This patch is taken from upstream and is a fix for CVE CVE-2011-2501

Description: fix denial of service via error message data
Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af

Upstream-Status: Backport

Signed-off-by: Joshua Lock <josh@linux.intel.com>

Index: libpng-1.2.44/pngerror.c
===================================================================
--- libpng-1.2.44.orig/pngerror.c	2011-07-26 08:18:20.769498103 -0400
+++ libpng-1.2.44/pngerror.c	2011-07-26 08:18:32.819498098 -0400
@@ -181,8 +181,13 @@
    {
       buffer[iout++] = ':';
       buffer[iout++] = ' ';
-      png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
-      buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
+
+      iin = 0;
+      while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
+         buffer[iout++] = error_message[iin++];
+
+      /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
+      buffer[iout] = '\0';
    }
 }