set png chunk limit to 50mb

we did have it unlimited, which could perhaps leave us open to DOS
attacks

libvips/foreign/tiff2vips.c

@@ -1510,6 +1510,13 @@ rtiff_fill_region( VipsRegion *out,
 
 	int x, y, z;
 
+	printf( "VIPS_IMAGE_SIZEOF_PEL() = %zd\n", 
+		VIPS_IMAGE_SIZEOF_PEL( out->im ) );
+	printf( "rtiff->header.tile_size = %zd\n", rtiff->header.tile_size );
+	printf( "tile_width = %d\n", tile_width );
+	printf( "tile_height = %d\n", tile_height );
+	printf( "memcpy = %d\n", rtiff->memcpy );
+
 	/* Special case: we are filling a single tile exactly sized to match
 	 * the tiff tile and we have no repacking to do for this format.
 	 */

libvips/foreign/vipspng.c

@@ -264,12 +264,11 @@ read_new_filename( VipsImage *out, const char *name, gboolean fail )
 	 * working.
 	 *
 	 * By default, libpng refuses to open files with a metadata chunk 
-	 * larger than 8mb. png_set_chunk_malloc_max() disables this sanity
-	 * check.
+	 * larger than 8mb. We've seen real files with 20mb, so set 50mb.
 	 */
 	png_init_io( read->pPng, read->fp );
 #ifdef HAVE_PNG_SET_CHUNK_MALLOC_MAX
-	png_set_chunk_malloc_max( read->pPng, 0 );
+	png_set_chunk_malloc_max( read->pPng, 50 * 1024 * 1024 );
 #endif /*HAVE_PNG_SET_CHUNK_MALLOC_MAX*/
 	png_read_info( read->pPng, read->pInfo );