From 23b6cd27ff19b70cbf98e058cd2cf0647d5284ff Mon Sep 17 00:00:00 2001
From: Ben Wagner <bungeman@chromium.org>
Date: Thu, 11 Dec 2025 12:18:15 -0500
Subject: [PATCH] Fix leak of exec in tt_size_init_bytecode

* src/truetype/ttobjs.c (tt_size_init_bytecode): Call `TT_Done_Context`
on `exec` if it has not yet been assigned to `size->context`.

Bug: https://issues.oss-fuzz.com/issues/467782706
---
 src/truetype/ttobjs.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/truetype/ttobjs.c b/src/truetype/ttobjs.c
index fd0c0ad14..157556017 100644
--- a/src/truetype/ttobjs.c
+++ b/src/truetype/ttobjs.c
@@ -1049,7 +1049,7 @@
     exec->maxIDefs = maxp->maxInstructionDefs;
 
     if ( FT_NEW_ARRAY( exec->FDefs, exec->maxFDefs + exec->maxIDefs ) )
-      goto Exit;
+      goto Fail;
 
     exec->IDefs = exec->FDefs + exec->maxFDefs;
 
@@ -1068,7 +1068,7 @@
     if ( FT_NEW_ARRAY( exec->stack,
                        exec->stackSize +
                          (FT_Long)( exec->storeSize + exec->cvtSize ) ) )
-      goto Exit;
+      goto Fail;
 
     /* reserve twilight zone and set GS before fpgm is executed, */
     /* just in case, even though fpgm should not touch them      */
@@ -1079,7 +1079,7 @@
 
     error = tt_glyphzone_new( memory, n_twilight, 0, &size->twilight );
     if ( error )
-      goto Exit;
+      goto Fail;
 
     size->GS        = tt_default_graphics_state;
     size->cvt_ready = -1;
@@ -1099,10 +1099,9 @@
     error = tt_size_run_fpgm( size );
     return error;
 
-  Exit:
-    if ( error )
-      tt_size_done_bytecode( size );
-
+  Fail:
+    TT_Done_Context( exec );
+    tt_size_done_bytecode( size );
     return error;
   }