Closed Bug 556314 Opened 15 years ago Closed 14 years ago

cairo_meta_surface_ink_extents doesn't handle failure from _cairo_null_surface_create

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity, memory-leak)

1122 cairo_meta_surface_ink_extents (cairo_surface_t *surface, 1140 null_surface = _cairo_null_surface_create (CAIRO_CONTENT_COLOR_ALPHA); this can fail, if it fails, null_surface->status will be a failure code 1141 analysis_surface = _cairo_analysis_surface_create (null_surface, -1, -1); this could allocate a surface, but it will inherit the failure status from null_surface. 1142 cairo_surface_destroy (null_surface); this will probably crash, but that's no fun :) 1144 status = analysis_surface->status; 1145 if (unlikely (status)) 1146 goto DONE; 1152 DONE: now we leak analysis_surface 1161 }
meta surface was renamed to recording surface. The work to get the bounding box was factored out to its own function: _recording_surface_get_ink_bbox This would appear to leak the same way, however the function: _cairo_analysis_surface_create If the malloc fails you get: surface = malloc (sizeof (cairo_analysis_surface_t)); if (unlikely (surface == NULL)) return _cairo_surface_create_in_error (_cairo_error(CAIRO_STATUS_NO_MEMORY)); But _cairo_surface_create_in_error returns a const struct defining the error, so it does not need to be freed. I believe this means there is no leak possibility.
Closing as per #1.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.