[dia] Bug 668587 - Double free() for some SVG rendering
- From: Hans Breuer <hans src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [dia] Bug 668587 - Double free() for some SVG rendering
- Date: Sun, 8 Apr 2012 11:08:50 +0000 (UTC)
commit 47bb76af3ba20b5e83be79a874df02c405934899
Author: Hans Breuer <hans breuer org>
Date: Sun Apr 8 14:42:41 2012 +0200
Bug 668587 - Double free() for some SVG rendering
The fix for bug 665648 introduced a memory corruption.
Now the #if-0'ed code as well as the #else branch respect
DiaSvgRender::get_fill_style() having a const return.
lib/diasvgrenderer.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/lib/diasvgrenderer.c b/lib/diasvgrenderer.c
index b0682dd..3d13d53 100644
--- a/lib/diasvgrenderer.c
+++ b/lib/diasvgrenderer.c
@@ -683,13 +683,15 @@ draw_text_line(DiaRenderer *self, TextLine *text_line,
saved_width = renderer->linewidth;
renderer->linewidth = 0.001;
- style = (char*)get_fill_style(renderer, colour);
/* return value must not be freed */
renderer->linewidth = saved_width;
#if 0 /* would need a unit: https://bugzilla.mozilla.org/show_bug.cgi?id=707071#c4 */
- tmp = g_strdup_printf("%s; font-size: %s", style,
+ style = g_strdup_printf("%s; font-size: %s", get_fill_style(renderer, colour),
dia_svg_dtostr(d_buf, text_line_get_height(text_line)));
- style = tmp;
+#else
+ /* get_fill_style: the return value of this function must not be saved
+ * anywhere. And of course it must not be free'd */
+ style = g_strdup (get_fill_style(renderer, colour));
#endif
/* This is going to break for non-LTR texts, as SVG thinks 'start' is
* 'right' for those. */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]