Don't read past the end of the error message string. This patch was

posted to png-implement by Glenn Randers-Pherson, libpng's maintainer.

This error was widely reported as "security issue",

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421

even though there is no security issue. The most the error could do is
SIGSEGV, and that only with some fairly uncommon circumstances. The patch
posted with the advisory is in fact flawed, in that it calls strlen() on
presumably arbitrary data.

Bump PKGREVISION.

0 files changed, 0 insertions, 0 deletions