Fix for CVE-2015-0973, Debian #775673
cherry pick fix from libpng
Restored a test on width that was removed from png.c at libpng-1.6.9
git commit 9d6cab3b21bffd8
---
 libs/libpng/libpng-1.6.13/png.c |   33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

--- texlive-bin.orig/libs/libpng/libpng-1.6.13/png.c
+++ texlive-bin/libs/libpng/libpng-1.6.13/png.c
@@ -2430,6 +2430,17 @@
 
 #endif /* COLORSPACE */
 
+#ifdef __GNUC__
+/* This exists solely to work round a warning from GNU C. */
+static int /* PRIVATE */
+png_gt(size_t a, size_t b)
+{
+    return a > b;
+}
+#else
+#   define png_gt(a,b) ((a) > (b))
+#endif
+
 void /* PRIVATE */
 png_check_IHDR(png_const_structrp png_ptr,
    png_uint_32 width, png_uint_32 height, int bit_depth,
@@ -2449,6 +2460,28 @@
       png_warning(png_ptr, "Invalid image width in IHDR");
       error = 1;
    }
+
+   else if (png_gt(((width + 7) & (~7)),
+       ((PNG_SIZE_MAX
+           - 48        /* big_row_buf hack */
+           - 1)        /* filter byte */
+           / 8)        /* 8-byte RGBA pixels */
+           - 1))       /* extra max_pixel_depth pad */
+   {
+      /* The size of the row must be within the limits of this architecture.
+       * Because the read code can perform arbitrary transformations the
+       * maximum size is checked here.  Because the code in png_read_start_row
+       * adds extra space "for safety's sake" in several places a conservative
+       * limit is used here.
+       *
+       * NOTE: it would be far better to check the size that is actually used,
+       * but the effect in the real world is minor and the changes are more
+       * extensive, therefore much more dangerous and much more difficult to
+       * write in a way that avoids compiler warnings.
+       */
+      png_warning(png_ptr, "Image width is too large for this architecture");
+      error = 1;
+   }
    else
    {
 #     ifdef PNG_SET_USER_LIMITS_SUPPORTED
