View Issue Details

IDProjectCategoryView StatusLast Update
0000892luatexluatex bugpublic2015-11-02 13:26
Reporterphg Assigned Toluigi scarso  
Status closedResolutionfixed 
Target Version0.85.0Fixed in Version0.85.0 
Summary0000892: luafontloader memleak patches
DescriptionThe set of patches addresses four resource leaks in the fontforge
code that occur with or
Fonts required to trigger the leaks and their sha1 checksums:

* ipam.ttf: dbbdd8c7fd5c572a5eb5c118f972a610ecea4b84

* xits-math.otf: 0df83068c976a2414f17feb202fac529b3fb3475

* kozminpr6n_regular.otf: cca7638b88e31b42a23e6ce9de2e2dd043127503

All patches combined account for a balance of -15642 leaked
bytes with the 1458 fonts on my system when reindexing font
files with Luaotfload.

Steps To ReproduceRun this snippet as ``valgrind texlua leakcheck.lua open FONTNAME``
(or ``info FONTNAME``, respectively).

    #!/usr/bin/env texlua
    local main = function ()
      if #arg ~= 2 then os.exit (1) end
      local fnt = arg[2]
      local fontdata = fontloader[arg[1]] (fnt)
      return 0
    return main ()
Additional Information1. macenc.c: MacStrToUtf8() allocates the same buffer twice without
    free()ing it.
    Example: ipam.ttf, 1398 B less leaked with

2. splineutil.c: SplineFontFree() fails to deallocate the field
    Example: xits-math.otf, 114 B less leaked with
3. parsettf.c: ApplyVariationSequenceSubtable() allocates a one or
    more struct vs_data (3 ints), never freeing them.
    Example: xits-math.otf, 12 B less leaked with

4. macenc.c: MacStrToUtf8() when exiting early fails to close non-NULL
    iconv descriptor and free a recently allocated buffer.
    Example: kozminpr6n_regular.otf, 8 + 286 B less leaked with

TagsNo tags attached.



2014-04-04 08:11



2014-04-19 14:32



2014-04-19 14:34

reporter   ~0001270

Attached another batch of (mostly) memleak patches for the luafontloader:

1. oob-access-parsettf.c-_readencstring.patch (Not actually a leak but
    parsettf.c: _readencstring() accesses the out[] array out of
    bounds. 100 % reproducible by calling on the
    avkv.ttf font which has invalid strings.

2. memleak-splinefont.c-ReadSplineFontInfo.patch
    splinefont.c: In ReadSplineFontInfo() the region initially
    allocated to fontlist is iterated over but never freed. Same for
    the strings allocated by NamesReadTTF() and SFREadMacBinaryInfo().
    Example: HGRGM.TTC, 160 less bytes leaked with

3. memleak-splineutil.c-parsettf.c-chosenname.patch
    parsettf.c, splineutil.c: The field “chosenname” is being omitted
    from copying in SFFillFromTTFInfo() and not freed along with the
    remaining fields in SplineFontFree(). Example: HGRGM.TTC, 32 less
    bytes leaked with

4. memleak-parsettf.c-readttfpostnames.patch
    parsettf.c: A character’s name field is overwritten without freeing
    possibly existing fields. Occurs at index 258 with the string
    “.notdef”. Example: OpenSans-SemiboldItalic.ttf, 8 less bytes
    leaked with

5. memleak-parsettfatt.c-ttf_math_read_gvtable.patch
    parsettfatt.c: ttf_math_read_gvtable() doesn’t guard the allocation
    of ttfinfo->{horiz,vert}_variants which may have been allocated
    previously by the same function. This situation occurs if
    GuessNamesFromMATH() is called before otf_read_math(). Example:
    subfont 1 of cambria.ttc, 2232 less bytes leaked with

6. memleak-parsettfatt.c-ttf_math_read_constants.patch
    parsettfatt.c: ttf_math_read_constants() doesn’t guard the
    allocation of ttfinfo->math which may already have been allocated
    by ttf_math_read_variants(). This situation occurs if
    GuessNamesFromMATH() is called before otf_read_math(). Example:
    subfont 1 of cambria.ttc, 14 less bytes leaked with

7. memleak-luafflib.c-ff_close.patch
    luafflib.c: With some fonts the _FontViewBaseCreate() creates a new
    EncMap for the FontViewBase. In these cases the EncMap that is part
    of the original SplineFont must be deallocated separately. Example:
    FandolSong-Bold.otf, 56 less bytes leaked with

SHA1 checksums of the files used:

    99e595071d066d04117de9b27b84355abc95852d testfonts/avkv.ttf
    3bda6f43cbe1b15ac92d264919dc4602d5f01cce testfonts/cambria.ttc
    73b3e8b7945a691559ffc74eac694ee3fa9f1074 testfonts/FandolSong-Bold.otf
    d823a7d34bc9ed77dd49fd805a879950449b2e56 testfonts/HGRGM.TTC
    f577ce4322c761a10d093f11f077a48602d2c076 testfonts/OpenSans-SemiboldItalic.ttf

luigi scarso

2015-05-20 15:29

developer   ~0001380

Thank you for the report, I will investigate.

luigi scarso

2015-06-17 11:21

developer   ~0001385

it's still open, but in the meanwhile we have fixed several other mem leaks.

luigi scarso

2015-10-29 22:10

developer   ~0001492

I'm looking into it.

Hans Hagen

2015-11-02 13:26

manager   ~0001493

all kind of small leaks fixed (not only fonts)

Issue History

Date Modified Username Field Change
2014-04-04 08:11 phg New Issue
2014-04-04 08:11 phg File Added: luatex-r4973-memleak-patches.tar.xz
2014-04-19 14:32 phg File Added: luatex-r4976-memleak-patches.tar.xz
2014-04-19 14:34 phg Note Added: 0001270
2015-03-21 15:15 Hans Hagen Assigned To => luigi scarso
2015-03-21 15:15 Hans Hagen Status new => assigned
2015-05-20 15:29 luigi scarso Note Added: 0001380
2015-06-17 11:21 luigi scarso Note Added: 0001385
2015-10-22 11:09 Hans Hagen Priority normal => low
2015-10-22 11:09 Hans Hagen Target Version => 0.85.0
2015-10-29 22:10 luigi scarso Note Added: 0001492
2015-11-02 13:26 Hans Hagen Note Added: 0001493
2015-11-02 13:26 Hans Hagen Status assigned => closed
2015-11-02 13:26 Hans Hagen Resolution open => fixed
2015-11-02 13:26 Hans Hagen Fixed in Version => 0.85.0