Added dataBuf size check before calling PngChunk::decodeIHDRChunk

- cdataBuf must be at least 8 bytes long otherwise decodeIHDRChunk
  reads out of bounds
- pngImage::readMetadata now skips png chunks where the offset for
  IHDR chunks is invalid
- added assertion into PngChunk::decodeIHDRChunk() to ensure dataBuf
  size

src/pngchunk_int.cpp

@@ -64,6 +64,8 @@ namespace Exiv2 {
                                    int*           outWidth,
                                    int*           outHeight)
     {
+        assert(data.size_ >= 8);
+
         // Extract image width and height from IHDR chunk.
 
         *outWidth  = getLong((const byte*)data.pData_,     bigEndian);

src/pngimage.cpp

@@ -435,7 +435,9 @@ namespace Exiv2 {
 #ifdef DEBUG
                     std::cout << "Exiv2::PngImage::readMetadata: Found IHDR chunk (length: " << dataOffset << ")\n";
 #endif
-                    PngChunk::decodeIHDRChunk(cdataBuf, &pixelWidth_, &pixelHeight_);
+                    if (cdataBuf.size_ >= 8) {
+                        PngChunk::decodeIHDRChunk(cdataBuf, &pixelWidth_, &pixelHeight_);
+                    }
                 }
                 else if (!memcmp(cheaderBuf.pData_ + 4, "tEXt", 4))
                 {