src/svgtiny_css.c: change lwc_string_destroy -> lwc_string_unref

In the node_is_lang() callback, we're interning "lang" and later
destroying it. But "lang" is already interned at that point (in
libcss), so we are destroying a copy that doesn't belong to us. It
should be unref'd instead. Valgrind detected the error. Thanks to
Michael Drake for the pointer.

diff --git a/src/svgtiny_css.c b/src/svgtiny_css.c
index 495a39ff9534fb027b258243904a843912dd5fb9..96991ddfcfcfe4684b9411709c44367b4651fa92 100644 (file)
--- a/src/svgtiny_css.c
+++ b/src/svgtiny_css.c
@@ -1805,6 +1805,11 @@ static css_error node_is_lang(void *pw, void *node,
        css_qname attr;
        attr.ns = NULL;
 
+       /* The string "lang" is already interned in our
+        * css_select_ctx, but its members aren't visible to
+        * us. Trying to intern it again will get a reference to the
+        * existing string, so it's important that we unref (as
+        * opposed to destroy) it later. */
        if (lwc_intern_string("lang", 4, &attr.name) != lwc_error_ok) {
                return CSS_NOMEM;
        }
@@ -1818,12 +1823,12 @@ static css_error node_is_lang(void *pw, void *node,
                c_err = _node_has_attribute_substring(pw, (void *)n, &attr,
                                                lang, &match, true);
                if (c_err != CSS_OK) {
-                       lwc_string_destroy(attr.name);
+                       lwc_string_unref(attr.name);
                        return c_err;
                }
                if (match) {
                        /* matched this element; we're done */
-                       lwc_string_destroy(attr.name);
+                       lwc_string_unref(attr.name);
                        *is_lang = true;
                        return CSS_OK;
                }
@@ -1831,14 +1836,14 @@ static css_error node_is_lang(void *pw, void *node,
                /* no match on this element, try its parent */
                d_err = dom_node_get_parent_node(n, &p);
                if (d_err != DOM_NO_ERR) {
-                       lwc_string_destroy(attr.name);
+                       lwc_string_unref(attr.name);
                        return CSS_NOMEM;
                }
                n = p;
        }
 
        /* If we never find a match we may wind up here */
-       lwc_string_destroy(attr.name);
+       lwc_string_unref(attr.name);
        return CSS_OK;
 }