From 8ba160ba94f44e0b31828fdd476a1f7142ee70cf Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Sat, 21 Nov 2015 14:31:59 -0600
Subject: [PATCH] [libpng16] Use unsigned constants in buffer length
 comparisons

---
 pngrutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pngrutil.c b/pngrutil.c
index 5dd04cd0e..d54309120 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -1670,7 +1670,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
    ++entry_start;
 
    /* A sample depth should follow the separator, and we should be on it  */
-   if (length < 2 || entry_start > buffer + (length - 2U))
+   if (length < 2U || entry_start > buffer + (length - 2U))
    {
       png_warning(png_ptr, "malformed sPLT chunk");
       return;
@@ -2174,7 +2174,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
    /* We need to have at least 12 bytes after the purpose string
     * in order to get the parameter information.
     */
-   if (endptr - buf <= 12)
+   if (endptr - buf <= 12U)
    {
       png_chunk_benign_error(png_ptr, "invalid");
       return;