Portions of the patch not actually fixing the bug were removed.

From fcf71a89265c78fc26243574dda3a872574a5c02 Mon Sep 17 00:00:00 2001
From: Andrea Mazzoleni <amadvance@gmail.com>
Date: Fri, 1 Mar 2019 20:40:25 +0100
Subject: [PATCH] Fix a buffer overflow with image of invalid size

---
 doc/history.d | 4 ++-- (removed)
 lib/png.c     | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/png.c b/lib/png.c
index cbf140b..f888a28 100644
--- a/lib/png.c
+++ b/lib/png.c
@@ -656,6 +656,11 @@ adv_error adv_png_read_ihdr(
 	}
 	*pix_pixel = pixel;
 
+	if (width_align < width) {
+		error_unsupported_set("Invalid image size");
+		goto err;
+	}
+
 	if (data[10] != 0) { /* compression */
 		error_unsupported_set("Unsupported compression, %d instead of 0", (unsigned)data[10]);
 		goto err;