[libpng17] Removed a redundant new check in png_handle_pCAL().

ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.7.0beta69 - November 14, 2015
+Libpng 1.7.0beta69 - November 17, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -965,8 +965,8 @@ Version 1.7.0beta68 [November 12, 2015]
     (bug report by Cosmin Truta).
   Cleaned up coding style in png_handle_PLTE().
 
-Version 1.7.0beta69 [November 14, 2015]
+Version 1.7.0beta69 [November 17, 2015]
-  Avoid potential pointer overflow in png_handle_sPLT() and
+  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
     png_handle_pCAL() (Bug report by John Regehr).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net

CHANGES

@@ -5264,8 +5264,8 @@ Version 1.7.0beta68 [November 12, 2015]
     (bug report by Cosmin Truta) (CVE-2015-8126).
   Cleaned up coding style in png_handle_PLTE().
 
-Version 1.7.0beta69 [November 14, 2015]
+Version 1.7.0beta69 [November 17, 2015]
-  Avoid potential pointer overflow in png_handle_sPLT() and
+  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
     png_handle_pCAL() (Bug report by John Regehr).
    
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net

pngrutil.c

@@ -1948,7 +1948,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr)
    /* We need to have at least 12 bytes after the purpose string
     * in order to get the parameter information.
     */
-   if (png_ptr->chunk_length < 12 || endptr - buf <= 12)
+   if (endptr - buf <= 12)
    {
       png_chunk_benign_error(png_ptr, "invalid");
       return;