Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ulrich Mueller (ulm)" <ulm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/openmotif/2.2.3: 01_all_mwm-configdir.patch 02_all_CAN-2004-0687-0688.patch 03_all_CAN-2004-0914-newer.patch 04_all_CAN-2004-0914_sec8.patch 05_all_char_not_supported.patch 06_all_pixel_length.patch 07_all_popup_timeout.patch 08_all_XmResizeHashTable.patch 09_all_utf8.patch 10_all_no_demos.patch 11_all_CAN-2005-0605.patch 12_all_uil.patch 13_all_automake.patch
Date: Sat, 23 Feb 2008 17:36:13
Message-Id: E1JSyID-0007lW-Ks@stork.gentoo.org
1 ulm 08/02/23 17:36:09
2
3 Added: 01_all_mwm-configdir.patch
4 02_all_CAN-2004-0687-0688.patch
5 03_all_CAN-2004-0914-newer.patch
6 04_all_CAN-2004-0914_sec8.patch
7 05_all_char_not_supported.patch
8 06_all_pixel_length.patch
9 07_all_popup_timeout.patch
10 08_all_XmResizeHashTable.patch 09_all_utf8.patch
11 10_all_no_demos.patch 11_all_CAN-2005-0605.patch
12 12_all_uil.patch 13_all_automake.patch
13 Log:
14 Add patchset for openmotif-2.2.3
15
16 Revision Changes Path
17 1.1 src/patchsets/openmotif/2.2.3/01_all_mwm-configdir.patch
18
19 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&view=markup
20 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&content-type=text/plain
21
22 Index: 01_all_mwm-configdir.patch
23 ===================================================================
24 diff -urN openMotif-2.2.2.orig/clients/mwm/WmResParse.c openMotif-2.2.2/clients/mwm/WmResParse.c
25 --- openMotif-2.2.2.orig/clients/mwm/WmResParse.c 2002-01-10 21:55:37.000000000 +0100
26 +++ openMotif-2.2.2/clients/mwm/WmResParse.c 2003-06-04 22:20:22.000000000 +0200
27 @@ -2411,7 +2411,7 @@
28 if (MwmBehavior)
29 {
30 strcpy(cfileName, LIBDIR);
31 - strncat(cfileName, "/", MAXWMPATH-strlen(cfileName));
32 + strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName));
33 strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName));
34 strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
35 }
36 @@ -2427,7 +2427,7 @@
37 * Try /$LANG/system.mwmrc within the install tree
38 */
39 strcpy(cfileName, LIBDIR);
40 - strncat(cfileName, "/", MAXWMPATH-strlen(cfileName));
41 + strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName));
42 strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName));
43 strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
44 #endif /* WSM */
45 @@ -2449,7 +2449,7 @@
46 if (MwmBehavior)
47 {
48 strcpy(cfileName, LIBDIR);
49 - strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
50 + strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
51 #ifdef PANELIST
52 fileP = fopen (cfileName, "r");
53 #else /* PANELIST */
54 @@ -2473,7 +2473,7 @@
55 * Try /system.mwmrc within the install tree
56 */
57 strcpy(cfileName, LIBDIR);
58 - strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
59 + strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
60
61 if (LANG != NULL)
62 {
63
64
65
66 1.1 src/patchsets/openmotif/2.2.3/02_all_CAN-2004-0687-0688.patch
67
68 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&view=markup
69 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&content-type=text/plain
70
71 Index: 02_all_CAN-2004-0687-0688.patch
72 ===================================================================
73 --- openMotif-2.2.3/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2004-09-30 11:52:40.176933831 +0200
74 +++ openMotif-2.2.3/lib/Xm/Xpmhashtab.c 2004-09-30 11:53:47.288717782 +0200
75 @@ -141,7 +141,7 @@
76 xpmHashTable *table;
77 {
78 xpmHashAtom *atomTable = table->atomTable;
79 - int size = table->size;
80 + unsigned int size = table->size;
