From 3ec225dd411c1a779089fa558d659cf860d12da0 Mon Sep 17 00:00:00 2001
From: Sami Boukortt <sboukortt@google.com>
Date: Tue, 12 Feb 2019 14:17:27 +0100
Subject: [PATCH] Fix a memory leak in png_set_tRNS

This leak was discovered by OSS-Fuzz.

The old structure of the code was along the lines of:

  allocate trans_alpha;
  if (problem) {
    // Jumps away from this function
    png_warning("tRNS chunk has out-of-range samples for bit_depth");
  }
  mark trans_alpha as to-free;

Signed-off-by: Cosmin Truta <ctruta@gmail.com>
---
 AUTHORS  | 1 +
 pngset.c | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index 45fb425db..7b400821d 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -36,6 +36,7 @@ Authors, for copyright and licensing purposes.
    - Matt Sarett
    - Mike Klein
    - Dan Field
+   - Sami Boukortt
 
 The build projects, the build scripts, the test scripts, and other
 files in the "ci", "projects", "scripts" and "tests" directories, have
diff --git a/pngset.c b/pngset.c
index 9f4489bcf..8c372cf41 100644
--- a/pngset.c
+++ b/pngset.c
@@ -1,7 +1,7 @@
 
 /* pngset.c - storage of image information into info struct
  *
- * Copyright (c) 2018 Cosmin Truta
+ * Copyright (c) 2018-2022 Cosmin Truta
  * Copyright (c) 1998-2018 Glenn Randers-Pehrson
  * Copyright (c) 1996-1997 Andreas Dilger
  * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
@@ -1019,6 +1019,9 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
           info_ptr->trans_alpha = png_voidcast(png_bytep,
               png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
           memcpy(info_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
+
+          info_ptr->valid |= PNG_INFO_tRNS;
+          info_ptr->free_me |= PNG_FREE_TRNS;
        }
        png_ptr->trans_alpha = info_ptr->trans_alpha;
    }