Log Message:
Fix a buffer overrun in png_do_read_filler() with 16-bit samples, as
reported to the png-implement mailing list by Glenn Randers-Pehrson:

ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212

[Glenn Randers-Pehrson is the original author and chief maintainer of
libpng.]

>From the discussion in the archive, it appears to be unlikely that the
bug could be exploited by a malicious web-server, chiefly because the
operation that triggers it is more likely to be carried out by an image
manipulation program (i.e. pngcrush), than by a web browser.