Found that missing unlocks, triggered by errors. 3 patches attached.
Created attachment 11151 [details] [review] For src/cairo-ft-font.c
Created attachment 11152 [details] [review] For src/cairo-ft-font.c
Created attachment 11153 [details] [review] For src/cairo-type1-subset.c
Calling _cairo_ft_unscaled_font_unlock_face() after an error encountered during _cairo_ft_unscaled_font_lock_face() is wrong as the error path within lock_face() has already released the unscaled->mutex. Error paths are supposed to perform all necessary cleanup, but reading lock_face() it appears to be falsely incrementing unscaled->lock_count after an error. (And it looks like font_map->num_open_faces++ should be using an atomic op instead.) diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c index 4dc61ee..04441d0 100644 --- a/src/cairo-ft-font.c +++ b/src/cairo-ft-font.c @@ -552,6 +552,7 @@ _cairo_ft_unscaled_font_lock_face (cairo_ft_unscaled_font_t unscaled->id, &face) != FT_Err_Ok) { + unscaled->lock_count--; CAIRO_MUTEX_UNLOCK (unscaled->mutex); _cairo_error (CAIRO_STATUS_NO_MEMORY); return NULL;
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/112.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.