$NetBSD: patch-ao,v 1.1.2.2 2010/02/28 13:15:02 spz Exp $

deal with CVE-2009-2369.

--- src/common/imagpng.cpp.orig	2003-09-21 11:31:39.000000000 +0000
+++ src/common/imagpng.cpp
@@ -213,18 +213,16 @@ bool wxPNGHandler::LoadFile( wxImage *im
     if (!image->Ok())
         goto error_nolines;
 
-    lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
+    // initialize all line pointers to NULL to ensure that they can be safely
+    // free()d if an error occurs before all of them could be allocated
+    lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
     if (lines == NULL)
         goto error_nolines;
 
     for (i = 0; i < height; i++)
     {
         if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
-        {
-            for ( unsigned int n = 0; n < i; n++ )
-                free( lines[n] );
             goto error;
-        }
     }
 
     // loaded successfully!
