1 |
ulm 08/02/23 17:36:09 |
2 |
|
3 |
Added: 01_all_mwm-configdir.patch |
4 |
02_all_CAN-2004-0687-0688.patch |
5 |
03_all_CAN-2004-0914-newer.patch |
6 |
04_all_CAN-2004-0914_sec8.patch |
7 |
05_all_char_not_supported.patch |
8 |
06_all_pixel_length.patch |
9 |
07_all_popup_timeout.patch |
10 |
08_all_XmResizeHashTable.patch 09_all_utf8.patch |
11 |
10_all_no_demos.patch 11_all_CAN-2005-0605.patch |
12 |
12_all_uil.patch 13_all_automake.patch |
13 |
Log: |
14 |
Add patchset for openmotif-2.2.3 |
15 |
|
16 |
Revision Changes Path |
17 |
1.1 src/patchsets/openmotif/2.2.3/01_all_mwm-configdir.patch |
18 |
|
19 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&view=markup |
20 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&content-type=text/plain |
21 |
|
22 |
Index: 01_all_mwm-configdir.patch |
23 |
=================================================================== |
24 |
diff -urN openMotif-2.2.2.orig/clients/mwm/WmResParse.c openMotif-2.2.2/clients/mwm/WmResParse.c |
25 |
--- openMotif-2.2.2.orig/clients/mwm/WmResParse.c 2002-01-10 21:55:37.000000000 +0100 |
26 |
+++ openMotif-2.2.2/clients/mwm/WmResParse.c 2003-06-04 22:20:22.000000000 +0200 |
27 |
@@ -2411,7 +2411,7 @@ |
28 |
if (MwmBehavior) |
29 |
{ |
30 |
strcpy(cfileName, LIBDIR); |
31 |
- strncat(cfileName, "/", MAXWMPATH-strlen(cfileName)); |
32 |
+ strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName)); |
33 |
strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName)); |
34 |
strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
35 |
} |
36 |
@@ -2427,7 +2427,7 @@ |
37 |
* Try /$LANG/system.mwmrc within the install tree |
38 |
*/ |
39 |
strcpy(cfileName, LIBDIR); |
40 |
- strncat(cfileName, "/", MAXWMPATH-strlen(cfileName)); |
41 |
+ strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName)); |
42 |
strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName)); |
43 |
strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
44 |
#endif /* WSM */ |
45 |
@@ -2449,7 +2449,7 @@ |
46 |
if (MwmBehavior) |
47 |
{ |
48 |
strcpy(cfileName, LIBDIR); |
49 |
- strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
50 |
+ strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
51 |
#ifdef PANELIST |
52 |
fileP = fopen (cfileName, "r"); |
53 |
#else /* PANELIST */ |
54 |
@@ -2473,7 +2473,7 @@ |
55 |
* Try /system.mwmrc within the install tree |
56 |
*/ |
57 |
strcpy(cfileName, LIBDIR); |
58 |
- strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
59 |
+ strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
60 |
|
61 |
if (LANG != NULL) |
62 |
{ |
63 |
|
64 |
|
65 |
|
66 |
1.1 src/patchsets/openmotif/2.2.3/02_all_CAN-2004-0687-0688.patch |
67 |
|
68 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&view=markup |
69 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&content-type=text/plain |
70 |
|
71 |
Index: 02_all_CAN-2004-0687-0688.patch |
72 |
=================================================================== |
73 |
--- openMotif-2.2.3/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2004-09-30 11:52:40.176933831 +0200 |
74 |
+++ openMotif-2.2.3/lib/Xm/Xpmhashtab.c 2004-09-30 11:53:47.288717782 +0200 |
75 |
@@ -141,7 +141,7 @@ |
76 |
xpmHashTable *table; |
77 |
{ |
78 |
xpmHashAtom *atomTable = table->atomTable; |
79 |
- int size = table->size; |
80 |
+ unsigned int size = table->size; |
81 |
xpmHashAtom *t, *p; |
82 |
int i; |
83 |
int oldSize = size; |
84 |
@@ -150,6 +150,8 @@ |
85 |
HASH_TABLE_GROWS |
86 |
table->size = size; |
87 |
table->limit = size / 3; |
88 |
+ if (size >= SIZE_MAX / sizeof(*atomTable)) |
89 |
+ return (XpmNoMemory); |
90 |
atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); |
91 |
if (!atomTable) |
92 |
return (XpmNoMemory); |
93 |
@@ -210,6 +212,8 @@ |
94 |
table->size = INITIAL_HASH_SIZE; |
95 |
table->limit = table->size / 3; |
96 |
table->used = 0; |
97 |
+ if (table->size >= SIZE_MAX / sizeof(*atomTable)) |
98 |
+ return (XpmNoMemory); |
99 |
atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); |
100 |
if (!atomTable) |
101 |
return (XpmNoMemory); |
102 |
--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2004-09-30 11:36:04.545969020 +0200 |
103 |
+++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-09-30 11:37:14.583312219 +0200 |
104 |
@@ -244,6 +244,8 @@ |
105 |
unsigned int x, y, h; |
106 |
|
107 |
h = height - 1; |
108 |
+ if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) |
109 |
+ return (XpmNoMemory); |
110 |
p = buf = (char *) XpmMalloc(width * cpp + 3); |
111 |
if (!buf) |
112 |
return (XpmNoMemory); |
113 |
--- openMotif-2.2.3/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2004-09-30 11:51:30.712472999 +0200 |
114 |
+++ openMotif-2.2.3/lib/Xm/Xpmdata.c 2004-09-30 11:52:26.665789239 +0200 |
115 |
@@ -376,7 +376,7 @@ |
116 |
{ |
117 |
if (!mdata->type) |
118 |
*cmt = NULL; |
119 |
- else if (mdata->CommentLength) { |
120 |
+ else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { |
121 |
*cmt = (char *) XpmMalloc(mdata->CommentLength + 1); |
122 |
strncpy(*cmt, mdata->Comment, mdata->CommentLength); |
123 |
(*cmt)[mdata->CommentLength] = '\0'; |
124 |
--- openMotif-2.2.3/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-09-30 11:38:09.358760225 +0200 |
125 |
+++ openMotif-2.2.3/lib/Xm/XpmI.h 2004-09-30 11:39:58.498714150 +0200 |
126 |
@@ -179,6 +179,18 @@ |
127 |
boundCheckingCalloc((long)(nelem),(long) (elsize)) |
128 |
#endif |
129 |
|
130 |
+#if defined(SCO) || defined(__USLC__) |
131 |
+#include <stdint.h> /* For SIZE_MAX */ |
132 |
+#endif |
133 |
+#include <limits.h> |
134 |
+#ifndef SIZE_MAX |
135 |
+# ifdef ULONG_MAX |
136 |
+# define SIZE_MAX ULONG_MAX |
137 |
+# else |
138 |
+# define SIZE_MAX UINT_MAX |
139 |
+# endif |
140 |
+#endif |
141 |
+ |
142 |
#define XPMMAXCMTLEN BUFSIZ |
143 |
typedef struct { |
144 |
unsigned int type; |
145 |
@@ -276,9 +288,9 @@ |
146 |
} *xpmHashAtom; |
147 |
|
148 |
typedef struct { |
149 |
- int size; |
150 |
- int limit; |
151 |
- int used; |
152 |
+ unsigned int size; |
153 |
+ unsigned int limit; |
154 |
+ unsigned int used; |
155 |
xpmHashAtom *atomTable; |
156 |
} xpmHashTable; |
157 |
|
158 |
--- openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2004-09-30 11:35:18.058379165 +0200 |
159 |
+++ openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c 2004-09-30 11:35:43.951808698 +0200 |
160 |
@@ -134,6 +134,8 @@ |
161 |
*/ |
162 |
header_nlines = 1 + image->ncolors; |
163 |
header_size = sizeof(char *) * header_nlines; |
164 |
+ if (header_size >= SIZE_MAX / sizeof(char *)) |
165 |
+ return (XpmNoMemory); |
166 |
header = (char **) XpmCalloc(header_size, sizeof(char *)); |
167 |
if (!header) |
168 |
return (XpmNoMemory); |
169 |
--- openMotif-2.2.3/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2004-09-30 12:05:34.424607695 +0200 |
170 |
+++ openMotif-2.2.3/lib/Xm/Xpmscan.c 2004-09-30 12:08:16.963282178 +0200 |
171 |
@@ -98,7 +98,8 @@ |
172 |
LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, |
173 |
XpmAttributes *attributes)); |
174 |
|
175 |
-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, |
176 |
+LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, |
177 |
+ unsigned int ncolors, |
178 |
Pixel *pixels, unsigned int mask, |
179 |
unsigned int cpp, XpmAttributes *attributes)); |
180 |
|
181 |
@@ -225,11 +226,17 @@ |
182 |
else |
183 |
cpp = 0; |
184 |
|
185 |
+ if ((height > 0 && width >= SIZE_MAX / height) || |
186 |
+ width * height >= SIZE_MAX / sizeof(unsigned int)) |
187 |
+ RETURN(XpmNoMemory); |
188 |
pmap.pixelindex = |
189 |
(unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); |
190 |
if (!pmap.pixelindex) |
191 |
RETURN(XpmNoMemory); |
192 |
|
193 |
+ if (pmap.size >= SIZE_MAX / sizeof(Pixel)) |
194 |
+ RETURN(XpmNoMemory); |
195 |
+ |
196 |
pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); |
197 |
if (!pmap.pixels) |
198 |
RETURN(XpmNoMemory); |
199 |
@@ -285,6 +292,8 @@ |
200 |
* color |
201 |
*/ |
202 |
|
203 |
+ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) |
204 |
+ RETURN(XpmNoMemory); |
205 |
colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); |
206 |
if (!colorTable) |
207 |
RETURN(XpmNoMemory); |
208 |
@@ -332,6 +341,8 @@ |
209 |
|
210 |
/* first get a character string */ |
211 |
a = 0; |
212 |
+ if (cpp >= SIZE_MAX - 1) |
213 |
+ return (XpmNoMemory); |
214 |
if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) |
215 |
return (XpmNoMemory); |
216 |
*s++ = printable[c = a % MAXPRINTABLE]; |
217 |
@@ -379,7 +390,7 @@ |
218 |
ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) |
219 |
Display *display; |
220 |
XpmColor *colors; |
221 |
- int ncolors; |
222 |
+ unsigned int ncolors; |
223 |
Pixel *pixels; |
224 |
unsigned int mask; |
225 |
unsigned int cpp; |
226 |
@@ -423,6 +434,8 @@ |
227 |
} |
228 |
|
229 |
/* first get character strings and rgb values */ |
230 |
+ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) |
231 |
+ return (XpmNoMemory); |
232 |
xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); |
233 |
if (!xcolors) |
234 |
return (XpmNoMemory); |
235 |
--- openMotif-2.2.3/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2004-09-30 11:33:10.216008908 +0200 |
236 |
+++ openMotif-2.2.3/lib/Xm/XpmAttrib.c 2004-09-30 11:33:41.187737616 +0200 |
237 |
@@ -41,8 +41,8 @@ |
238 |
#include "XpmI.h" |
239 |
|
240 |
/* 3.2 backward compatibility code */ |
241 |
-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, |
242 |
- XpmColor ***oldct)); |
243 |
+LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, |
244 |
+ XpmColor ***oldct)); |
245 |
|
246 |
LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); |
247 |
|
248 |
@@ -52,12 +52,15 @@ |
249 |
static int |
250 |
CreateOldColorTable(ct, ncolors, oldct) |
251 |
XpmColor *ct; |
252 |
- int ncolors; |
253 |
+ unsigned int ncolors; |
254 |
XpmColor ***oldct; |
255 |
{ |
256 |
XpmColor **colorTable, **color; |
257 |
int a; |
258 |
|
259 |
+ if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) |
260 |
+ return XpmNoMemory; |
261 |
+ |
262 |
colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); |
263 |
if (!colorTable) { |
264 |
*oldct = NULL; |
265 |
--- openMotif-2.2.3/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2004-09-30 11:40:22.122457590 +0200 |
266 |
+++ openMotif-2.2.3/lib/Xm/Xpmcreate.c 2004-09-30 12:49:44.411019183 +0200 |
267 |
@@ -804,6 +804,9 @@ |
268 |
|
269 |
ErrorStatus = XpmSuccess; |
270 |
|
271 |
+ if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) |
272 |
+ return (XpmNoMemory); |
273 |
+ |
274 |
/* malloc pixels index tables */ |
275 |
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors); |
276 |
if (!image_pixels) |
277 |
@@ -947,6 +950,8 @@ |
278 |
return (XpmNoMemory); |
279 |
|
280 |
#ifndef FOR_MSW |
281 |
+ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) |
282 |
+ return XpmNoMemory; |
283 |
/* now that bytes_per_line must have been set properly alloc data */ |
284 |
(*image_return)->data = |
285 |
(char *) XpmMalloc((*image_return)->bytes_per_line * height); |
286 |
@@ -1992,6 +1997,9 @@ |
287 |
xpmGetCmt(data, &colors_cmt); |
288 |
|
289 |
/* malloc pixels index tables */ |
290 |
+ if (ncolors >= SIZE_MAX / sizeof(Pixel)) |
291 |
+ return XpmNoMemory; |
292 |
+ |
293 |
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); |
294 |
if (!image_pixels) |
295 |
RETURN(XpmNoMemory); |
296 |
@@ -2207,6 +2215,9 @@ |
297 |
{ |
298 |
unsigned short colidx[256]; |
299 |
|
300 |
+ if (ncolors > 256) |
301 |
+ return (XpmFileInvalid); |
302 |
+ |
303 |
bzero((char *)colidx, 256 * sizeof(short)); |
304 |
for (a = 0; a < ncolors; a++) |
305 |
colidx[(unsigned char)colorTable[a].string[0]] = a + 1; |
306 |
@@ -2305,6 +2316,9 @@ |
307 |
char *s; |
308 |
char buf[BUFSIZ]; |
309 |
|
310 |
+ if (cpp >= sizeof(buf)) |
311 |
+ return (XpmFileInvalid); |
312 |
+ |
313 |
buf[cpp] = '\0'; |
314 |
if (USE_HASHTABLE) { |
315 |
xpmHashAtom *slot; |
316 |
--- openMotif-2.2.3/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2004-09-30 11:54:01.219804716 +0200 |
317 |
+++ openMotif-2.2.3/lib/Xm/Xpmparse.c 2004-09-30 12:47:15.676480282 +0200 |
318 |
@@ -46,6 +46,25 @@ |
319 |
|
320 |
#include "XpmI.h" |
321 |
#include <ctype.h> |
322 |
+#include <string.h> |
323 |
+ |
324 |
+#ifdef HAS_STRLCAT |
325 |
+# define STRLCAT(dst, src, dstsize) { \ |
326 |
+ if (strlcat(dst, src, dstsize) >= (dstsize)) \ |
327 |
+ return (XpmFileInvalid); } |
328 |
+# define STRLCPY(dst, src, dstsize) { \ |
329 |
+ if (strlcpy(dst, src, dstsize) >= (dstsize)) \ |
330 |
+ return (XpmFileInvalid); } |
331 |
+#else |
332 |
+# define STRLCAT(dst, src, dstsize) { \ |
333 |
+ if ((strlen(dst) + strlen(src)) < (dstsize)) \ |
334 |
+ strcat(dst, src); \ |
335 |
+ else return (XpmFileInvalid); } |
336 |
+# define STRLCPY(dst, src, dstsize) { \ |
337 |
+ if (strlen(src) < (dstsize)) \ |
338 |
+ strcpy(dst, src); \ |
339 |
+ else return (XpmFileInvalid); } |
340 |
+#endif |
341 |
|
342 |
LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, |
343 |
unsigned int height, unsigned int ncolors, |
344 |
@@ -215,7 +234,7 @@ |
345 |
unsigned int *extensions; |
346 |
{ |
347 |
unsigned int l; |
348 |
- char buf[BUFSIZ]; |
349 |
+ char buf[BUFSIZ + 1]; |
350 |
|
351 |
if (!data->format) { /* XPM 2 or 3 */ |
352 |
|
353 |
@@ -324,10 +343,10 @@ |
354 |
XpmColor **colorTablePtr; |
355 |
xpmHashTable *hashtable; |
356 |
{ |
357 |
- unsigned int key, l, a, b; |
358 |
+ unsigned int key, l, a, b, len; |
359 |
unsigned int curkey; /* current color key */ |
360 |
unsigned int lastwaskey; /* key read */ |
361 |
- char buf[BUFSIZ]; |
362 |
+ char buf[BUFSIZ + 1]; |
363 |
char curbuf[BUFSIZ]; /* current buffer */ |
364 |
char **sptr, *s; |
365 |
XpmColor *color; |
366 |
@@ -335,6 +354,8 @@ |
367 |
char **defaults; |
368 |
int ErrorStatus; |
