Call png_image_free_function without guarding it with png_safe_execute png_image_free_function (or any other destructor) should never fail. Destructors need not and must not be executed under png_safe_execute. Reference: CVE-2019-7317, use-after-free in png_image_free

commit: 9c0d5c77bf5bf2d7c1e11f388de40a70e0191550 [log] [tgz]
author: Cosmin Truta <ctruta@gmail.com> Sun Feb 03 22:40:56 2019 -0500
committer: Cosmin Truta <ctruta@gmail.com> Sun Feb 03 22:40:56 2019 -0500
tree: 72e2e0c455f684527aae176a5886ed49e8609020
parent: 8439534daa1d3a5705ba92e653eda9251246dd61 [diff]
diff --git a/png.c b/png.c
index 9d9926f..efd1aec 100644
--- a/png.c
+++ b/png.c

@@ -4588,8 +4588,7 @@
    if (image != NULL && image->opaque != NULL &&
       image->opaque->error_buf == NULL)
    {
-      /* Ignore errors here: */
-      (void)png_safe_execute(image, png_image_free_function, image);
+      png_image_free_function(image);
       image->opaque = NULL;
    }
 }
commit	9c0d5c77bf5bf2d7c1e11f388de40a70e0191550	[log] [tgz]
author	Cosmin Truta <ctruta@gmail.com>	Sun Feb 03 22:40:56 2019 -0500
committer	Cosmin Truta <ctruta@gmail.com>	Sun Feb 03 22:40:56 2019 -0500
tree	72e2e0c455f684527aae176a5886ed49e8609020
parent	8439534daa1d3a5705ba92e653eda9251246dd61 [diff]