Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.2
imlib
imlib-more-xpm-fixes.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File imlib-more-xpm-fixes.patch of Package imlib
--- imlib-1.9.14/Imlib/load.c +++ imlib-1.9.14/Imlib/load.c @@ -5,6 +5,8 @@ #include <setjmp.h> #include <endian.h> +#define G_MAXINT ((int) 0x7fffffff) + /* Split the ID - damages input */ static char * @@ -42,13 +44,17 @@ /* * Make sure we don't wrap on our memory allocations + * we check G_MAXINT/4 because rend.c malloc's w * h * bpp + * + 3 is safety margin */ void * _imlib_malloc_image(unsigned int w, unsigned int h) { - if( w > 32767 || h > 32767) - return NULL; - return malloc(w * h * 3); + if (w <= 0 || w > 32767 || + h <= 0 || h > 32767 || + h >= (G_MAXINT/4 - 1) / w) + return NULL; + return malloc(w * h * 3 + 3); } #ifdef HAVE_LIBJPEG @@ -361,7 +367,9 @@ npix = ww * hh; *w = (int)ww; *h = (int)hh; - if(ww > 32767 || hh > 32767) + if (ww <= 0 || ww > 32767 || + hh <= 0 || hh > 32767 || + hh >= (G_MAXINT/sizeof(uint32)) / ww) { TIFFClose(tif); return NULL; @@ -464,7 +472,7 @@ } *w = gif->Image.Width; *h = gif->Image.Height; - if (*h > 32767 || *w > 32767) + if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) { return NULL; } @@ -996,7 +1004,12 @@ comment = 0; quote = 0; context = 0; + memset(lookup, 0, sizeof(lookup)); + line = malloc(lsz); + if (!line) + return NULL; + while (!done) { pc = c; @@ -1025,25 +1038,25 @@ { /* Header */ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n"); free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n"); free(line); return NULL; } - if (*w > 32767) + if (*w <= 0 || *w > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); free(line); return NULL; } - if (*h > 32767) + if (*h <= 0 || *h > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); free(line); @@ -1076,11 +1089,13 @@ { int slen; int hascolor, iscolor; + int space; iscolor = 0; hascolor = 0; tok[0] = 0; col[0] = 0; + space = sizeof(col) - 1; s[0] = 0; len = strlen(line); strncpy(cmap[j].str, line, cpp); @@ -1103,10 +1118,10 @@ { if (k >= len) { - if (col[0]) - strcat(col, " "); - if (strlen(col) + strlen(s) < sizeof(col)) - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -= 1; + if (slen <= space) + strcat(col, s), space -= slen; } if (col[0]) { @@ -1136,14 +1151,17 @@ } } } - strcpy(tok, s); + if (slen < sizeof(tok)); + strcpy(tok, s); col[0] = 0; + space = sizeof(col) - 1; } else { - if (col[0]) - strcat(col, " "); - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -=1; + if (slen <= space) + strcat(col, s), space -= slen; } } } @@ -1372,12 +1390,12 @@ sscanf(s, "%i %i", w, h); a = *w; b = *h; - if (a > 32767) + if (a <= 0 || a > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); return NULL; } - if (b > 32767) + if (b <= 0 || b > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); return NULL; --- imlib-1.9.14/Imlib/utils.c +++ imlib-1.9.14/Imlib/utils.c @@ -1496,36 +1496,56 @@ context = 0; ptr = NULL; end = NULL; + memset(lookup, 0, sizeof(lookup)); while (!done) { line = data[count++]; + if (!line) + break; + line = strdup(line); + if (!line) + break; + len = strlen(line); + for (i = 0; i < len; ++i) + { + c = line[i]; + if (c < 32) + line[i] = 32; + else if (c > 127) + line[i] = 127; + } + if (context == 0) { /* Header */ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n"); free(im); + free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n"); free(im); + free(line); return NULL; } - if (w > 32767) + if (w <= 0 || w > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n"); free(im); + free(line); return NULL; } - if (h > 32767) + if (h <= 0 || h > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n"); free(im); + free(line); return NULL; } cmap = malloc(sizeof(struct _cmap) * ncolors); @@ -1533,6 +1553,7 @@ if (!cmap) { free(im); + free(line); return NULL; } im->rgb_width = w; @@ -1542,6 +1563,7 @@ { free(cmap); free(im); + free(line); return NULL; } im->alpha_data = NULL; @@ -1817,6 +1839,7 @@ } if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) done = 1; + free(line); } if (!transp) { --- imlib-1.9.14/gdk_imlib/io-gif.c +++ imlib-1.9.14/gdk_imlib/io-gif.c @@ -55,7 +55,7 @@ } *w = gif->Image.Width; *h = gif->Image.Height; - if(*h > 32767 || *w > 32767) + if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) { return NULL; } --- imlib-1.9.14/gdk_imlib/io-ppm.c +++ imlib-1.9.14/gdk_imlib/io-ppm.c @@ -53,12 +53,12 @@ sscanf(s, "%i %i", w, h); a = *w; b = *h; - if (a > 32767) + if (a <= 0 || a > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); return NULL; } - if (b > 32767) + if (b <= 0 || b > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); return NULL; --- imlib-1.9.14/gdk_imlib/io-tiff.c +++ imlib-1.9.14/gdk_imlib/io-tiff.c @@ -36,7 +36,9 @@ npix = ww * hh; *w = (int)ww; *h = (int)hh; - if(ww > 32767 || hh > 32767) + if (ww <= 0 || ww > 32767 || + hh <= 0 || hh > 32767 || + hh >= (G_MAXINT/sizeof(uint32)) / ww) { TIFFClose(tif); return NULL; --- imlib-1.9.14/gdk_imlib/io-xpm.c +++ imlib-1.9.14/gdk_imlib/io-xpm.c @@ -40,8 +40,12 @@ context = 0; i = j = 0; cmap = NULL; + memset(lookup, 0, sizeof(lookup)); line = malloc(lsz); + if (!line) + return NULL; + while (!done) { pc = c; @@ -70,25 +74,25 @@ { /* Header */ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n"); free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n"); free(line); return NULL; } - if (*w > 32767) + if (*w <= 0 || *w > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); free(line); return NULL; } - if (*h > 32767) + if (*h <= 0 || *h > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); free(line); @@ -120,11 +124,13 @@ { int slen; int hascolor, iscolor; + int space; hascolor = 0; iscolor = 0; tok[0] = 0; col[0] = 0; + space = sizeof(col) - 1; s[0] = 0; len = strlen(line); strncpy(cmap[j].str, line, cpp); @@ -147,10 +153,10 @@ { if (k >= len) { - if (col[0]) - strcat(col, " "); - if (strlen(col) + strlen(s) < sizeof(col)) - strcat(col, s); + if (col[0] && space > 0) + strncat(col, " ", space), space -= 1; + if (slen <= space) + strcat(col, s), space -= slen; } if (col[0]) { @@ -180,14 +186,17 @@ } } } - strcpy(tok, s); + if (slen < sizeof(tok)) + strcpy(tok, s); col[0] = 0; + space = sizeof(col) - 1; } else { - if (col[0]) - strcat(col, " "); - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -= 1; + if (slen <= space) + strcat(col, s), space -= slen; } } } --- imlib-1.9.14/gdk_imlib/misc.c +++ imlib-1.9.14/gdk_imlib/misc.c @@ -1355,11 +1355,16 @@ /* * Make sure we don't wrap on our memory allocations + * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp + * + 3 is safety margin */ void *_gdk_malloc_image(unsigned int w, unsigned int h) { - if( w > 32767 || h > 32767) + if (w <= 0 || w > 32767 || + h <= 0 || h > 32767 || + h >= (G_MAXINT/4 - 1) / w) return NULL; - return malloc(w * h * 3); + return malloc(w * h * 3 + 3); } + --- imlib-1.9.14/gdk_imlib/utils.c +++ imlib-1.9.14/gdk_imlib/utils.c @@ -1236,36 +1236,56 @@ context = 0; ptr = NULL; end = NULL; + memset(lookup, 0, sizeof(lookup)); while (!done) { line = data[count++]; + if (!line) + break; + line = strdup(line); + if (!line) + break; + len = strlen(line); + for (i = 0; i < len; ++i) + { + c = line[i]; + if (c < 32) + line[i] = 32; + else if (c > 127) + line[i] = 127; + } + if (context == 0) { /* Header */ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n"); free(im); + free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n"); free(im); + free(line); return NULL; } - if (w > 32767) + if (w <= 0 || w > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n"); free(im); + free(line); return NULL; } - if (h > 32767) + if (h <= 0 || h > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n"); free(im); + free(line); return NULL; } cmap = malloc(sizeof(struct _cmap) * ncolors); @@ -1273,6 +1293,7 @@ if (!cmap) { free(im); + free(line); return NULL; } im->rgb_width = w; @@ -1282,6 +1303,7 @@ { free(cmap); free(im); + free(line); return NULL; } im->alpha_data = NULL; @@ -1355,7 +1377,7 @@ strcpy(col + colptr, " "); colptr++; } - if (colptr + ls <= sizeof(col)) + if (colptr + ls < sizeof(col)) { strcpy(col + colptr, s); colptr += ls; @@ -1558,6 +1580,7 @@ } if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) done = 1; + free(line); } if (!transp) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
