Skip to content

Memory leak in cairo-script-surface

Submitted by Massimo

Assigned to Chris Wilson @ickle

Link to original bug (#91396)

Description

Created attachment 117248 plug a memory leak

The bug is that in '_emit_recording_surface_pattern' the current cr is saved on the stack in 'old_cr':

http://cgit.freedesktop.org/cairo/tree/src/cairo-script-surface.c#n1173

if replaying the recording surface 'emit_source' is called it is possible that the 'current_source' member of surface->cr is finished and in its place is copied the new source, (for surface_patterns this means that the new source surface ref count is incremented):

http://cgit.freedesktop.org/cairo/tree/src/cairo-script-surface.c#n1741

but exiting the recursion 'old_cr' is assigned/raw-copied onto surface->cr and current_source is overwritten without the matching ref count decrement.

compiling cairo with -fsanitize=address Gcc option and running

(cd test; CAIRO_TEST_TARGET=recording ./cairo-test-suite -f user-font-mask )

the report ends with: ... SUMMARY: AddressSanitizer: 7632 byte(s) leaked in 27 allocation(s).

Attachment 117248, "plug a memory leak":
0001-cairo-script-surface-plug-a-memory-leak.patch

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information