From 70503d7812eea90467a1dceb81627acecbe3fe31 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Tue, 19 Mar 2024 11:57:03 -0700
Subject: [PATCH] check meta pointer before calling avifMetaDestroy (#2065)

fixes a NULL dereference should avifMetaCreate() fail and
avifDecoderDataDestroy() is called to clean up.

Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Reported by Philippe Antoine (p.antoine <at> catenacyber.fr).
---
 src/read.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/read.c b/src/read.c
index 7606f1ec4a..6d204ccbb9 100644
--- a/src/read.c
+++ b/src/read.c
@@ -993,7 +993,9 @@ static void avifDecoderDataClearTiles(avifDecoderData * data)
 
 static void avifDecoderDataDestroy(avifDecoderData * data)
 {
-    avifMetaDestroy(data->meta);
+    if (data->meta) {
+        avifMetaDestroy(data->meta);
+    }
     for (uint32_t i = 0; i < data->tracks.count; ++i) {
         avifTrack * track = &data->tracks.track[i];
         if (track->sampleTable) {