$OpenBSD: patch-src_common_imagpng_cpp,v 1.2 2009/09/10 21:23:28 landry Exp $

Security fix for part 1 or SA35292 (wxWidgets Double Free Vulnerability).
Patch from upstream svn -r60875.

--- src/common/imagpng.cpp.orig	Fri Mar  6 13:10:56 2009
+++ src/common/imagpng.cpp	Fri Sep  4 23:57:40 2009
@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image,
     if (!image->Ok())
         goto error;
 
-    lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
+    // initialize all line pointers to NULL to ensure that they can be safely
+    // free()d if an error occurs before all of them could be allocated
+    lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
     if ( !lines )
         goto error;
 
     for (i = 0; i < height; i++)
     {
         if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
-        {
-            for ( unsigned int n = 0; n < i; n++ )
-                free( lines[n] );
             goto error;
-        }
     }
 
     png_read_image( png_ptr, lines );
