From 106f8590457a7ebb5335d67f16277e8d5a6b04a8 Mon Sep 17 00:00:00 2001
From: Carl Worth <cworth@cworth.org>
Date: Wed, 4 Apr 2007 15:59:50 -0700
Subject: [PATCH] Move misplaced CLEANUP_FONT label to avoid crash.

Previously, a failure in _cairo_win32_scaled_font_init_glyph_path leading
to the CLEANUP_FONT label would set the path into the glyph, then destroy
the path, and return an error status, (which in turn would cause a double
free when the glyph was destroyed).

The double-free apparently leads to a crash in some cases, as described
here:

	 SVG/Cairo related crash when opening specific webpage
	https://bugzilla.mozilla.org/show_bug.cgi?id=376498

This should eliminate the double-free, but does not address the original
error case, (attempting to get a path from a bitmap font?).
---
 src/cairo-win32-font.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/cairo-win32-font.c b/src/cairo-win32-font.c
index c38e1a542..82e3bfcf8 100644
--- a/src/cairo-win32-font.c
+++ b/src/cairo-win32-font.c
@@ -1451,16 +1451,14 @@ _cairo_win32_scaled_font_init_glyph_path (cairo_win32_scaled_font_t *scaled_font
     }
     free(buffer);
 
-CLEANUP_FONT:
-
     _cairo_scaled_glyph_set_path (scaled_glyph,
 				  &scaled_font->base,
 				  path);
 
+ CLEANUP_FONT:
     cairo_win32_scaled_font_done_font (&scaled_font->base);
 
  CLEANUP_PATH:
-
     if (status != CAIRO_STATUS_SUCCESS)
 	_cairo_path_fixed_destroy (path);