Fix a memory leak with cairo_tag_begin() + pdf (!126) · Merge requests · cairo / cairo

Uli Schlachter requested to merge psychon/cairo:pdf-tag-leak into master Feb 13, 2021

The error paths in _cairo_pdf_interchange_begin_dest_tag() do not clean up and cause some memory to be leaked. Fix this by adding the necessary free()s.

The first hunk, the missing free(dest) was found by oss-fuzz (see link below).

The second hunk is an obvious follow up. It also cleans up the memory allocated by _cairo_tag_parse_dest_attributes().

The cleanup in the second hunk is similar to the function _named_dest_pluck() in the same function, but that function also removes the entry from a hash table. The error case here is that exactly this hash table insertion failed. Thus, the code cannot simply use the already existing function.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30880 Signed-off-by: Uli Schlachter psychon@znc.in

Fix a memory leak with cairo_tag_begin() + pdf

Merge request reports