diff -r -U 3 libpng-0.89c/pngconf.h libpng-0.89cpatch11/pngconf.h
--- libpng-0.89c/pngconf.h	Wed Jun  5 15:01:59 1996
+++ libpng-0.89cpatch11/pngconf.h	Mon Aug  2 07:29:33 2004
@@ -164,6 +164,13 @@
    to compile.
    */
 
+#ifndef PNG_USER_WIDTH_MAX
+#  define PNG_USER_WIDTH_MAX 1000000L
+#endif
+#ifndef PNG_USER_HEIGHT_MAX
+#  define PNG_USER_HEIGHT_MAX 1000000L
+#endif
+
 /* Any transformations you will not be using can be undef'ed here */
 #define PNG_PROGRESSIVE_READ_SUPPORTED
 #define PNG_READ_INTERLACING_SUPPORTED
Only in libpng-0.89cpatch11: pngconf.h.orig
diff -r -U 3 libpng-0.89c/pngrcb.c libpng-0.89cpatch11/pngrcb.c
--- libpng-0.89c/pngrcb.c	Wed Jun  5 14:43:50 1996
+++ libpng-0.89cpatch11/pngrcb.c	Mon Aug  2 07:27:33 2004
@@ -18,6 +18,9 @@
    if (!png_ptr || !info)
       return;
 
+  if (width > PNG_USER_WIDTH_MAX || height > PNG_USER_HEIGHT_MAX)
+     png_error(png_ptr, "image size exceeds user limits in IHDR");
+
    info->width = width;
    info->height = height;
    info->bit_depth = (png_byte)bit_depth;