diff --git a/ANNOUNCE b/ANNOUNCE
index cc15ddd3f..38dd438a7 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -60,6 +60,8 @@ Version 1.5.1beta05 [January 16, 2011]
     changed exp() back to png_exp().
 
 Version 1.5.1beta06 [January 16, 2011]
+  Prevent png_push_crc_skip() from hanging while reading an unknown chunk
+    or an over-large compressed zTXT chunk with the progressive reader.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net:
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 6af131f72..e49f36e9f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3176,6 +3176,8 @@ Version 1.5.1beta05 [January 16, 2011]
     changed exp() back to png_exp().
 
 Version 1.5.1beta06 [January 16, 2011]
+  Prevent png_push_crc_skip() from hanging while reading an unknown chunk
+    or an over-large compressed zTXT chunk with the progressive reader.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/pngpread.c b/pngpread.c
index a7452aa65..64ed7b985 100644
--- a/pngpread.c
+++ b/pngpread.c
@@ -582,7 +582,7 @@ png_push_crc_finish(png_structp png_ptr)
 {
    if (png_ptr->skip_length && png_ptr->save_buffer_size)
    {
-      png_size_t save_size = png_ptr->current_buffer_size;
+      png_size_t save_size = png_ptr->save_buffer_size;
       png_uint_32 skip_length = png_ptr->skip_length;
 
       /* We want the smaller of 'skip_length' and 'current_buffer_size', but