Fuzzing fix: Overrun in fz_predict_png

If a file specifies a silly number of bpp in the PNG predictor it can
overrun a buffer. This was shown by:

  tests_private/fuzzing/mupdf2/013b2dcbd0207501e922910ac335eb59_*.pdf

but no longer shows up due to Simons earlier fix.

Following discussion we still think it's worth having this fix in, as
truncated data streams can cause len < bpp. Possibly we should throw
an error here, but I think that's not necessary as we will return the
short length, and the image reading code will notice that the image
is truncated already.

Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for providing the fuzzing files.

0 files changed, 0 insertions, 0 deletions