Fix memory leak in type3 glyph surface

In _cairo_type3_glyph_surface_create(), we call _cairo_surface_clipper_init(), but nothing ever called _cairo_surface_clipper_reset() in this call. This commit adds that missing call. This fixes a leak of a clip. Since I have no clue about this code (does _cairo_pdf_operators_fini() possible use the clipper?), I did the patch like this. This should avoid any possibility for a use-after-free. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51043 Signed-off-by: Uli Schlachter <psychon@znc.in>
author: Uli Schlachter <psychon@znc.in> 2022-12-31 13:30:57 +0100
committer: Uli Schlachter <psychon@znc.in> 2022-12-31 13:30:57 +0100
commit: 488209d9e9dcd21efaf08729054a8864b9b74f63 (patch)
tree: 5cc895e08524e399226d25fed9a1a99d0ca6a193 /src/cairo-type3-glyph-surface.c
parent: 3a60f6e138942af739b5998c521527e691ffeba4 (diff)
download: cairo-488209d9e9dcd21efaf08729054a8864b9b74f63.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cairo-type3-glyph-surface.c b/src/cairo-type3-glyph-surface.c
index 05ef417dc..19b2b84fb 100644
--- a/src/cairo-type3-glyph-surface.c
+++ b/src/cairo-type3-glyph-surface.c
@@ -182,7 +182,9 @@ _cairo_type3_glyph_surface_finish (void *abstract_surface)
 {
     cairo_type3_glyph_surface_t *surface = abstract_surface;
 
-    return _cairo_pdf_operators_fini (&surface->pdf_operators);
+    cairo_status_t status = _cairo_pdf_operators_fini (&surface->pdf_operators);
+    _cairo_surface_clipper_reset (&surface->clipper);
+    return status;
 }
 
 static cairo_int_status_t
author	Uli Schlachter <psychon@znc.in>	2022-12-31 13:30:57 +0100
committer	Uli Schlachter <psychon@znc.in>	2022-12-31 13:30:57 +0100
commit	488209d9e9dcd21efaf08729054a8864b9b74f63 (patch)
tree	5cc895e08524e399226d25fed9a1a99d0ca6a193 /src/cairo-type3-glyph-surface.c
parent	3a60f6e138942af739b5998c521527e691ffeba4 (diff)
download	cairo-488209d9e9dcd21efaf08729054a8864b9b74f63.tar.gz