View Issue Details

IDProjectCategoryView StatusLast Update
0000892luatexluatex bugpublic2015-11-02 13:26
ReporterphgAssigned Toluigi scarso 
PrioritylowSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version 
Target Version0.85.0Fixed in Version0.85.0 
Summary0000892: luafontloader memleak patches
DescriptionThe set of patches addresses four resource leaks in the fontforge
code that occur with fontloader.open() or fontloader.info().
Fonts required to trigger the leaks and their sha1 checksums:

* ipam.ttf: dbbdd8c7fd5c572a5eb5c118f972a610ecea4b84

* xits-math.otf: 0df83068c976a2414f17feb202fac529b3fb3475

* kozminpr6n_regular.otf: cca7638b88e31b42a23e6ce9de2e2dd043127503

All patches combined account for a balance of -15642 leaked
bytes with the 1458 fonts on my system when reindexing font
files with Luaotfload.

Steps To ReproduceRun this snippet as ``valgrind texlua leakcheck.lua open FONTNAME``
(or ``info FONTNAME``, respectively).

    #!/usr/bin/env texlua
    local main = function ()
      if #arg ~= 2 then os.exit (1) end
      local fnt = arg[2]
      local fontdata = fontloader[arg[1]] (fnt)
      return 0
    end
    
    return main ()
Additional Information1. macenc.c: MacStrToUtf8() allocates the same buffer twice without
    free()ing it.
    Example: ipam.ttf, 1398 B less leaked with fontloader.info().

2. splineutil.c: SplineFontFree() fails to deallocate the field
    ``MATH``.
    Example: xits-math.otf, 114 B less leaked with fontloader.open().
    
3. parsettf.c: ApplyVariationSequenceSubtable() allocates a one or
    more struct vs_data (3 ints), never freeing them.
    Example: xits-math.otf, 12 B less leaked with fontloader.open().

4. macenc.c: MacStrToUtf8() when exiting early fails to close non-NULL
    iconv descriptor and free a recently allocated buffer.
    Example: kozminpr6n_regular.otf, 8 + 286 B less leaked with
    fontloader.open().

TagsNo tags attached.

Activities

phg

2014-04-04 08:11

reporter  

luatex-r4973-memleak-patches.tar.xz (1,368 bytes)

phg

2014-04-19 14:32

reporter  

luatex-r4976-memleak-patches.tar.xz (3,756 bytes)

phg

2014-04-19 14:34

reporter   ~0001270

Attached another batch of (mostly) memleak patches for the luafontloader:

1. oob-access-parsettf.c-_readencstring.patch (Not actually a leak but
    whatever.)
    parsettf.c: _readencstring() accesses the out[] array out of
    bounds. 100 % reproducible by calling fontloader.info() on the
    avkv.ttf font which has invalid strings.

2. memleak-splinefont.c-ReadSplineFontInfo.patch
    splinefont.c: In ReadSplineFontInfo() the region initially
    allocated to fontlist is iterated over but never freed. Same for
    the strings allocated by NamesReadTTF() and SFREadMacBinaryInfo().
    Example: HGRGM.TTC, 160 less bytes leaked with fontloader.info().

3. memleak-splineutil.c-parsettf.c-chosenname.patch
    parsettf.c, splineutil.c: The field “chosenname” is being omitted
    from copying in SFFillFromTTFInfo() and not freed along with the
    remaining fields in SplineFontFree(). Example: HGRGM.TTC, 32 less
    bytes leaked with fontloader.info().

4. memleak-parsettf.c-readttfpostnames.patch
    parsettf.c: A character’s name field is overwritten without freeing
    possibly existing fields. Occurs at index 258 with the string
    “.notdef”. Example: OpenSans-SemiboldItalic.ttf, 8 less bytes
    leaked with fontloader.open().

5. memleak-parsettfatt.c-ttf_math_read_gvtable.patch
    parsettfatt.c: ttf_math_read_gvtable() doesn’t guard the allocation
    of ttfinfo->{horiz,vert}_variants which may have been allocated
    previously by the same function. This situation occurs if
    GuessNamesFromMATH() is called before otf_read_math(). Example:
    subfont 1 of cambria.ttc, 2232 less bytes leaked with
    fontloader.open().

6. memleak-parsettfatt.c-ttf_math_read_constants.patch
    parsettfatt.c: ttf_math_read_constants() doesn’t guard the
    allocation of ttfinfo->math which may already have been allocated
    by ttf_math_read_variants(). This situation occurs if
    GuessNamesFromMATH() is called before otf_read_math(). Example:
    subfont 1 of cambria.ttc, 14 less bytes leaked with
    fontloader.open().

7. memleak-luafflib.c-ff_close.patch
    luafflib.c: With some fonts the _FontViewBaseCreate() creates a new
    EncMap for the FontViewBase. In these cases the EncMap that is part
    of the original SplineFont must be deallocated separately. Example:
    FandolSong-Bold.otf, 56 less bytes leaked with fontloader.open().

SHA1 checksums of the files used:

    99e595071d066d04117de9b27b84355abc95852d testfonts/avkv.ttf
    3bda6f43cbe1b15ac92d264919dc4602d5f01cce testfonts/cambria.ttc
    73b3e8b7945a691559ffc74eac694ee3fa9f1074 testfonts/FandolSong-Bold.otf
    d823a7d34bc9ed77dd49fd805a879950449b2e56 testfonts/HGRGM.TTC
    f577ce4322c761a10d093f11f077a48602d2c076 testfonts/OpenSans-SemiboldItalic.ttf

luigi scarso

2015-05-20 15:29

developer   ~0001380

Thank you for the report, I will investigate.

luigi scarso

2015-06-17 11:21

developer   ~0001385

it's still open, but in the meanwhile we have fixed several other mem leaks.

luigi scarso

2015-10-29 22:10

developer   ~0001492

I'm looking into it.

Hans Hagen

2015-11-02 13:26

manager   ~0001493

all kind of small leaks fixed (not only fonts)

Issue History

Date Modified Username Field Change
2014-04-04 08:11 phg New Issue
2014-04-04 08:11 phg File Added: luatex-r4973-memleak-patches.tar.xz
2014-04-19 14:32 phg File Added: luatex-r4976-memleak-patches.tar.xz
2014-04-19 14:34 phg Note Added: 0001270
2015-03-21 15:15 Hans Hagen Assigned To => luigi scarso
2015-03-21 15:15 Hans Hagen Status new => assigned
2015-05-20 15:29 luigi scarso Note Added: 0001380
2015-06-17 11:21 luigi scarso Note Added: 0001385
2015-10-22 11:09 Hans Hagen Priority normal => low
2015-10-22 11:09 Hans Hagen Target Version => 0.85.0
2015-10-29 22:10 luigi scarso Note Added: 0001492
2015-11-02 13:26 Hans Hagen Note Added: 0001493
2015-11-02 13:26 Hans Hagen Status assigned => closed
2015-11-02 13:26 Hans Hagen Resolution open => fixed
2015-11-02 13:26 Hans Hagen Fixed in Version => 0.85.0