author: Eric Anholt <anholt@FreeBSD.org> 2004-12-23 01:35:49 +0000
committer: Eric Anholt <anholt@FreeBSD.org> 2004-12-23 01:35:49 +0000
commit: c90ee83f03de6ce87bf86a6daf09a0010f59c46d (patch)
tree: 589d40624d0cb825807bd5fe7f399d8769657bb1 /x11/xorg-libraries/files/patch-xpm-sec
parent: 51e87664b4189e288b48026b85579b9a4be3df5e (diff)
download: ports-c90ee83f03de6ce87bf86a6daf09a0010f59c46d.tar.gz
ports-c90ee83f03de6ce87bf86a6daf09a0010f59c46d.zip
1 files changed, 83 insertions, 376 deletions
diff --git a/x11/xorg-libraries/files/patch-xpm-sec b/x11/xorg-libraries/files/patch-xpm-sec
index 347ab0563d6e..fcb22f47be46 100644
--- a/x11/xorg-libraries/files/patch-xpm-sec
+++ b/x11/xorg-libraries/files/patch-xpm-sec
@@ -1,161 +1,82 @@
+? extras/Xpm/lib/xorg681-xpm-secadd.patch
 Index: extras/Xpm/lib/Attrib.c
 ===================================================================
 RCS file: /cvs/xorg/xc/extras/Xpm/lib/Attrib.c,v
-retrieving revision 1.1
-diff -u -r1.1 Attrib.c
---- extras/Xpm/lib/Attrib.c	14 Nov 2003 16:48:24 -0000	1.1
-+++ extras/Xpm/lib/Attrib.c	31 Oct 2004 20:12:38 -0000
-@@ -35,7 +35,7 @@
- #include "XpmI.h"
- 
- /* 3.2 backward compatibility code */
--LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors,
-+LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
- 				 XpmColor ***oldct));
- 
- LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
-@@ -46,12 +46,15 @@
- static int
- CreateOldColorTable(ct, ncolors, oldct)
-     XpmColor *ct;
--    int ncolors;
-+    unsigned int ncolors;
-     XpmColor ***oldct;
- {
+retrieving revision 1.1.1.1.6.1
+diff -u -r1.1.1.1.6.1 Attrib.c
+--- extras/Xpm/lib/Attrib.c	15 Sep 2004 15:47:39 -0000	1.1.1.1.6.1
++++ extras/Xpm/lib/Attrib.c	5 Nov 2004 03:21:02 -0000
+@@ -52,7 +52,7 @@
      XpmColor **colorTable, **color;
      int a;
  
