This patch is taken from upstream and is a fix for CVE CVE-2011-2962

Description: fix denial of service and possible arbitrary code
 execution via invalid sCAL chunks
Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339

Upstream-Status: Backport

Signed-off-by: Joshua Lock <josh@linux.intel.com>

Index: libpng-1.2.44/pngrutil.c
===================================================================
--- libpng-1.2.44.orig/pngrutil.c	2011-07-26 08:19:22.619498085 -0400
+++ libpng-1.2.44/pngrutil.c	2011-07-26 08:19:26.909498086 -0400
@@ -1812,6 +1812,14 @@
       return;
    }
 
+   /* Need unit type, width, \0, height: minimum 4 bytes */
+   else if (length < 4)
+   {
+      png_warning(png_ptr, "sCAL chunk too short");
+      png_crc_finish(png_ptr, length);
+      return;
+   }
+
    png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)",
       length + 1);
    png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1);