diff options
| author | Uli Schlachter <psychon@znc.in> | 2023-01-05 17:14:34 +0100 |
|---|---|---|
| committer | Uli Schlachter <psychon@znc.in> | 2023-01-05 17:14:34 +0100 |
| commit | 3a7bb13582190812184ca7bf4f338e34a17a7896 (patch) | |
| tree | a9c352c839ebffe57a54feb6d35ba27385f80122 /src/cairo-svg-glyph-render.c | |
| parent | 13a0474641232cccb15d24fa31d8c2557731665b (diff) | |
| download | cairo-3a7bb13582190812184ca7bf4f338e34a17a7896.tar.gz | |
Fix a leak in the cairo-svg-glyph-renderer
This svg
<svg /><path stroke-dasharray=""fill="url(# "id=""/>
Lead to two memory leaks like the following:
98 bytes in 98 blocks are definitely lost in loss record 2 of 11
at 0x48407B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4EB8789: strdup (strdup.c:42)
by 0x493C450: save_graphics_state (cairo-svg-glyph-render.c:2894)
This happened because the value of gs->dash_array was replaced without
freeing the previous value. This commit adds the missing free and fixes
the leak.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54830
Signed-off-by: Uli Schlachter <psychon@znc.in>
Diffstat (limited to 'src/cairo-svg-glyph-render.c')
| -rw-r--r-- | src/cairo-svg-glyph-render.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cairo-svg-glyph-render.c b/src/cairo-svg-glyph-render.c index 6ed3b8cc8..9f9d9dafa 100644 --- a/src/cairo-svg-glyph-render.c +++ b/src/cairo-svg-glyph-render.c @@ -2818,8 +2818,10 @@ update_graphics_state (cairo_svg_glyph_render_t *svg_render, cairo_set_miter_limit (svg_render->cr, value); p = get_attribute (element, "stroke-dasharray"); - if (p) + if (p) { + free (gs->dash_array); gs->dash_array = strdup (p); + } get_float_or_percent_attribute (element, "stroke-dashoffset", svg_render->width, &gs->dash_offset); update_dash (svg_render, element); |