PNG decode coredumps on malformed images

Imported from http://bugzilla.roxen.com/bugzilla/show_bug.cgi?id=626

Reported by Chris Jantzen, Maybe.Net chris@maybe.net

On malformed images (specifically from gd), the PNG decode will dump core. Following patch fixes the issue:

diff -u -r1.31 png.c
--- src/modules/Image/encodings/png.c	2000/05/07 00:05:10	1.31
+++ src/modules/Image/encodings/png.c	2000/10/28 17:25:22
@@ -791,6 +791,7 @@
 		     if (x)
x--,n--,*(d1++)=ct->u.flat.entries[CUTPLTE(((*s)>>4)&15,mz)].color;
 		     if (x)
x--,n--,*(d1++)=ct->u.flat.entries[CUTPLTE((*s)&15,mz)].color;
 		     s++;
+		     if (n<2) break;
 		     if (!x) x=width;
 		  }
 	       else

(hope that doesn't get too mangled by netscape)