From 286e7fceaa340dd646eb05d8602c098f9657eb4c Mon Sep 17 00:00:00 2001
From: Yannis Guyon <yguyon@google.com>
Date: Wed, 12 Jan 2022 14:47:49 +0100
Subject: [PATCH] libwebp: do not destroy jpeg codec twice on error

WebPPictureImportRGB() can fail on memory allocation. In this case,
jpeg_destroy_decompress() was already called, so do not go to Error.
Free metadata as an error is returned.

Change-Id: I045b072090e9063d3ad10369ad18b0f08bdffe9f
(cherry picked from commit 6e8a4126f2aab78946a5b85045b241707bbe44d2)
---
 imageio/jpegdec.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/imageio/jpegdec.c b/imageio/jpegdec.c
index 1af4a825..74a4c09c 100644
--- a/imageio/jpegdec.c
+++ b/imageio/jpegdec.c
@@ -336,7 +336,11 @@ int ReadJPEG(const uint8_t* const data, size_t data_size,
   pic->width = width;
   pic->height = height;
   ok = WebPPictureImportRGB(pic, rgb, (int)stride);
-  if (!ok) goto Error;
+  if (!ok) {
+    pic->width = 0;   // WebPPictureImportRGB() barely touches 'pic' on failure.
+    pic->height = 0;  // Just reset dimensions but keep any 'custom_ptr' etc.
+    MetadataFree(metadata);  // In case the caller forgets to free it on error.
+  }
 
  End:
   free(rgb);