369 |
|
370 |
+ if (ncolors >= SIZE_MAX / sizeof(XpmColor)) |
371 |
+ return (XpmNoMemory); |
372 |
colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); |
373 |
if (!colorTable) |
374 |
return (XpmNoMemory); |
375 |
@@ -346,6 +367,10 @@ |
376 |
/* |
377 |
* read pixel value |
378 |
*/ |
379 |
+ if (cpp >= SIZE_MAX - 1) { |
380 |
+ xpmFreeColorTable(colorTable, ncolors); |
381 |
+ return (XpmNoMemory); |
382 |
+ } |
383 |
color->string = (char *) XpmMalloc(cpp + 1); |
384 |
if (!color->string) { |
385 |
xpmFreeColorTable(colorTable, ncolors); |
386 |
@@ -383,13 +408,14 @@ |
387 |
} |
388 |
if (!lastwaskey && key < NKEYS) { /* open new key */ |
389 |
if (curkey) { /* flush string */ |
390 |
- s = (char *) XpmMalloc(strlen(curbuf) + 1); |
391 |
+ len = strlen(curbuf) + 1; |
392 |
+ s = (char *) XpmMalloc(len); |
393 |
if (!s) { |
394 |
xpmFreeColorTable(colorTable, ncolors); |
395 |
return (XpmNoMemory); |
396 |
} |
397 |
defaults[curkey] = s; |
398 |
- strcpy(s, curbuf); |
399 |
+ memcpy(s, curbuf, len); |
400 |
} |
401 |
curkey = key + 1; /* set new key */ |
402 |
*curbuf = '\0'; /* reset curbuf */ |
403 |
@@ -400,9 +426,9 @@ |
404 |
return (XpmFileInvalid); |
405 |
} |
406 |
if (!lastwaskey) |
407 |
- strcat(curbuf, " "); /* append space */ |
408 |
+ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */ |
409 |
buf[l] = '\0'; |
410 |
- strcat(curbuf, buf);/* append buf */ |
411 |
+ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */ |
412 |
lastwaskey = 0; |
413 |
} |
414 |
} |
415 |
@@ -410,12 +436,13 @@ |
416 |
xpmFreeColorTable(colorTable, ncolors); |
417 |
return (XpmFileInvalid); |
418 |
} |
419 |
- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1); |
420 |
+ len = strlen(curbuf) + 1; |
421 |
+ s = defaults[curkey] = (char *) XpmMalloc(len); |
422 |
if (!s) { |
423 |
xpmFreeColorTable(colorTable, ncolors); |
424 |
return (XpmNoMemory); |
425 |
} |
426 |
- strcpy(s, curbuf); |
427 |
+ memcpy(s, curbuf, len); |
428 |
} |
429 |
} else { /* XPM 1 */ |
430 |
/* get to the beginning of the first string */ |
431 |
@@ -428,6 +455,10 @@ |
432 |
/* |
433 |
* read pixel value |
434 |
*/ |
435 |
+ if (cpp >= SIZE_MAX - 1) { |
436 |
+ xpmFreeColorTable(colorTable, ncolors); |
437 |
+ return (XpmNoMemory); |
438 |
+ } |
439 |
color->string = (char *) XpmMalloc(cpp + 1); |
440 |
if (!color->string) { |
441 |
xpmFreeColorTable(colorTable, ncolors); |
442 |
@@ -456,16 +487,17 @@ |
443 |
*curbuf = '\0'; /* init curbuf */ |
444 |
while ((l = xpmNextWord(data, buf, BUFSIZ))) { |
445 |
if (*curbuf != '\0') |
446 |
- strcat(curbuf, " ");/* append space */ |
447 |
+ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */ |
448 |
buf[l] = '\0'; |
449 |
- strcat(curbuf, buf); /* append buf */ |
450 |
+ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */ |
451 |
} |
452 |
- s = (char *) XpmMalloc(strlen(curbuf) + 1); |
453 |
+ len = strlen(curbuf) + 1; |
454 |
+ s = (char *) XpmMalloc(len); |
455 |
if (!s) { |
456 |
xpmFreeColorTable(colorTable, ncolors); |
457 |
return (XpmNoMemory); |
458 |
} |
459 |
- strcpy(s, curbuf); |
460 |
+ memcpy(s, curbuf, len); |
461 |
color->c_color = s; |
462 |
*curbuf = '\0'; /* reset curbuf */ |
463 |
if (a < ncolors - 1) |
464 |
@@ -490,6 +522,9 @@ |
465 |
unsigned int *iptr, *iptr2; |
466 |
unsigned int a, x, y; |
467 |
|
468 |
+ if ((height > 0 && width >= SIZE_MAX / height) || |
469 |
+ width * height >= SIZE_MAX / sizeof(unsigned int)) |
470 |
+ return XpmNoMemory; |
471 |
#ifndef FOR_MSW |
472 |
iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); |
473 |
#else |
474 |
@@ -513,6 +548,9 @@ |
475 |
{ |
476 |
unsigned short colidx[256]; |
477 |
|
478 |
+ if (ncolors > 256) |
479 |
+ return (XpmFileInvalid); |
480 |
+ |
481 |
bzero((char *)colidx, 256 * sizeof(short)); |
482 |
for (a = 0; a < ncolors; a++) |
483 |
colidx[(unsigned char)colorTable[a].string[0]] = a + 1; |
484 |
@@ -590,6 +628,9 @@ |
485 |
char *s; |
486 |
char buf[BUFSIZ]; |
487 |
|
488 |
+ if (cpp >= sizeof(buf)) |
489 |
+ return (XpmFileInvalid); |
490 |
+ |
491 |
buf[cpp] = '\0'; |
492 |
if (USE_HASHTABLE) { |
493 |
xpmHashAtom *slot; |
494 |
|
495 |
|
496 |
|
497 |
1.1 src/patchsets/openmotif/2.2.3/03_all_CAN-2004-0914-newer.patch |
498 |
|
499 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&view=markup |
500 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&content-type=text/plain |
501 |
|
502 |
Index: 03_all_CAN-2004-0914-newer.patch |
503 |
=================================================================== |
504 |
diff -Nur lib/Xm/Imakefile lib/Xm/Imakefile |
505 |
--- lib/Xm/Imakefile 2002-01-15 18:30:40.000000000 +0100 |
506 |
+++ lib/Xm/Imakefile 2005-02-14 14:24:12.000000000 +0100 |
507 |
@@ -211,7 +211,8 @@ |
508 |
XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \ |
509 |
XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \ |
510 |
XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \ |
511 |
- XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c |
512 |
+ XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \ |
513 |
+ Xpms_popen.c |
514 |
|
515 |
#if UseLocalRegex |
516 |
REGEX_SRCS = regexp.c |
517 |
@@ -274,7 +275,8 @@ |
518 |
XpmCrBufFrP.o XpmCrPFrBuf.o XpmRdFToDat.o XpmWrFFrP.o Xpmrgb.o \ |
519 |
XpmCrDatFrI.o XpmCrPFrDat.o XpmRdFToI.o Xpmcreate.o Xpmscan.o \ |
520 |
XpmCrDatFrP.o XpmCrPFrI.o XpmRdFToP.o Xpmdata.o \ |
521 |
- XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o |
522 |
+ XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o \ |
523 |
+ Xpms_popen.o |
524 |
|
525 |
#if UseLocalRegex |
526 |
REGEX_OBJS = regexp.o |
527 |
--- lib/Xm/Makefile.am 2004-11-17 19:03:26.962797006 +0100 |
528 |
+++ lib/Xm/Makefile.am 2004-11-17 19:03:49.421724642 +0100 |
529 |
@@ -241,7 +241,8 @@ |
530 |
XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \ |
531 |
XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \ |
532 |
XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \ |
533 |
- XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c |
534 |
+ XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \ |
535 |
+ Xpms_popen.c |
536 |
|
537 |
NEW_WID_SRCS = IconH.c Container.c IconG.c \ |
538 |
Notebook.c ComboBox.c GrabShell.c SpinB.c \ |
539 |
--- /dev/null 1970-01-01 01:00:00.000000000 +0100 |
540 |
+++ lib/Xm/Xpms_popen.c 2005-02-14 14:24:12.942319466 +0100 |
541 |
@@ -0,0 +1,182 @@ |
542 |
+/* |
543 |
+ * Copyright (C) 2004 The X.Org fundation |
544 |
+ * |
545 |
+ * Permission is hereby granted, free of charge, to any person |
546 |
+ * obtaining a copy of this software and associated documentation |
547 |
+ * files (the "Software"), to deal in the Software without |
548 |
+ * restriction, including without limitation the rights to use, copy, |
549 |
+ * modify, merge, publish, distribute, sublicense, and/or sell copies |
550 |
+ * of the Software, and to permit persons to whom the Software is fur- |
551 |
+ * nished to do so, subject to the following conditions: |
552 |
+ * |
553 |
+ * The above copyright notice and this permission notice shall be |
554 |
+ * included in all copies or substantial portions of the Software. |
555 |
+ * |
556 |
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
557 |
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
558 |
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
559 |
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR |
560 |
+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF |
561 |
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
562 |
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
563 |
+ * |
564 |
+ * Except as contained in this notice, the name of the X.Org fundation |
565 |
+ * shall not be used in advertising or otherwise to promote the sale, |
566 |
+ * use or other dealings in this Software without prior written |
567 |
+ * authorization from the X.Org fundation. |
568 |
+ */ |
569 |
+ |
570 |
+/* |
571 |
+** This is a secure but NOT 100% compatible replacement for popen() |
572 |
+** Note: - don't use pclose() use fclose() for closing the returned |
573 |
+** filedesc.!!! |
574 |
+** |
575 |
+** Known Bugs: - unable to use i/o-redirection like > or < |
576 |
+** Author: - Thomas Biege <thomas@××××.de> |
577 |
+** Credits: - Andreas Pfaller <a.pfaller@×××××××.de> for fixing a SEGV when |
578 |
+** calling strtok() |
579 |
+*/ |
580 |
+ |
581 |
+#include <sys/types.h> |
582 |
+#include <sys/wait.h> |
583 |
+#include <stdio.h> |
584 |
+#include <stdlib.h> |
585 |
+#include <unistd.h> |
586 |
+#include <string.h> |
587 |
+#include "XpmI.h" |
588 |
+ |
589 |
+#define __SEC_POPEN_TOKEN " " |
590 |
+ |
591 |
+FILE *Xpms_popen(char *cmd, const char *type) |
592 |
+{ |
593 |
+ pid_t pid; |
594 |
+ int pfd[2]; |
595 |
+ int rpipe = 0, wpipe = 0, i; |
596 |
+ char **argv; |
597 |
+ char *ptr; |
598 |
+ char *cmdcpy; |
599 |
+ |
600 |
+ |
601 |
+ if(cmd == NULL || cmd == "") |
602 |
+ return(NULL); |
603 |
+ |
604 |
+ if(type[0] != 'r' && type[0] != 'w') |
605 |
+ return(NULL); |
606 |
+ |
607 |
+ if ((cmdcpy = strdup(cmd)) == NULL) |
608 |
+ return(NULL); |
609 |
+ |
610 |
+ argv = NULL; |
611 |
+ if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL) |
612 |
+ { |
613 |
+ free(cmdcpy); |
614 |
+ return(NULL); |
615 |
+ } |
616 |
+ |
617 |
+ for(i = 0;; i++) |
618 |
+ { |
619 |
+ if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL) |
620 |
+ { |
621 |
+ free(cmdcpy); |
622 |
+ return(NULL); |
623 |
+ } |
624 |
+ |
625 |
+ if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL) |
626 |
+ { |
627 |
+ free(cmdcpy); |
628 |
+ return(NULL); |
629 |
+ } |
630 |
+ |
631 |
+ strcpy(argv[i], ptr); |
632 |
+ |
633 |
+ if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL) |
634 |
+ { |
635 |
+ if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL) |
636 |
+ { |
637 |
+ free(cmdcpy); |
638 |
+ return(NULL); |
639 |
+ } |
640 |
+ argv[i+1] = NULL; |
641 |
+ break; |
642 |
+ } |
643 |
+ } |
644 |
+ |
645 |
+ |
646 |
+ if(type[0] == 'r') |
647 |
+ rpipe = 1; |
648 |
+ else |
649 |
+ wpipe = 1; |
650 |
+ |
651 |
+ if (pipe(pfd) < 0) |
652 |
+ { |
653 |
+ free(cmdcpy); |
654 |
+ return(NULL); |
655 |
+ } |
656 |
+ |
657 |
+ if((pid = fork()) < 0) |
658 |
+ { |
659 |
+ close(pfd[0]); |
660 |
+ close(pfd[1]); |
661 |
+ free(cmdcpy); |
662 |
+ return(NULL); |
663 |
+ } |
664 |
+ |
665 |
+ if(pid == 0) /* child */ |
666 |
+ { |
667 |
+ if((pid = fork()) < 0) |
668 |
+ { |
669 |
+ close(pfd[0]); |
670 |
+ close(pfd[1]); |
671 |
+ free(cmdcpy); |
672 |
+ return(NULL); |
673 |
+ } |
674 |
+ if(pid > 0) |
675 |
+ { |
676 |
+ exit(0); /* child nr. 1 exits */ |
677 |
+ } |
678 |
+ |
679 |
+ /* child nr. 2 */ |
680 |
+ if(rpipe) |
681 |
+ { |
682 |
+ close(pfd[0]); /* close reading end, we don't need it */ |
683 |
+ dup2(STDOUT_FILENO, STDERR_FILENO); |
684 |
+ if (pfd[1] != STDOUT_FILENO) |
685 |
+ dup2(pfd[1], STDOUT_FILENO); /* redirect stdout to writing end of pipe */ |
686 |
+ } |
687 |
+ else |
688 |
+ { |
689 |
+ close(pfd[1]); /* close writing end, we don't need it */ |
690 |
+ if (pfd[0] != STDIN_FILENO) |
691 |
+ dup2(pfd[0], STDIN_FILENO); /* redirect stdin to reading end of pipe */ |
692 |
+ } |
693 |
+ |
694 |
+ if(strchr(argv[0], '/') == NULL) |
695 |
+ execvp(argv[0], argv); /* search in $PATH */ |
696 |
+ else |
697 |
+ execv(argv[0], argv); |
698 |
+ |
699 |
+ close(pfd[0]); |
700 |
+ close(pfd[1]); |
701 |
+ free(cmdcpy); |
702 |
+ return(NULL); /* exec failed.. ooops! */ |
703 |
+ } |
704 |
+ else /* parent */ |
705 |
+ { |
706 |
+ waitpid(pid, NULL, 0); /* wait for child nr. 1 */ |
707 |
+ |
708 |
+ if(rpipe) |
709 |
+ { |
710 |
+ close(pfd[1]); |
711 |
+ free(cmdcpy); |
712 |
+ return(fdopen(pfd[0], "r")); |
713 |
+ } |
714 |
+ else |
715 |
+ { |
716 |
+ close(pfd[0]); |
717 |
+ free(cmdcpy); |
718 |
+ return(fdopen(pfd[1], "w")); |
719 |
+ } |
720 |
+ |
721 |
+ } |
722 |
+} |
723 |
+ |
724 |
diff -Nur lib/Xm/XpmAttrib.c lib/Xm/XpmAttrib.c |
725 |
--- lib/Xm/XpmAttrib.c 2005-02-14 15:20:49.346039704 +0100 |
726 |
+++ lib/Xm/XpmAttrib.c 2005-02-14 14:26:42.742624081 +0100 |
727 |
@@ -44,7 +44,7 @@ |
728 |
LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, |
729 |
XpmColor ***oldct)); |
730 |
|
731 |
-LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); |
732 |
+LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors)); |
733 |
|
734 |
/* |
735 |
* Create a colortable compatible with the old style colortable |
736 |
@@ -56,9 +56,9 @@ |
737 |
XpmColor ***oldct; |
738 |
{ |
739 |
XpmColor **colorTable, **color; |
740 |
- int a; |
741 |
+ unsigned int a; |
742 |
|
743 |
- if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) |
744 |
+ if (ncolors >= UINT_MAX / sizeof(XpmColor *)) |
745 |
return XpmNoMemory; |
746 |
|
747 |
colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); |
748 |
@@ -75,9 +75,9 @@ |
749 |
static void |
750 |
FreeOldColorTable(colorTable, ncolors) |
751 |
XpmColor **colorTable; |
752 |
- int ncolors; |
753 |
+ unsigned int ncolors; |
754 |
{ |
755 |
- int a, b; |
756 |
+ unsigned int a, b; |
757 |
XpmColor **color; |
758 |
char **sptr; |
759 |
|
760 |
@@ -128,7 +128,7 @@ |
761 |
XpmExtension *ext; |
762 |
char **sptr; |
763 |
|
764 |
- if (extensions) { |
765 |
+ if (extensions && nextensions > 0) { |
766 |
for (i = 0, ext = extensions; i < nextensions; i++, ext++) { |
767 |
if (ext->name) |
768 |
XpmFree(ext->name); |
769 |
diff -Nur lib/Xm/XpmCrBufFrI.c lib/Xm/XpmCrBufFrI.c |
770 |
--- lib/Xm/XpmCrBufFrI.c 2003-08-15 11:08:59.000000000 +0200 |
771 |
+++ lib/Xm/XpmCrBufFrI.c 2005-02-14 14:28:44.975393496 +0100 |
772 |
@@ -41,21 +41,26 @@ |
773 |
#endif |
774 |
|
775 |
|
776 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
777 |
+ |
778 |
+ |
779 |
#include "XpmI.h" |
780 |
|
781 |
LFUNC(WriteColors, int, (char **dataptr, unsigned int *data_size, |
