From f594ffdc357a4e73f739fa6c2c79f656b7d31a0b Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Fri, 19 Jun 2020 18:55:49 +0200 Subject: [PATCH] [cff] Fix another two memory leaks (#58629). * src/cff/cffobjs.c (cff_size_init): If a call to `funcs->create' fails to allocate one of the `internal->subfont' variables, make sure to free `internal->topfont' and any successfully allocated subfonts. --- ChangeLog | 9 ++++++++ src/cff/cffobjs.c | 58 ++++++++++++++++++++++++++--------------------- 2 files changed, 41 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index 19967d709..3473057b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2020-06-19 Sebastian Rasmussen + + [cff] Fix another two memory leaks (#58629). + + * src/cff/cffobjs.c (cff_size_init): If a call to `funcs->create' + fails to allocate one of the `internal->subfont' variables, make + sure to free `internal->topfont' and any successfully allocated + subfonts. + 2020-06-19 Sebastian Rasmussen [psaux] Fix memory leak (#58626). diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c index aa959ede9..51430b2e3 100644 --- a/src/cff/cffobjs.c +++ b/src/cff/cffobjs.c @@ -168,47 +168,53 @@ FT_Memory memory = cffsize->face->memory; CFF_Internal internal = NULL; + CFF_Face face = (CFF_Face)cffsize->face; + CFF_Font font = (CFF_Font)face->extra.data; + PS_PrivateRec priv; - if ( funcs ) - { - CFF_Face face = (CFF_Face)cffsize->face; - CFF_Font font = (CFF_Font)face->extra.data; + FT_UInt i; - PS_PrivateRec priv; + if ( !funcs ) + goto Exit; - FT_UInt i; + if ( FT_NEW( internal ) ) + goto Exit; - - if ( FT_NEW( internal ) ) - goto Exit; - - cff_make_private_dict( &font->top_font, &priv ); - error = funcs->create( cffsize->face->memory, &priv, + cff_make_private_dict( &font->top_font, &priv ); + error = funcs->create( cffsize->face->memory, &priv, &internal->topfont ); + if ( error ) + goto Exit; + + for ( i = font->num_subfonts; i > 0; i-- ) + { + CFF_SubFont sub = font->subfonts[i - 1]; + + + cff_make_private_dict( sub, &priv ); + error = funcs->create( cffsize->face->memory, &priv, + &internal->subfonts[i - 1] ); if ( error ) goto Exit; - - for ( i = font->num_subfonts; i > 0; i-- ) - { - CFF_SubFont sub = font->subfonts[i - 1]; - - - cff_make_private_dict( sub, &priv ); - error = funcs->create( cffsize->face->memory, &priv, - &internal->subfonts[i - 1] ); - if ( error ) - goto Exit; - } - - cffsize->internal->module_data = internal; } + cffsize->internal->module_data = internal; + size->strike_index = 0xFFFFFFFFUL; Exit: if ( error ) + { + if ( internal ) + { + for ( i = font->num_subfonts; i > 0; i-- ) + FT_FREE( internal->subfonts[i - 1] ); + FT_FREE( internal->topfont ); + } + FT_FREE( internal ); + } return error; }