diff options
| author | Uli Schlachter <psychon@znc.in> | 2020-12-05 08:15:34 +0100 |
|---|---|---|
| committer | Uli Schlachter <psychon@znc.in> | 2020-12-05 08:15:34 +0100 |
| commit | eb75ce0861b2f3dc753b8fa5653afc2f99948f0b (patch) | |
| tree | 79197aa71f55233db199603174899f5ba8f58819 /src/cairo-xcb-surface-render.c | |
| parent | f7054c892e35a04180d586e8af2d4c62601308f1 (diff) | |
| download | cairo-eb75ce0861b2f3dc753b8fa5653afc2f99948f0b.tar.gz | |
Fix a leak in cairo-xcb's render compositor
The code here temporary replaces extents->clip with another clip to call
a function. Afterwards, it restores the previous copy. The temporary
clip is only freed when it still is pointed to by extents->clip.
This logic is wrong. It is indeed possible that the clip is simplified
and changes. In this case, the original clip is also correctly freed.
However, this still means that we have to clean up and destroy the new
clip. The previous code just leaked it.
This was originally identified by Massimo in [1]. I am just committing
his patch.
[1]: https://bugs.freedesktop.org/show_bug.cgi?id=91267
Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/24
Signed-off-by: Uli Schlachter <psychon@znc.in>
Diffstat (limited to 'src/cairo-xcb-surface-render.c')
| -rw-r--r-- | src/cairo-xcb-surface-render.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c index 42f27c71f..e0569d860 100644 --- a/src/cairo-xcb-surface-render.c +++ b/src/cairo-xcb-surface-render.c @@ -3144,8 +3144,7 @@ _clip_and_composite_boxes (cairo_xcb_surface_t *dst, antialias, fill_rule, extents); - if (extents->clip != clip) - clip = NULL; + clip = extents->clip; extents->clip = saved_clip; _cairo_polygon_fini (&polygon); } |