From 60560ff051ed58de75c8a5260ae8a5c8fcdf1991 Mon Sep 17 00:00:00 2001
From: Andreas Huggel <ahuggel@gmx.net>
Date: Fri, 31 Aug 2012 04:31:05 +0000
Subject: [PATCH] #841: Additional check to prevent issues with the sign when
 casting uint32_t to long.

---
 src/pngimage.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pngimage.cpp b/src/pngimage.cpp
index b527901e..133d205b 100644
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@@ -136,7 +136,9 @@ namespace Exiv2 {
             // Decode chunk data length.
             uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
             long pos = io_->tell();
-            if (pos == -1 || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
+            if (   pos == -1
+                || dataOffset > uint32_t(0x7FFFFFFF)
+                || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
 
             // Perform a chunk triage for item that we need.