782 |
unsigned int *used_size, XpmColor *colors, |
783 |
unsigned int ncolors, unsigned int cpp)); |
784 |
|
785 |
-LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size, |
786 |
+LFUNC(WritePixels, void, (char *dataptr, unsigned int data_size, |
787 |
+ unsigned int *used_size, |
788 |
unsigned int width, unsigned int height, |
789 |
unsigned int cpp, unsigned int *pixels, |
790 |
XpmColor *colors)); |
791 |
|
792 |
-LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size, |
793 |
+LFUNC(WriteExtensions, void, (char *dataptr, unsigned int data_size, |
794 |
+ unsigned int *used_size, |
795 |
XpmExtension *ext, unsigned int num)); |
796 |
|
797 |
-LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num)); |
798 |
+LFUNC(ExtensionsSize, unsigned int, (XpmExtension *ext, unsigned int num)); |
799 |
LFUNC(CommentsSize, int, (XpmInfo *info)); |
800 |
|
801 |
int |
802 |
@@ -98,11 +103,12 @@ |
803 |
|
804 |
#undef RETURN |
805 |
#define RETURN(status) \ |
806 |
+do \ |
807 |
{ \ |
808 |
if (ptr) \ |
809 |
XpmFree(ptr); \ |
810 |
return(status); \ |
811 |
-} |
812 |
+} while(0) |
813 |
|
814 |
int |
815 |
XpmCreateBufferFromXpmImage(buffer_return, image, info) |
816 |
@@ -116,7 +122,7 @@ |
817 |
unsigned int cmts, extensions, ext_size = 0; |
818 |
unsigned int l, cmt_size = 0; |
819 |
char *ptr = NULL, *p; |
820 |
- unsigned int ptr_size, used_size; |
821 |
+ unsigned int ptr_size, used_size, tmp; |
822 |
|
823 |
*buffer_return = NULL; |
824 |
|
825 |
@@ -138,7 +144,13 @@ |
826 |
#ifdef VOID_SPRINTF |
827 |
used_size = strlen(buf); |
828 |
#endif |
829 |
- ptr_size = used_size + ext_size + cmt_size + 1; |
830 |
+ ptr_size = used_size + ext_size + cmt_size + 1; /* ptr_size can't be 0 */ |
831 |
+ if(ptr_size <= used_size || |
832 |
+ ptr_size <= ext_size || |
833 |
+ ptr_size <= cmt_size) |
834 |
+ { |
835 |
+ return XpmNoMemory; |
836 |
+ } |
837 |
ptr = (char *) XpmMalloc(ptr_size); |
838 |
if (!ptr) |
839 |
return XpmNoMemory; |
840 |
@@ -149,7 +161,7 @@ |
841 |
#ifndef VOID_SPRINTF |
842 |
used_size += |
843 |
#endif |
844 |
- sprintf(ptr + used_size, "/*%s*/\n", info->hints_cmt); |
845 |
+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->hints_cmt); |
846 |
#ifdef VOID_SPRINTF |
847 |
used_size += strlen(info->hints_cmt) + 5; |
848 |
#endif |
849 |
@@ -167,7 +179,7 @@ |
850 |
#ifndef VOID_SPRINTF |
851 |
l += |
852 |
#endif |
853 |
- sprintf(buf + l, " %d %d", info->x_hotspot, info->y_hotspot); |
854 |
+ snprintf(buf + l, sizeof(buf)-l, " %d %d", info->x_hotspot, info->y_hotspot); |
855 |
#ifdef VOID_SPRINTF |
856 |
l = strlen(buf); |
857 |
#endif |
858 |
@@ -189,6 +201,8 @@ |
859 |
l = strlen(buf); |
860 |
#endif |
861 |
ptr_size += l; |
862 |
+ if(ptr_size <= l) |
863 |
+ RETURN(XpmNoMemory); |
864 |
p = (char *) XpmRealloc(ptr, ptr_size); |
865 |
if (!p) |
866 |
RETURN(XpmNoMemory); |
867 |
@@ -201,7 +215,7 @@ |
868 |
#ifndef VOID_SPRINTF |
869 |
used_size += |
870 |
#endif |
871 |
- sprintf(ptr + used_size, "/*%s*/\n", info->colors_cmt); |
872 |
+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->colors_cmt); |
873 |
#ifdef VOID_SPRINTF |
874 |
used_size += strlen(info->colors_cmt) + 5; |
875 |
#endif |
876 |
@@ -217,7 +231,12 @@ |
877 |
* 4 = 1 (for '"') + 3 (for '",\n') |
878 |
* 1 = - 2 (because the last line does not end with ',\n') + 3 (for '};\n') |
879 |
*/ |
880 |
- ptr_size += image->height * (image->width * image->cpp + 4) + 1; |
881 |
+ if(image->width > UINT_MAX / image->cpp || |
882 |
+ (tmp = image->width * image->cpp + 4) <= 4 || |
883 |
+ image->height > UINT_MAX / tmp || |
884 |
+ (tmp = image->height * tmp + 1) <= 1 || |
885 |
+ (ptr_size += tmp) <= tmp) |
886 |
+ RETURN(XpmNoMemory); |
887 |
|
888 |
p = (char *) XpmRealloc(ptr, ptr_size); |
889 |
if (!p) |
890 |
@@ -229,17 +248,17 @@ |
891 |
#ifndef VOID_SPRINTF |
892 |
used_size += |
893 |
#endif |
894 |
- sprintf(ptr + used_size, "/*%s*/\n", info->pixels_cmt); |
895 |
+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->pixels_cmt); |
896 |
#ifdef VOID_SPRINTF |
897 |
used_size += strlen(info->pixels_cmt) + 5; |
898 |
#endif |
899 |
} |
900 |
- WritePixels(ptr + used_size, &used_size, image->width, image->height, |
901 |
+ WritePixels(ptr + used_size, ptr_size - used_size, &used_size, image->width, image->height, |
902 |
image->cpp, image->data, image->colorTable); |
903 |
|
904 |
/* print extensions */ |
905 |
if (extensions) |
906 |
- WriteExtensions(ptr + used_size, &used_size, |
907 |
+ WriteExtensions(ptr + used_size, ptr_size-used_size, &used_size, |
908 |
info->extensions, info->nextensions); |
909 |
|
910 |
/* close the array */ |
911 |
@@ -250,6 +269,7 @@ |
912 |
return (XpmSuccess); |
913 |
} |
914 |
|
915 |
+ |
916 |
static int |
917 |
WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp) |
918 |
char **dataptr; |
919 |
@@ -259,7 +279,7 @@ |
920 |
unsigned int ncolors; |
921 |
unsigned int cpp; |
922 |
{ |
923 |
- char buf[BUFSIZ]; |
924 |
+ char buf[BUFSIZ] = {0}; |
925 |
unsigned int a, key, l; |
926 |
char *s, *s2; |
927 |
char **defaults; |
928 |
@@ -269,22 +289,34 @@ |
929 |
|
930 |
defaults = (char **) colors; |
931 |
s = buf + 1; |
932 |
- strncpy(s, *defaults++, cpp); |
933 |
- s += cpp; |
934 |
- |
935 |
- for (key = 1; key <= NKEYS; key++, defaults++) { |
936 |
- if ((s2 = *defaults)) { |
937 |
-#ifndef VOID_SPRINTF |
938 |
- s += |
939 |
-#endif |
940 |
- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2); |
941 |
-#ifdef VOID_SPRINTF |
942 |
- s += strlen(s); |
943 |
-#endif |
944 |
- } |
945 |
- } |
946 |
- strcpy(s, "\",\n"); |
947 |
- l = s + 3 - buf; |
948 |
+ if(cpp > (sizeof(buf) - (s-buf))) |
949 |
+ return(XpmNoMemory); |
950 |
+ strncpy(s, *defaults++, cpp); |
951 |
+ s += cpp; |
952 |
+ |
953 |
+ for (key = 1; key <= NKEYS; key++, defaults++) { |
954 |
+ if ((s2 = *defaults)) { |
955 |
+#ifndef VOID_SPRINTF |
956 |
+ s += |
957 |
+#endif |
958 |
+ /* assume C99 compliance */ |
959 |
+ snprintf(s, sizeof(buf) - (s-buf), "\t%s %s", xpmColorKeys[key - 1], s2); |
960 |
+#ifdef VOID_SPRINTF |
961 |
+ s += strlen(s); |
962 |
+#endif |
963 |
+ /* now let's check if s points out-of-bounds */ |
964 |
+ if((s-buf) > sizeof(buf)) |
965 |
+ return(XpmNoMemory); |
966 |
+ } |
967 |
+ } |
968 |
+ if(sizeof(buf) - (s-buf) < 4) |
969 |
+ return(XpmNoMemory); |
970 |
+ strcpy(s, "\",\n"); |
971 |
+ l = s + 3 - buf; |
972 |
+ if( *data_size >= UINT_MAX-l || |
973 |
+ *data_size + l <= *used_size || |
974 |
+ (*data_size + l - *used_size) <= sizeof(buf)) |
975 |
+ return(XpmNoMemory); |
976 |
s = (char *) XpmRealloc(*dataptr, *data_size + l); |
977 |
if (!s) |
978 |
return (XpmNoMemory); |
979 |
@@ -297,8 +329,9 @@ |
980 |
} |
981 |
|
982 |
static void |
983 |
-WritePixels(dataptr, used_size, width, height, cpp, pixels, colors) |
984 |
+WritePixels(dataptr, data_size, used_size, width, height, cpp, pixels, colors) |
985 |
char *dataptr; |
986 |
+ unsigned int data_size; |
987 |
unsigned int *used_size; |
988 |
unsigned int width; |
989 |
unsigned int height; |
990 |
@@ -309,27 +342,36 @@ |
991 |
char *s = dataptr; |
992 |
unsigned int x, y, h; |
993 |
|
994 |
+ if(height <= 1) |
995 |
+ return; |
996 |
+ |
997 |
h = height - 1; |
998 |
for (y = 0; y < h; y++) { |
999 |
*s++ = '"'; |
1000 |
for (x = 0; x < width; x++, pixels++) { |
1001 |
- strncpy(s, colors[*pixels].string, cpp); |
1002 |
+ if(cpp >= (data_size - (s-dataptr))) |
1003 |
+ return; |
1004 |
+ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */ |
1005 |
s += cpp; |
1006 |
} |
1007 |
+ if((data_size - (s-dataptr)) < 4) |
1008 |
+ return; |
1009 |
strcpy(s, "\",\n"); |
1010 |
s += 3; |
1011 |
} |
1012 |
/* duplicate some code to avoid a test in the loop */ |
1013 |
*s++ = '"'; |
1014 |
for (x = 0; x < width; x++, pixels++) { |
1015 |
- strncpy(s, colors[*pixels].string, cpp); |
1016 |
+ if(cpp >= (data_size - (s-dataptr))) |
1017 |
+ return; |
1018 |
+ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */ |
1019 |
s += cpp; |
1020 |
} |
1021 |
*s++ = '"'; |
1022 |
*used_size += s - dataptr; |
1023 |
} |
1024 |
|
1025 |
-static int |
1026 |
+static unsigned int |
1027 |
ExtensionsSize(ext, num) |
1028 |
XpmExtension *ext; |
1029 |
unsigned int num; |
1030 |
@@ -338,21 +380,26 @@ |
1031 |
char **line; |
1032 |
|
1033 |
size = 0; |
1034 |
+ if(num == 0) |
1035 |
+ return(0); /* ok? */ |
1036 |
for (x = 0; x < num; x++, ext++) { |
1037 |
/* 11 = 10 (for ',\n"XPMEXT ') + 1 (for '"') */ |
1038 |
size += strlen(ext->name) + 11; |
1039 |
- a = ext->nlines; |
1040 |
+ a = ext->nlines; /* how can we trust ext->nlines to be not out-of-bounds? */ |
1041 |
for (y = 0, line = ext->lines; y < a; y++, line++) |
1042 |
/* 4 = 3 (for ',\n"') + 1 (for '"') */ |
1043 |
size += strlen(*line) + 4; |
1044 |
} |
1045 |
/* 13 is for ',\n"XPMENDEXT"' */ |
1046 |
+ if(size > UINT_MAX - 13) /* unlikely */ |
1047 |
+ return(0); |
1048 |
return size + 13; |
1049 |
} |
1050 |
|
1051 |
static void |
1052 |
-WriteExtensions(dataptr, used_size, ext, num) |
1053 |
+WriteExtensions(dataptr, data_size, used_size, ext, num) |
1054 |
char *dataptr; |
1055 |
+ unsigned int data_size; |
1056 |
unsigned int *used_size; |
1057 |
XpmExtension *ext; |
1058 |
unsigned int num; |
1059 |
@@ -363,24 +410,24 @@ |
1060 |
|
1061 |
for (x = 0; x < num; x++, ext++) { |
1062 |
#ifndef VOID_SPRINTF |
1063 |
- s += 11 + |
1064 |
+ s += |
1065 |
#endif |
1066 |
- sprintf(s, ",\n\"XPMEXT %s\"", ext->name); |
1067 |
+ snprintf(s, data_size - (s-dataptr), ",\n\"XPMEXT %s\"", ext->name); |
1068 |
#ifdef VOID_SPRINTF |
1069 |
s += strlen(ext->name) + 11; |
1070 |
#endif |
1071 |
a = ext->nlines; |
1072 |
for (y = 0, line = ext->lines; y < a; y++, line++) { |
1073 |
#ifndef VOID_SPRINTF |
1074 |
- s += 4 + |
1075 |
+ s += |
1076 |
#endif |
1077 |
- sprintf(s, ",\n\"%s\"", *line); |
1078 |
+ snprintf(s, data_size - (s-dataptr), ",\n\"%s\"", *line); |
1079 |
#ifdef VOID_SPRINTF |
1080 |
s += strlen(*line) + 4; |
1081 |
#endif |
1082 |
} |
1083 |
} |
1084 |
- strcpy(s, ",\n\"XPMENDEXT\""); |
1085 |
+ strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1); |
1086 |
*used_size += s - dataptr + 13; |
1087 |
} |
1088 |
|
1089 |
@@ -391,6 +438,7 @@ |
1090 |
int size = 0; |
1091 |
|
1092 |
/* 5 = 2 (for "/_*") + 3 (for "*_/\n") */ |
1093 |
+ /* wrap possible but *very* unlikely */ |
1094 |
if (info->hints_cmt) |
1095 |
size += 5 + strlen(info->hints_cmt); |
1096 |
|
1097 |
diff -Nur lib/Xm/XpmCrDatFrI.c lib/Xm/XpmCrDatFrI.c |
1098 |
--- lib/Xm/XpmCrDatFrI.c 2005-02-14 15:20:49.344040101 +0100 |
1099 |
+++ lib/Xm/XpmCrDatFrI.c 2005-02-14 14:32:22.610251056 +0100 |
1100 |
@@ -38,13 +38,16 @@ |
1101 |
#endif |
1102 |
|
1103 |
|
1104 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1105 |
+ |
1106 |
#include "XpmI.h" |
1107 |
|
1108 |
LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size, |
1109 |
XpmColor *colors, unsigned int ncolors, |
1110 |
unsigned int cpp)); |
1111 |
|
1112 |
-LFUNC(CreatePixels, void, (char **dataptr, unsigned int width, |
1113 |
+LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size, |
1114 |
+ unsigned int width, |
1115 |
unsigned int height, unsigned int cpp, |
1116 |
unsigned int *pixels, XpmColor *colors)); |
1117 |
|
1118 |
@@ -52,7 +55,8 @@ |
1119 |
unsigned int *ext_size, |
1120 |
unsigned int *ext_nlines)); |
1121 |
|
1122 |
-LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset, |
1123 |
+LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size, |
1124 |
+ unsigned int offset, |
1125 |
XpmExtension *ext, unsigned int num, |
1126 |
unsigned int ext_nlines)); |
1127 |
|
1128 |
@@ -93,6 +97,7 @@ |
1129 |
|
1130 |
#undef RETURN |
1131 |
#define RETURN(status) \ |
1132 |
+do \ |
1133 |
{ \ |
1134 |
if (header) { \ |
1135 |
for (l = 0; l < header_nlines; l++) \ |
1136 |
@@ -101,7 +106,7 @@ |
1137 |
XpmFree(header); \ |
1138 |
} \ |
1139 |
return(status); \ |
1140 |
-} |
1141 |
+} while(0) |
1142 |
|
1143 |
int |
1144 |
XpmCreateDataFromXpmImage(data_return, image, info) |
1145 |
@@ -133,10 +138,15 @@ |
1146 |
* is the hints line + the color table lines |
1147 |
*/ |
1148 |
header_nlines = 1 + image->ncolors; |
1149 |
+ |
1150 |
+ if(header_nlines <= image->ncolors || |
1151 |
+ header_nlines >= UINT_MAX / sizeof(char *)) |
1152 |
+ return(XpmNoMemory); |
1153 |
+ |
1154 |
header_size = sizeof(char *) * header_nlines; |
1155 |
- if (header_size >= SIZE_MAX / sizeof(char *)) |
1156 |
+ if (header_size >= UINT_MAX / sizeof(char *)) |
1157 |
return (XpmNoMemory); |
1158 |
- header = (char **) XpmCalloc(header_size, sizeof(char *)); |
1159 |
+ header = (char **) XpmCalloc(header_size, sizeof(char *)); |
1160 |
if (!header) |
1161 |
return (XpmNoMemory); |
1162 |
|
1163 |
@@ -180,8 +190,22 @@ |
1164 |
|
1165 |
/* now we know the size needed, alloc the data and copy the header lines */ |
1166 |
offset = image->width * image->cpp + 1; |
1167 |
- data_size = header_size + (image->height + ext_nlines) * sizeof(char *) |
1168 |
- + image->height * offset + ext_size; |
1169 |
+ |
1170 |
+ if(offset <= image->width || offset <= image->cpp) |
1171 |
+ RETURN(XpmNoMemory); |
1172 |
+ |
1173 |
+ if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *)) |
1174 |
+ RETURN(XpmNoMemory); |
1175 |
+ data_size = (image->height + ext_nlines) * sizeof(char *); |
1176 |
+ |
1177 |
+ if (image->height > UINT_MAX / offset || |
1178 |
+ image->height * offset > UINT_MAX - data_size) |
1179 |
+ RETURN(XpmNoMemory); |
1180 |
+ data_size += image->height * offset; |
1181 |
+ |
1182 |
+ if( (header_size + ext_size) >= (UINT_MAX - data_size) ) |
1183 |
+ RETURN(XpmNoMemory); |
1184 |
+ data_size += header_size + ext_size; |
1185 |
|
1186 |
data = (char **) XpmMalloc(data_size); |
1187 |
if (!data) |
1188 |
@@ -189,8 +213,10 @@ |
1189 |
|
1190 |
