Memory leak if cairo_get_source() is called on a context in an error state
First, to not have valgrind
confused by the cache:
diff --git a/src/cairo-pattern.c b/src/cairo-pattern.c
index 1933fb80a..b37e6580a 100644
--- a/src/cairo-pattern.c
+++ b/src/cairo-pattern.c
@@ -1146,7 +1146,7 @@ cairo_pattern_destroy (cairo_pattern_t *pattern)
_cairo_pattern_fini (pattern);
/* maintain a small cache of freed patterns */
- if (type < ARRAY_LENGTH (freed_pattern_pool))
+ if (0 && type < ARRAY_LENGTH (freed_pattern_pool))
_freed_pool_put (&freed_pattern_pool[type], pattern);
else
free (pattern);
Running CAIRO_TEST_TARGET=image valgrind --leak-check=full ./cairo-test-suite -f api-special-cases
finds a leak:
==18712== 336 bytes in 2 blocks are definitely lost in loss record 3 of 9
==18712== at 0x48407B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18712== by 0x48BE1F4: _cairo_pattern_create_solid (cairo-pattern.c:614)
==18712== by 0x48BE293: _cairo_pattern_create_in_error (cairo-pattern.c:645)
==18712== by 0x490642E: cairo_get_source (cairo.c:1042)
==18712== by 0x132580: test_cairo_get_source (api-special-cases.c:825)
==18712== by 0x13392F: test_context (api-special-cases.c:1788)
==18712== by 0x133C4D: draw (api-special-cases.c:1857)
==18712== by 0x129EF0: cairo_test_for_target (cairo-test.c:938)
==18712== by 0x12B37F: _cairo_test_context_run_for_target (cairo-test.c:1545)
==18712== by 0x12C385: _cairo_test_runner_draw (cairo-test-runner.c:258)
==18712== by 0x12DEB5: main (cairo-test-runner.c:962)
cairo_get_source()
is explicit about not creating a reference for its return value. Thus, one must not use cairo_pattern_destroy()
on it. However, if the context is in an error state, this function uses _cairo_pattern_create_in_error()
which allocates new memory which must be freed / destroyed. That's where the above memory leak comes from.