From 0382b5b0307527941d18f2fbe596b90d0760ba7f Mon Sep 17 00:00:00 2001
From: Iuri de Silvio <iuri@roboflow.com>
Date: Sun, 17 May 2026 22:54:25 +0200
Subject: [PATCH] Clear image.src on loadImage error to release partial cairo
 surface
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

loadImage's onerror handler rejects the Promise but leaves image.src
pointing at the input buffer. When libjpeg/libpng allocated a cairo
surface before failing mid-decode, that surface stays attached to the
Image until V8 GC — under sustained load on malformed inputs this
delays cleanup arbitrarily.

Assign Buffer.alloc(0) before reject so clearData() runs synchronously.
---
 index.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index adde4da12..e37eb19ac 100644
--- a/index.js
+++ b/index.js
@@ -30,7 +30,11 @@ function loadImage (src) {
     }
 
     image.onload = () => { cleanup(); resolve(image) }
-    image.onerror = (err) => { cleanup(); reject(err) }
+    image.onerror = (err) => {
+      cleanup()
+      image.src = Buffer.alloc(0)
+      reject(err)
+    }
 
     image.src = src
   })