+-    if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) 
 +    if (ncolors >= UINT_MAX / sizeof(XpmColor *)) 
-+	return XpmNoMemory;
-+
+ 	return XpmNoMemory;
+ 
      colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
-     if (!colorTable) {
- 	*oldct = NULL;
 Index: extras/Xpm/lib/CrDatFrI.c
 ===================================================================
 RCS file: /cvs/xorg/xc/extras/Xpm/lib/CrDatFrI.c,v
-retrieving revision 1.1.10.1
-diff -u -r1.1.10.1 CrDatFrI.c
---- extras/Xpm/lib/CrDatFrI.c	4 Mar 2004 17:46:10 -0000	1.1.10.1
-+++ extras/Xpm/lib/CrDatFrI.c	31 Oct 2004 20:12:38 -0000
-@@ -124,6 +124,8 @@
+retrieving revision 1.2.4.1
+diff -u -r1.2.4.1 CrDatFrI.c
+--- extras/Xpm/lib/CrDatFrI.c	15 Sep 2004 15:47:39 -0000	1.2.4.1
++++ extras/Xpm/lib/CrDatFrI.c	5 Nov 2004 03:21:02 -0000
+@@ -124,7 +124,7 @@
       */
      header_nlines = 1 + image->ncolors;
      header_size = sizeof(char *) * header_nlines;
+-    if (header_size >= SIZE_MAX / sizeof(char *))
 +    if (header_size >= UINT_MAX / sizeof(char *))
-+	return (XpmNoMemory);
+ 	return (XpmNoMemory);
      header = (char **) XpmCalloc(header_size, sizeof(char *));
      if (!header)
- 	return (XpmNoMemory);
-Index: extras/Xpm/lib/WrFFrI.c
-===================================================================
-RCS file: /cvs/xorg/xc/extras/Xpm/lib/WrFFrI.c,v
-retrieving revision 1.1.10.1
-diff -u -r1.1.10.1 WrFFrI.c
---- extras/Xpm/lib/WrFFrI.c	4 Mar 2004 17:46:10 -0000	1.1.10.1
-+++ extras/Xpm/lib/WrFFrI.c	31 Oct 2004 20:12:26 -0000
-@@ -248,6 +248,8 @@
-     unsigned int x, y, h;
- 
-     h = height - 1;
-+    if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) 
-+	return XpmNoMemory;    
-     p = buf = (char *) XpmMalloc(width * cpp + 3);
-     if (!buf)
- 	return (XpmNoMemory);
-Index: extras/Xpm/lib/XpmI.h
-===================================================================
-RCS file: /cvs/xorg/xc/extras/Xpm/lib/XpmI.h,v
-retrieving revision 1.1.4.1.6.1
-diff -u -r1.1.4.1.6.1 XpmI.h
---- extras/Xpm/lib/XpmI.h	4 Mar 2004 17:46:10 -0000	1.1.4.1.6.1
-+++ extras/Xpm/lib/XpmI.h	31 Oct 2004 20:12:26 -0000
-@@ -86,6 +86,18 @@
- 		boundCheckingCalloc((long)(nelem),(long) (elsize))
- #endif
- 
-+#if defined(SCO) || defined(__USLC__)
-+#include <stdint.h>	/* For SIZE_MAX */
-+#endif
-+#include <limits.h>
-+#ifndef SIZE_MAX
-+# ifdef ULONG_MAX
-+#  define SIZE_MAX ULONG_MAX
-+# else 
-+#  define SIZE_MAX UINT_MAX
-+# endif
-+#endif
-+
- #define XPMMAXCMTLEN BUFSIZ
- typedef struct {
-     unsigned int type;
-@@ -187,9 +199,9 @@
- }      *xpmHashAtom;
- 
- typedef struct {
--    int size;
--    int limit;
--    int used;
-+    unsigned int size;
-+    unsigned int limit;
-+    unsigned int used;
-     xpmHashAtom *atomTable;
- }      xpmHashTable;
- 
 Index: extras/Xpm/lib/create.c
 ===================================================================
 RCS file: /cvs/xorg/xc/extras/Xpm/lib/create.c,v
-retrieving revision 1.1.4.1.6.1
-diff -u -r1.1.4.1.6.1 create.c
---- extras/Xpm/lib/create.c	4 Mar 2004 17:46:10 -0000	1.1.4.1.6.1
-+++ extras/Xpm/lib/create.c	31 Oct 2004 20:12:38 -0000
-@@ -1,3 +1,4 @@
+retrieving revision 1.2.4.1
+diff -u -r1.2.4.1 create.c
+--- extras/Xpm/lib/create.c	15 Sep 2004 15:47:39 -0000	1.2.4.1
++++ extras/Xpm/lib/create.c	5 Nov 2004 03:21:03 -0000
+@@ -1,4 +1,4 @@
+-/* $XdotOrg: xc/extras/Xpm/lib/create.c,v 1.2.4.1 2004/09/15 15:47:39 daniel Exp $ */
 +/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
  /*
   * Copyright (C) 1989-95 GROUPE BULL
   *
-@@ -816,6 +817,9 @@
+@@ -817,7 +817,7 @@
  
      ErrorStatus = XpmSuccess;
  
