This is a backport to libpng10 of the upstream libpng patch fixing
the calculation of row_factor in png_check_chunk_length (CVE-2018-13785)

Bug report by Thuan Pham:
https://sourceforge.net/p/libpng/bugs/278/

Upstream fix:
https://github.com/ctruta/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2

--- pngrutil.c
+++ pngrutil.c
@@ -2524,10 +2524,13 @@ png_check_chunk_length(png_structp png_p
    {
       png_uint_32 idat_limit = PNG_UINT_31_MAX;
       size_t row_factor =
-         (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
-          + 1 + (png_ptr->interlaced? 6: 0));
+         (size_t)png_ptr->width
+         * (size_t)png_ptr->channels
+         * (png_ptr->bit_depth > 8? 2: 1)
+         + 1
+         + (png_ptr->interlaced? 6: 0);
       if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
-         idat_limit=PNG_UINT_31_MAX;
+         idat_limit = PNG_UINT_31_MAX;
       else
          idat_limit = png_ptr->height * row_factor;
       row_factor = row_factor > 32566? 32566 : row_factor;