diff -r -U 3 libpng-1.2.5/pngconf.h libpng-1.2.5patch11/pngconf.h --- libpng-1.2.5/pngconf.h Thu Oct 3 06:32:27 2002 +++ libpng-1.2.5patch11/pngconf.h Mon Aug 2 06:27:13 2004 @@ -663,6 +663,13 @@ #endif #endif /* PNG_1_0_X */ +#ifndef PNG_USER_WIDTH_MAX +# define PNG_USER_WIDTH_MAX 1000000L +#endif +#ifndef PNG_USER_HEIGHT_MAX +# define PNG_USER_HEIGHT_MAX 1000000L +#endif + /* These are currently experimental features, define them if you want */ /* very little testing */ diff -r -U 3 libpng-1.2.5/pngset.c libpng-1.2.5patch11/pngset.c --- libpng-1.2.5/pngset.c Thu Oct 3 06:32:30 2002 +++ libpng-1.2.5patch11/pngset.c Mon Aug 2 06:35:18 2004 @@ -253,6 +253,8 @@ png_error(png_ptr, "Image width or height is zero in IHDR"); if (width > PNG_MAX_UINT || height > PNG_MAX_UINT) png_error(png_ptr, "Invalid image size in IHDR"); + if (width > PNG_USER_WIDTH_MAX || height > PNG_USER_HEIGHT_MAX) + png_error(png_ptr, "image size exceeds user limits in IHDR"); /* check other values */ if (bit_depth != 1 && bit_depth != 2 && bit_depth != 4 &&