From 75534a04327b54f04461a659a92f0b1cd04ac42c Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Wed, 3 Jun 2015 00:54:09 +0200 Subject: [PATCH] [truetype] Fix memory leak. Problem reported by Grissiom ; in http://lists.nongnu.org/archive/html/freetype/2015-05/msg00013.html there is an example code to trigger the bug. * src/truetype/ttobjs.c (tt_size_init_bytecode): Free old `size' data before allocating again. Bug most probably introduced four years ago in version 2.4.3. --- ChangeLog | 16 +++++++++++++++- src/truetype/ttobjs.c | 10 ++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index c6c03f3ac..e246a428f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,18 @@ -2015-06-01 Werner Lemberg +2015-06-03 Werner Lemberg + + [truetype] Fix memory leak. + + Problem reported by Grissiom ; in + + http://lists.nongnu.org/archive/html/freetype/2015-05/msg00013.html + + there is an example code to trigger the bug. + + * src/truetype/ttobjs.c (tt_size_init_bytecode): Free old `size' + data before allocating again. Bug most probably introduced four + years ago in version 2.4.3. + +2015-06-02 Werner Lemberg [raster] Add more tracing. diff --git a/src/truetype/ttobjs.c b/src/truetype/ttobjs.c index aefabef3e..202aa046f 100644 --- a/src/truetype/ttobjs.c +++ b/src/truetype/ttobjs.c @@ -954,6 +954,16 @@ TT_MaxProfile* maxp = &face->max_profile; + /* clean up bytecode related data */ + FT_FREE( size->function_defs ); + FT_FREE( size->instruction_defs ); + FT_FREE( size->cvt ); + FT_FREE( size->storage ); + + if ( size->context ) + TT_Done_Context( size->context ); + tt_glyphzone_done( &size->twilight ); + size->bytecode_ready = -1; size->cvt_ready = -1;