81 xpmHashAtom *t, *p;
82 int i;
83 int oldSize = size;
84 @@ -150,6 +150,8 @@
85 HASH_TABLE_GROWS
86 table->size = size;
87 table->limit = size / 3;
88 + if (size >= SIZE_MAX / sizeof(*atomTable))
89 + return (XpmNoMemory);
90 atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
91 if (!atomTable)
92 return (XpmNoMemory);
93 @@ -210,6 +212,8 @@
94 table->size = INITIAL_HASH_SIZE;
95 table->limit = table->size / 3;
96 table->used = 0;
97 + if (table->size >= SIZE_MAX / sizeof(*atomTable))
98 + return (XpmNoMemory);
99 atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
100 if (!atomTable)
101 return (XpmNoMemory);
102 --- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2004-09-30 11:36:04.545969020 +0200
103 +++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-09-30 11:37:14.583312219 +0200
104 @@ -244,6 +244,8 @@
105 unsigned int x, y, h;
106
107 h = height - 1;
108 + if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
109 + return (XpmNoMemory);
110 p = buf = (char *) XpmMalloc(width * cpp + 3);
111 if (!buf)
112 return (XpmNoMemory);
113 --- openMotif-2.2.3/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2004-09-30 11:51:30.712472999 +0200
114 +++ openMotif-2.2.3/lib/Xm/Xpmdata.c 2004-09-30 11:52:26.665789239 +0200
115 @@ -376,7 +376,7 @@
116 {
117 if (!mdata->type)
118 *cmt = NULL;
119 - else if (mdata->CommentLength) {
120 + else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
121 *cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
122 strncpy(*cmt, mdata->Comment, mdata->CommentLength);
123 (*cmt)[mdata->CommentLength] = '\0';
124 --- openMotif-2.2.3/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-09-30 11:38:09.358760225 +0200
125 +++ openMotif-2.2.3/lib/Xm/XpmI.h 2004-09-30 11:39:58.498714150 +0200
126 @@ -179,6 +179,18 @@
127 boundCheckingCalloc((long)(nelem),(long) (elsize))
128 #endif
129
130 +#if defined(SCO) || defined(__USLC__)
131 +#include <stdint.h> /* For SIZE_MAX */
132 +#endif
133 +#include <limits.h>
134 +#ifndef SIZE_MAX
135 +# ifdef ULONG_MAX
136 +# define SIZE_MAX ULONG_MAX
137 +# else
138 +# define SIZE_MAX UINT_MAX
139 +# endif
140 +#endif
141 +
142 #define XPMMAXCMTLEN BUFSIZ
143 typedef struct {
144 unsigned int type;
145 @@ -276,9 +288,9 @@
146 } *xpmHashAtom;
147
148 typedef struct {
149 - int size;
150 - int limit;
151 - int used;
152 + unsigned int size;
153 + unsigned int limit;
154 + unsigned int used;
155 xpmHashAtom *atomTable;
156 } xpmHashTable;
157
158 --- openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2004-09-30 11:35:18.058379165 +0200
159 +++ openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c 2004-09-30 11:35:43.951808698 +0200
160 @@ -134,6 +134,8 @@
161 */
162 header_nlines = 1 + image->ncolors;
163 header_size = sizeof(char *) * header_nlines;
164 + if (header_size >= SIZE_MAX / sizeof(char *))
165 + return (XpmNoMemory);
166 header = (char **) XpmCalloc(header_size, sizeof(char *));
167 if (!header)
168 return (XpmNoMemory);
169 --- openMotif-2.2.3/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2004-09-30 12:05:34.424607695 +0200
170 +++ openMotif-2.2.3/lib/Xm/Xpmscan.c 2004-09-30 12:08:16.963282178 +0200
171 @@ -98,7 +98,8 @@
172 LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp,
173 XpmAttributes *attributes));
174
175 -LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors,
176 +LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors,
177 + unsigned int ncolors,
178 Pixel *pixels, unsigned int mask,
179 unsigned int cpp, XpmAttributes *attributes));
180
181 @@ -225,11 +226,17 @@
182 else
183 cpp = 0;
184