data_nlines = header_nlines + image->height + ext_nlines; |
1191 |
*data = (char *) (data + data_nlines); |
1192 |
+ |
1193 |
+ /* can header have less elements then n suggests? */ |
1194 |
n = image->ncolors; |
1195 |
- for (l = 0, sptr = data, sptr2 = header; l <= n; l++, sptr++, sptr2++) { |
1196 |
+ for (l = 0, sptr = data, sptr2 = header; l <= n && sptr && sptr2; l++, sptr++, sptr2++) { |
1197 |
strcpy(*sptr, *sptr2); |
1198 |
*(sptr + 1) = *sptr + strlen(*sptr2) + 1; |
1199 |
} |
1200 |
@@ -199,12 +225,13 @@ |
1201 |
data[header_nlines] = (char *) data + header_size |
1202 |
+ (image->height + ext_nlines) * sizeof(char *); |
1203 |
|
1204 |
- CreatePixels(data + header_nlines, image->width, image->height, |
1205 |
+ CreatePixels(data + header_nlines, data_size-header_nlines, image->width, image->height, |
1206 |
image->cpp, image->data, image->colorTable); |
1207 |
|
1208 |
/* print extensions */ |
1209 |
if (extensions) |
1210 |
- CreateExtensions(data + header_nlines + image->height - 1, offset, |
1211 |
+ CreateExtensions(data + header_nlines + image->height - 1, |
1212 |
+ data_size - header_nlines - image->height + 1, offset, |
1213 |
info->extensions, info->nextensions, |
1214 |
ext_nlines); |
1215 |
|
1216 |
@@ -229,18 +256,27 @@ |
1217 |
for (a = 0; a < ncolors; a++, colors++, dataptr++) { |
1218 |
|
1219 |
defaults = (char **) colors; |
1220 |
+ if(sizeof(buf) <= cpp) |
1221 |
+ return(XpmNoMemory); |
1222 |
strncpy(buf, *defaults++, cpp); |
1223 |
s = buf + cpp; |
1224 |
|
1225 |
+ if(sizeof(buf) <= (s-buf)) |
1226 |
+ return XpmNoMemory; |
1227 |
+ |
1228 |
for (key = 1; key <= NKEYS; key++, defaults++) { |
1229 |
if ((s2 = *defaults)) { |
1230 |
#ifndef VOID_SPRINTF |
1231 |
s += |
1232 |
#endif |
1233 |
- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2); |
1234 |
+ /* assume C99 compliance */ |
1235 |
+ snprintf(s, sizeof(buf)-(s-buf), "\t%s %s", xpmColorKeys[key - 1], s2); |
1236 |
#ifdef VOID_SPRINTF |
1237 |
- s += strlen(s); |
1238 |
+ s += strlen(s); |
1239 |
#endif |
1240 |
+ /* does s point out-of-bounds? */ |
1241 |
+ if(sizeof(buf) < (s-buf)) |
1242 |
+ return XpmNoMemory; |
1243 |
} |
1244 |
} |
1245 |
l = s - buf + 1; |
1246 |
@@ -254,8 +290,9 @@ |
1247 |
} |
1248 |
|
1249 |
static void |
1250 |
-CreatePixels(dataptr, width, height, cpp, pixels, colors) |
1251 |
+CreatePixels(dataptr, data_size, width, height, cpp, pixels, colors) |
1252 |
char **dataptr; |
1253 |
+ unsigned int data_size; |
1254 |
unsigned int width; |
1255 |
unsigned int height; |
1256 |
unsigned int cpp; |
1257 |
@@ -265,21 +302,38 @@ |
1258 |
char *s; |
1259 |
unsigned int x, y, h, offset; |
1260 |
|
1261 |
+ if(height <= 1) |
1262 |
+ return; |
1263 |
+ |
1264 |
h = height - 1; |
1265 |
+ |
1266 |
offset = width * cpp + 1; |
1267 |
+ |
1268 |
+ if(offset <= width || offset <= cpp) |
1269 |
+ return; |
1270 |
+ |
1271 |
+ /* why trust h? */ |
1272 |
for (y = 0; y < h; y++, dataptr++) { |
1273 |
s = *dataptr; |
1274 |
+ /* why trust width? */ |
1275 |
for (x = 0; x < width; x++, pixels++) { |
1276 |
- strncpy(s, colors[*pixels].string, cpp); |
1277 |
+ if(cpp > (data_size - (s - *dataptr))) |
1278 |
+ return; |
1279 |
+ strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */ |
1280 |
s += cpp; |
1281 |
} |
1282 |
*s = '\0'; |
1283 |
+ if(offset > data_size) |
1284 |
+ return; |
1285 |
*(dataptr + 1) = *dataptr + offset; |
1286 |
} |
1287 |
/* duplicate some code to avoid a test in the loop */ |
1288 |
s = *dataptr; |
1289 |
+ /* why trust width? */ |
1290 |
for (x = 0; x < width; x++, pixels++) { |
1291 |
- strncpy(s, colors[*pixels].string, cpp); |
1292 |
+ if(cpp > data_size - (s - *dataptr)) |
1293 |
+ return; |
1294 |
+ strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */ |
1295 |
s += cpp; |
1296 |
} |
1297 |
*s = '\0'; |
1298 |
@@ -312,8 +366,9 @@ |
1299 |
} |
1300 |
|
1301 |
static void |
1302 |
-CreateExtensions(dataptr, offset, ext, num, ext_nlines) |
1303 |
+CreateExtensions(dataptr, data_size, offset, ext, num, ext_nlines) |
1304 |
char **dataptr; |
1305 |
+ unsigned int data_size; |
1306 |
unsigned int offset; |
1307 |
XpmExtension *ext; |
1308 |
unsigned int num; |
1309 |
@@ -326,12 +381,12 @@ |
1310 |
dataptr++; |
1311 |
a = 0; |
1312 |
for (x = 0; x < num; x++, ext++) { |
1313 |
- sprintf(*dataptr, "XPMEXT %s", ext->name); |
1314 |
+ snprintf(*dataptr, data_size, "XPMEXT %s", ext->name); |
1315 |
a++; |
1316 |
if (a < ext_nlines) |
1317 |
*(dataptr + 1) = *dataptr + strlen(ext->name) + 8; |
1318 |
dataptr++; |
1319 |
- b = ext->nlines; |
1320 |
+ b = ext->nlines; /* can we trust these values? */ |
1321 |
for (y = 0, line = ext->lines; y < b; y++, line++) { |
1322 |
strcpy(*dataptr, *line); |
1323 |
a++; |
1324 |
diff -Nur lib/Xm/Xpmcreate.c lib/Xm/Xpmcreate.c |
1325 |
--- lib/Xm/Xpmcreate.c 2005-02-14 15:20:49.348039308 +0100 |
1326 |
+++ lib/Xm/Xpmcreate.c 2005-02-14 14:36:37.104801803 +0100 |
1327 |
@@ -44,6 +44,8 @@ |
1328 |
#endif |
1329 |
|
1330 |
|
1331 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1332 |
+ |
1333 |
#include "XpmI.h" |
1334 |
#include <ctype.h> |
1335 |
|
1336 |
@@ -565,7 +567,7 @@ |
1337 |
*/ |
1338 |
} else { |
1339 |
#endif |
1340 |
- int i; |
1341 |
+ unsigned int i; |
1342 |
|
1343 |
ncols = visual->map_entries; |
1344 |
cols = (XColor *) XpmCalloc(ncols, sizeof(XColor)); |
1345 |
@@ -723,6 +725,7 @@ |
1346 |
/* function call in case of error, frees only locally allocated variables */ |
1347 |
#undef RETURN |
1348 |
#define RETURN(status) \ |
1349 |
+do \ |
1350 |
{ \ |
1351 |
if (ximage) XDestroyImage(ximage); \ |
1352 |
if (shapeimage) XDestroyImage(shapeimage); \ |
1353 |
@@ -733,7 +736,7 @@ |
1354 |
if (alloc_pixels) XpmFree(alloc_pixels); \ |
1355 |
if (used_pixels) XpmFree(used_pixels); \ |
1356 |
return (status); \ |
1357 |
-} |
1358 |
+} while(0) |
1359 |
|
1360 |
int |
1361 |
XpmCreateImageFromXpmImage(display, image, |
1362 |
@@ -804,7 +807,7 @@ |
1363 |
|
1364 |
ErrorStatus = XpmSuccess; |
1365 |
|
1366 |
- if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) |
1367 |
+ if (image->ncolors >= UINT_MAX / sizeof(Pixel)) |
1368 |
return (XpmNoMemory); |
1369 |
|
1370 |
/* malloc pixels index tables */ |
1371 |
@@ -950,9 +953,13 @@ |
1372 |
return (XpmNoMemory); |
1373 |
|
1374 |
#ifndef FOR_MSW |
1375 |
- if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) |
1376 |
- return XpmNoMemory; |
1377 |
+ if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) { |
1378 |
+ XDestroyImage(*image_return); |
1379 |
+ return XpmNoMemory; |
1380 |
+ } |
1381 |
/* now that bytes_per_line must have been set properly alloc data */ |
1382 |
+ if((*image_return)->bytes_per_line == 0 || height == 0) |
1383 |
+ return XpmNoMemory; |
1384 |
(*image_return)->data = |
1385 |
(char *) XpmMalloc((*image_return)->bytes_per_line * height); |
1386 |
|
1387 |
@@ -980,7 +987,7 @@ |
1388 |
LFUNC(_putbits, void, (register char *src, int dstoffset, |
1389 |
register int numbits, register char *dst)); |
1390 |
|
1391 |
-LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register int nb)); |
1392 |
+LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register unsigned int nb)); |
1393 |
|
1394 |
static unsigned char Const _reverse_byte[0x100] = { |
1395 |
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, |
1396 |
@@ -1020,12 +1027,12 @@ |
1397 |
static int |
1398 |
_XReverse_Bytes(bpt, nb) |
1399 |
register unsigned char *bpt; |
1400 |
- register int nb; |
1401 |
+ register unsigned int nb; |
1402 |
{ |
1403 |
do { |
1404 |
*bpt = _reverse_byte[*bpt]; |
1405 |
bpt++; |
1406 |
- } while (--nb > 0); |
1407 |
+ } while (--nb > 0); /* is nb user-controled? */ |
1408 |
return 0; |
1409 |
} |
1410 |
|
1411 |
@@ -1164,7 +1171,7 @@ |
1412 |
register char *src; |
1413 |
register char *dst; |
1414 |
register unsigned int *iptr; |
1415 |
- register int x, y, i; |
1416 |
+ register unsigned int x, y, i; |
1417 |
register char *data; |
1418 |
Pixel pixel, px; |
1419 |
int nbytes, depth, ibu, ibpp; |
1420 |
@@ -1174,8 +1181,8 @@ |
1421 |
depth = image->depth; |
1422 |
if (depth == 1) { |
1423 |
ibu = image->bitmap_unit; |
1424 |
- for (y = 0; y < height; y++) |
1425 |
- for (x = 0; x < width; x++, iptr++) { |
1426 |
+ for (y = 0; y < height; y++) /* how can we trust height */ |
1427 |
+ for (x = 0; x < width; x++, iptr++) { /* how can we trust width */ |
1428 |
pixel = pixels[*iptr]; |
1429 |
for (i = 0, px = pixel; i < sizeof(unsigned long); |
1430 |
i++, px >>= 8) |
1431 |
@@ -1250,12 +1257,12 @@ |
1432 |
{ |
1433 |
unsigned char *data; |
1434 |
unsigned int *iptr; |
1435 |
- int y; |
1436 |
+ unsigned int y; |
1437 |
Pixel pixel; |
1438 |
|
1439 |
#ifdef WITHOUT_SPEEDUPS |
1440 |
|
1441 |
- int x; |
1442 |
+ unsigned int x; |
1443 |
unsigned char *addr; |
1444 |
|
1445 |
data = (unsigned char *) image->data; |
1446 |
@@ -1292,7 +1299,7 @@ |
1447 |
|
1448 |
#else /* WITHOUT_SPEEDUPS */ |
1449 |
|
1450 |
- int bpl = image->bytes_per_line; |
1451 |
+ unsigned int bpl = image->bytes_per_line; |
1452 |
unsigned char *data_ptr, *max_data; |
1453 |
|
1454 |
data = (unsigned char *) image->data; |
1455 |
@@ -1360,11 +1367,11 @@ |
1456 |
{ |
1457 |
unsigned char *data; |
1458 |
unsigned int *iptr; |
1459 |
- int y; |
1460 |
+ unsigned int y; |
1461 |
|
1462 |
#ifdef WITHOUT_SPEEDUPS |
1463 |
|
1464 |
- int x; |
1465 |
+ unsigned int x; |
1466 |
unsigned char *addr; |
1467 |
|
1468 |
data = (unsigned char *) image->data; |
1469 |
@@ -1388,7 +1395,7 @@ |
1470 |
|
1471 |
Pixel pixel; |
1472 |
|
1473 |
- int bpl = image->bytes_per_line; |
1474 |
+ unsigned int bpl = image->bytes_per_line; |
1475 |
unsigned char *data_ptr, *max_data; |
1476 |
|
1477 |
data = (unsigned char *) image->data; |
1478 |
@@ -1441,11 +1448,11 @@ |
1479 |
{ |
1480 |
char *data; |
1481 |
unsigned int *iptr; |
1482 |
- int y; |
1483 |
+ unsigned int y; |
1484 |
|
1485 |
#ifdef WITHOUT_SPEEDUPS |
1486 |
|
1487 |
- int x; |
1488 |
+ unsigned int x; |
1489 |
|
1490 |
data = image->data; |
1491 |
iptr = pixelindex; |
1492 |
@@ -1455,7 +1462,7 @@ |
1493 |
|
1494 |
#else /* WITHOUT_SPEEDUPS */ |
1495 |
|
1496 |
- int bpl = image->bytes_per_line; |
1497 |
+ unsigned int bpl = image->bytes_per_line; |
1498 |
char *data_ptr, *max_data; |
1499 |
|
1500 |
data = image->data; |
1501 |
@@ -1490,12 +1497,12 @@ |
1502 |
PutImagePixels(image, width, height, pixelindex, pixels); |
1503 |
else { |
1504 |
unsigned int *iptr; |
1505 |
- int y; |
1506 |
+ unsigned int y; |
1507 |
char *data; |
1508 |
|
1509 |
#ifdef WITHOUT_SPEEDUPS |
1510 |
|
1511 |
- int x; |
1512 |
+ unsigned int x; |
1513 |
|
1514 |
data = image->data; |
1515 |
iptr = pixelindex; |
1516 |
@@ -1673,6 +1680,9 @@ |
1517 |
Pixel px; |
1518 |
int nbytes; |
1519 |
|
1520 |
+ if(x < 0 || y < 0) |
1521 |
+ return 0; |
1522 |
+ |
1523 |
for (i=0, px=pixel; i<sizeof(unsigned long); i++, px>>=8) |
1524 |
((unsigned char *)&pixel)[i] = px; |
1525 |
src = &ximage->data[XYINDEX(x, y, ximage)]; |
1526 |
@@ -1704,7 +1714,10 @@ |
1527 |
register int i; |
1528 |
register char *data; |
1529 |
Pixel px; |
1530 |
- int nbytes, ibpp; |
1531 |
+ unsigned int nbytes, ibpp; |
1532 |
+ |
1533 |
+ if(x < 0 || y < 0) |
1534 |
+ return 0; |
1535 |
|
1536 |
ibpp = ximage->bits_per_pixel; |
1537 |
if (ximage->depth == 4) |
1538 |
@@ -1737,6 +1750,9 @@ |
1539 |
{ |
1540 |
unsigned char *addr; |
1541 |
|
1542 |
+ if(x < 0 || y < 0) |
1543 |
+ return 0; |
1544 |
+ |
1545 |
addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; |
1546 |
*((unsigned long *)addr) = pixel; |
1547 |
return 1; |
1548 |
@@ -1751,6 +1767,9 @@ |
1549 |
{ |
1550 |
unsigned char *addr; |
1551 |
|
1552 |
+ if(x < 0 || y < 0) |
1553 |
+ return 0; |
1554 |
+ |
1555 |
addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; |
1556 |
addr[0] = pixel >> 24; |
1557 |
addr[1] = pixel >> 16; |
1558 |
@@ -1768,6 +1787,9 @@ |
1559 |
{ |
1560 |
unsigned char *addr; |
1561 |
|
1562 |
+ if(x < 0 || y < 0) |
1563 |
+ return 0; |
1564 |
+ |
1565 |
addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; |
1566 |
addr[3] = pixel >> 24; |
1567 |
addr[2] = pixel >> 16; |
1568 |
@@ -1785,6 +1807,9 @@ |
1569 |
{ |
1570 |
unsigned char *addr; |
1571 |
|
1572 |
+ if(x < 0 || y < 0) |
1573 |
+ return 0; |
1574 |
+ |
1575 |
addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)]; |
1576 |
addr[0] = pixel >> 8; |
1577 |
addr[1] = pixel; |
1578 |
@@ -1800,6 +1825,9 @@ |
1579 |
{ |
1580 |
unsigned char *addr; |
1581 |
|
1582 |
+ if(x < 0 || y < 0) |
1583 |
+ return 0; |
1584 |
+ |
1585 |
addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)]; |
1586 |
addr[1] = pixel >> 8; |
1587 |
addr[0] = pixel; |
1588 |
@@ -1813,6 +1841,9 @@ |
1589 |
int y; |
1590 |
unsigned long pixel; |
1591 |
{ |
1592 |
+ if(x < 0 || y < 0) |
1593 |
+ return 0; |
1594 |
+ |
1595 |
ximage->data[ZINDEX8(x, y, ximage)] = pixel; |
1596 |
return 1; |
1597 |
} |
1598 |
@@ -1824,6 +1855,9 @@ |
1599 |
int y; |
1600 |
unsigned long pixel; |
1601 |
{ |
1602 |
+ if(x < 0 || y < 0) |
1603 |
+ return 0; |
1604 |
+ |
1605 |
if (pixel & 1) |
1606 |
ximage->data[ZINDEX1(x, y, ximage)] |= 0x80 >> (x & 7); |
1607 |
else |
1608 |
@@ -1838,6 +1872,9 @@ |
1609 |
int y; |
1610 |
unsigned long pixel; |
1611 |
{ |
1612 |
+ if(x < 0 || y < 0) |
1613 |
+ return 0; |
1614 |
+ |
1615 |
if (pixel & 1) |
1616 |
ximage->data[ZINDEX1(x, y, ximage)] |= 1 << (x & 7); |
1617 |
else |
1618 |
@@ -1850,6 +1887,7 @@ |
1619 |
/* function call in case of error, frees only locally allocated variables */ |
1620 |
#undef RETURN |
1621 |
#define RETURN(status) \ |
1622 |
+do \ |
1623 |
{ \ |
1624 |
if (USE_HASHTABLE) xpmHashTableFree(&hashtable); \ |
1625 |
if (colorTable) xpmFreeColorTable(colorTable, ncolors); \ |
1626 |
@@ -1865,7 +1903,7 @@ |
1627 |
if (alloc_pixels) XpmFree(alloc_pixels); \ |
