diff -r -U 3 libpng-1.0.5/png.h libpng-1.0.5patch04a/png.h
--- libpng-1.0.5/png.h	Thu Oct 14 07:43:08 1999
+++ libpng-1.0.5patch04a/png.h	Fri Jul 23 22:02:58 2004
@@ -510,7 +510,11 @@
 typedef png_info FAR * FAR * png_infopp;
 
 /* Maximum positive integer used in PNG is (2^31)-1 */
-#define PNG_MAX_UINT ((png_uint_32)0x7fffffffL)
+#define PNG_UINT_31_MAX ((png_uint_32)0x7fffffffL)
+#define PNG_UINT_32_MAX (~((png_uint_32)0))
+#define PNG_SIZE_MAX (~((png_size_t)0))
+/* PNG_MAX_UINT is deprecated; use PNG_UINT_31_MAX instead. */
+#define PNG_MAX_UINT PNG_UINT_31_MAX
 
 /* These describe the color_type field in png_info. */
 /* color type masks */
@@ -1839,6 +1843,8 @@
 PNG_EXTERN png_uint_32 png_get_uint_32 PNGARG((png_bytep buf));
 PNG_EXTERN png_uint_16 png_get_uint_16 PNGARG((png_bytep buf));
 #endif /* PNG_READ_BIG_ENDIAN_SUPPORTED */
+PNG_EXTERN png_uint_32 png_get_uint_31 PNGARG((png_structp png_ptr,
+  png_bytep buf));
 
 /* Initialize png_ptr struct for reading, and allocate any other memory.
  * (old interface - NOT DLL EXPORTED).
diff -r -U 3 libpng-1.0.5/pngrutil.c libpng-1.0.5patch04a/pngrutil.c
--- libpng-1.0.5/pngrutil.c	Thu Oct 14 07:43:08 1999
+++ libpng-1.0.5patch04a/pngrutil.c	Fri Jul 23 22:02:59 2004
@@ -18,6 +18,14 @@
 #include "pngasmrd.h"
 #endif
 
+png_uint_32 /* PRIVATE */
+png_get_uint_31(png_structp png_ptr, png_bytep buf)
+{
+   png_uint_32 i = png_get_uint_32(buf);
+   if (i > PNG_UINT_31_MAX)
+     png_error(png_ptr, "PNG unsigned integer out of range.\n");
+   return (i);
+}
 #ifndef PNG_READ_BIG_ENDIAN_SUPPORTED
 /* Grab an unsigned 32-bit integer from a buffer in big-endian format. */
 png_uint_32