Unsigned overflow

Remove all currently detected cases of unsigned overflow.  Detection is
runtime, so test case dependent.  The changes to pngvalid.c eliminate
spurious and probably invalid tests with one while loop exception.

Apart from that and the change to the dependence on the intended
unsigned overflow in pngtrans.c the changes are limited to altering the
meme for an unsigned 'x' from:

   while (x-- > 0)

to

   for (; x > 0; --x)

This works because, in all cases, the control variable is not used in
the loop.  The 'while' meme was, at one time, warn'ed by GCC so it is
probably a good change, for some weird religious value of good.

Signed-off-by: John Bowler <jbowler@acm.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/pngread.c b/pngread.c
index b457fd027..1f33b445a 100644
--- a/pngread.c
+++ b/pngread.c
@@ -3231,7 +3231,7 @@ png_image_read_colormapped(png_voidp argument)
          png_uint_32      y = image->height;
          png_bytep        row = png_voidcast(png_bytep, display->first_row);
 
-         while (y-- > 0)
+         for (; y > 0; --y)
          {
             png_read_row(png_ptr, row, NULL);
             row += row_bytes;
@@ -4064,7 +4064,7 @@ png_image_read_direct(png_voidp argument)
          png_uint_32      y = image->height;
          png_bytep        row = png_voidcast(png_bytep, display->first_row);
 
-         while (y-- > 0)
+         for (; y > 0; --y)
          {
             png_read_row(png_ptr, row, NULL);
             row += row_bytes;