From 4eaf01f8401ff76d84184becb32edc971d751446 Mon Sep 17 00:00:00 2001
From: Pietro Gagliardi <pietro10@mac.com>
Date: Sun, 29 Jul 2018 13:25:53 -0400
Subject: [PATCH] Fix double-free spotted by @mischnic in #402.

---
 darwin/image.m | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/darwin/image.m b/darwin/image.m
index 8824f3c6..28881ca3 100644
--- a/darwin/image.m
+++ b/darwin/image.m
@@ -66,11 +66,12 @@ void uiImageAppend(uiImage *i, void *pixels, int pixelWidth, int pixelHeight, in
 		bytesPerRow:pixelStride
 		bitsPerPixel:32];
 	repsRGB = [repCalibrated bitmapImageRepByRetaggingWithColorSpace:[NSColorSpace sRGBColorSpace]];
-	[repCalibrated release];
 
 	[i->i addRepresentation:repsRGB];
 	[repsRGB setSize:i->size];
-	[repsRGB release];
+	// don't release repsRGB; it may be equivalent to repCalibrated
+	// do release repCalibrated though; NSImage has a ref to either it or to repsRGB
+	[repCalibrated release];
 
 	// we need to keep swizzled alive for NSBitmapImageRep
 	[i->swizzled addObject:[NSValue valueWithPointer:swizzled]];