diff --git a/ChangeLog b/ChangeLog
index fdd376a..5647a49 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2006-04-11  Frederic Crozat  <fcrozat@mandriva.com>
+	reviewed by: plam
+
+	* src/fccharset.c: (FcCharSetPutLeaf):
+	* src/fclang.c: (FcNameUnparseLangSet):
+
+	Missing bits from previous patches.
+
+	* src/fccharset.c (FcCharSetSubtractCount):
+	Remove extra semi-colon.
+
+	* src/fccfg.c: (FcConfigBuildFonts):
+	Fix memory leak in error case (Coverity defects #776, #985).
+
+	* src/fcxml.c: (FcPopBinary, FcParsePatelt, FcParsePattern):
+	Fix memory leaks (Coverity defects #779, #781) 
+	and memory use after free (Coverity defect #780).
+
 2006-04-11  Patrick Lam  <plam@mit.edu>
 	* src/fccharset.c (FcCharSetPutLeaf):
 
diff --git a/src/fccfg.c b/src/fccfg.c
index fc70fef..35ab73a 100644
--- a/src/fccfg.c
+++ b/src/fccfg.c
@@ -283,7 +283,7 @@ FcConfigBuildFonts (FcConfig *config)
     {
 	list = FcConfigGetFontDirs (config);
 	if (!list)
-	    goto bail2;
+	    goto bail3;
 	
 	while ((dir = FcStrListNext (list)))
 	{
@@ -334,9 +334,10 @@ FcConfigBuildFonts (FcConfig *config)
     FcConfigSetFonts (config, fonts, FcSetSystem);
     
     return FcTrue;
+bail3:
+    FcStrSetDestroy (oldDirs);
 bail2:
     FcGlobalCacheDestroy (cache);
-    FcStrSetDestroy (oldDirs);
 bail1:
     FcFontSetDestroy (fonts);
 bail0:
@@ -605,17 +606,21 @@ FcBool
 FcConfigAddBlank (FcConfig	*config,
 		  FcChar32    	blank)
 {
-    FcBlanks	*b;
+    FcBlanks	*b, *freeme = 0;
     
     b = config->blanks;
     if (!b)
     {
-	b = FcBlanksCreate ();
+	freeme = b = FcBlanksCreate ();
 	if (!b)
 	    return FcFalse;
     }
     if (!FcBlanksAdd (b, blank))
+    {
+        if (freeme)
+            FcBlanksDestroy (freeme);
 	return FcFalse;
+    }
     config->blanks = b;
     return FcTrue;
 }
diff --git a/src/fccharset.c b/src/fccharset.c
index 531a9b8..dcc8457 100644
--- a/src/fccharset.c
+++ b/src/fccharset.c
@@ -177,7 +177,10 @@ FcCharSetPutLeaf (FcCharSet	*fcs,
 	FcMemAlloc (FC_MEM_CHARSET, (fcs->num + 1) * sizeof (FcCharLeaf *));
 	numbers = malloc ((fcs->num + 1) * sizeof (FcChar16));
 	if (!numbers)
+        {
+	    free (leaves);
 	    return FcFalse;
+        }
 	FcMemAlloc (FC_MEM_CHARSET, (fcs->num + 1) * sizeof (FcChar16));
 
 	for (i = 0; i < fcs->num; i++)
@@ -625,7 +628,7 @@ FcCharSetSubtractCount (const FcCharSet *a, const FcCharSet *b)
 	    int		i = 256/32;
 	    if (ai.ucs4 == bi.ucs4)
 	    {
-		FcChar32	*bm = bi.leaf->map;;
+		FcChar32	*bm = bi.leaf->map;
 		while (i--)
 		    count += FcCharSetPopCount (*am++ & ~*bm++);
 	    }
diff --git a/src/fclang.c b/src/fclang.c
index 4d171ac..552253d 100644
--- a/src/fclang.c
+++ b/src/fclang.c
@@ -578,6 +578,7 @@ FcNameUnparseLangSet (FcStrBuf *buf, const FcLangSet *ls)
                 }
 	    first = FcFalse;
 	}
+        FcStrListDone (list);
     }
     return FcTrue;
 }
diff --git a/src/fcxml.c b/src/fcxml.c
index 1afa4e7..7deeb13 100644
--- a/src/fcxml.c
+++ b/src/fcxml.c
@@ -1541,7 +1541,7 @@ FcPopBinary (FcConfigParse *parse, FcOp op)
 		FcConfigMessage (parse, FcSevereError, "out of memory");
 		FcExprDestroy (left);
 		FcExprDestroy (expr);
-		break;
+		return 0;
 	    }
 	    expr = new;
 	}
@@ -1950,6 +1950,7 @@ FcParsePatelt (FcConfigParse *parse)
     if (!name)
     {
 	FcConfigMessage (parse, FcSevereWarning, "missing pattern element name");
+	FcPatternDestroy (pattern);
 	return;
     }
     
@@ -1988,6 +1989,7 @@ FcParsePattern (FcConfigParse *parse)
 	    if (!FcPatternAppend (pattern, vstack->u.pattern))
 	    {
 		FcConfigMessage (parse, FcSevereError, "out of memory");
+		FcPatternDestroy (pattern);
 		return;
 	    }
 	    break;