From f6966b8d5ecef5474ceadd099975467ada140c57 Mon Sep 17 00:00:00 2001
From: Thomas Knudsen <thokn@sdfe.dk>
Date: Thu, 12 Oct 2017 20:39:41 +0200
Subject: Resolve OSS-Fuzz issue 3620
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3620

Credit to OSS-Fuzz
---
 src/PJ_pipeline.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/PJ_pipeline.c b/src/PJ_pipeline.c
index d1ddf65f..137fdec8 100644
--- a/src/PJ_pipeline.c
+++ b/src/PJ_pipeline.c
@@ -269,15 +269,18 @@ static void *destructor (PJ *P, int errlev) {
     if (0==P->opaque)
         return pj_default_destructor (P, errlev);
 
-    for (i = 0;  i < P->opaque->steps; i++)
-        P->opaque->pipeline[i+1]->destructor (P->opaque->pipeline[i+1], errlev);
+    /* Deallocate each pipeine step, then pipeline array */
+    if (0!=P->opaque->pipeline)
+        for (i = 0;  i < P->opaque->steps; i++)
+            if (0!=P->opaque->pipeline[i+1])
+                P->opaque->pipeline[i+1]->destructor (P->opaque->pipeline[i+1], errlev);
+    pj_dealloc (P->opaque->pipeline);
 
     pj_dealloc (P->opaque->reverse_step);
     pj_dealloc (P->opaque->omit_forward);
     pj_dealloc (P->opaque->omit_inverse);
     pj_dealloc (P->opaque->argv);
     pj_dealloc (P->opaque->current_argv);
-    pj_dealloc (P->opaque->pipeline);
 
     return pj_default_destructor(P, errlev);
 }
-- 
cgit v1.2.3