1628 |
if (used_pixels) XpmFree(used_pixels); \ |
1629 |
return(status); \ |
1630 |
-} |
1631 |
+} while(0) |
1632 |
|
1633 |
/* |
1634 |
* This function parses an Xpm file or data and directly create an XImage |
1635 |
@@ -1997,7 +2035,7 @@ |
1636 |
xpmGetCmt(data, &colors_cmt); |
1637 |
|
1638 |
/* malloc pixels index tables */ |
1639 |
- if (ncolors >= SIZE_MAX / sizeof(Pixel)) |
1640 |
+ if (ncolors >= UINT_MAX / sizeof(Pixel)) |
1641 |
return XpmNoMemory; |
1642 |
|
1643 |
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); |
1644 |
@@ -2109,7 +2147,7 @@ |
1645 |
* free the hastable |
1646 |
*/ |
1647 |
if (ErrorStatus != XpmSuccess) |
1648 |
- RETURN(ErrorStatus) |
1649 |
+ RETURN(ErrorStatus); |
1650 |
else if (USE_HASHTABLE) |
1651 |
xpmHashTableFree(&hashtable); |
1652 |
|
1653 |
@@ -2258,11 +2296,11 @@ |
1654 |
|
1655 |
/* array of pointers malloced by need */ |
1656 |
unsigned short *cidx[256]; |
1657 |
- int char1; |
1658 |
+ unsigned int char1; |
1659 |
|
1660 |
bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */ |
1661 |
for (a = 0; a < ncolors; a++) { |
1662 |
- char1 = colorTable[a].string[0]; |
1663 |
+ char1 = (unsigned char) colorTable[a].string[0]; |
1664 |
if (cidx[char1] == NULL) { /* get new memory */ |
1665 |
cidx[char1] = (unsigned short *) |
1666 |
XpmCalloc(256, sizeof(unsigned short)); |
1667 |
@@ -2280,7 +2318,7 @@ |
1668 |
int cc1 = xpmGetC(data); |
1669 |
if (cc1 > 0 && cc1 < 256) { |
1670 |
int cc2 = xpmGetC(data); |
1671 |
- if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) { |
1672 |
+ if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) { |
1673 |
#ifndef FOR_MSW |
1674 |
XPutPixel(image, x, y, |
1675 |
image_pixels[cidx[cc1][cc2] - 1]); |
1676 |
diff -Nur lib/Xm/Xpmdata.c lib/Xm/Xpmdata.c |
1677 |
--- lib/Xm/Xpmdata.c 2005-02-14 15:20:49.343040299 +0100 |
1678 |
+++ lib/Xm/Xpmdata.c 2005-02-14 14:38:22.161975990 +0100 |
1679 |
@@ -33,6 +33,8 @@ |
1680 |
* Developed by Arnaud Le Hors * |
1681 |
\*****************************************************************************/ |
1682 |
|
1683 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1684 |
+ |
1685 |
/* Official version number */ |
1686 |
static char *RCS_Version = "$XpmVersion: 3.4i $"; |
1687 |
|
1688 |
@@ -279,7 +281,7 @@ |
1689 |
} |
1690 |
ungetc(c, file); |
1691 |
} |
1692 |
- return (n); |
1693 |
+ return (n); /* this returns bytes read + 1 */ |
1694 |
} |
1695 |
|
1696 |
/* |
1697 |
@@ -376,8 +378,9 @@ |
1698 |
{ |
1699 |
if (!mdata->type) |
1700 |
*cmt = NULL; |
1701 |
- else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { |
1702 |
- *cmt = (char *) XpmMalloc(mdata->CommentLength + 1); |
1703 |
+ else if (mdata->CommentLength != 0 && mdata->CommentLength < UINT_MAX - 1) { |
1704 |
+ if( (*cmt = (char *) XpmMalloc(mdata->CommentLength + 1)) == NULL) |
1705 |
+ return XpmNoMemory; |
1706 |
strncpy(*cmt, mdata->Comment, mdata->CommentLength); |
1707 |
(*cmt)[mdata->CommentLength] = '\0'; |
1708 |
mdata->CommentLength = 0; |
1709 |
@@ -405,7 +408,7 @@ |
1710 |
xpmParseHeader(mdata) |
1711 |
xpmData *mdata; |
1712 |
{ |
1713 |
- char buf[BUFSIZ]; |
1714 |
+ char buf[BUFSIZ+1] = {0}; |
1715 |
int l, n = 0; |
1716 |
|
1717 |
if (mdata->type) { |
1718 |
diff -Nur lib/Xm/Xpmhashtab.c lib/Xm/Xpmhashtab.c |
1719 |
--- lib/Xm/Xpmhashtab.c 2005-02-14 15:20:49.342040497 +0100 |
1720 |
+++ lib/Xm/Xpmhashtab.c 2005-02-14 14:39:44.386676330 +0100 |
1721 |
@@ -144,13 +144,13 @@ |
1722 |
unsigned int size = table->size; |
1723 |
xpmHashAtom *t, *p; |
1724 |
int i; |
1725 |
- int oldSize = size; |
1726 |
+ unsigned int oldSize = size; |
1727 |
|
1728 |
t = atomTable; |
1729 |
HASH_TABLE_GROWS |
1730 |
table->size = size; |
1731 |
table->limit = size / 3; |
1732 |
- if (size >= SIZE_MAX / sizeof(*atomTable)) |
1733 |
+ if (size >= UINT_MAX / sizeof(*atomTable)) |
1734 |
return (XpmNoMemory); |
1735 |
atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); |
1736 |
if (!atomTable) |
1737 |
@@ -212,7 +212,7 @@ |
1738 |
table->size = INITIAL_HASH_SIZE; |
1739 |
table->limit = table->size / 3; |
1740 |
table->used = 0; |
1741 |
- if (table->size >= SIZE_MAX / sizeof(*atomTable)) |
1742 |
+ if (table->size >= UINT_MAX / sizeof(*atomTable)) |
1743 |
return (XpmNoMemory); |
1744 |
atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); |
1745 |
if (!atomTable) |
1746 |
--- lib/Xm/XpmI.h 2005-02-14 15:20:49.344040101 +0100 |
1747 |
+++ lib/Xm/XpmI.h 2005-02-14 14:24:12.903327195 +0100 |
1748 |
@@ -108,8 +109,10 @@ |
1749 |
* lets try to solve include files |
1750 |
*/ |
1751 |
|
1752 |
+#include <sys/types.h> |
1753 |
#include <stdio.h> |
1754 |
#include <stdlib.h> |
1755 |
+#include <limits.h> |
1756 |
/* stdio.h doesn't declare popen on a Sequent DYNIX OS */ |
1757 |
#ifdef sequent |
1758 |
extern FILE *popen(); |
1759 |
diff -Nur lib/Xm/Xpmmisc.c lib/Xm/Xpmmisc.c |
1760 |
--- lib/Xm/Xpmmisc.c 2002-01-10 21:57:09.000000000 +0100 |
1761 |
+++ lib/Xm/Xpmmisc.c 2005-02-14 14:24:12.907326402 +0100 |
1762 |
@@ -52,7 +52,7 @@ |
1763 |
char *s1; |
1764 |
{ |
1765 |
char *s2; |
1766 |
- int l = strlen(s1) + 1; |
1767 |
+ size_t l = strlen(s1) + 1; |
1768 |
|
1769 |
if (s2 = (char *) XpmMalloc(l)) |
1770 |
strcpy(s2, s1); |
1771 |
diff -Nur lib/Xm/Xpmparse.c lib/Xm/Xpmparse.c |
1772 |
--- lib/Xm/Xpmparse.c 2005-02-14 15:20:49.349039110 +0100 |
1773 |
+++ lib/Xm/Xpmparse.c 2005-02-14 14:46:55.361242890 +0100 |
1774 |
@@ -49,21 +49,21 @@ |
1775 |
#include <string.h> |
1776 |
|
1777 |
#ifdef HAS_STRLCAT |
1778 |
-# define STRLCAT(dst, src, dstsize) { \ |
1779 |
+# define STRLCAT(dst, src, dstsize) do { \ |
1780 |
if (strlcat(dst, src, dstsize) >= (dstsize)) \ |
1781 |
- return (XpmFileInvalid); } |
1782 |
-# define STRLCPY(dst, src, dstsize) { \ |
1783 |
+ return (XpmFileInvalid); } while(0) |
1784 |
+# define STRLCPY(dst, src, dstsize) do { \ |
1785 |
if (strlcpy(dst, src, dstsize) >= (dstsize)) \ |
1786 |
- return (XpmFileInvalid); } |
1787 |
+ return (XpmFileInvalid); } while(0) |
1788 |
#else |
1789 |
-# define STRLCAT(dst, src, dstsize) { \ |
1790 |
+# define STRLCAT(dst, src, dstsize) do { \ |
1791 |
if ((strlen(dst) + strlen(src)) < (dstsize)) \ |
1792 |
strcat(dst, src); \ |
1793 |
- else return (XpmFileInvalid); } |
1794 |
-# define STRLCPY(dst, src, dstsize) { \ |
1795 |
+ else return (XpmFileInvalid); } while(0) |
1796 |
+# define STRLCPY(dst, src, dstsize) do { \ |
1797 |
if (strlen(src) < (dstsize)) \ |
1798 |
strcpy(dst, src); \ |
1799 |
- else return (XpmFileInvalid); } |
1800 |
+ else return (XpmFileInvalid); } while(0) |
1801 |
#endif |
1802 |
|
1803 |
LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, |
1804 |
@@ -83,6 +83,7 @@ |
1805 |
/* function call in case of error, frees only locally allocated variables */ |
1806 |
#undef RETURN |
1807 |
#define RETURN(status) \ |
1808 |
+do \ |
1809 |
{ \ |
1810 |
if (colorTable) xpmFreeColorTable(colorTable, ncolors); \ |
1811 |
if (pixelindex) XpmFree(pixelindex); \ |
1812 |
@@ -90,7 +91,7 @@ |
1813 |
if (colors_cmt) XpmFree(colors_cmt); \ |
1814 |
if (pixels_cmt) XpmFree(pixels_cmt); \ |
1815 |
return(status); \ |
1816 |
-} |
1817 |
+} while(0) |
1818 |
|
1819 |
/* |
1820 |
* This function parses an Xpm file or data and store the found informations |
1821 |
@@ -354,7 +355,7 @@ |
1822 |
char **defaults; |
1823 |
int ErrorStatus; |
1824 |
|
1825 |
- if (ncolors >= SIZE_MAX / sizeof(XpmColor)) |
1826 |
+ if (ncolors >= UINT_MAX / sizeof(XpmColor)) |
1827 |
return (XpmNoMemory); |
1828 |
colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); |
1829 |
if (!colorTable) |
1830 |
@@ -367,7 +368,7 @@ |
1831 |
/* |
1832 |
* read pixel value |
1833 |
*/ |
1834 |
- if (cpp >= SIZE_MAX - 1) { |
1835 |
+ if (cpp >= UINT_MAX - 1) { |
1836 |
xpmFreeColorTable(colorTable, ncolors); |
1837 |
return (XpmNoMemory); |
1838 |
} |
1839 |
@@ -436,7 +437,7 @@ |
1840 |
xpmFreeColorTable(colorTable, ncolors); |
1841 |
return (XpmFileInvalid); |
1842 |
} |
1843 |
- len = strlen(curbuf) + 1; |
1844 |
+ len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */ |
1845 |
s = defaults[curkey] = (char *) XpmMalloc(len); |
1846 |
if (!s) { |
1847 |
xpmFreeColorTable(colorTable, ncolors); |
1848 |
@@ -455,7 +456,7 @@ |
1849 |
/* |
1850 |
* read pixel value |
1851 |
*/ |
1852 |
- if (cpp >= SIZE_MAX - 1) { |
1853 |
+ if (cpp >= UINT_MAX - 1) { |
1854 |
xpmFreeColorTable(colorTable, ncolors); |
1855 |
return (XpmNoMemory); |
1856 |
} |
1857 |
@@ -500,7 +501,7 @@ |
1858 |
memcpy(s, curbuf, len); |
1859 |
color->c_color = s; |
1860 |
*curbuf = '\0'; /* reset curbuf */ |
1861 |
- if (a < ncolors - 1) |
1862 |
+ if (a < ncolors - 1) /* can we trust ncolors -> leave data's bounds */ |
1863 |
xpmNextString(data); /* get to the next string */ |
1864 |
} |
1865 |
} |
1866 |
@@ -519,11 +520,11 @@ |
1867 |
xpmHashTable *hashtable; |
1868 |
unsigned int **pixels; |
1869 |
{ |
1870 |
- unsigned int *iptr, *iptr2; |
1871 |
+ unsigned int *iptr, *iptr2 = NULL; |
1872 |
unsigned int a, x, y; |
1873 |
|
1874 |
- if ((height > 0 && width >= SIZE_MAX / height) || |
1875 |
- width * height >= SIZE_MAX / sizeof(unsigned int)) |
1876 |
+ if ((height > 0 && width >= UINT_MAX / height) || |
1877 |
+ width * height >= UINT_MAX / sizeof(unsigned int)) |
1878 |
return XpmNoMemory; |
1879 |
#ifndef FOR_MSW |
1880 |
iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); |
1881 |
@@ -548,8 +549,10 @@ |
1882 |
{ |
1883 |
unsigned short colidx[256]; |
1884 |
|
1885 |
- if (ncolors > 256) |
1886 |
+ if (ncolors > 256) { |
1887 |
return (XpmFileInvalid); |
1888 |
+ XpmFree(iptr2); /* found by Egbert Eich */ |
1889 |
+ } |
1890 |
|
1891 |
bzero((char *)colidx, 256 * sizeof(short)); |
1892 |
for (a = 0; a < ncolors; a++) |
1893 |
@@ -576,16 +579,20 @@ |
1894 |
{ |
1895 |
|
1896 |
/* free all allocated pointers at all exits */ |
1897 |
-#define FREE_CIDX {int f; for (f = 0; f < 256; f++) \ |
1898 |
-if (cidx[f]) XpmFree(cidx[f]);} |
1899 |
+#define FREE_CIDX \ |
1900 |
+do \ |
1901 |
+{ \ |
1902 |
+ int f; for (f = 0; f < 256; f++) \ |
1903 |
+ if (cidx[f]) XpmFree(cidx[f]); \ |
1904 |
+} while(0) |
1905 |
|
1906 |
/* array of pointers malloced by need */ |
1907 |
unsigned short *cidx[256]; |
1908 |
- int char1; |
1909 |
+ unsigned int char1; |
1910 |
|
1911 |
bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */ |
1912 |
for (a = 0; a < ncolors; a++) { |
1913 |
- char1 = colorTable[a].string[0]; |
1914 |
+ char1 = (unsigned char) colorTable[a].string[0]; |
1915 |
if (cidx[char1] == NULL) { /* get new memory */ |
1916 |
cidx[char1] = (unsigned short *) |
1917 |
XpmCalloc(256, sizeof(unsigned short)); |
1918 |
@@ -604,7 +611,7 @@ |
1919 |
int cc1 = xpmGetC(data); |
1920 |
if (cc1 > 0 && cc1 < 256) { |
1921 |
int cc2 = xpmGetC(data); |
1922 |
- if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) |
1923 |
+ if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) |
1924 |
*iptr = cidx[cc1][cc2] - 1; |
1925 |
else { |
1926 |
FREE_CIDX; |
1927 |
@@ -628,8 +635,10 @@ |
1928 |
char *s; |
1929 |
char buf[BUFSIZ]; |
1930 |
|
1931 |
- if (cpp >= sizeof(buf)) |
1932 |
+ if (cpp >= sizeof(buf)) { |
1933 |
return (XpmFileInvalid); |
1934 |
+ XpmFree(iptr2); /* found by Egbert Eich */ |
1935 |
+ } |
1936 |
|
1937 |
buf[cpp] = '\0'; |
1938 |
if (USE_HASHTABLE) { |
1939 |
@@ -639,7 +648,7 @@ |
1940 |
xpmNextString(data); |
1941 |
for (x = 0; x < width; x++, iptr++) { |
1942 |
for (a = 0, s = buf; a < cpp; a++, s++) |
1943 |
- *s = xpmGetC(data); |
1944 |
+ *s = xpmGetC(data); /* int assigned to char, not a problem here */ |
1945 |
slot = xpmHashSlot(hashtable, buf); |
1946 |
if (!*slot) { /* no color matches */ |
1947 |
XpmFree(iptr2); |
1948 |
@@ -653,7 +662,7 @@ |
1949 |
xpmNextString(data); |
1950 |
for (x = 0; x < width; x++, iptr++) { |
1951 |
for (a = 0, s = buf; a < cpp; a++, s++) |
1952 |
- *s = xpmGetC(data); |
1953 |
+ *s = xpmGetC(data); /* int assigned to char, not a problem here */ |
1954 |
for (a = 0; a < ncolors; a++) |
1955 |
if (!strcmp(colorTable[a].string, buf)) |
1956 |
break; |
1957 |
@@ -708,7 +717,7 @@ |
1958 |
while (!notstart && notend) { |
1959 |
/* there starts an extension */ |
1960 |
ext = (XpmExtension *) |
1961 |
- XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); |
1962 |
+ XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); /* can the loop be forced to iterate often enough to make "(num + 1) * sizeof(XpmExtension)" wrapping? */ |
1963 |
if (!ext) { |
1964 |
XpmFree(string); |
1965 |
XpmFreeExtensions(exts, num); |
1966 |
@@ -745,7 +754,7 @@ |
1967 |
while ((notstart = strncmp("XPMEXT", string, 6)) |
1968 |
&& (notend = strncmp("XPMENDEXT", string, 9))) { |
1969 |
sp = (char **) |
1970 |
- XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); |
1971 |
+ XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); /* can we iterate enough for a wrapping? */ |
1972 |
if (!sp) { |
1973 |
XpmFree(string); |
1974 |
ext->nlines = nlines; |
1975 |
diff -Nur lib/Xm/XpmRdFToBuf.c lib/Xm/XpmRdFToBuf.c |
1976 |
--- lib/Xm/XpmRdFToBuf.c 2002-01-10 21:57:08.000000000 +0100 |
1977 |
+++ lib/Xm/XpmRdFToBuf.c 2005-02-14 14:24:12.904326997 +0100 |
1978 |
@@ -43,6 +43,8 @@ |
1979 |
#endif |
1980 |
|
1981 |
|
1982 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1983 |
+ |
1984 |
#include "XpmI.h" |
1985 |
#include <sys/stat.h> |
1986 |
#if !defined(FOR_MSW) && !defined(WIN32) |
1987 |
@@ -64,7 +66,8 @@ |
1988 |
char *filename; |
1989 |
char **buffer_return; |
1990 |
{ |
1991 |
- int fd, fcheck, len; |
1992 |
+ int fd, fcheck; |
1993 |
+ off_t len; |
1994 |
char *ptr; |
1995 |
struct stat stats; |
1996 |
FILE *fp; |
1997 |
@@ -88,7 +91,7 @@ |
1998 |
close(fd); |
1999 |
return XpmOpenFailed; |
2000 |
} |
2001 |
- len = (int) stats.st_size; |
2002 |
+ len = stats.st_size; |
2003 |
