Finalize the fix for out-of-bounds read in `png_image_read_composite`
Following up on commit 788a624d7387a758ffd5c7ab010f1870dea753a1.
The previous commit added a defensive bounds check to address the
security issue (out-of-bounds read), but noted that the correctness
issue remained: when the clamp triggered, the affected pixels were
clamped to white instead of the correct composited color.
This commit addresses the correctness issue by fixing the flag
synchronization error identified in the previous commit's TODO:
1. In `png_init_read_transformations`:
Clear PNG_FLAG_OPTIMIZE_ALPHA when clearing PNG_COMPOSE for palette
images. This correctly signals that the data is sRGB, not linear
premultiplied.
2. In `png_image_read_composite`:
Check PNG_FLAG_OPTIMIZE_ALPHA and use the appropriate composition
formula. When set, use the existing linear composition. When cleared
(palette composition already done), use sRGB composition to match
what was done to the palette.
Retain the previous clamp to the valid range as belt-and-suspenders
protection against any other unforeseen cases.
2 files changed
