$OpenBSD: patch-coders_png_c,v 1.1 2004/08/13 06:17:41 brad Exp $
--- coders/png.c.orig	Thu Aug 12 22:54:19 2004
+++ coders/png.c	Thu Aug 12 23:04:05 2004
@@ -1372,6 +1372,8 @@ static void PNGErrorHandler(png_struct *
   Image
     *image;
 
+  if (LocaleCompare(message, "Missing PLTE before tRNS") == 0)
+    png_error(ping, message);
   image=(Image *) png_get_error_ptr(ping);
   if (image->debug != False)
     (void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -1600,6 +1602,20 @@ static Image *ReadOnePNGImage(MngInfo *m
     length,
     row_offset;
 
+#if defined(PNG_UNKNOWN_CHUNKS_SUPPORTED)
+  png_byte unused_chunks[]=
+       {
+        104,  73,  83,  84, '\0',   /* hIST */
+        105,  84,  88, 116, '\0',   /* iTXt */
+        112,  67,  65,  76, '\0',   /* pCAL */
+        115,  67,  65,  76, '\0',   /* sCAL */
+        115,  80,  76,  84, '\0',   /* sPLT */
+        116,  69,  88, 116, '\0',   /* tEXt */
+        116,  73,  77,  69, '\0',   /* tIME */
+        122,  84,  88, 116, '\0',   /* zTXt */
+        };
+#endif
+
   logging=LogMagickEvent(CoderEvent,GetMagickModule(),
       "  enter ReadOnePNGImage()");
 
@@ -1685,6 +1701,12 @@ static Image *ReadOnePNGImage(MngInfo *m
   else
     png_set_read_fn(ping,image,png_get_data);
 
+#if defined(PNG_UNKNOWN_CHUNKS_SUPPORTED)
+  /* Ignore unused chunks */
+  png_set_keep_unknown_chunks(ping, 0, unused_chunks,
+     (int)sizeof(unused_chunks)/5);
+#endif
+
 #if defined(PNG_USE_PNGGCCRD) && defined(PNG_ASSEMBLER_CODE_SUPPORTED) \
 && (PNG_LIBPNG_VER >= 10200)
   /* Disable thread-unsafe features of pnggccrd */
@@ -2551,7 +2573,7 @@ static Image *ReadOnePNGImage(MngInfo *m
             *value;
 
           length=text[i].text_length;
-          value=(char *) AcquireMagickMemory(length+1);
+          value=(char *) AcquireMagickMemory(length+MaxTextExtent);
           if (value == (char *) NULL)
             {
               (void) ThrowMagickException(&image->exception,GetMagickModule(),
@@ -2623,6 +2645,8 @@ static Image *ReadOnePNGImage(MngInfo *m
               image->filename);
           png_get_IHDR(ping,ping_info,&width,&height,&bit_depth,&color_type,
             &interlace_method,&compression_method,&filter_method);
+          if (width > 250000L || height > 250000L)
+             png_error(ping,"PNG Image dimensions are too large.");
           mng_info->ob[object_id]->width=width;
           mng_info->ob[object_id]->height=height;
           mng_info->ob[object_id]->color_type=color_type;
