If either calloc or png_uncompress_init fails, free(png) will free the uninitialized png pointer. Avoid this and while at it postpone the img allocation till after the early exit. Signed-off-by: Ahmad Fatoum <ahmad@xxxxxx> --- lib/gui/png_lode.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/gui/png_lode.c b/lib/gui/png_lode.c index 477704d9768c..e30db0f853b3 100644 --- a/lib/gui/png_lode.c +++ b/lib/gui/png_lode.c @@ -46,15 +46,16 @@ struct image *png_open(char *inbuf, int insize) LodePNGState state; int ret; unsigned error; - struct image *img = calloc(1, sizeof(struct image)); - unsigned char *png; - - if (!img) - return ERR_PTR(-ENOMEM); + struct image *img; + unsigned char *png = NULL; ret = png_uncompress_init(); if (ret) - goto err; + return ERR_PTR(ret); + + img = calloc(1, sizeof(struct image)); + if (!img) + return ERR_PTR(-ENOMEM); lodepng_state_init(&state); -- 2.20.1 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox