From 381636aa7287a5215baf57b852518cf1741a9878 Mon Sep 17 00:00:00 2001
From: Till Kamppeter <till.kamppeter@gmail.com>
Date: Sun, 19 Feb 2023 22:11:44 +0100
Subject: [PATCH] Do not free cf_image_t data structure in _cfImageZoomDelete()

The library-internal _cfImageZoom...() API handles zooming of images
with a data structure of type cf_izoom_t. This data structure contains
a pointer to the original image, in cf_image_t format.

The _cfImageZoomNew() funtion gets a pointer to an existing cf_image_t
structure as parameter, the image to work on. It stores the pointer in
its cf_izoom_t structure. It never creates a cf_image_t image.

Because the _cfImageZoom...() API never creates a cf_image_t
structure, it should also never free it. Therefore it is wrong that
_cfImageZoomDelete() calls cfImageClose() which is the function to
free a cf_image_t structure after use.

This was leading to double freeing, as the functions which create a
cf_image_t structure always free it when done.

This caused https://github.com/OpenPrinting/cups-filters/issues/507
---
 cupsfilters/image-zoom.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cupsfilters/image-zoom.c b/cupsfilters/image-zoom.c
index 04b28319f..ca1b6823b 100644
--- a/cupsfilters/image-zoom.c
+++ b/cupsfilters/image-zoom.c
@@ -42,7 +42,6 @@ _cfImageZoomDelete(cf_izoom_t *z)	// I - Zoom record to free
   free(z->rows[0]);
   free(z->rows[1]);
   free(z->in);
-  cfImageClose(z->img);
   free(z);
 }