From: Michael Orlitzky Date: Fri, 26 Jan 2024 12:35:16 +0000 (-0500) Subject: src/svgtiny_css.c: change lwc_string_destroy -> lwc_string_unref X-Git-Url: http://gitweb.michael.orlitzky.com/?a=commitdiff_plain;h=refs%2Fheads%2Flibcss;p=libsvgtiny.git src/svgtiny_css.c: change lwc_string_destroy -> lwc_string_unref In the node_is_lang() callback, we're interning "lang" and later destroying it. But "lang" is already interned at that point (in libcss), so we are destroying a copy that doesn't belong to us. It should be unref'd instead. Valgrind detected the error. Thanks to Michael Drake for the pointer. --- diff --git a/src/svgtiny_css.c b/src/svgtiny_css.c index 495a39f..96991dd 100644 --- a/src/svgtiny_css.c +++ b/src/svgtiny_css.c @@ -1805,6 +1805,11 @@ static css_error node_is_lang(void *pw, void *node, css_qname attr; attr.ns = NULL; + /* The string "lang" is already interned in our + * css_select_ctx, but its members aren't visible to + * us. Trying to intern it again will get a reference to the + * existing string, so it's important that we unref (as + * opposed to destroy) it later. */ if (lwc_intern_string("lang", 4, &attr.name) != lwc_error_ok) { return CSS_NOMEM; } @@ -1818,12 +1823,12 @@ static css_error node_is_lang(void *pw, void *node, c_err = _node_has_attribute_substring(pw, (void *)n, &attr, lang, &match, true); if (c_err != CSS_OK) { - lwc_string_destroy(attr.name); + lwc_string_unref(attr.name); return c_err; } if (match) { /* matched this element; we're done */ - lwc_string_destroy(attr.name); + lwc_string_unref(attr.name); *is_lang = true; return CSS_OK; } @@ -1831,14 +1836,14 @@ static css_error node_is_lang(void *pw, void *node, /* no match on this element, try its parent */ d_err = dom_node_get_parent_node(n, &p); if (d_err != DOM_NO_ERR) { - lwc_string_destroy(attr.name); + lwc_string_unref(attr.name); return CSS_NOMEM; } n = p; } /* If we never find a match we may wind up here */ - lwc_string_destroy(attr.name); + lwc_string_unref(attr.name); return CSS_OK; }