From 71ef6666d0bc95c7048832ed4b7519051b49d40a Mon Sep 17 00:00:00 2001
From: Jeffrey Pfau <jeffrey@endrift.com>
Date: Tue, 29 Dec 2015 16:57:43 -0500
Subject: [PATCH] GBA: Fix memory leak when deserializing invalid savestate
 tags

---
 src/gba/serialize.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/gba/serialize.c b/src/gba/serialize.c
index a4d0789bc..6d00b46a8 100644
--- a/src/gba/serialize.c
+++ b/src/gba/serialize.c
@@ -285,7 +285,7 @@ static int _loadPNGChunkHandler(png_structp png, png_unknown_chunkp chunk) {
 		LOAD_32(tag, 0, chunk->data);
 		LOAD_32(item.size, sizeof(uint32_t), chunk->data);
 		uLongf len = item.size;
-		if (item.size < 0) {
+		if (item.size < 0 || tag == EXTDATA_NONE || tag >= EXTDATA_MAX) {
 			return 0;
 		}
 		item.data = malloc(item.size);