From 82f703a1dd030eb3f8cb9e207435ae914a36380a Mon Sep 17 00:00:00 2001
From: Kimball Thurston <kdt3rd@gmail.com>
Date: Sat, 25 Sep 2021 13:29:22 +1200
Subject: [PATCH] Fixes a use-after-free when an invalid type string is
 provided

This fixes Google OSS-FUZZ 39212.

Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
---
 src/lib/OpenEXRCore/parse_header.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lib/OpenEXRCore/parse_header.c b/src/lib/OpenEXRCore/parse_header.c
index 243da3b667..fb3391064e 100644
--- a/src/lib/OpenEXRCore/parse_header.c
+++ b/src/lib/OpenEXRCore/parse_header.c
@@ -1432,14 +1432,14 @@ check_populate_type (
         curpart->storage_mode = EXR_STORAGE_DEEP_TILED;
     else
     {
-        exr_attr_list_remove (
-            (exr_context_t) ctxt, &(curpart->attributes), curpart->type);
-        curpart->type = NULL;
-        return ctxt->print_error (
+        rv = ctxt->print_error (
             ctxt,
             EXR_ERR_INVALID_ATTR,
             "attribute 'type': Invalid type string '%s'",
             outstr);
+        exr_attr_list_remove (
+            (exr_context_t) ctxt, &(curpart->attributes), curpart->type);
+        curpart->type = NULL;
     }
 
     return rv;