Fix CVE-2016-6214 (read out-of-bounds when parsing TGA files).

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214

Adapted from upstream commit:
https://github.com/libgd/libgd/commit/341aa68843ceceae9ba6e083431f14a07bd92308

Since `patch` cannot apply Git binary diffs, we omit the addition of
'tests/tga/bug00247a.c' and its associated binary data.

From 341aa68843ceceae9ba6e083431f14a07bd92308 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 12 Jul 2016 19:23:13 +0200
Subject: [PATCH] Unsupported TGA bpp/alphabit combinations should error
 gracefully

Currently, only 24bpp without alphabits and 32bpp with 8 alphabits are
really supported. All other combinations will be rejected with a warning.

(cherry picked from commit cb1a0b7e54e9aa118270c23a4a6fe560e4590dc9)
---
 src/gd_tga.c             |  16 ++++++----------
 tests/tga/.gitignore     |   1 +
 tests/tga/CMakeLists.txt |   1 +
 tests/tga/Makemodule.am  |   4 +++-
 tests/tga/bug00247a.c    |  19 +++++++++++++++++++
 tests/tga/bug00247a.tga  | Bin 0 -> 36 bytes
 6 files changed, 30 insertions(+), 11 deletions(-)
 create mode 100644 tests/tga/bug00247a.c
 create mode 100644 tests/tga/bug00247a.tga

diff --git a/src/gd_tga.c b/src/gd_tga.c
index 20fe2d2..b4f8fa6 100644
--- a/src/gd_tga.c
+++ b/src/gd_tga.c
@@ -99,7 +99,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx)
 			if (tga->bits == TGA_BPP_24) {
 				*tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]);
 				bitmap_caret += 3;
-			} else if (tga->bits == TGA_BPP_32 || tga->alphabits) {
+			} else if (tga->bits == TGA_BPP_32 && tga->alphabits) {
 				register int a = tga->bitmap[bitmap_caret + 3];
 
 				*tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1));
@@ -159,16 +159,12 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
 	printf("wxh: %i %i\n", tga->width, tga->height);
 #endif
 
-	switch(tga->bits) {
-	case 8:
-	case 16:
-	case 24:
-	case 32:
-		break;
-	default:
-		gd_error("bps %i not supported", tga->bits);
+	if (!((tga->bits == TGA_BPP_24 && tga->alphabits == 0)
+		|| (tga->bits == TGA_BPP_32 && tga->alphabits == 8)))
+	{
+		gd_error_ex(GD_WARNING, "gd-tga: %u bits per pixel with %u alpha bits not supported\n",
+			tga->bits, tga->alphabits);
 		return -1;
-		break;
 	}
 
 	tga->ident = NULL;