diff --git a/pngrutil.c b/pngrutil.c
index c30eeafea..5dd04cd0e 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -1670,7 +1670,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
    ++entry_start;
 
    /* A sample depth should follow the separator, and we should be on it  */
-   if (length < 2 || entry_start - buffer > length - 2)
+   if (length < 2 || entry_start > buffer + (length - 2U))
    {
       png_warning(png_ptr, "malformed sPLT chunk");
       return;