ptr = (char *) XpmMalloc(len + 1); |
2004 |
if (!ptr) { |
2005 |
fclose(fp); |
2006 |
diff -Nur lib/Xm/XpmRdFToI.c lib/Xm/XpmRdFToI.c |
2007 |
--- lib/Xm/XpmRdFToI.c 2002-01-10 21:57:08.000000000 +0100 |
2008 |
+++ lib/Xm/XpmRdFToI.c 2005-02-14 14:24:12.861335519 +0100 |
2009 |
@@ -38,6 +38,8 @@ |
2010 |
#endif |
2011 |
|
2012 |
|
2013 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2014 |
+ |
2015 |
#include "XpmI.h" |
2016 |
#include <sys/stat.h> |
2017 |
#include <sys/param.h> |
2018 |
@@ -127,6 +129,12 @@ |
2019 |
/* |
2020 |
* open the given file to be read as an xpmData which is returned. |
2021 |
*/ |
2022 |
+#ifndef NO_ZPIPE |
2023 |
+ FILE *Xpms_popen(char *cmd, const char *type); |
2024 |
+#else |
2025 |
+# define Xpms_popen popen |
2026 |
+#endif |
2027 |
+ |
2028 |
static int |
2029 |
OpenReadFile(filename, mdata) |
2030 |
char *filename; |
2031 |
@@ -144,17 +152,21 @@ |
2032 |
mdata->type = XPMFILE; |
2033 |
} else { |
2034 |
#ifndef NO_ZPIPE |
2035 |
- int len = strlen(filename); |
2036 |
+ size_t len = strlen(filename); |
2037 |
+ |
2038 |
+ if(len == 0 || |
2039 |
+ filename[len-1] == '/') |
2040 |
+ return(XpmOpenFailed); |
2041 |
if ((len > 2) && !strcmp(".Z", filename + (len - 2))) { |
2042 |
mdata->type = XPMPIPE; |
2043 |
- sprintf(buf, "uncompress -c \"%s\"", filename); |
2044 |
- if (!(mdata->stream.file = popen(buf, "r"))) |
2045 |
+ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename); |
2046 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) |
2047 |
return (XpmOpenFailed); |
2048 |
|
2049 |
} else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) { |
2050 |
mdata->type = XPMPIPE; |
2051 |
- sprintf(buf, "gunzip -qc \"%s\"", filename); |
2052 |
- if (!(mdata->stream.file = popen(buf, "r"))) |
2053 |
+ snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename); |
2054 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) |
2055 |
return (XpmOpenFailed); |
2056 |
|
2057 |
} else { |
2058 |
@@ -162,19 +174,19 @@ |
2059 |
if (!(compressfile = (char *) XpmMalloc(len + 4))) |
2060 |
return (XpmNoMemory); |
2061 |
|
2062 |
- sprintf(compressfile, "%s.Z", filename); |
2063 |
+ snprintf(compressfile, len+4, "%s.Z", filename); |
2064 |
if (!stat(compressfile, &status)) { |
2065 |
- sprintf(buf, "uncompress -c \"%s\"", compressfile); |
2066 |
- if (!(mdata->stream.file = popen(buf, "r"))) { |
2067 |
+ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile); |
2068 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) { |
2069 |
XpmFree(compressfile); |
2070 |
return (XpmOpenFailed); |
2071 |
} |
2072 |
mdata->type = XPMPIPE; |
2073 |
} else { |
2074 |
- sprintf(compressfile, "%s.gz", filename); |
2075 |
+ snprintf(compressfile, len+4, "%s.gz", filename); |
2076 |
if (!stat(compressfile, &status)) { |
2077 |
- sprintf(buf, "gunzip -c \"%s\"", compressfile); |
2078 |
- if (!(mdata->stream.file = popen(buf, "r"))) { |
2079 |
+ snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile); |
2080 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) { |
2081 |
XpmFree(compressfile); |
2082 |
return (XpmOpenFailed); |
2083 |
} |
2084 |
@@ -216,7 +228,7 @@ |
2085 |
break; |
2086 |
#ifndef NO_ZPIPE |
2087 |
case XPMPIPE: |
2088 |
- pclose(mdata->stream.file); |
2089 |
+ fclose(mdata->stream.file); |
2090 |
break; |
2091 |
#endif |
2092 |
} |
2093 |
diff -Nur lib/Xm/Xpmscan.c lib/Xm/Xpmscan.c |
2094 |
--- lib/Xm/Xpmscan.c 2005-02-14 15:20:49.345039902 +0100 |
2095 |
+++ lib/Xm/Xpmscan.c 2005-02-14 14:48:52.388044300 +0100 |
2096 |
@@ -43,12 +43,14 @@ |
2097 |
#endif |
2098 |
|
2099 |
|
2100 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2101 |
+ |
2102 |
#include "XpmI.h" |
2103 |
|
2104 |
#define MAXPRINTABLE 92 /* number of printable ascii chars |
2105 |
* minus \ and " for string compat |
2106 |
* and ? to avoid ANSI trigraphs. */ |
2107 |
- |
2108 |
+ /* " */ |
2109 |
static char *printable = |
2110 |
" .XoO+@#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZ\ |
2111 |
ASDFGHJKLPIUYTREWQ!~^/()_`'][{}|"; |
2112 |
@@ -163,12 +165,13 @@ |
2113 |
/* function call in case of error, frees only locally allocated variables */ |
2114 |
#undef RETURN |
2115 |
#define RETURN(status) \ |
2116 |
+do \ |
2117 |
{ \ |
2118 |
if (pmap.pixelindex) XpmFree(pmap.pixelindex); \ |
2119 |
if (pmap.pixels) XpmFree(pmap.pixels); \ |
2120 |
if (colorTable) xpmFreeColorTable(colorTable, pmap.ncolors); \ |
2121 |
return(status); \ |
2122 |
-} |
2123 |
+} while(0) |
2124 |
|
2125 |
/* |
2126 |
* This function scans the given image and stores the found informations in |
2127 |
@@ -226,15 +229,15 @@ |
2128 |
else |
2129 |
cpp = 0; |
2130 |
|
2131 |
- if ((height > 0 && width >= SIZE_MAX / height) || |
2132 |
- width * height >= SIZE_MAX / sizeof(unsigned int)) |
2133 |
+ if ((height > 0 && width >= UINT_MAX / height) || |
2134 |
+ width * height >= UINT_MAX / sizeof(unsigned int)) |
2135 |
RETURN(XpmNoMemory); |
2136 |
pmap.pixelindex = |
2137 |
(unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); |
2138 |
if (!pmap.pixelindex) |
2139 |
RETURN(XpmNoMemory); |
2140 |
|
2141 |
- if (pmap.size >= SIZE_MAX / sizeof(Pixel)) |
2142 |
+ if (pmap.size >= UINT_MAX / sizeof(Pixel)) |
2143 |
RETURN(XpmNoMemory); |
2144 |
|
2145 |
pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); |
2146 |
@@ -292,7 +295,7 @@ |
2147 |
* color |
2148 |
*/ |
2149 |
|
2150 |
- if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) |
2151 |
+ if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor)) |
2152 |
RETURN(XpmNoMemory); |
2153 |
colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); |
2154 |
if (!colorTable) |
2155 |
@@ -341,7 +344,7 @@ |
2156 |
|
2157 |
/* first get a character string */ |
2158 |
a = 0; |
2159 |
- if (cpp >= SIZE_MAX - 1) |
2160 |
+ if (cpp >= UINT_MAX - 1) |
2161 |
return (XpmNoMemory); |
2162 |
if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) |
2163 |
return (XpmNoMemory); |
2164 |
@@ -434,7 +437,7 @@ |
2165 |
} |
2166 |
|
2167 |
/* first get character strings and rgb values */ |
2168 |
- if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) |
2169 |
+ if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1) |
2170 |
return (XpmNoMemory); |
2171 |
xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); |
2172 |
if (!xcolors) |
2173 |
@@ -591,7 +594,7 @@ |
2174 |
char *dst; |
2175 |
unsigned int *iptr; |
2176 |
char *data; |
2177 |
- int x, y, i; |
2178 |
+ unsigned int x, y, i; |
2179 |
int bits, depth, ibu, ibpp, offset; |
2180 |
unsigned long lbt; |
2181 |
Pixel pixel, px; |
2182 |
@@ -693,7 +696,7 @@ |
2183 |
unsigned char *addr; |
2184 |
unsigned char *data; |
2185 |
unsigned int *iptr; |
2186 |
- int x, y; |
2187 |
+ unsigned int x, y; |
2188 |
unsigned long lbt; |
2189 |
Pixel pixel; |
2190 |
int depth; |
2191 |
@@ -758,7 +761,7 @@ |
2192 |
unsigned char *addr; |
2193 |
unsigned char *data; |
2194 |
unsigned int *iptr; |
2195 |
- int x, y; |
2196 |
+ unsigned int x, y; |
2197 |
unsigned long lbt; |
2198 |
Pixel pixel; |
2199 |
int depth; |
2200 |
@@ -803,7 +806,7 @@ |
2201 |
{ |
2202 |
unsigned int *iptr; |
2203 |
unsigned char *data; |
2204 |
- int x, y; |
2205 |
+ unsigned int x, y; |
2206 |
unsigned long lbt; |
2207 |
Pixel pixel; |
2208 |
int depth; |
2209 |
@@ -836,7 +839,7 @@ |
2210 |
int (*storeFunc) (); |
2211 |
{ |
2212 |
unsigned int *iptr; |
2213 |
- int x, y; |
2214 |
+ unsigned int x, y; |
2215 |
char *data; |
2216 |
Pixel pixel; |
2217 |
int xoff, yoff, offset, bpl; |
2218 |
diff -Nur lib/Xm/XpmWrFFrBuf.c lib/Xm/XpmWrFFrBuf.c |
2219 |
--- lib/Xm/XpmWrFFrBuf.c 2002-01-10 21:57:08.000000000 +0100 |
2220 |
+++ lib/Xm/XpmWrFFrBuf.c 2005-02-14 14:24:12.906326601 +0100 |
2221 |
@@ -38,6 +38,8 @@ |
2222 |
#endif |
2223 |
|
2224 |
|
2225 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2226 |
+ |
2227 |
#include "XpmI.h" |
2228 |
|
2229 |
int |
2230 |
@@ -55,7 +57,7 @@ |
2231 |
fcheck = fwrite(buffer, len, 1, fp); |
2232 |
fclose(fp); |
2233 |
if (fcheck != 1) |
2234 |
- return XpmOpenFailed; |
2235 |
+ return XpmOpenFailed; /* maybe use a better return value */ |
2236 |
|
2237 |
return XpmSuccess; |
2238 |
} |
2239 |
diff -Nur lib/Xm/XpmWrFFrI.c lib/Xm/XpmWrFFrI.c |
2240 |
--- lib/Xm/XpmWrFFrI.c 2005-02-14 15:20:49.343040299 +0100 |
2241 |
+++ lib/Xm/XpmWrFFrI.c 2005-02-14 14:50:25.766533589 +0100 |
2242 |
@@ -38,6 +38,8 @@ |
2243 |
#endif |
2244 |
|
2245 |
|
2246 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2247 |
+ |
2248 |
#include "XpmI.h" |
2249 |
#if !defined(NO_ZPIPE) && defined(WIN32) |
2250 |
# define popen _popen |
2251 |
@@ -98,7 +100,7 @@ |
2252 |
XpmInfo *info; |
2253 |
{ |
2254 |
xpmData mdata; |
2255 |
- char *name, *dot, *s, new_name[BUFSIZ]; |
2256 |
+ char *name, *dot, *s, new_name[BUFSIZ] = {0}; |
2257 |
int ErrorStatus; |
2258 |
|
2259 |
/* open file to write */ |
2260 |
@@ -117,6 +119,8 @@ |
2261 |
#endif |
2262 |
/* let's try to make a valid C syntax name */ |
2263 |
if ((dot = index(name, '.'))) { |
2264 |
+ strncpy(new_name, name, sizeof(new_name)); |
2265 |
+ new_name[sizeof(new_name)-1] = 0; |
2266 |
strcpy(new_name, name); |
2267 |
/* change '.' to '_' */ |
2268 |
name = s = new_name; |
2269 |
@@ -127,7 +131,8 @@ |
2270 |
} |
2271 |
if ((dot = index(name, '-'))) { |
2272 |
if (name != new_name) { |
2273 |
- strcpy(new_name, name); |
2274 |
+ strncpy(new_name, name, sizeof(new_name)); |
2275 |
+ new_name[sizeof(new_name)-1] = 0; |
2276 |
name = new_name; |
2277 |
} |
2278 |
/* change '-' to '_' */ |
2279 |
@@ -244,7 +249,7 @@ |
2280 |
unsigned int x, y, h; |
2281 |
|
2282 |
h = height - 1; |
2283 |
- if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) |
2284 |
+ if (cpp != 0 && width >= (UINT_MAX - 3)/cpp) |
2285 |
return (XpmNoMemory); |
2286 |
p = buf = (char *) XpmMalloc(width * cpp + 3); |
2287 |
if (!buf) |
2288 |
@@ -296,6 +301,11 @@ |
2289 |
/* |
2290 |
* open the given file to be written as an xpmData which is returned |
2291 |
*/ |
2292 |
+#ifndef NO_ZPIPE |
2293 |
+ FILE *Xpms_popen(char *cmd, const char *type); |
2294 |
+#else |
2295 |
+# define Xpms_popen popen |
2296 |
+#endif |
2297 |
static int |
2298 |
OpenWriteFile(filename, mdata) |
2299 |
char *filename; |
2300 |
@@ -311,16 +321,23 @@ |
2301 |
mdata->type = XPMFILE; |
2302 |
} else { |
2303 |
#ifndef NO_ZPIPE |
2304 |
- int len = strlen(filename); |
2305 |
+ size_t len = strlen(filename); |
2306 |
+ |
2307 |
+ if(len == 0 || |
2308 |
+ filename[0] == '/' || |
2309 |
+ strstr(filename, "../") != NULL || |
2310 |
+ filename[len-1] == '/') |
2311 |
+ return(XpmOpenFailed); |
2312 |
+ |
2313 |
if (len > 2 && !strcmp(".Z", filename + (len - 2))) { |
2314 |
- sprintf(buf, "compress > \"%s\"", filename); |
2315 |
- if (!(mdata->stream.file = popen(buf, "w"))) |
2316 |
+ snprintf(buf, sizeof(buf), "compress > \"%s\"", filename); |
2317 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "w"))) |
2318 |
return (XpmOpenFailed); |
2319 |
|
2320 |
mdata->type = XPMPIPE; |
2321 |
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { |
2322 |
- sprintf(buf, "gzip -q > \"%s\"", filename); |
2323 |
- if (!(mdata->stream.file = popen(buf, "w"))) |
2324 |
+ snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename); |
2325 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "w"))) |
2326 |
return (XpmOpenFailed); |
2327 |
|
2328 |
mdata->type = XPMPIPE; |
2329 |
@@ -351,7 +368,7 @@ |
2330 |
break; |
2331 |
#ifndef NO_ZPIPE |
2332 |
case XPMPIPE: |
2333 |
- pclose(mdata->stream.file); |
2334 |
+ fclose(mdata->stream.file); |
2335 |
break; |
2336 |
#endif |
2337 |
} |
2338 |
|
2339 |
|
2340 |
|
2341 |
1.1 src/patchsets/openmotif/2.2.3/04_all_CAN-2004-0914_sec8.patch |
2342 |
|
2343 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&view=markup |
2344 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&content-type=text/plain |
2345 |
|
2346 |
Index: 04_all_CAN-2004-0914_sec8.patch |
2347 |
=================================================================== |
2348 |
--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0914_sec8 2004-11-29 15:04:10.105373839 +0100 |
2349 |
+++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-11-29 15:04:10.150367679 +0100 |
2350 |
@@ -322,10 +322,7 @@ |
2351 |
#ifndef NO_ZPIPE |
2352 |
size_t len = strlen(filename); |
2353 |
|
2354 |
- if(len == 0 || |
2355 |
- filename[0] == '/' || |
2356 |
- strstr(filename, "../") != NULL || |
2357 |
- filename[len-1] == '/') |
2358 |
+ if(len == 0) |
2359 |
return(XpmOpenFailed); |
2360 |
|
2361 |
if (len > 2 && !strcmp(".Z", filename + (len - 2))) { |
2362 |
|
2363 |
|
2364 |
|
2365 |
1.1 src/patchsets/openmotif/2.2.3/05_all_char_not_supported.patch |
2366 |
|
2367 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/05_all_char_not_supported.patch?rev=1.1&view=markup |
2368 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/05_all_char_not_supported.patch?rev=1.1&content-type=text/plain |
2369 |
|
2370 |
Index: 05_all_char_not_supported.patch |
2371 |
=================================================================== |
2372 |
--- openMotif-2.2.3/lib/Xm/TextF.c.char_not_supported 2004-06-03 12:59:10.241822710 +0200 |
2373 |
+++ openMotif-2.2.3/lib/Xm/TextF.c 2004-06-03 13:02:18.987890852 +0200 |
2374 |
@@ -3723,20 +3723,17 @@ |
2375 |
cache_ptr = tmp = XmStackAlloc(buf_size, cache); |
2376 |
|
2377 |
tmp_str = (wchar_t *)str; |
2378 |
- ret_val = wctomb(tmp, *tmp_str); |
2379 |
+ // Fixed MZ BZ#1257: by Brad Despres <brad@××××××××.com> |
2380 |
count = 0; |
2381 |
- while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) |
2382 |
- { |
2383 |
- count += 1; |
2384 |
- tmp += ret_val; |
2385 |
- buf_size -= ret_val; |
2386 |
- tmp_str++; |
2387 |
- ret_val = wctomb(tmp, *tmp_str); |
2388 |
- } |
2389 |
- |
2390 |
+ do { |
2391 |
+ ret_val = wctomb(tmp, *tmp_str); |
2392 |