+-    if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) 
 +    if (image->ncolors >= UINT_MAX / sizeof(Pixel)) 
-+	return (XpmNoMemory);
-+
+ 	return (XpmNoMemory);
+ 
      /* malloc pixels index tables */
-     image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
-     if (!image_pixels)
-@@ -988,6 +992,10 @@
+@@ -992,8 +992,10 @@
  	return (XpmNoMemory);
  
  #if !defined(FOR_MSW) && !defined(AMIGA)
+-    if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
 +    if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) {
 +	XDestroyImage(*image_return);
-+	return XpmNoMemory;
+ 	return XpmNoMemory;
 +    }
      /* now that bytes_per_line must have been set properly alloc data */
      (*image_return)->data =
  	(char *) XpmMalloc((*image_return)->bytes_per_line * height);
-@@ -2055,6 +2063,9 @@
+@@ -2061,8 +2063,8 @@
  	xpmGetCmt(data, &colors_cmt);
  
      /* malloc pixels index tables */
+-    if (ncolors >= SIZE_MAX / sizeof(Pixel)) 
+-	return XpmNoMemory;
 +    if (ncolors >= UINT_MAX / sizeof(Pixel)) 
 +	RETURN(XpmNoMemory);
-+
+ 
      image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
      if (!image_pixels)
- 	RETURN(XpmNoMemory);
-@@ -2309,7 +2320,8 @@
- 	    }
- 	    obm = SelectObject(*dc, image->bitmap);
- #endif
--
-+	    if (ncolors > 256)
-+		return (XpmFileInvalid);
- 
- 	    bzero((char *)colidx, 256 * sizeof(short));
- 	    for (a = 0; a < ncolors; a++)
-@@ -2356,7 +2368,7 @@
+@@ -2366,7 +2368,7 @@
  
  	    /* array of pointers malloced by need */
  	    unsigned short *cidx[256];
@@ -164,45 +85,15 @@ diff -u -r1.1.4.1.6.1 create.c
  
