fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-06-19 12:28:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a double free in _cairo_mono_scan_converter_create

Browse source 
When `_mono_scan_converter_init` failed,
`self->converter->polygon` will be freed by `polygon_fini()`. However,
the `bail` branch still called `polygon_fini()` to free
`self->converter->polygon`.

We remvoe the redundant `polygon_fini()` in `_mono_scan_converter_init`
to avoid the double free.

This fixes #557.

Signed-off-by: Feysh INC <opensource@feysh.com>
This commit is contained in:
Feysh INC 2022-04-22 16:43:59 +08:00
parent a934fa66db
commit 99cd4bb3bd
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/cairo-mono-scan-converter.c
View file

@ -403,7 +403,6 @@ _mono_scan_converter_init(struct mono_scan_converter *c,
c->spans = _cairo_malloc_ab (max_num_spans,
sizeof (cairo_half_open_span_t));
if (unlikely (c->spans == NULL)) {
polygon_fini (c->polygon);
return _cairo_error (CAIRO_STATUS_NO_MEMORY);
}
} else