185 + if ((height > 0 && width >= SIZE_MAX / height) ||
186 + width * height >= SIZE_MAX / sizeof(unsigned int))
187 + RETURN(XpmNoMemory);
188 pmap.pixelindex =
189 (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
190 if (!pmap.pixelindex)
191 RETURN(XpmNoMemory);
192
193 + if (pmap.size >= SIZE_MAX / sizeof(Pixel))
194 + RETURN(XpmNoMemory);
195 +
196 pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
197 if (!pmap.pixels)
198 RETURN(XpmNoMemory);
199 @@ -285,6 +292,8 @@
200 * color
201 */
202
203 + if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
204 + RETURN(XpmNoMemory);
205 colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
206 if (!colorTable)
207 RETURN(XpmNoMemory);
208 @@ -332,6 +341,8 @@
209
210 /* first get a character string */
211 a = 0;
212 + if (cpp >= SIZE_MAX - 1)
213 + return (XpmNoMemory);
214 if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
215 return (XpmNoMemory);
216 *s++ = printable[c = a % MAXPRINTABLE];
217 @@ -379,7 +390,7 @@
218 ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes)
219 Display *display;
220 XpmColor *colors;
221 - int ncolors;
222 + unsigned int ncolors;
223 Pixel *pixels;
224 unsigned int mask;
225 unsigned int cpp;
226 @@ -423,6 +434,8 @@
227 }
228
229 /* first get character strings and rgb values */
230 + if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
231 + return (XpmNoMemory);
232 xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
233 if (!xcolors)
234 return (XpmNoMemory);
235 --- openMotif-2.2.3/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2004-09-30 11:33:10.216008908 +0200
236 +++ openMotif-2.2.3/lib/Xm/XpmAttrib.c 2004-09-30 11:33:41.187737616 +0200
237 @@ -41,8 +41,8 @@
238 #include "XpmI.h"
239
240 /* 3.2 backward compatibility code */
241 -LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors,
242 - XpmColor ***oldct));
243 +LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
244 + XpmColor ***oldct));
245
246 LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
247
248 @@ -52,12 +52,15 @@
249 static int
250 CreateOldColorTable(ct, ncolors, oldct)
251 XpmColor *ct;
252 - int ncolors;
253 + unsigned int ncolors;
254 XpmColor ***oldct;
255 {
256 XpmColor **colorTable, **color;
257 int a;
258
259 + if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
260 + return XpmNoMemory;
261 +
262 colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
263 if (!colorTable) {
264 *oldct = NULL;
265 --- openMotif-2.2.3/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2004-09-30 11:40:22.122457590 +0200
266 +++ openMotif-2.2.3/lib/Xm/Xpmcreate.c 2004-09-30 12:49:44.411019183 +0200
267 @@ -804,6 +804,9 @@
268
269 ErrorStatus = XpmSuccess;
270
271 + if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
272 + return (XpmNoMemory);
273 +
274 /* malloc pixels index tables */
275 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
276 if (!image_pixels)
277 @@ -947,6 +950,8 @@
278 return (XpmNoMemory);
279
280 #ifndef FOR_MSW
281 + if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
282 + return XpmNoMemory;
283 /* now that bytes_per_line must have been set properly alloc data */
284 (*image_return)->data =
285 (char *) XpmMalloc((*image_return)->bytes_per_line * height);
286 @@ -1992,6 +1997,9 @@
287 xpmGetCmt(data, &colors_cmt);
288
289 /* malloc pixels index tables */
290 + if (ncolors >= SIZE_MAX / sizeof(Pixel))
291 + return XpmNoMemory;
292 +
293 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
294 if (!image_pixels)
295 RETURN(XpmNoMemory);
296 @@ -2207,6 +2215,9 @@
297 {
298 unsigned short colidx[256];
299
300 + if (ncolors > 256)
