From 63bba7e60c0c83f5456aa52611212264478148b4 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Mon, 21 Apr 2008 20:15:28 +0100
Subject: [PATCH] [cairo-png] Call png_set_filler() before
 png_read_update_info().

Otherwise libpng gets very confused and we start scribbling over invalid
memory whilst reading in the PNG.
---
 src/cairo-png.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cairo-png.c b/src/cairo-png.c
index c1cda34a6..9476ab60f 100644
--- a/src/cairo-png.c
+++ b/src/cairo-png.c
@@ -504,6 +504,8 @@ read_png (png_rw_ptr	read_func,
     if (interlace != PNG_INTERLACE_NONE)
         png_set_interlace_handling (png);
 
+    png_set_filler (png, 0xff, PNG_FILLER_AFTER);
+
     /* recheck header after setting EXPAND options */
     png_read_update_info (png, info);
     png_get_IHDR (png, info,
@@ -530,7 +532,6 @@ read_png (png_rw_ptr	read_func,
 	case PNG_COLOR_TYPE_RGB:
 	    format = CAIRO_FORMAT_RGB24;
 	    png_set_read_user_transform_fn (png, convert_bytes_to_data);
-	    png_set_filler (png, 0xff, PNG_FILLER_AFTER);
 	    break;
     }