Commit 5498d93e authored by Committed by Carlos Garcia Campos
Use a single global FT_Library in CairoOutputDev
Cairo may internally keep references to the FreeType fonts loaded in CairoFontEngine even after poppler is done with them. Commit 42db4890 ("Do not call FT_Done_Face on a live cairo_font_face_t") introduced a fix for one use-after-free bug, by delaying deleting an FT_Face objects until cairo is done with it. That fix doesn't correct all the bugs. An FT_Library object is created for each CairoOutputDev object, and deleted when the CairoOutputDev goes away. But the FT_Library object should not be deleted while fonts loaded using it are still in use. And cairo can keep references to fonts around more or less indefinitely. To more fully fix the problem, we can either: 1. Keep a count of not-yet-deleted fonts associated with each FT_Library, and wait to call FT_Done_FreeType until it drops to zero. 2. Never call FT_Done_FreeType. The second option is the simplest. To avoid leaking memory FT_Library objects, use a single global FT_Library instead of a per-CairoOutputDev copy.
Showing with 18 additions and 4 deletions