Use-after-free detected with static analysis. CVE: CVE-2019-7317 Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275] Signed-off-by: Ross Burton diff --git a/png.c b/png.c index 9d9926f638..efd1aecfbd 100644 --- a/png.c +++ b/png.c @@ -4588,8 +4588,7 @@ png_image_free(png_imagep image) if (image != NULL && image->opaque != NULL && image->opaque->error_buf == NULL) { - /* Ignore errors here: */ - (void)png_safe_execute(image, png_image_free_function, image); + png_image_free_function(image); image->opaque = NULL; } }