diff --git a/ChangeLog b/ChangeLog
index 17cdac2ad..9f80602fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-09-07  Werner Lemberg  <wl@gnu.org>
+
+	[truetype] Fix assertion failure.
+
+	Triggered by
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212
+
+	* src/truetype/ttgload.c (load_truetype_glyph): Reintroduce
+	`opened_frame' (removed in a change from 2018-08-26) to handle
+	dealloation of the second frame.
+
 2018-09-05  Werner Lemberg  <wl@gnu.org>
 
 	Synchronize `ftdebug.c' files.
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index ad93c0418..d54626ddd 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1537,6 +1537,8 @@
     TT_Face         face    = loader->face;
     FT_GlyphLoader  gloader = loader->gloader;
 
+    FT_Bool  opened_frame = 0;
+
 #ifdef FT_CONFIG_OPTION_INCREMENTAL
     FT_StreamRec    inc_stream;
     FT_Data         glyph_data;
@@ -1768,6 +1770,8 @@
     if ( error )
       goto Exit;
 
+    opened_frame = 1;
+
     /* if it is a simple glyph, load it */
 
     if ( loader->n_contours > 0 )
@@ -1778,6 +1782,7 @@
 
       /* all data have been read */
       face->forget_glyph_frame( loader );
+      opened_frame = 0;
 
       error = TT_Process_Simple_Glyph( loader );
       if ( error )
@@ -1851,6 +1856,7 @@
 
       /* all data we need are read */
       face->forget_glyph_frame( loader );
+      opened_frame = 0;
 
 #ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
 
@@ -2105,6 +2111,9 @@
 
   Exit:
 
+    if ( opened_frame )
+      face->forget_glyph_frame( loader );
+
 #ifdef FT_CONFIG_OPTION_INCREMENTAL
 
     if ( glyph_data_loaded )