This was found through a coverity scan of the mozilla source tree. In |emit_image_rgb_data| (src/cairo-pdf-surface.c) around line 645 some memory is allocated and stored in a variable |rgb|. Around line 654 |cairo_image_surface_create| is called, which may return NULL. If it does, then |emit_image_rgb_data| returns (at line 658) without freeing |rgb|.
This is now fixed in cairo 1.1.1. -Carl diff-tree fc51a78a1ed5f7649ce55ab30fc42939a9b295d1 (from 25cccaaa1f6d337a1a0423a298f94456e72a820a) Author: Carl Worth <cworth@cworth.org> Date: Mon Mar 13 12:14:47 2006 -0800 cairo-pdf-surface: Close memory leak during OOM handling. This fixes bug #6186: Memory leak in emit_image_rgb_data (src/cairo-pdf-surface.c) https://bugs.freedesktop.org/show_bug.cgi?id=6186 diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c index cb8287b..6d18196 100644 --- a/src/cairo-pdf-surface.c +++ b/src/cairo-pdf-surface.c @@ -654,8 +654,10 @@ emit_image_rgb_data (cairo_pdf_document_ opaque = cairo_image_surface_create (CAIRO_FORMAT_RGB24, image->width, image->height); - if (opaque->status) + if (opaque->status) { + free (rgb); return 0; + } _cairo_pattern_init_for_surface (&pattern.surface, &image->base);
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.