  	    bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
  	    for (a = 0; a < ncolors; a++) {
-@@ -2415,6 +2427,9 @@
- 	    char *s;
- 	    char buf[BUFSIZ];
- 
-+	    if (cpp >= sizeof(buf))
-+		return (XpmFileInvalid);
-+
- 	    buf[cpp] = '\0';
- 	    if (USE_HASHTABLE) {
- 		xpmHashAtom *slot;
-Index: extras/Xpm/lib/data.c
-===================================================================
-RCS file: /cvs/xorg/xc/extras/Xpm/lib/data.c,v
-retrieving revision 1.1.10.1
-diff -u -r1.1.10.1 data.c
---- extras/Xpm/lib/data.c	4 Mar 2004 17:46:10 -0000	1.1.10.1
-+++ extras/Xpm/lib/data.c	31 Oct 2004 20:12:26 -0000
-@@ -375,7 +375,7 @@
- {
-     if (!data->type)
- 	*cmt = NULL;
--    else if (data->CommentLength) {
-+    else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) {
- 	*cmt = (char *) XpmMalloc(data->CommentLength + 1);
- 	strncpy(*cmt, data->Comment, data->CommentLength);
- 	(*cmt)[data->CommentLength] = '\0';
 Index: extras/Xpm/lib/hashtab.c
 ===================================================================
 RCS file: /cvs/xorg/xc/extras/Xpm/lib/hashtab.c,v
-retrieving revision 1.1
-diff -u -r1.1 hashtab.c
---- extras/Xpm/lib/hashtab.c	14 Nov 2003 16:48:24 -0000	1.1
-+++ extras/Xpm/lib/hashtab.c	31 Oct 2004 20:12:38 -0000
-@@ -135,15 +135,17 @@
-     xpmHashTable *table;
- {
-     xpmHashAtom *atomTable = table->atomTable;
--    int size = table->size;
-+    unsigned int size = table->size;
+retrieving revision 1.1.1.1.6.1
+diff -u -r1.1.1.1.6.1 hashtab.c
+--- extras/Xpm/lib/hashtab.c	15 Sep 2004 15:47:39 -0000	1.1.1.1.6.1
++++ extras/Xpm/lib/hashtab.c	5 Nov 2004 03:21:03 -0000
+@@ -138,13 +138,13 @@
+     unsigned int size = table->size;
      xpmHashAtom *t, *p;
      int i;
 -    int oldSize = size;
@@ -212,198 +103,70 @@ diff -u -r1.1 hashtab.c
      HASH_TABLE_GROWS
  	table->size = size;
      table->limit = size / 3;
+-    if (size >= SIZE_MAX / sizeof(*atomTable)) 
 +    if (size >= UINT_MAX / sizeof(*atomTable)) 
-+	return (XpmNoMemory);
+ 	return (XpmNoMemory);
      atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
      if (!atomTable)
- 	return (XpmNoMemory);
-@@ -204,6 +206,8 @@
+@@ -206,7 +206,7 @@
      table->size = INITIAL_HASH_SIZE;
      table->limit = table->size / 3;
      table->used = 0;
+-    if (table->size >= SIZE_MAX / sizeof(*atomTable))
 +    if (table->size >= UINT_MAX / sizeof(*atomTable))
-+	return (XpmNoMemory);
+ 	return (XpmNoMemory);
      atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
      if (!atomTable)
- 	return (XpmNoMemory);
 Index: extras/Xpm/lib/parse.c
 ===================================================================
 RCS file: /cvs/xorg/xc/extras/Xpm/lib/parse.c,v
-retrieving revision 1.1.10.1
-diff -u -r1.1.10.1 parse.c
---- extras/Xpm/lib/parse.c	4 Mar 2004 17:46:10 -0000	1.1.10.1
-+++ extras/Xpm/lib/parse.c	31 Oct 2004 20:12:38 -0000
-@@ -1,3 +1,4 @@
+retrieving revision 1.2.4.1
+diff -u -r1.2.4.1 parse.c
+--- extras/Xpm/lib/parse.c	15 Sep 2004 15:47:39 -0000	1.2.4.1
++++ extras/Xpm/lib/parse.c	5 Nov 2004 03:21:03 -0000
+@@ -1,4 +1,4 @@
+-/* $XdotOrg: xc/extras/Xpm/lib/parse.c,v 1.2.4.1 2004/09/15 15:47:39 daniel Exp $ */
 +/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
  /*
   * Copyright (C) 1989-95 GROUPE BULL
   *
-@@ -44,6 +45,24 @@
- #include <ctype.h>
- #include <string.h>
- 
-+#ifdef HAS_STRLCAT
-+# define STRLCAT(dst, src, dstsize) { \
-+  	if (strlcat(dst, src, dstsize) >= (dstsize)) \
-+	    return (XpmFileInvalid); }
-+# define STRLCPY(dst, src, dstsize) { \
-+  	if (strlcpy(dst, src, dstsize) >= (dstsize)) \
-+	    return (XpmFileInvalid); }
-+#else
-+# define STRLCAT(dst, src, dstsize) { \
-+	if ((strlen(dst) + strlen(src)) < (dstsize)) \
-+ 	    strcat(dst, src); \
-+	else return (XpmFileInvalid); }
-+# define STRLCPY(dst, src, dstsize) { \
-+	if (strlen(src) < (dstsize)) \
-+ 	    strcpy(dst, src); \
-+	else return (XpmFileInvalid); }
-+#endif
-+
- LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
- 			 unsigned int height, unsigned int ncolors,
- 			 unsigned int cpp, XpmColor *colorTable,
-@@ -66,7 +85,7 @@
-     unsigned int *extensions;
- {
-     unsigned int l;
--    char buf[BUFSIZ];
-+    char buf[BUFSIZ + 1];
- 
-     if (!data->format) {		/* XPM 2 or 3 */
- 
-@@ -175,10 +194,10 @@
-     XpmColor **colorTablePtr;
-     xpmHashTable *hashtable;
- {
--    unsigned int key = 0, l, a, b;
-+    unsigned int key = 0, l, a, b, len;
-     unsigned int curkey;		/* current color key */
-     unsigned int lastwaskey;		/* key read */
--    char buf[BUFSIZ];
-+    char buf[BUFSIZ+1];
-     char curbuf[BUFSIZ];		/* current buffer */
-     char **sptr, *s;
-     XpmColor *color;
-@@ -186,6 +205,8 @@
+@@ -205,7 +205,7 @@
      char **defaults;
      int ErrorStatus;
  
