Fix buffer overflow security vulnerability (CVE-2014-9495)

Fixes the heap-based buffer overflow in the png_combine_row
function, when running on 64-bit systems. Might allow context-
dependent attackers to execute arbitrary code via a
"very wide interlaced" PNG image.

This is a cherry-pick of commit dc294204b641373bc6eb603075a8b98f51a75dd8
from upstream branch libpng16

bug: 19474828

Signed-off-by: Henrik Smiding <>

(cherry picked from commit 3ae1ad1c8460c90ae2d2028edde0c4d92316e71d)

Change-Id: Ia8dae5e5d0b8b8840c8871de99f35e03f6fbcc39
1 file changed