301 + return (XpmFileInvalid);
302 +
303 bzero((char *)colidx, 256 * sizeof(short));
304 for (a = 0; a < ncolors; a++)
305 colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
306 @@ -2305,6 +2316,9 @@
307 char *s;
308 char buf[BUFSIZ];
309
310 + if (cpp >= sizeof(buf))
311 + return (XpmFileInvalid);
312 +
313 buf[cpp] = '\0';
314 if (USE_HASHTABLE) {
315 xpmHashAtom *slot;
316 --- openMotif-2.2.3/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2004-09-30 11:54:01.219804716 +0200
317 +++ openMotif-2.2.3/lib/Xm/Xpmparse.c 2004-09-30 12:47:15.676480282 +0200
318 @@ -46,6 +46,25 @@
319
320 #include "XpmI.h"
321 #include <ctype.h>
322 +#include <string.h>
323 +
324 +#ifdef HAS_STRLCAT
325 +# define STRLCAT(dst, src, dstsize) { \
326 + if (strlcat(dst, src, dstsize) >= (dstsize)) \
327 + return (XpmFileInvalid); }
328 +# define STRLCPY(dst, src, dstsize) { \
329 + if (strlcpy(dst, src, dstsize) >= (dstsize)) \
330 + return (XpmFileInvalid); }
331 +#else
332 +# define STRLCAT(dst, src, dstsize) { \
333 + if ((strlen(dst) + strlen(src)) < (dstsize)) \
334 + strcat(dst, src); \
335 + else return (XpmFileInvalid); }
336 +# define STRLCPY(dst, src, dstsize) { \
337 + if (strlen(src) < (dstsize)) \
338 + strcpy(dst, src); \
339 + else return (XpmFileInvalid); }
340 +#endif
341
342 LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
343 unsigned int height, unsigned int ncolors,
344 @@ -215,7 +234,7 @@
345 unsigned int *extensions;
346 {
347 unsigned int l;
348 - char buf[BUFSIZ];
349 + char buf[BUFSIZ + 1];
350
351 if (!data->format) { /* XPM 2 or 3 */
352
353 @@ -324,10 +343,10 @@
354 XpmColor **colorTablePtr;
355 xpmHashTable *hashtable;
356 {
357 - unsigned int key, l, a, b;
358 + unsigned int key, l, a, b, len;
359 unsigned int curkey; /* current color key */
360 unsigned int lastwaskey; /* key read */
361 - char buf[BUFSIZ];
362 + char buf[BUFSIZ + 1];
363 char curbuf[BUFSIZ]; /* current buffer */
364 char **sptr, *s;
365 XpmColor *color;
366 @@ -335,6 +354,8 @@
367 char **defaults;
368 int ErrorStatus;
369
370 + if (ncolors >= SIZE_MAX / sizeof(XpmColor))
371 + return (XpmNoMemory);
372 colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
373 if (!colorTable)
374 return (XpmNoMemory);
375 @@ -346,6 +367,10 @@
376 /*
377 * read pixel value
378 */
379 + if (cpp >= SIZE_MAX - 1) {
380 + xpmFreeColorTable(colorTable, ncolors);
381 + return (XpmNoMemory);
382 + }
383 color->string = (char *) XpmMalloc(cpp + 1);
384 if (!color->string) {
385 xpmFreeColorTable(colorTable, ncolors);
386 @@ -383,13 +408,14 @@
387 }
388 if (!lastwaskey && key < NKEYS) { /* open new key */
389 if (curkey) { /* flush string */
390 - s = (char *) XpmMalloc(strlen(curbuf) + 1);
391 + len = strlen(curbuf) + 1;
392 + s = (char *) XpmMalloc(len);
393 if (!s) {
394 xpmFreeColorTable(colorTable, ncolors);
395 return (XpmNoMemory);
396 }
397 defaults[curkey] = s;
398 - strcpy(s, curbuf);
399 + memcpy(s, curbuf, len);
400 }
401 curkey = key + 1; /* set new key */
402 *curbuf = '\0'; /* reset curbuf */
403 @@ -400,9 +426,9 @@
404 return (XpmFileInvalid);
405 }
406 if (!lastwaskey)
407 - strcat(curbuf, " "); /* append space */
408 + STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
409 buf[l] = '\0';
410 - strcat(curbuf, buf);/* append buf */
411 + STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
412 lastwaskey = 0;
413 }
414 }
415 @@ -410,12 +436,13 @@
416 xpmFreeColorTable(colorTable, ncolors);
417 return (XpmFileInvalid);
418 }
419 - s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1);
420 + len = strlen(curbuf) + 1;
421 + s = defaults[curkey] = (char *) XpmMalloc(len);
