From e2e826b0b186af0229bfa7d96548a9ddb3efe750 Mon Sep 17 00:00:00 2001
From: iasunsea <iasunsea@sina.com>
Date: Thu, 13 Jul 2023 00:34:07 +0800
Subject: [PATCH 1/2] cairo truetype reverse cmap detected memory leaks

---
 src/cairo-truetype-subset.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index 78c7dd5ec..3dadd2b95 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -1317,8 +1317,10 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font,
 
     /* A Format 4 cmap contains 8 uint16_t numbers and 4 arrays of
      * uint16_t each num_segments long. */
-    if (size < (8 + 4*num_segments)*sizeof(uint16_t))
-	return CAIRO_INT_STATUS_UNSUPPORTED;
+    if (size < (8 + 4*num_segments)*sizeof(uint16_t)) {
+        status = CAIRO_INT_STATUS_UNSUPPORTED;
+        goto fail;
+    }
 
     end_code = map->endCount;
     start_code = &(end_code[num_segments + 1]);
@@ -1355,8 +1357,10 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font,
 	    int j;
 
 	    if (range_size > 0) {
-		if ((char*)glyph_ids + 2*range_size > (char*)map + size)
-		    return CAIRO_INT_STATUS_UNSUPPORTED;
+		if ((char*)glyph_ids + 2*range_size > (char*)map + size) {
+                status = CAIRO_INT_STATUS_UNSUPPORTED;
+                 goto fail;
+            }
 
 		for (j = 0; j < range_size; j++) {
 		    if (glyph_ids[j] == g_id_be) {

From 7fe4f00721337ff8561b78c3b3b3ab1a19323a22 Mon Sep 17 00:00:00 2001
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Mon, 17 Jul 2023 15:28:32 +0000
Subject: [PATCH 2/2] Apply 1 suggestion(s) to 1 file(s)

---
 src/cairo-truetype-subset.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index 3dadd2b95..ce2e6ac6d 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -1358,9 +1358,9 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font,
 
 	    if (range_size > 0) {
 		if ((char*)glyph_ids + 2*range_size > (char*)map + size) {
-                status = CAIRO_INT_STATUS_UNSUPPORTED;
-                 goto fail;
-            }
+                    status = CAIRO_INT_STATUS_UNSUPPORTED;
+                    goto fail;
+                }
 
 		for (j = 0; j < range_size; j++) {
 		    if (glyph_ids[j] == g_id_be) {