diff --git a/ANNOUNCE b/ANNOUNCE
index e9e715ccd..ed087b128 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
 
-Libpng 1.4.1beta09 - February 8, 2010
+Libpng 1.4.1beta10 - February 8, 2010
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -9,20 +9,20 @@ Files available for download:
 Source files with LF line endings (for Unix/Linux) and with a
 "configure" script
 
-   1.4.1beta09.tar.xz (LZMA-compressed, recommended)
-   1.4.1beta09.tar.gz
-   1.4.1beta09.tar.bz2
+   1.4.1beta10.tar.xz (LZMA-compressed, recommended)
+   1.4.1beta10.tar.gz
+   1.4.1beta10.tar.bz2
 
 Source files with CRLF line endings (for Windows), without the
 "configure" script
 
-   lp141b09.zip
-   lp141b09.7z
+   lp141b10.zip
+   lp141b10.7z
 
 Other information:
 
-   1.4.1beta09-README.txt
-   1.4.1beta09-LICENSE.txt
+   1.4.1beta10-README.txt
+   1.4.1beta10-LICENSE.txt
 
 Changes since the last public release (1.4.0):
 
@@ -69,9 +69,13 @@ version 1.4.1beta07 [February 6, 2010]
 version 1.4.1beta08 [February 6, 2010]
   Minor cleanup and updating of dates and copyright year.
 
-version 1.4.1beta09 [February 8, 2010]
+version 1.4.1beta09 [February 7, 2010]
   Reverted to original png_push_save_buffer() code.
 
+version 1.4.1beta10 [February 8, 2010]
+  Return allocated "old_buffer" in png_push_save_buffer() before calling
+    png_error(), to avoid a potential memory leak.
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
diff --git a/CHANGES b/CHANGES
index 474922818..2aa931747 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2502,9 +2502,13 @@ version 1.4.1beta07 [February 6, 2010]
 version 1.4.1beta08 [February 6, 2010]
   Minor cleanup and updating of dates and copyright year.
 
-version 1.4.1beta09 [February 8, 2010]
+version 1.4.1beta09 [February 7, 2010]
   Reverted to original png_push_save_buffer() code.
 
+version 1.4.1beta10 [February 8, 2010]
+  Return allocated "old_buffer" in png_push_save_buffer() before calling
+    png_error(), to avoid a potential memory leak.
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
diff --git a/pngpread.c b/pngpread.c
index 5533e48d5..f9bb22af7 100644
--- a/pngpread.c
+++ b/pngpread.c
@@ -700,8 +700,13 @@ png_push_save_buffer(png_structp png_ptr)
 
       new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
       old_buffer = png_ptr->save_buffer;
-      png_ptr->save_buffer = (png_bytep)png_malloc(png_ptr,
+      png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
          (png_size_t)new_max);
+      if (png_ptr->save_buffer == NULL)
+      {
+        png_free(png_ptr, old_buffer);
+        png_error(png_ptr, "Insufficient memory for save_buffer");
+      }
       png_memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
       png_free(png_ptr, old_buffer);
       png_ptr->save_buffer_max = new_max;