diff -r -U3 libpng-1.0.9/pngconf.h libpng-1.0.9patch11/pngconf.h
--- libpng-1.0.9/pngconf.h	Fri Jul 23 07:51:16 2004
+++ libpng-1.0.9patch11/pngconf.h	Mon Aug  2 06:41:42 2004
@@ -602,6 +602,13 @@
 #  endif
 #endif
 
+#ifndef PNG_USER_WIDTH_MAX
+#  define PNG_USER_WIDTH_MAX 1000000L
+#endif
+#ifndef PNG_USER_HEIGHT_MAX
+#  define PNG_USER_HEIGHT_MAX 1000000L
+#endif
+
 /* These are currently experimental features, define them if you want */
 
 /* very little testing */
diff -r -U3 libpng-1.0.9/pngset.c libpng-1.0.9patch11/pngset.c
--- libpng-1.0.9/pngset.c	Wed Jan 31 05:56:47 2001
+++ libpng-1.0.9patch11/pngset.c	Mon Aug  2 06:43:00 2004
@@ -172,6 +172,9 @@
    if (png_ptr == NULL || info_ptr == NULL)
       return;
 
+   if (width > PNG_USER_WIDTH_MAX || height > PNG_USER_HEIGHT_MAX)
+      png_error(png_ptr, "image size exceeds user limits in IHDR");
+
    info_ptr->width = width;
    info_ptr->height = height;
    info_ptr->bit_depth = (png_byte)bit_depth;