[libpng12] Fixed a potential null pointer dereference in png_set_text_2()

(bug report and patch by Patrick Keshishian).

3 files changed, 6 insertions, 1 deletions

diff --git a/ANNOUNCE b/ANNOUNCE
index 2a1cc1a75..e4eb1bf08 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -42,6 +42,8 @@ Changes since the last public release (1.2.56):
   Fix typos in libpng.3 synopses (Eric S. Raymond).
   Fixed undefined behavior in png_push_save_buffer(). Do not call
     memcpy() with a null source, even if count is zero (Leon Scroggins III).
+  Fixed potential null pointer dereference in png_set_text_2() (bug report
+    and patch by Patrick Keshishian).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 04c3e5275..204057ac0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2925,7 +2925,9 @@ version 1.2.57rc01 [December 27, 2016]
   Fixed undefined behavior in png_push_save_buffer(). Do not call
     memcpy() with a null source, even if count is zero (Leon Scroggins III).
 
-version 1.0.67 and 1.2.57 [December 29, 2016]
+versions 1.0.67 and 1.2.57 [December 29, 2016]
+  Fixed a potential null pointer dereference in png_set_text_2() (bug report
+    and patch by Patrick Keshishian).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/png.c b/png.c
index 08d7e86b7..a4934d1d5 100644
--- a/png.c
+++ b/png.c
@@ -393,6 +393,7 @@ png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask,
          png_free(png_ptr, info_ptr->text);
          info_ptr->text = NULL;
          info_ptr->num_text=0;
+         info_ptr->max_text=0;
       }
    }
 #endif