From 76e758df5b99fd4dee64481b9039b0d44dd01587 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Sat, 12 May 2007 15:40:39 +0100
Subject: [PATCH] [cairo-truetype-subset] Destroy the arrays on error.

Growing the arrays may successfully allocate the indirect pointer, but
fail whilst allocating the actual array - so always call
_cairo_array_fini after _cairo_array_grow_by().
---
 src/cairo-truetype-subset.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index f4bb66c3a..f04541034 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -160,13 +160,13 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
     font->glyphs = calloc (font->num_glyphs_in_face + 1, sizeof (subset_glyph_t));
     if (font->glyphs == NULL) {
 	status = CAIRO_STATUS_NO_MEMORY;
-	goto fail2;
+	goto fail1;
     }
 
     font->parent_to_subset = calloc (font->num_glyphs_in_face, sizeof (int));
     if (font->parent_to_subset == NULL) {
 	status = CAIRO_STATUS_NO_MEMORY;
-	goto fail3;
+	goto fail2;
     }
 
     font->base.num_glyphs = 0;
@@ -210,7 +210,7 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
         font->base.base_font = malloc (30);
         if (font->base.base_font == NULL) {
 	    status = CAIRO_STATUS_NO_MEMORY;
-            goto fail4; 
+            goto fail3;
 	}
 
         snprintf(font->base.base_font, 30, "CairoFont-%u-%u",
@@ -228,13 +228,13 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
     font->base.widths = calloc (font->num_glyphs_in_face, sizeof (int));
     if (font->base.widths == NULL) {
 	status = CAIRO_STATUS_NO_MEMORY;
-	goto fail5;
+	goto fail4;
     }
 
     _cairo_array_init (&font->string_offsets, sizeof (unsigned long));
     status = _cairo_array_grow_by (&font->string_offsets, 10);
     if (status)
-	goto fail6;
+	goto fail5;
 
     font->status = CAIRO_STATUS_SUCCESS;
 
@@ -242,17 +242,17 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
 
     return CAIRO_STATUS_SUCCESS;
 
- fail6:
-    free (font->base.widths);
  fail5:
-    free (font->base.base_font);
+    _cairo_array_fini (&font->string_offsets);
+    free (font->base.widths);
  fail4:
-    free (font->parent_to_subset);
+    free (font->base.base_font);
  fail3:
-    free (font->glyphs);
+    free (font->parent_to_subset);
  fail2:
-    _cairo_array_fini (&font->output);
+    free (font->glyphs);
  fail1:
+    _cairo_array_fini (&font->output);
     free (font);
  fail0:
     if (name)