Closed Bug 556314 Opened 14 years ago Closed 13 years ago

cairo_meta_surface_ink_extents doesn't handle failure from _cairo_null_surface_create

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity, memory-leak) 

1122 cairo_meta_surface_ink_extents (cairo_surface_t *surface,

1140     null_surface = _cairo_null_surface_create (CAIRO_CONTENT_COLOR_ALPHA);

this can fail, if it fails, null_surface->status will be a failure code

1141     analysis_surface = _cairo_analysis_surface_create (null_surface, -1, -1);

this could allocate a surface, but it will inherit the failure status from null_surface.

1142     cairo_surface_destroy (null_surface);

this will probably crash, but that's no fun :)

1144     status = analysis_surface->status;
1145     if (unlikely (status))
1146         goto DONE;

1152 DONE:

now we leak analysis_surface

1161 }
meta surface was renamed to recording surface.

The work to get the bounding box was factored out to its own function:
_recording_surface_get_ink_bbox

This would appear to leak the same way, however the function:
 _cairo_analysis_surface_create

If the malloc fails you get:

    surface = malloc (sizeof (cairo_analysis_surface_t));
    if (unlikely (surface == NULL))
	return _cairo_surface_create_in_error (_cairo_error(CAIRO_STATUS_NO_MEMORY));

But _cairo_surface_create_in_error returns a const struct defining the error, so it does not need to be freed.  I believe this means there is no leak possibility.
Closing as per #1.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.