From c4888637eaee189c0e21259cb87ab7e5e1d4ce76 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 1 Oct 2012 22:42:35 -0700
Subject: [PATCH] Fix bug in gzclose() when gzwrite() runs out of memory.

If the deflateInit2() called for the first gzwrite() failed with a
Z_MEM_ERROR, then a subsequent gzclose() would try to free an
already freed pointer.  This fixes that.
---
 gzwrite.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/gzwrite.c b/gzwrite.c
index 79a69a5..1b06cdd 100644
--- a/gzwrite.c
+++ b/gzwrite.c
@@ -556,12 +556,13 @@ int ZEXPORT gzclose_w(file)
     /* flush, free memory, and close file */
     if (gz_comp(state, Z_FINISH) == -1)
         ret = state->err;
-    if (!state->direct) {
-        (void)deflateEnd(&(state->strm));
-        free(state->out);
-    }
-    if (state->size)
+    if (state->size) {
+        if (!state->direct) {
+            (void)deflateEnd(&(state->strm));
+            free(state->out);
+        }
         free(state->in);
+    }
     gz_error(state, Z_OK, NULL);
     free(state->path);
     if (close(state->fd) == -1)
-- 
2.44.0