From 0c66043a924fd114017a862d2cacd70f64b92370 Mon Sep 17 00:00:00 2001
From: Bruce Mitchener <bruce.mitchener@gmail.com>
Date: Wed, 31 Jan 2018 20:24:27 +0700
Subject: [PATCH] [coretext] Fix memory leaks.

In `reference_table`, if the data is empty and we return early,
we still need to release the data object.

In `hb_coretext_shape`, there two edge cases where an early
return should release the attributed string.
---
 src/hb-coretext.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/hb-coretext.cc b/src/hb-coretext.cc
index 440201769..905c9f76a 100644
--- a/src/hb-coretext.cc
+++ b/src/hb-coretext.cc
@@ -74,7 +74,10 @@ reference_table  (hb_face_t *face HB_UNUSED, hb_tag_t tag, void *user_data)
   const char *data = reinterpret_cast<const char*> (CFDataGetBytePtr (cf_data));
   const size_t length = CFDataGetLength (cf_data);
   if (!data || !length)
+  {
+    CFRelease (cf_data);
     return nullptr;
+  }
 
   return hb_blob_create (data, length, HB_MEMORY_MODE_READONLY,
 			 reinterpret_cast<void *> (const_cast<__CFData *> (cf_data)),
@@ -877,7 +880,10 @@ resize_and_retry:
 							    kCFStringEncodingUTF8,
 							    kCFAllocatorNull);
 	if (unlikely (!lang))
+        {
+	  CFRelease (attr_string);
 	  FAIL ("CFStringCreateWithCStringNoCopy failed");
+        }
 	CFAttributedStringSetAttribute (attr_string, CFRangeMake (0, chars_len),
 					kCTLanguageAttributeName, lang);
 	CFRelease (lang);
@@ -946,7 +952,10 @@ resize_and_retry:
 						    &kCFTypeDictionaryValueCallBacks);
       CFRelease (level_number);
       if (unlikely (!options))
+      {
+        CFRelease (attr_string);
         FAIL ("CFDictionaryCreate failed");
+      }
 
       CTTypesetterRef typesetter = CTTypesetterCreateWithAttributedStringAndOptions (attr_string, options);
       CFRelease (options);