From ef76b1f688c9174e161e88ca16d2b1144d3bc255 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Mon, 28 Aug 2017 11:07:10 -0500
Subject: [PATCH] [libpng16] Free row_ptr in
 contrib/oss-fuzz/libpng_read_fuzzer.cc PNG_CLEANUP

to fix google/oss-fuzz issue 3193.
---
 contrib/oss-fuzz/libpng_read_fuzzer.cc | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/contrib/oss-fuzz/libpng_read_fuzzer.cc b/contrib/oss-fuzz/libpng_read_fuzzer.cc
index f373bf77b..417ce4013 100644
--- a/contrib/oss-fuzz/libpng_read_fuzzer.cc
+++ b/contrib/oss-fuzz/libpng_read_fuzzer.cc
@@ -26,6 +26,8 @@
 #define PNG_CLEANUP \
     if(png_handler.png_ptr) \
     { \
+      if (row_ptr && png_ptr) \
+        png_free(png_ptr, row_ptr); \
       if (png_handler.end_info_ptr) \
         png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\
           &png_handler.end_info_ptr); \
@@ -49,9 +51,6 @@ struct PngObjectHandler {
   BufState* buf_state = nullptr;
 
   ~PngObjectHandler() {
-    if (row_ptr && png_ptr) {
-      png_free(png_ptr, row_ptr);
-    }
     PNG_CLEANUP
     delete buf_state;
   }