Bug 6196 - Memory leak in _cairo_clip_intersect_path (src/cairo-clip.c)
Summary: Memory leak in _cairo_clip_intersect_path (src/cairo-clip.c)
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: 1.1.1
Hardware: All All
: high normal
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
URL: http://gitweb.freedesktop.org/?p=cair...
Depends on:
Reported: 2006-03-10 04:26 UTC by Ken Herron
Modified: 2006-03-13 12:23 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Ken Herron 2006-03-10 04:26:30 UTC
This was found through a coverity scan of the firefox source code.

The sample URL points to the relevant code in git. At line 246 a
|cairo_clip_path_t| object is allocated and stored in clip_path. At lines
250-252, the function returns without freeing this memory if
|_cairo_path_fixed_init_copy| fails.
Comment 1 Carl Worth 2006-03-14 07:23:14 UTC
This is now fixed in cairo 1.1.1 and 1.0.3.


diff-tree 79075b2cb1ce1397506fc10572df96f6fd00ecc3 (from
Author: Carl Worth <cworth@cworth.org>
Date:   Mon Mar 13 12:20:23 2006 -0800

    cairo-clip: Fix memory leak during OOM handling.

    This closes bug #6196:

        Memory leak in _cairo_clip_intersect_path (src/cairo-clip.c)

diff --git a/src/cairo-clip.c b/src/cairo-clip.c
index c76ebdc..0c862a3 100644
--- a/src/cairo-clip.c
+++ b/src/cairo-clip.c
@@ -248,8 +248,10 @@ _cairo_clip_intersect_path (cairo_clip_t
        return CAIRO_STATUS_NO_MEMORY;

     status = _cairo_path_fixed_init_copy (&clip_path->path, path);
-    if (status)
+    if (status) {
+       free (clip_path);
        return status;
+    }

     clip_path->ref_count = 1;
     clip_path->fill_rule = fill_rule;

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.