From dcbb93a04028d84bccb61aa453d97261fcee86e7 Mon Sep 17 00:00:00 2001 From: Jason Crain Date: Tue, 24 Mar 2015 02:51:47 -0500 Subject: [PATCH] cairo: Fix memory leak in CairoFreeTypeFont::create - Free embedded font data in _ft_done_face when the cairo font is destroyed. - Free embedded font data if _ft_new_face finds it's a duplicate of an already open font. - Free embedded font data and codeToGID array if font creation fails. Bug #89952 --- poppler/CairoFontEngine.cc | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/poppler/CairoFontEngine.cc b/poppler/CairoFontEngine.cc index a5a3023..4ffbf2e 100644 --- a/poppler/CairoFontEngine.cc +++ b/poppler/CairoFontEngine.cc @@ -256,12 +256,16 @@ _ft_done_face (void *closure) else _ft_open_faces = data->next; + if (data->fd != -1) { #if defined(__SUNPRO_CC) && defined(__sun) && defined(__SVR4) - munmap ((char*)data->bytes, data->size); + munmap ((char*)data->bytes, data->size); #else - munmap (data->bytes, data->size); + munmap (data->bytes, data->size); #endif - close (data->fd); + close (data->fd); + } else { + gfree (data->bytes); + } FT_Done_Face (data->face); gfree (data); @@ -318,6 +322,8 @@ _ft_new_face (FT_Library lib, munmap (tmpl.bytes, tmpl.size); #endif close (tmpl.fd); + } else { + gfree (tmpl.bytes); } *face_out = l->face; *font_face_out = cairo_font_face_reference (l->font_face); @@ -533,8 +539,6 @@ CairoFreeTypeFont *CairoFreeTypeFont::create(GfxFont *gfxFont, XRef *xref, } if (! _ft_new_face (lib, fileNameC, font_data, font_data_len, &face, &font_face)) { - gfree(codeToGID); - codeToGID = NULL; error(errSyntaxError, -1, "could not create cid face\n"); goto err2; } @@ -555,6 +559,8 @@ CairoFreeTypeFont *CairoFreeTypeFont::create(GfxFont *gfxFont, XRef *xref, err2: /* hmm? */ delete fontLoc; + gfree (codeToGID); + gfree (font_data); fprintf (stderr, "some font thing failed\n"); return NULL; } -- 2.1.4