From 007c109b4594c5e63948bd08b4d5011ad76ffb10 Mon Sep 17 00:00:00 2001
From: Ben Wagner <bungeman@google.com>
Date: Fri, 23 Oct 2020 08:29:14 +0200
Subject: [PATCH] * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak
 (#59322).

The issue is that `rows` is allocated but will not be freed in the
event that the call to `png_read_image` fails and calls `longjmp`.
---
 ChangeLog          | 7 +++++++
 src/sfnt/pngshim.c | 1 +
 2 files changed, 8 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 42f7c34ba..ff048b8ab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2020-10-23  Ben Wagner  <bungeman@google.com>
+
+	* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak (#59322).
+
+	The issue is that `rows` is allocated but will not be freed in the
+	event that the call to `png_read_image` fails and calls `longjmp`.
+
 2020-10-20  Werner Lemberg  <wl@gnu.org>
 
 	* Version 2.10.4 released.
diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c
index f55016122..d4e43a9f4 100644
--- a/src/sfnt/pngshim.c
+++ b/src/sfnt/pngshim.c
@@ -443,6 +443,7 @@
     png_read_end( png, info );
 
   DestroyExit:
+    FT_FREE( rows );
     png_destroy_read_struct( &png, &info, NULL );
     FT_Stream_Close( &stream );
 
-- 
2.26.2