+ count += 1; |
2393 |
+ tmp += ret_val; |
2394 |
+ buf_size -= ret_val; |
2395 |
+ tmp_str++; |
2396 |
+ } while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) ; |
2397 |
if (ret_val == -1) /* bad character */ |
2398 |
return (False); |
2399 |
- |
2400 |
is_printable = XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr); |
2401 |
XmStackFree(cache_ptr, cache); |
2402 |
return (is_printable); |
2403 |
|
2404 |
|
2405 |
|
2406 |
1.1 src/patchsets/openmotif/2.2.3/06_all_pixel_length.patch |
2407 |
|
2408 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/06_all_pixel_length.patch?rev=1.1&view=markup |
2409 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/06_all_pixel_length.patch?rev=1.1&content-type=text/plain |
2410 |
|
2411 |
Index: 06_all_pixel_length.patch |
2412 |
=================================================================== |
2413 |
--- openMotif-2.2.3/lib/Xm/DataF.c.pixel_length 2004-06-03 15:11:52.932820812 +0200 |
2414 |
+++ openMotif-2.2.3/lib/Xm/DataF.c 2004-06-03 15:12:27.323091126 +0200 |
2415 |
@@ -8648,7 +8648,7 @@ |
2416 |
curr_str++; |
2417 |
i++; |
2418 |
} else { |
2419 |
- wchar_t tmp; |
2420 |
+ wchar_t tmp[XmTextF_max_char_size(tf)+1]; |
2421 |
int num_conv; |
2422 |
num_conv = mbtowc(&tmp, curr_str, XmTextF_max_char_size(tf)); |
2423 |
if (num_conv >= 0 && df_FindPixelLength(tf, (char*) &tmp, 1)) { |
2424 |
|
2425 |
|
2426 |
|
2427 |
1.1 src/patchsets/openmotif/2.2.3/07_all_popup_timeout.patch |
2428 |
|
2429 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/07_all_popup_timeout.patch?rev=1.1&view=markup |
2430 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/07_all_popup_timeout.patch?rev=1.1&content-type=text/plain |
2431 |
|
2432 |
Index: 07_all_popup_timeout.patch |
2433 |
=================================================================== |
2434 |
--- openMotif-2.2.3/lib/Xm/MenuUtil.c.popup_timeout 2002-01-31 15:49:35.000000000 +0100 |
2435 |
+++ openMotif-2.2.3/lib/Xm/MenuUtil.c 2004-06-08 17:14:46.311285603 +0200 |
2436 |
@@ -156,6 +156,9 @@ |
2437 |
cursor, time)) == GrabSuccess) |
2438 |
break; |
2439 |
|
2440 |
+ if (status == GrabInvalidTime) |
2441 |
+ time = CurrentTime; |
2442 |
+ |
2443 |
XmeMicroSleep(1000); |
2444 |
} |
2445 |
if (status != GrabSuccess) |
2446 |
|
2447 |
|
2448 |
|
2449 |
1.1 src/patchsets/openmotif/2.2.3/08_all_XmResizeHashTable.patch |
2450 |
|
2451 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&view=markup |
2452 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&content-type=text/plain |
2453 |
|
2454 |
Index: 08_all_XmResizeHashTable.patch |
2455 |
=================================================================== |
2456 |
--- lib/Xm/Hash.c |
2457 |
+++ lib/Xm/Hash.c |
2458 |
@@ -198,6 +198,8 @@ |
2459 |
} else { |
2460 |
table -> buckets[index] = current; |
2461 |
} |
2462 |
+ } else { |
2463 |
+ last = current; |
2464 |
} |
2465 |
current = next; |
2466 |
} |
2467 |
|
2468 |
|
2469 |
|
2470 |
1.1 src/patchsets/openmotif/2.2.3/09_all_utf8.patch |
2471 |
|
2472 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/09_all_utf8.patch?rev=1.1&view=markup |
2473 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/09_all_utf8.patch?rev=1.1&content-type=text/plain |
2474 |
|
2475 |
Index: 09_all_utf8.patch |
2476 |
=================================================================== |
2477 |
--- openMotif-2.2.3/tools/wml/UilSymCSet.h.utf8 2004-03-04 17:41:48.000000000 +0100 |
2478 |
+++ openMotif-2.2.3/tools/wml/UilSymCSet.h 2004-03-17 12:54:23.000000000 +0100 |
2479 |
@@ -32,6 +32,7 @@ |
2480 |
"JISX0201.1976-0", /* jis_katakana */ |
2481 |
"KSC5601.1987-0", /* ksc_hangul */ |
2482 |
"KSC5601.1987-1", /* ksc_hangul_gr */ |
2483 |
+ "UTF-8", /* utf-8 */ |
2484 |
}; |
2485 |
externaldef(uil_sym_glbl) char **charset_xmstring_names_table = |
2486 |
charset_xmstring_names_table_vec; |
2487 |
@@ -66,6 +67,7 @@ |
2488 |
XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */ |
2489 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */ |
2490 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */ |
2491 |
+ XmSTRING_DIRECTION_L_TO_R, /* utf-8 */ |
2492 |
}; |
2493 |
externaldef(uil_sym_glbl) unsigned char *charset_writing_direction_table = |
2494 |
charset_wrdirection_table_vec; |
2495 |
@@ -100,6 +102,7 @@ |
2496 |
XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */ |
2497 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */ |
2498 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */ |
2499 |
+ XmSTRING_DIRECTION_L_TO_R, /* utf-8 */ |
2500 |
}; |
2501 |
externaldef(uil_sym_glbl) unsigned char *charset_parsing_direction_table = |
2502 |
charset_parsdirection_table_vec; |
2503 |
@@ -134,6 +137,7 @@ |
2504 |
sym_k_onebyte_charsize, /* jis_katakana */ |
2505 |
sym_k_twobyte_charsize, /* ksc_hangul */ |
2506 |
sym_k_twobyte_charsize, /* ksc_hangul_gr */ |
2507 |
+ sym_k_onebyte_charsize, /* utf-8 */ |
2508 |
}; |
2509 |
externaldef(uil_sym_glbl) unsigned char *charset_character_size_table = |
2510 |
charset_charsize_table_vec; |
2511 |
@@ -215,6 +219,7 @@ |
2512 |
"KSC_HANGUL_GL", /* ksc_hangul */ |
2513 |
"KSC_HANGUL_GR", /* ksc_hangul_gr */ |
2514 |
"KSC5601.1987-1", /* ksc_hangul_gr */ |
2515 |
+ "UTF-8", /* utf-8 */ |
2516 |
}; |
2517 |
externaldef(uil_sym_glbl) char **charset_lang_names_table = |
2518 |
charset_lang_names_table_vec; |
2519 |
@@ -295,10 +300,11 @@ |
2520 |
sym_k_ksc_hangul_charset, |
2521 |
sym_k_ksc_hangul_gr_charset, |
2522 |
sym_k_ksc_hangul_gr_charset, |
2523 |
+ sym_k_utf8_charset, |
2524 |
}; |
2525 |
externaldef(uil_sym_glbl) unsigned short int *charset_lang_codes_table = |
2526 |
charset_lang_codes_table_vec; |
2527 |
/* |
2528 |
* The number of entries in charset_lang_..._table tables |
2529 |
*/ |
2530 |
-externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 72; |
2531 |
+externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 73; |
2532 |
--- openMotif-2.2.3/tools/wml/UilSymGen.h.utf8 2004-03-04 17:41:48.000000000 +0100 |
2533 |
+++ openMotif-2.2.3/tools/wml/UilSymGen.h 2004-03-17 12:54:23.000000000 +0100 |
2534 |
@@ -1417,6 +1417,7 @@ |
2535 |
#define sym_k_jis_katakana_charset 21 |
2536 |
#define sym_k_ksc_hangul_charset 22 |
2537 |
#define sym_k_ksc_hangul_gr_charset 23 |
2538 |
+#define sym_k_utf8_charset 24 |
2539 |
|
2540 |
/* Define literals for automatic children */ |
2541 |
|
2542 |
--- openMotif-2.2.3/tools/wml/motif.wml.utf8 2003-10-08 23:07:47.000000000 +0200 |
2543 |
+++ openMotif-2.2.3/tools/wml/motif.wml 2004-03-17 12:56:09.000000000 +0100 |
2544 |
@@ -163,6 +163,9 @@ |
2545 |
ksc_hangul_gr |
2546 |
{ XmStringCharsetName = "KSC5601.1987-1"; |
2547 |
CharacterSize = TwoByte; }; |
2548 |
+ utf8 |
2549 |
+ { XmStringCharsetName = "UTF-8"; }; |
2550 |
+ |
2551 |
XmFONTLIST_DEFAULT_TAG |
2552 |
{ FontListElementTag = XmFONTLIST_DEFAULT_TAG; }; |
2553 |
|
2554 |
|
2555 |
|
2556 |
|
2557 |
1.1 src/patchsets/openmotif/2.2.3/10_all_no_demos.patch |
2558 |
|
2559 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/10_all_no_demos.patch?rev=1.1&view=markup |
2560 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/10_all_no_demos.patch?rev=1.1&content-type=text/plain |
2561 |
|
2562 |
Index: 10_all_no_demos.patch |
2563 |
=================================================================== |
2564 |
--- openmotif/configure.in.no_demos 2003-09-19 18:40:33.000000000 +0200 |
2565 |
+++ openmotif/configure.in 2003-12-16 12:16:33.000000000 +0100 |
2566 |
@@ -259,88 +259,4 @@ |
2567 |
doc/man/man5/Makefile \ |
2568 |
tools/Makefile \ |
2569 |
tools/wml/Makefile \ |
2570 |
-demos/Makefile \ |
2571 |
-demos/lib/Makefile \ |
2572 |
-demos/lib/Xmd/Makefile \ |
2573 |
-demos/lib/Wsm/Makefile \ |
2574 |
-demos/lib/Exm/Makefile \ |
2575 |
-demos/lib/Exm/wml/Makefile \ |
2576 |
-demos/programs/Makefile \ |
2577 |
-demos/programs/Exm/Makefile \ |
2578 |
-demos/programs/Exm/app_in_c/Makefile \ |
2579 |
-demos/programs/Exm/app_in_uil/Makefile \ |
2580 |
-demos/programs/Exm/simple_app/Makefile \ |
2581 |
-demos/programs/airport/Makefile \ |
2582 |
-demos/programs/animate/Makefile \ |
2583 |
-demos/programs/drag_and_drop/Makefile \ |
2584 |
-demos/programs/draw/Makefile \ |
2585 |
-demos/programs/earth/Makefile \ |
2586 |
-demos/programs/filemanager/Makefile \ |
2587 |
-demos/programs/fileview/Makefile \ |
2588 |
-demos/programs/getsubres/Makefile \ |
2589 |
-demos/programs/hellomotif/Makefile \ |
2590 |
-demos/programs/hellomotifi18n/Makefile \ |
2591 |
-demos/programs/hellomotifi18n/C/Makefile \ |
2592 |
-demos/programs/hellomotifi18n/C/uid/Makefile \ |
2593 |
-demos/programs/hellomotifi18n/english/Makefile \ |
2594 |
-demos/programs/hellomotifi18n/english/uid/Makefile \ |
2595 |
-demos/programs/hellomotifi18n/french/Makefile \ |
2596 |
-demos/programs/hellomotifi18n/french/uid/Makefile \ |
2597 |
-demos/programs/hellomotifi18n/hebrew/Makefile \ |
2598 |
-demos/programs/hellomotifi18n/hebrew/uid/Makefile \ |
2599 |
-demos/programs/hellomotifi18n/japan/Makefile \ |
2600 |
-demos/programs/hellomotifi18n/japan/uid/Makefile \ |
2601 |
-demos/programs/hellomotifi18n/japanese/Makefile \ |
2602 |
-demos/programs/hellomotifi18n/japanese/uid/Makefile \ |
2603 |
-demos/programs/hellomotifi18n/swedish/Makefile \ |
2604 |
-demos/programs/hellomotifi18n/swedish/uid/Makefile \ |
2605 |
-demos/programs/i18ninput/Makefile \ |
2606 |
-demos/programs/panner/Makefile \ |
2607 |
-demos/programs/periodic/Makefile \ |
2608 |
-demos/programs/piano/Makefile \ |
2609 |
-demos/programs/popups/Makefile \ |
2610 |
-demos/programs/sampler2_0/Makefile \ |
2611 |
-demos/programs/setdate/Makefile \ |
2612 |
-demos/programs/todo/Makefile \ |
2613 |
-demos/programs/workspace/Makefile \ |
2614 |
-demos/programs/tooltips/Makefile \ |
2615 |
-demos/programs/FontSel/Makefile \ |
2616 |
-demos/programs/ButtonBox/Makefile \ |
2617 |
-demos/programs/ColorSel/Makefile \ |
2618 |
-demos/programs/Column/Makefile \ |
2619 |
-demos/programs/DropDown/Makefile \ |
2620 |
-demos/programs/MultiList/Makefile \ |
2621 |
-demos/programs/MultiList/pixmaps/Makefile \ |
2622 |
-demos/programs/IconB/Makefile \ |
2623 |
-demos/programs/Outline/Makefile \ |
2624 |
-demos/programs/Paned/Makefile \ |
2625 |
-demos/programs/TabStack/Makefile \ |
2626 |
-demos/programs/Tree/Makefile \ |
2627 |
-demos/programs/pixmaps/Makefile \ |
2628 |
-demos/unsupported/Makefile \ |
2629 |
-demos/unsupported/Exm/Makefile \ |
2630 |
-demos/unsupported/aicon/Makefile \ |
2631 |
-demos/unsupported/dainput/Makefile \ |
2632 |
-demos/unsupported/dogs/Makefile \ |
2633 |
-demos/unsupported/hellomotif/Makefile \ |
2634 |
-demos/unsupported/motifshell/Makefile \ |
2635 |
-demos/unsupported/uilsymdump/Makefile \ |
2636 |
-demos/unsupported/xmapdef/Makefile \ |
2637 |
-demos/unsupported/xmfonts/Makefile \ |
2638 |
-demos/unsupported/xmforc/Makefile \ |
2639 |
-demos/unsupported/xmform/Makefile \ |
2640 |
-demos/doc/Makefile \ |
2641 |
-demos/doc/programGuide/Makefile \ |
2642 |
-demos/doc/programGuide/ch05/Makefile \ |
2643 |
-demos/doc/programGuide/ch05/Scale/Makefile \ |
2644 |
-demos/doc/programGuide/ch06/Makefile \ |
2645 |
-demos/doc/programGuide/ch06/spin_box/Makefile \ |
2646 |
-demos/doc/programGuide/ch06/combo_box/Makefile \ |
2647 |
-demos/doc/programGuide/ch08/Makefile \ |
2648 |
-demos/doc/programGuide/ch08/Notebook/Makefile \ |
2649 |
-demos/doc/programGuide/ch08/Container/Makefile \ |
2650 |
-demos/doc/programGuide/ch16/Makefile \ |
2651 |
-demos/doc/programGuide/ch17/Makefile \ |
2652 |
-demos/doc/programGuide/ch17/simple_drop/Makefile \ |
2653 |
-demos/doc/programGuide/ch17/simple_drag/Makefile \ |
2654 |
]) |
2655 |
--- openmotif/Makefile.am.no_demos 2003-12-16 12:17:02.000000000 +0100 |
2656 |
+++ openmotif/Makefile.am 2003-12-16 12:17:03.000000000 +0100 |
2657 |
@@ -28,6 +28,5 @@ |
2658 |
include \ |
2659 |
tools \ |
2660 |
clients \ |
2661 |
- doc \ |
2662 |
- demos |
2663 |
+ doc |
2664 |
AUTOMAKE_OPTIONS = 1.4 |
2665 |
|
2666 |
|
2667 |
|
2668 |
1.1 src/patchsets/openmotif/2.2.3/11_all_CAN-2005-0605.patch |
2669 |
|
2670 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&view=markup |
2671 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&content-type=text/plain |
2672 |
|
2673 |
Index: 11_all_CAN-2005-0605.patch |
2674 |
=================================================================== |
2675 |
--- lib/Xm/Xpmscan.c.orig 2005-03-02 17:00:16.415070960 +0100 |
2676 |
+++ lib/Xm/Xpmscan.c 2005-03-02 17:01:38.949709879 +0100 |
2677 |
@@ -672,8 +672,8 @@ |
2678 |
char *dst; |
2679 |
unsigned int *iptr; |
2680 |
char *data; |
2681 |
- unsigned int x, y, i; |
2682 |
- int bits, depth, ibu, ibpp, offset; |
2683 |
+ unsigned int x, y; |
2684 |
+ int bits, depth, ibu, ibpp, offset, i; |
2685 |
unsigned long lbt; |
2686 |
Pixel pixel, px; |
2687 |
|
2688 |
@@ -684,6 +684,9 @@ |
2689 |
ibpp = image->bits_per_pixel; |
2690 |
offset = image->xoffset; |
2691 |
|
2692 |
+ if (image->bitmap_unit < 0) |
2693 |
+ return (XpmNoMemory); |
2694 |
+ |
2695 |
if ((image->bits_per_pixel | image->depth) == 1) { |
2696 |
ibu = image->bitmap_unit; |
2697 |
for (y = 0; y < height; y++) |
2698 |
--- lib/Xm/Xpmcreate.c.orig 2005-03-02 17:02:00.626412844 +0100 |
2699 |
+++ lib/Xm/Xpmcreate.c 2005-03-02 17:02:35.183562480 +0100 |
2700 |
@@ -1265,10 +1265,10 @@ |
2701 |
register char *src; |
2702 |
register char *dst; |
2703 |
register unsigned int *iptr; |
2704 |
- register unsigned int x, y, i; |
2705 |
+ register unsigned int x, y; |
2706 |
register char *data; |
2707 |
Pixel pixel, px; |
2708 |
- int nbytes, depth, ibu, ibpp; |
2709 |
+ int nbytes, depth, ibu, ibpp, i; |
2710 |
|
2711 |
data = image->data; |
2712 |
iptr = pixelindex; |
2713 |
|
2714 |
|
2715 |
|
2716 |
1.1 src/patchsets/openmotif/2.2.3/12_all_uil.patch |
2717 |
|
