Open-code bbtree_del to avoid free()ing a non-allocated object

As we do already in _cairo_recording_surface_finish. Otherwise, the cleanup path of _cairo_recording_surface_create_bbtree() could call free() on surface->bbtree which is not dynamically allocated. Closes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/645
author: Matt Turner <mattst88@gmail.com> 2023-03-01 13:07:49 -0500
committer: Matt Turner <mattst88@gmail.com> 2023-03-01 13:07:49 -0500
commit: 2cd42566524d3fdce4fc112ad7d72c95e4b860dd (patch)
tree: de5f90e1b1488c627540d9077d5f1b0ccfbeaeb4
parent: 70e37e23d3dc78200e1f9215cebc9a3d2fcb435a (diff)
download: cairo-2cd42566524d3fdce4fc112ad7d72c95e4b860dd.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/cairo-recording-surface.c b/src/cairo-recording-surface.c
index 158ea16ba..2912f5ede 100644
--- a/src/cairo-recording-surface.c
+++ b/src/cairo-recording-surface.c
@@ -364,7 +364,10 @@ _cairo_recording_surface_create_bbtree (cairo_recording_surface_t *surface)
     return CAIRO_STATUS_SUCCESS;
 
 cleanup:
-    bbtree_del (&surface->bbtree);
+    if (surface->bbtree.left)
+	bbtree_del (surface->bbtree.left);
+    if (surface->bbtree.right)
+	bbtree_del (surface->bbtree.right);
     return status;
 }
author	Matt Turner <mattst88@gmail.com>	2023-03-01 13:07:49 -0500
committer	Matt Turner <mattst88@gmail.com>	2023-03-01 13:07:49 -0500
commit	2cd42566524d3fdce4fc112ad7d72c95e4b860dd (patch)
tree	de5f90e1b1488c627540d9077d5f1b0ccfbeaeb4
parent	70e37e23d3dc78200e1f9215cebc9a3d2fcb435a (diff)
download	cairo-2cd42566524d3fdce4fc112ad7d72c95e4b860dd.tar.gz