From eb75ce0861b2f3dc753b8fa5653afc2f99948f0b Mon Sep 17 00:00:00 2001
From: Uli Schlachter <psychon@znc.in>
Date: Sat, 5 Dec 2020 08:15:34 +0100
Subject: [PATCH] Fix a leak in cairo-xcb's render compositor

The code here temporary replaces extents->clip with another clip to call
a function. Afterwards, it restores the previous copy. The temporary
clip is only freed when it still is pointed to by extents->clip.

This logic is wrong. It is indeed possible that the clip is simplified
and changes. In this case, the original clip is also correctly freed.
However, this still means that we have to clean up and destroy the new
clip. The previous code just leaked it.

This was originally identified by Massimo in [1]. I am just committing
his patch.

[1]: https://bugs.freedesktop.org/show_bug.cgi?id=91267

Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/24
Signed-off-by: Uli Schlachter <psychon@znc.in>
---
 src/cairo-xcb-surface-render.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c
index 42f27c71f..e0569d860 100644
--- a/src/cairo-xcb-surface-render.c
+++ b/src/cairo-xcb-surface-render.c
@@ -3144,8 +3144,7 @@ _clip_and_composite_boxes (cairo_xcb_surface_t *dst,
 					 antialias,
 					 fill_rule,
 					 extents);
-	    if (extents->clip != clip)
-		clip = NULL;
+	    clip = extents->clip;
 	    extents->clip = saved_clip;
 	    _cairo_polygon_fini (&polygon);
 	}