diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch03/pngrutil.c
--- libpng-1.2.5/pngrutil.c	Thu Oct  3 06:32:30 2002
+++ libpng-1.2.5patch03/pngrutil.c	Fri Jul 23 18:54:36 2004
@@ -1241,7 +1241,8 @@
          /* Should be an error, but we can cope with it */
          png_warning(png_ptr, "Missing PLTE before tRNS");
       }
-      else if (length > (png_uint_32)png_ptr->num_palette)
+      if (length > (png_uint_32)png_ptr->num_palette ||
+          length > PNG_MAX_PALETTE_LENGTH)
       {
          png_warning(png_ptr, "Incorrect tRNS chunk length");
          png_crc_finish(png_ptr, length);