diff options
| author | Feysh INC <opensource@feysh.com> | 2022-04-22 16:43:59 +0800 |
|---|---|---|
| committer | Feysh INC <opensource@feysh.com> | 2022-04-22 16:43:59 +0800 |
| commit | 99cd4bb3bd51bc62a2c8b5f9f4b6eda7625f0b96 (patch) | |
| tree | 145d1c5df2e3e92b310f671f7293b12643ad82bf | |
| parent | a934fa66dba2b880723f4e5c3fdea92cbe0207e7 (diff) | |
Fix a double free in _cairo_mono_scan_converter_create
When `_mono_scan_converter_init` failed,
`self->converter->polygon` will be freed by `polygon_fini()`. However,
the `bail` branch still called `polygon_fini()` to free
`self->converter->polygon`.
We remvoe the redundant `polygon_fini()` in `_mono_scan_converter_init`
to avoid the double free.
This fixes #557.
Signed-off-by: Feysh INC <opensource@feysh.com>
| -rw-r--r-- | src/cairo-mono-scan-converter.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/cairo-mono-scan-converter.c b/src/cairo-mono-scan-converter.c index 891f435c9..69168bd5d 100644 --- a/src/cairo-mono-scan-converter.c +++ b/src/cairo-mono-scan-converter.c @@ -403,7 +403,6 @@ _mono_scan_converter_init(struct mono_scan_converter *c, c->spans = _cairo_malloc_ab (max_num_spans, sizeof (cairo_half_open_span_t)); if (unlikely (c->spans == NULL)) { - polygon_fini (c->polygon); return _cairo_error (CAIRO_STATUS_NO_MEMORY); } } else |