From 1febf277af1f3b06ab33f0a9d6d3dc8da014d7f3 Mon Sep 17 00:00:00 2001
From: Christoph Oelckers <coelckers@users.noreply.github.com>
Date: Tue, 11 Apr 2017 10:28:21 +0200
Subject: [PATCH] - fixed crash on bad PNGs.

The cast to a signed long could create negative numbers which failed the sanity check and caused a stack corruption.
---
 src/m_png.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/m_png.cpp b/src/m_png.cpp
index c51f37be8..28f015e7b 100644
--- a/src/m_png.cpp
+++ b/src/m_png.cpp
@@ -576,7 +576,7 @@ bool M_ReadIDAT (FileReader *file, uint8_t *buffer, int width, int height, int p
 		if (stream.avail_in == 0 && chunklen > 0)
 		{
 			stream.next_in = chunkbuffer;
-			stream.avail_in = (uInt)file->Read (chunkbuffer, MIN<long>(chunklen,sizeof(chunkbuffer)));
+			stream.avail_in = (uInt)file->Read (chunkbuffer, MIN<uint32_t>(chunklen,sizeof(chunkbuffer)));
 			chunklen -= stream.avail_in;
 		}