[libpng15] Fixed a potential null pointer dereference in png_set_text_2()

(bug report and patch by Patrick Keshishian)

3 files changed, 5 insertions, 0 deletions

diff --git a/ANNOUNCE b/ANNOUNCE
index 569c60c6d..a16412ee2 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -49,6 +49,8 @@ Changes since the last public release (1.5.27):
     Since signed overflow is undefined in C90 the code has been modified to
     correctly calculate a signed result.  This requires changing the 'hi'
     result parameter to a signed value.
+  Fixed a potential null pointer dereference in png_set_text_2() (bug report
+    and patch by Patrick Keshishian)
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 877e07f5f..dfb660a8b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4528,6 +4528,8 @@ version 1.5.28rc01 [December 27, 2016]
     ensure that it is correct.
 
 version 1.5.28 [December 29, 2016]
+  Fixed a potential null pointer dereference in png_set_text_2() (bug report
+    and patch by Patrick Keshishian).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/png.c b/png.c
index 916eab4c8..26c455640 100644
--- a/png.c
+++ b/png.c
@@ -369,6 +369,7 @@ png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask,
          png_free(png_ptr, info_ptr->text);
          info_ptr->text = NULL;
          info_ptr->num_text = 0;
+         info_ptr->max_text = 0;
       }
    }
 #endif