From 57e92a8432788170329c2280df6a81993d4d6bd4 Mon Sep 17 00:00:00 2001
From: John Bowler <jbowler@acm.org>
Date: Thu, 19 Nov 2015 21:12:54 -0600
Subject: [PATCH] [libpng17] Use "1U" not "1" in pointer calculations in
 png_handle_sPLT().

---
 pngrutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pngrutil.c b/pngrutil.c
index 38fbc57bd..464bc1bf9 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -1530,7 +1530,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr)
    ++entry_start;
 
    /* A sample depth should follow the separator, and we should be on it  */
-   if (length < 2 || entry_start - buffer > length - 2)
+   if (length < 2 || entry_start > buffer + (length - 2U))
    {
       png_chunk_benign_error(png_ptr, "malformed");
       return;