2718 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/12_all_uil.patch?rev=1.1&view=markup |
2719 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/12_all_uil.patch?rev=1.1&content-type=text/plain |
2720 |
|
2721 |
Index: 12_all_uil.patch |
2722 |
=================================================================== |
2723 |
--- openMotif-2.2.3/lib/Mrm/Mrmhier.c.UIL 2002-01-11 14:56:24.000000000 +0100 |
2724 |
+++ openMotif-2.2.3/lib/Mrm/Mrmhier.c 2005-12-31 07:42:31.485196184 +0100 |
2725 |
@@ -712,7 +712,7 @@ |
2726 |
* Local variables |
2727 |
*/ |
2728 |
Cardinal result; /* function results */ |
2729 |
- char dummy[300]; /* file name (unused) */ |
2730 |
+ char *dummy; /* file name (unused) */ |
2731 |
char err_stg[300]; |
2732 |
|
2733 |
/* |
2734 |
@@ -764,11 +764,13 @@ |
2735 |
|
2736 |
if (resolvedname == 0) |
2737 |
{ |
2738 |
- sprintf (err_stg, _MrmMMsg_0031, name) ; |
2739 |
+ snprintf (err_stg, 300, _MrmMMsg_0031, name) ; |
2740 |
return Urm__UT_Error ("I18NOpenFile", err_stg, NULL, NULL, MrmNOT_FOUND); |
2741 |
} |
2742 |
|
2743 |
+ dummy = XtMalloc(strlen(resolvedname)+1); |
2744 |
result = UrmIdbOpenFileRead (resolvedname, os_ext, file_id_return, dummy) ; |
2745 |
+ XtFree(dummy); |
2746 |
switch ( result ) |
2747 |
{ |
2748 |
case MrmSUCCESS: |
2749 |
--- openMotif-2.2.3/clients/uil/UilIODef.h.UIL 2002-01-04 22:13:33.000000000 +0100 |
2750 |
+++ openMotif-2.2.3/clients/uil/UilIODef.h 2005-12-31 07:42:15.129682600 +0100 |
2751 |
@@ -69,13 +69,18 @@ |
2752 |
#define NULL 0L |
2753 |
#endif |
2754 |
|
2755 |
+#include <X11/Xos.h> |
2756 |
+#ifndef PATH_MAX |
2757 |
+# define PATH_MAX 256 |
2758 |
+#endif |
2759 |
+ |
2760 |
typedef struct |
2761 |
{ |
2762 |
FILE *az_file_ptr; |
2763 |
char *c_buffer; |
2764 |
boolean v_position_before_get; |
2765 |
z_key last_key; |
2766 |
- char expanded_name[ 256 ]; |
2767 |
+ char expanded_name[ PATH_MAX ]; |
2768 |
} uil_fcb_type; |
2769 |
|
2770 |
#endif /* UilIODef_h */ |
2771 |
--- openMotif-2.2.3/clients/uil/UilLstLst.c.UIL 2002-01-10 21:55:43.000000000 +0100 |
2772 |
+++ openMotif-2.2.3/clients/uil/UilLstLst.c 2005-12-31 07:42:19.447026264 +0100 |
2773 |
@@ -164,7 +164,7 @@ |
2774 |
lst_l_page_no = 0; |
2775 |
lst_v_listing_open = TRUE; |
2776 |
|
2777 |
- sprintf(lst_c_title1, |
2778 |
+ snprintf(lst_c_title1, 132, |
2779 |
"%s %s \t%s\t\t Page ", |
2780 |
_host_compiler, _compiler_version, |
2781 |
current_time(&ctime_buf)); |
2782 |
@@ -270,6 +270,17 @@ |
2783 |
{ |
2784 |
/* place the file name in the expanded_name buffer */ |
2785 |
|
2786 |
+ if (strlen(Uil_cmd_z_command.ac_listing_file) >= PATH_MAX) |
2787 |
+ { |
2788 |
+ char *p; |
2789 |
+ int len=0; |
2790 |
+ if((p = rindex(Uil_cmd_z_command.ac_listing_file, '/')) != NULL) |
2791 |
+ len = strlen(++p); |
2792 |
+ if(p == NULL || len >= PATH_MAX) |
2793 |
+ p = "<unknown>"; |
2794 |
+ strcpy(az_fcb->expanded_name, p); |
2795 |
+ return src_k_open_error; |
2796 |
+ } |
2797 |
strcpy(az_fcb->expanded_name, Uil_cmd_z_command.ac_listing_file); |
2798 |
|
2799 |
/* open the file */ |
2800 |
@@ -529,7 +540,7 @@ |
2801 |
char buffer [132]; |
2802 |
|
2803 |
az_fcb = src_az_source_file_table [i]; |
2804 |
- sprintf (buffer, |
2805 |
+ snprintf (buffer, 132, |
2806 |
" File (%d) %s", |
2807 |
i, az_fcb->expanded_name ); |
2808 |
lst_output_line( buffer, FALSE ); |
2809 |
@@ -598,7 +609,7 @@ |
2810 |
} |
2811 |
|
2812 |
|
2813 |
- sprintf(buffer, "%s (%d) %s", |
2814 |
+ snprintf(buffer, 132, "%s (%d) %s", |
2815 |
diag_get_message_abbrev( az_msg->l_message_number ), |
2816 |
msg_no, |
2817 |
az_msg->c_text); |
2818 |
--- openMotif-2.2.3/clients/uil/UilP2Out.c.UIL 2002-01-10 21:55:44.000000000 +0100 |
2819 |
+++ openMotif-2.2.3/clients/uil/UilP2Out.c 2005-12-31 07:42:23.022482712 +0100 |
2820 |
@@ -189,7 +189,7 @@ |
2821 |
int topmost_index; |
2822 |
struct |
2823 |
{ MrmOsOpenParam os_param; |
2824 |
- char result_file[256]; |
2825 |
+ char result_file[PATH_MAX]; |
2826 |
} uid_fcb; |
2827 |
|
2828 |
|
2829 |
@@ -234,15 +234,20 @@ |
2830 |
if (sym_az_module_entry->az_version != NULL) |
2831 |
module_version = sym_az_module_entry->az_version->value.c_value; |
2832 |
|
2833 |
- urm_status = UrmIdbOpenFileWrite |
2834 |
- ( Uil_cmd_z_command.ac_resource_file, |
2835 |
- & uid_fcb.os_param, |
2836 |
- _host_compiler, |
2837 |
- _compiler_version, |
2838 |
- module_name, |
2839 |
- module_version, |
2840 |
- &out_az_idbfile_id, |
2841 |
- uid_fcb.result_file ); |
2842 |
+ if (strlen(Uil_cmd_z_command.ac_resource_file) < PATH_MAX) |
2843 |
+ { |
2844 |
+ urm_status = UrmIdbOpenFileWrite |
2845 |
+ ( Uil_cmd_z_command.ac_resource_file, |
2846 |
+ & uid_fcb.os_param, |
2847 |
+ _host_compiler, |
2848 |
+ _compiler_version, |
2849 |
+ module_name, |
2850 |
+ module_version, |
2851 |
+ &out_az_idbfile_id, |
2852 |
+ uid_fcb.result_file ); |
2853 |
+ } else { |
2854 |
+ urm_status = MrmFAILURE; |
2855 |
+ } |
2856 |
|
2857 |
if (urm_status != MrmSUCCESS) |
2858 |
{ |
2859 |
@@ -2961,7 +2966,7 @@ |
2860 |
{ |
2861 |
char buffer[132]; |
2862 |
|
2863 |
- sprintf(buffer, "while %s encountered %s", |
2864 |
+ snprintf(buffer, 132, "while %s encountered %s", |
2865 |
problem, |
2866 |
Urm__UT_LatestErrorMessage()); |
2867 |
|
2868 |
--- openMotif-2.2.3/clients/uil/UilSrcSrc.c.UIL 2002-01-10 21:55:47.000000000 +0100 |
2869 |
+++ openMotif-2.2.3/clients/uil/UilSrcSrc.c 2005-12-31 07:42:27.176851152 +0100 |
2870 |
@@ -626,11 +626,15 @@ |
2871 |
static unsigned short main_dir_len = 0; |
2872 |
boolean main_file; |
2873 |
int i; /* loop index through include files */ |
2874 |
- char buffer[256]; |
2875 |
+ char buffer[PATH_MAX]; |
2876 |
+ int c_file_name_len; |
2877 |
|
2878 |
+ az_fcb->az_file_ptr = NULL; |
2879 |
+ c_file_name_len = strlen(c_file_name); |
2880 |
|
2881 |
/* place the file name in the expanded_name buffer */ |
2882 |
- |
2883 |
+ if(c_file_name_len >= PATH_MAX) |
2884 |
+ return src_k_open_error; |
2885 |
strcpy(buffer, c_file_name); |
2886 |
|
2887 |
/* Determine if this is the main file or an include file. */ |
2888 |
@@ -644,7 +648,7 @@ |
2889 |
|
2890 |
/* Save the directory info for the main file. */ |
2891 |
|
2892 |
- for (len = strlen (c_file_name), |
2893 |
+ for (len = c_file_name_len, |
2894 |
ptr = & c_file_name [len - 1]; |
2895 |
len > 0; len--, ptr--) { |
2896 |
if ((* ptr) == '/') { |
2897 |
@@ -673,9 +677,11 @@ |
2898 |
} |
2899 |
|
2900 |
if (!specific_directory) { |
2901 |
+ if (main_dir_len + c_file_name_len >= PATH_MAX) |
2902 |
+ goto open_label; |
2903 |
_move (buffer, main_fcb -> expanded_name, main_dir_len); |
2904 |
_move (& buffer [main_dir_len], |
2905 |
- c_file_name, strlen (c_file_name) + 1); /* + NULL */ |
2906 |
+ c_file_name, c_file_name_len + 1); /* + NULL */ |
2907 |
} else { |
2908 |
strcpy (buffer, c_file_name); |
2909 |
} |
2910 |
@@ -695,16 +701,22 @@ |
2911 |
|
2912 |
for (i = 0; i < Uil_cmd_z_command.include_dir_count; i++) { |
2913 |
int inc_dir_len; |
2914 |
+ int need_slash=0; |
2915 |
|
2916 |
inc_dir_len = strlen (Uil_cmd_z_command.ac_include_dir[i]); |
2917 |
if (inc_dir_len == 0) { |
2918 |
search_user_include = False; |
2919 |
} |
2920 |
+ if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') |
2921 |
+ need_slash=1; |
2922 |
+ if (inc_dir_len + need_slash + c_file_name_len >= PATH_MAX) |
2923 |
+ goto open_label; |
2924 |
+ |
2925 |
_move (buffer, Uil_cmd_z_command.ac_include_dir[i], inc_dir_len); |
2926 |
|
2927 |
/* Add '/' if not specified at end of directory */ |
2928 |
|
2929 |
- if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') { |
2930 |
+ if (need_slash) { |
2931 |
buffer [inc_dir_len] = '/'; |
2932 |
inc_dir_len++; |
2933 |
}; |
2934 |
@@ -723,9 +735,11 @@ |
2935 |
|
2936 |
/* Look in the default include directory. */ |
2937 |
if (search_user_include) { |
2938 |
+ if (sizeof(c_include_dir)-1 + c_file_name_len >= PATH_MAX) |
2939 |
+ goto open_label; |
2940 |
_move(buffer, c_include_dir, sizeof c_include_dir - 1); /* no NULL */ |
2941 |
_move(&buffer[sizeof c_include_dir - 1], |
2942 |
- c_file_name, strlen (c_file_name) + 1); /* + NULL */ |
2943 |
+ c_file_name, c_file_name_len + 1); /* + NULL */ |
2944 |
|
2945 |
/* Open the include file. */ |
2946 |
az_fcb->az_file_ptr = fopen (buffer, "r"); |
2947 |
--- openMotif-2.2.3/clients/uil/UilSarMod.c.UIL 2002-01-10 21:55:45.000000000 +0100 |
2948 |
+++ openMotif-2.2.3/clients/uil/UilSarMod.c 2005-12-31 07:42:35.593571616 +0100 |
2949 |
@@ -379,7 +379,7 @@ |
2950 |
*/ |
2951 |
|
2952 |
if (Uil_cmd_z_command.v_listing_file) |
2953 |
- sprintf(Uil_lst_c_title2, |
2954 |
+ snprintf(Uil_lst_c_title2, 132, |
2955 |
"Module: %s", |
2956 |
name_entry->c_text ); |
2957 |
|
2958 |
@@ -479,7 +479,7 @@ |
2959 |
*/ |
2960 |
|
2961 |
if (Uil_cmd_z_command.v_listing_file) |
2962 |
- sprintf(Uil_lst_c_title2, |
2963 |
+ snprintf(Uil_lst_c_title2, 132, |
2964 |
"Module: %s \t Version: %s", |
2965 |
sym_az_module_entry->obj_header.az_name->c_text, |
2966 |
value_entry->value.c_value ); |
2967 |
--- openMotif-2.2.3/clients/uil/UilDiags.c.UIL 2002-01-10 21:55:42.000000000 +0100 |
2968 |
+++ openMotif-2.2.3/clients/uil/UilDiags.c 2005-12-31 07:42:39.273012256 +0100 |
2969 |
@@ -293,12 +293,12 @@ |
2970 |
va_start(ap, l_start_column); |
2971 |
|
2972 |
#ifndef NO_MESSAGE_CATALOG |
2973 |
- vsprintf( msg_buffer, |
2974 |
+ vsnprintf( msg_buffer, 132, |
2975 |
catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ], |
2976 |
diag_rz_msg_table[ message_number ].ac_text), |
2977 |
ap ); |
2978 |
#else |
2979 |
- vsprintf( msg_buffer, |
2980 |
+ vsnprintf( msg_buffer, 132, |
2981 |
diag_rz_msg_table[ message_number ].ac_text, |
2982 |
ap ); |
2983 |
#endif |
2984 |
@@ -317,13 +317,13 @@ |
2985 |
*/ |
2986 |
|
2987 |
#ifndef NO_MESSAGE_CATALOG |
2988 |
- sprintf( loc_buffer, |
2989 |
+ snprintf( loc_buffer, 132, |
2990 |
catgets(uil_catd, UIL_SET_MISC, |
2991 |
UIL_MISC_0, "\t\t line: %d file: %s"), |
2992 |
az_src_rec->w_line_number, |
2993 |
src_get_file_name( az_src_rec ) ); |
2994 |
#else |
2995 |
- sprintf( loc_buffer, |
2996 |
+ snprintf( loc_buffer, 132, |
2997 |
"\t\t line: %d file: %s", |
2998 |
az_src_rec->w_line_number, |
2999 |
src_get_file_name( az_src_rec ) ); |
3000 |
@@ -371,7 +371,7 @@ |
3001 |
|
3002 |
if (l_start_column != diag_k_no_column) |
3003 |
#ifndef NO_MESSAGE_CATALOG |
3004 |
- sprintf(loc_buffer, |
3005 |
+ snprintf(loc_buffer, 132, |
3006 |
catgets(uil_catd, UIL_SET_MISC, |
3007 |
UIL_MISC_1, |
3008 |
"\t\t line: %d position: %d file: %s"), |
3009 |
@@ -379,7 +379,7 @@ |
3010 |
l_start_column + 1, |
3011 |
src_get_file_name( az_src_rec ) ); |
3012 |
#else |
3013 |
- sprintf(loc_buffer, |
3014 |
+ snprintf(loc_buffer, 132, |
3015 |
"\t\t line: %d position: %d file: %s", |
3016 |
az_src_rec->w_line_number, |
3017 |
l_start_column + 1, |
3018 |
@@ -387,13 +387,13 @@ |
3019 |
#endif |
3020 |
else |
3021 |
#ifndef NO_MESSAGE_CATALOG |
3022 |
- sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC, |
3023 |
+ snprintf( loc_buffer, 132, catgets(uil_catd, UIL_SET_MISC, |
3024 |
UIL_MISC_0, |
3025 |
"\t\t line: %d file: %s"), |
3026 |
az_src_rec->w_line_number, |
3027 |
src_get_file_name( az_src_rec ) ); |
3028 |
#else |
3029 |
- sprintf( loc_buffer, |
3030 |
+ snprintf( loc_buffer, 132, |
3031 |
"\t\t line: %d file: %s", |
3032 |
az_src_rec->w_line_number, |
3033 |
src_get_file_name( az_src_rec ) ); |
3034 |
--- openMotif-2.2.3/clients/uil/UilSymDef.h.UIL 2002-01-04 22:13:38.000000000 +0100 |
3035 |
+++ openMotif-2.2.3/clients/uil/UilSymDef.h 2005-12-31 07:42:44.106277488 +0100 |
3036 |
@@ -65,6 +65,11 @@ |
3037 |
|
3038 |
#include <Mrm/MrmPublic.h> |
3039 |
#include <Xm/Xm.h> |
3040 |
+#include <X11/Xos.h> |
3041 |
+#ifndef PATH_MAX |
3042 |
+# define PATH_MAX 256 |
3043 |
+#endif |
3044 |
+ |
3045 |
|
3046 |
/* |
3047 |
** constraint check access macro |
3048 |
@@ -874,10 +879,10 @@ |
3049 |
sym_section_entry_type *sections; |
3050 |
/* pointer to a section list; this list is all of the sections that */ |
3051 |
/* exist in this include file. */ |
3052 |
- char file_name[255]; |
3053 |
+ char file_name[PATH_MAX]; |
3054 |
/* the file name as specified in the include statement in the UIL */ |
3055 |
/* source. */ |
3056 |
- char full_file_name[255]; |
3057 |
+ char full_file_name[PATH_MAX]; |
3058 |
/* the expanded name for the include file actually opened. */ |
3059 |
} sym_include_file_entry_type; |
3060 |
|
3061 |
@@ -894,9 +899,9 @@ |
3062 |
/* common header */ |
3063 |
struct _src_source_record_type *src_record_list; |
3064 |
/* pointer to a list of source records. */ |
3065 |
- char file_name[255]; |
3066 |
+ char file_name[PATH_MAX]; |
3067 |
/* the main UIL file name as specified on the command line. */ |
3068 |
- char full_file_name[255]; |
3069 |
+ char full_file_name[PATH_MAX]; |
3070 |
/* the expanded name for the main UIL file that was actually */ |
3071 |
/* opened. */ |
3072 |
sym_section_entry_type *sections; |
3073 |
|
3074 |
|
3075 |
|
3076 |
1.1 src/patchsets/openmotif/2.2.3/13_all_automake.patch |
3077 |
|
3078 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/13_all_automake.patch?rev=1.1&view=markup |
3079 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/13_all_automake.patch?rev=1.1&content-type=text/plain |
3080 |
|
3081 |
Index: 13_all_automake.patch |
3082 |
=================================================================== |
3083 |
--- clients/uil/Makefile.am Fri Aug 15 04:56:19 2003 |
3084 |
+++ clients/uil/Makefile.am.new Tue Feb 8 12:06:15 2005 |
3085 |
@@ -65,6 +65,7 @@ |
3086 |
lib_LTLIBRARIES = libUil.la |
3087 |
|
3088 |
libUil_la_SOURCES = $(SRCS) |
3089 |
+libUil_la_CFLAGS = $(AM_CFLAGS) |
3090 |
|
3091 |
libUil_la_DEPENDENCIES = UilDBDef.h UilParser.lo |
3092 |
|
3093 |
|
3094 |
|
3095 |
|
3096 |
-- |
3097 |
gentoo-commits@l.g.o mailing list |