+-    if (ncolors >= SIZE_MAX / sizeof(XpmColor))
 +    if (ncolors >= UINT_MAX / sizeof(XpmColor))
-+	return (XpmNoMemory);
+ 	return (XpmNoMemory);
      colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
      if (!colorTable)
- 	return (XpmNoMemory);
-@@ -197,6 +218,10 @@
+@@ -218,7 +218,7 @@
  	    /*
  	     * read pixel value
  	     */
+-	    if (cpp >= SIZE_MAX - 1) {
 +	    if (cpp >= UINT_MAX - 1) {
-+		xpmFreeColorTable(colorTable, ncolors);
-+		return (XpmNoMemory);
-+	    }
- 	    color->string = (char *) XpmMalloc(cpp + 1);
- 	    if (!color->string) {
- 		xpmFreeColorTable(colorTable, ncolors);
-@@ -234,13 +259,14 @@
- 		}
- 		if (!lastwaskey && key < NKEYS) {	/* open new key */
- 		    if (curkey) {	/* flush string */
--			s = (char *) XpmMalloc(strlen(curbuf) + 1);
-+			len = strlen(curbuf) + 1;
-+			s = (char *) XpmMalloc(len);
- 			if (!s) {
- 			    xpmFreeColorTable(colorTable, ncolors);
- 			    return (XpmNoMemory);
- 			}
- 			defaults[curkey] = s;
--			strcpy(s, curbuf);
-+			memcpy(s, curbuf, len);
- 		    }
- 		    curkey = key + 1;	/* set new key  */
- 		    *curbuf = '\0';	/* reset curbuf */
-@@ -251,9 +277,9 @@
- 			return (XpmFileInvalid);
- 		    }
- 		    if (!lastwaskey)
--			strcat(curbuf, " ");	/* append space */
-+			STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
- 		    buf[l] = '\0';
--		    strcat(curbuf, buf);/* append buf */
-+		    STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
- 		    lastwaskey = 0;
- 		}
- 	    }
-@@ -261,12 +287,13 @@
- 		xpmFreeColorTable(colorTable, ncolors);
- 		return (XpmFileInvalid);
- 	    }
--	    s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1);
-+	    len = strlen(curbuf) + 1;
-+	    s = defaults[curkey] = (char *) XpmMalloc(len);
- 	    if (!s) {
  		xpmFreeColorTable(colorTable, ncolors);
  		return (XpmNoMemory);
  	    }
--	    strcpy(s, curbuf);
-+	    memcpy(s, curbuf, len);
- 	}
-     } else {				/* XPM 1 */
- 	/* get to the beginning of the first string */
-@@ -279,6 +306,10 @@
+@@ -306,7 +306,7 @@
  	    /*
  	     * read pixel value
  	     */
+-	    if (cpp >= SIZE_MAX - 1) {
 +	    if (cpp >= UINT_MAX - 1) {
-+		xpmFreeColorTable(colorTable, ncolors);
-+		return (XpmNoMemory);
-+	    }
- 	    color->string = (char *) XpmMalloc(cpp + 1);
- 	    if (!color->string) {
- 		xpmFreeColorTable(colorTable, ncolors);
-@@ -307,16 +338,17 @@
- 	    *curbuf = '\0';		/* init curbuf */
- 	    while ((l = xpmNextWord(data, buf, BUFSIZ))) {
- 		if (*curbuf != '\0')
--		    strcat(curbuf, " ");/* append space */
-+		    STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
- 		buf[l] = '\0';
--		strcat(curbuf, buf);	/* append buf */
-+		STRLCAT(curbuf, buf, sizeof(curbuf));	/* append buf */
- 	    }
--	    s = (char *) XpmMalloc(strlen(curbuf) + 1);
-+	    len = strlen(curbuf) + 1;
-+	    s = (char *) XpmMalloc(len);
- 	    if (!s) {
  		xpmFreeColorTable(colorTable, ncolors);
  		return (XpmNoMemory);
  	    }
--	    strcpy(s, curbuf);
-+	    memcpy(s, curbuf, len);
- 	    color->c_color = s;
- 	    *curbuf = '\0';		/* reset curbuf */
- 	    if (a < ncolors - 1)
-@@ -341,6 +373,9 @@
-     unsigned int *iptr, *iptr2;
+@@ -374,7 +374,7 @@
      unsigned int a, x, y;
  
