_foreach_unscaled (cairo-scaled-font-subsets.c:1090)
by 0x4B6C3ED: _cairo_pdf_surface_emit_font_subsets (cairo-pdf-surface.c:6412)
by 0x4B62B1A: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2222)
To reproduce, run the test case from the below link.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28023
Signed-off-by: Uli Schlachter <psychon@znc.in>
| -rw-r--r-- | src/cairo-truetype-subset.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c index 7f0445df4..f5f06defc 100644 --- a/src/cairo-truetype-subset.c +++ b/src/cairo-truetype-subset.c @@ -628,8 +628,10 @@ cairo_truetype_font_write_glyf_table (cairo_truetype_font_t *font, status = font->backend->load_truetype_table (font->scaled_font_subset->scaled_font, TT_TAG_loca, 0, u.bytes, &size); - if (unlikely (status)) + if (unlikely (status)) { + free (u.bytes); return _cairo_truetype_font_set_error (font, status); + } start_offset = _cairo_array_num_elements (&font->output); for (i = 0; i < font->num_glyphs; i++) { |