From 794a15fad6add4d636369d0b46f603a02995b2e2 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Thu, 29 Dec 2016 07:34:51 -0600
Subject: [PATCH] [libpng12] Fixed a potential null pointer dereference in
 png_set_text_2()

(bug report and patch by Patrick Keshishian).
---
 ANNOUNCE | 2 ++
 CHANGES  | 4 +++-
 png.c    | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ANNOUNCE b/ANNOUNCE
index 2a1cc1a7..e4eb1bf0 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -42,6 +42,8 @@ Changes since the last public release (1.2.56):
   Fix typos in libpng.3 synopses (Eric S. Raymond).
   Fixed undefined behavior in png_push_save_buffer(). Do not call
     memcpy() with a null source, even if count is zero (Leon Scroggins III).
+  Fixed potential null pointer dereference in png_set_text_2() (bug report
+    and patch by Patrick Keshishian).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 04c3e527..204057ac 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2925,7 +2925,9 @@ version 1.2.57rc01 [December 27, 2016]
   Fixed undefined behavior in png_push_save_buffer(). Do not call
     memcpy() with a null source, even if count is zero (Leon Scroggins III).
 
-version 1.0.67 and 1.2.57 [December 29, 2016]
+versions 1.0.67 and 1.2.57 [December 29, 2016]
+  Fixed a potential null pointer dereference in png_set_text_2() (bug report
+    and patch by Patrick Keshishian).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/png.c b/png.c
index 08d7e86b..a4934d1d 100644
--- a/png.c
+++ b/png.c
@@ -393,6 +393,7 @@ png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask,
          png_free(png_ptr, info_ptr->text);
          info_ptr->text = NULL;
          info_ptr->num_text=0;
+         info_ptr->max_text=0;
       }
    }
 #endif