-+    if ((height > 0 && width >= SIZE_MAX / height) ||
+     if ((height > 0 && width >= SIZE_MAX / height) ||
+-	width * height >= SIZE_MAX / sizeof(unsigned int)) 
 +	width * height >= UINT_MAX / sizeof(unsigned int)) 
-+	return XpmNoMemory;
+ 	return XpmNoMemory;
  #ifndef FOR_MSW
      iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
- #else
-@@ -364,6 +399,9 @@
- 	{
- 	    unsigned short colidx[256];
- 
-+	    if (ncolors > 256)
-+		return (XpmFileInvalid);
-+
- 	    bzero((char *)colidx, 256 * sizeof(short));
- 	    for (a = 0; a < ncolors; a++)
- 		colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
-@@ -394,7 +432,7 @@
+@@ -432,7 +432,7 @@
  
  	    /* array of pointers malloced by need */
  	    unsigned short *cidx[256];
@@ -412,110 +175,54 @@ diff -u -r1.1.10.1 parse.c
  
  	    bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
  	    for (a = 0; a < ncolors; a++) {
-@@ -442,6 +480,9 @@
- 	    char *s;
- 	    char buf[BUFSIZ];
- 
-+	    if (cpp >= sizeof(buf))
-+		return (XpmFileInvalid);
-+
- 	    buf[cpp] = '\0';
- 	    if (USE_HASHTABLE) {
- 		xpmHashAtom *slot;
 Index: extras/Xpm/lib/scan.c
 ===================================================================
 RCS file: /cvs/xorg/xc/extras/Xpm/lib/scan.c,v
-retrieving revision 1.1.10.1
-diff -u -r1.1.10.1 scan.c
---- extras/Xpm/lib/scan.c	4 Mar 2004 17:46:10 -0000	1.1.10.1
-+++ extras/Xpm/lib/scan.c	31 Oct 2004 20:12:38 -0000
-@@ -107,7 +107,8 @@
- LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp,
- 				  XpmAttributes *attributes));
- 
--LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors,
-+LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, 
-+			     unsigned int ncolors, 
- 			     Pixel *pixels, unsigned int mask,
- 			     unsigned int cpp, XpmAttributes *attributes));
- 
-@@ -232,11 +233,17 @@
-     else
+retrieving revision 1.2.4.1
+diff -u -r1.2.4.1 scan.c
+--- extras/Xpm/lib/scan.c	15 Sep 2004 15:47:39 -0000	1.2.4.1
++++ extras/Xpm/lib/scan.c	5 Nov 2004 03:21:03 -0000
+@@ -234,14 +234,14 @@
  	cpp = 0;
  
