diff -r -U 3 libpng-1.2.5/png.h libpng-1.2.5patch04/png.h
--- libpng-1.2.5/png.h	Thu Oct  3 06:32:26 2002
+++ libpng-1.2.5patch04/png.h	Fri Jul 23 18:56:27 2004
@@ -833,7 +833,11 @@
 typedef png_info FAR * FAR * png_infopp;
 
 /* Maximum positive integer used in PNG is (2^31)-1 */
-#define PNG_MAX_UINT ((png_uint_32)0x7fffffffL)
+#define PNG_UINT_31_MAX ((png_uint_32)0x7fffffffL)
+#define PNG_UINT_32_MAX (~((png_uint_32)0))
+#define PNG_SIZE_MAX (~((png_size_t)0))
+/* PNG_MAX_UINT is deprecated; use PNG_UINT_31_MAX instead. */
+#define PNG_MAX_UINT PNG_UINT_31_MAX
 
 /* These describe the color_type field in png_info. */
 /* color type masks */
@@ -2655,6 +2659,8 @@
 PNG_EXTERN png_uint_32 png_get_uint_32 PNGARG((png_bytep buf));
 PNG_EXTERN png_uint_16 png_get_uint_16 PNGARG((png_bytep buf));
 #endif /* !PNG_READ_BIG_ENDIAN_SUPPORTED */
+PNG_EXTERN png_uint_32 png_get_uint_31 PNGARG((png_structp png_ptr,
+  png_bytep buf));
 
 /* Initialize png_ptr struct for reading, and allocate any other memory.
  * (old interface - DEPRECATED - use png_create_read_struct instead).
diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch04/pngrutil.c
--- libpng-1.2.5/pngrutil.c	Thu Oct  3 06:32:30 2002
+++ libpng-1.2.5patch04/pngrutil.c	Fri Jul 23 18:56:27 2004
@@ -38,6 +38,14 @@
 #  endif
 #endif
 
+png_uint_32 /* PRIVATE */
+png_get_uint_31(png_structp png_ptr, png_bytep buf)
+{
+   png_uint_32 i = png_get_uint_32(buf);
+   if (i > PNG_UINT_31_MAX)
+     png_error(png_ptr, "PNG unsigned integer out of range.\n");
+   return (i);
+}
 #ifndef PNG_READ_BIG_ENDIAN_SUPPORTED
 /* Grab an unsigned 32-bit integer from a buffer in big-endian format. */
 png_uint_32 /* PRIVATE */