From 43eb9a343bdf3f8330d03eab12fd0ba17abea1f0 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Sat, 19 Oct 2024 16:46:51 -0400
Subject: [PATCH] src/svgtiny_css.c free dom_string in
 svgtiny_dom_user_data_handler()

This callback uses dom_string_create() for a comparison, but forgets
to call either dom_string_destroy() or dom_string_unref() after the
string has outlived its usefulness. The string is used one line after
it is created, so we find dom_string_destroy() to be more clear in
this case.
---
 src/svgtiny_css.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/svgtiny_css.c b/src/svgtiny_css.c
index 96991dd..bbef58d 100644
--- a/src/svgtiny_css.c
+++ b/src/svgtiny_css.c
@@ -1938,8 +1938,10 @@ static void svgtiny_dom_user_data_handler(dom_node_operation operation,
 	dom_string_create((const uint8_t *)"_libcss_user_data", 17, &str);
 	if (dom_string_isequal(str,key) == false || data == NULL) {
 		/* Wrong key, or no data */
+		dom_string_destroy(str);
 		return;
 	}
+	dom_string_destroy(str);
 
 	/* Check the DOM operation, and make the corresponding call to
 	 * css_libcss_node_data_handler(). No error handling is done.
-- 
2.44.2