-+    if ((height > 0 && width >= SIZE_MAX / height) ||
+     if ((height > 0 && width >= SIZE_MAX / height) ||
+-	width * height >= SIZE_MAX / sizeof(unsigned int))
 +	width * height >= UINT_MAX / sizeof(unsigned int))
-+	RETURN(XpmNoMemory);
+ 	RETURN(XpmNoMemory);
      pmap.pixelindex =
  	(unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
      if (!pmap.pixelindex)
  	RETURN(XpmNoMemory);
  
+-    if (pmap.size >= SIZE_MAX / sizeof(Pixel)) 
 +    if (pmap.size >= UINT_MAX / sizeof(Pixel)) 
-+	RETURN(XpmNoMemory);
-+
-     pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
-     if (!pmap.pixels)
  	RETURN(XpmNoMemory);
-@@ -301,7 +308,8 @@
+ 
+     pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
+@@ -308,7 +308,7 @@
       * get rgb values and a string of char, and possibly a name for each
       * color
       */
--
+-    if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
 +    if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor))
-+	RETURN(XpmNoMemory);
+ 	RETURN(XpmNoMemory);
      colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
      if (!colorTable)
- 	RETURN(XpmNoMemory);
-@@ -360,6 +368,8 @@
+@@ -368,7 +368,7 @@
  
      /* first get a character string */
      a = 0;
+-    if (cpp >= SIZE_MAX - 1)
 +    if (cpp >= UINT_MAX - 1)
-+	return (XpmNoMemory);
+ 	return (XpmNoMemory);
      if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
  	return (XpmNoMemory);
-     *s++ = printable[c = a % MAXPRINTABLE];
-@@ -407,7 +417,7 @@
- ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes)
-     Display *display;
-     XpmColor *colors;
--    int ncolors;
-+    unsigned int ncolors;
-     Pixel *pixels;
-     unsigned int mask;
-     unsigned int cpp;
-@@ -451,6 +461,8 @@
+@@ -461,7 +461,7 @@
      }
  
      /* first get character strings and rgb values */
+-    if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
 +    if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1)
-+	return (XpmNoMemory);
+ 	return (XpmNoMemory);
      xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
      if (!xcolors)
- 	return (XpmNoMemory);
-Index: lib/Xpm/Imakefile
-===================================================================
-RCS file: /cvs/xorg/xc/lib/Xpm/Imakefile,v
-retrieving revision 1.1.10.1
-diff -u -r1.1.10.1 Imakefile
---- lib/Xpm/Imakefile	4 Mar 2004 17:46:58 -0000	1.1.10.1
-+++ lib/Xpm/Imakefile	31 Oct 2004 20:12:26 -0000
-@@ -42,11 +42,16 @@
- SPRINTFDEF = -DVOID_SPRINTF
- #endif
- 
-+#if HasStrlcat
-+STRLCATDEF = -DHAS_STRLCAT
-+#endif
-+
- #if defined(Win32Architecture)
- ZPIPEDEF = -DNO_ZPIPE
- #endif
- 
--DEFINES = $(STRDUPDEF) $(STRCASECMPDEF) $(SPRINTFDEF) $(ZPIPEDEF) $(ZFILEDEF)
-+DEFINES = $(STRDUPDEF) $(STRCASECMPDEF) $(SPRINTFDEF) $(STRLCATDEF) \
-+		$(ZPIPEDEF) $(ZFILEDEF)
- 
- HEADERS = xpm.h
-
author	Eric Anholt <anholt@FreeBSD.org>	2004-12-23 01:35:49 +0000
committer	Eric Anholt <anholt@FreeBSD.org>	2004-12-23 01:35:49 +0000
commit	c90ee83f03de6ce87bf86a6daf09a0010f59c46d (patch)
tree	589d40624d0cb825807bd5fe7f399d8769657bb1 /x11/xorg-libraries/files/patch-xpm-sec
parent	51e87664b4189e288b48026b85579b9a4be3df5e (diff)
download	ports-c90ee83f03de6ce87bf86a6daf09a0010f59c46d.tar.gz ports-c90ee83f03de6ce87bf86a6daf09a0010f59c46d.zip