422 if (!s) {
423 xpmFreeColorTable(colorTable, ncolors);
424 return (XpmNoMemory);
425 }
426 - strcpy(s, curbuf);
427 + memcpy(s, curbuf, len);
428 }
429 } else { /* XPM 1 */
430 /* get to the beginning of the first string */
431 @@ -428,6 +455,10 @@
432 /*
433 * read pixel value
434 */
435 + if (cpp >= SIZE_MAX - 1) {
436 + xpmFreeColorTable(colorTable, ncolors);
437 + return (XpmNoMemory);
438 + }
439 color->string = (char *) XpmMalloc(cpp + 1);
440 if (!color->string) {
441 xpmFreeColorTable(colorTable, ncolors);
442 @@ -456,16 +487,17 @@
443 *curbuf = '\0'; /* init curbuf */
444 while ((l = xpmNextWord(data, buf, BUFSIZ))) {
445 if (*curbuf != '\0')
446 - strcat(curbuf, " ");/* append space */
447 + STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
448 buf[l] = '\0';
449 - strcat(curbuf, buf); /* append buf */
450 + STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */
451 }
452 - s = (char *) XpmMalloc(strlen(curbuf) + 1);
453 + len = strlen(curbuf) + 1;
454 + s = (char *) XpmMalloc(len);
455 if (!s) {
456 xpmFreeColorTable(colorTable, ncolors);
457 return (XpmNoMemory);
458 }
459 - strcpy(s, curbuf);
460 + memcpy(s, curbuf, len);
461 color->c_color = s;
462 *curbuf = '\0'; /* reset curbuf */
463 if (a < ncolors - 1)
464 @@ -490,6 +522,9 @@
465 unsigned int *iptr, *iptr2;
466 unsigned int a, x, y;
467
468 + if ((height > 0 && width >= SIZE_MAX / height) ||
469 + width * height >= SIZE_MAX / sizeof(unsigned int))
470 + return XpmNoMemory;
471 #ifndef FOR_MSW
472 iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
473 #else
474 @@ -513,6 +548,9 @@
475 {
476 unsigned short colidx[256];
477
478 + if (ncolors > 256)
479 + return (XpmFileInvalid);
480 +
481 bzero((char *)colidx, 256 * sizeof(short));
482 for (a = 0; a < ncolors; a++)
483 colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
484 @@ -590,6 +628,9 @@
485 char *s;
486 char buf[BUFSIZ];
487
488 + if (cpp >= sizeof(buf))
489 + return (XpmFileInvalid);
490 +
491 buf[cpp] = '\0';
492 if (USE_HASHTABLE) {
493 xpmHashAtom *slot;
494
495
496
497 1.1 src/patchsets/openmotif/2.2.3/03_all_CAN-2004-0914-newer.patch
498
499 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&view=markup
500 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&content-type=text/plain
501
502 Index: 03_all_CAN-2004-0914-newer.patch
503 ===================================================================
504 diff -Nur lib/Xm/Imakefile lib/Xm/Imakefile
505 --- lib/Xm/Imakefile 2002-01-15 18:30:40.000000000 +0100
506 +++ lib/Xm/Imakefile 2005-02-14 14:24:12.000000000 +0100
507 @@ -211,7 +211,8 @@
508 XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \
509 XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \
510 XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \
511 - XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c
512 + XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \
513 + Xpms_popen.c
514
515 #if UseLocalRegex
516 REGEX_SRCS = regexp.c
517 @@ -274,7 +275,8 @@
518 XpmCrBufFrP.o XpmCrPFrBuf.o XpmRdFToDat.o XpmWrFFrP.o Xpmrgb.o \
519 XpmCrDatFrI.o XpmCrPFrDat.o XpmRdFToI.o Xpmcreate.o Xpmscan.o \
520 XpmCrDatFrP.o XpmCrPFrI.o XpmRdFToP.o Xpmdata.o \
521 - XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o
522 + XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o \
523 + Xpms_popen.o
524
525 #if UseLocalRegex
526 REGEX_OBJS = regexp.o
527 --- lib/Xm/Makefile.am 2004-11-17 19:03:26.962797006 +0100
528 +++ lib/Xm/Makefile.am 2004-11-17 19:03:49.421724642 +0100
529 @@ -241,7 +241,8 @@
530 XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \
531 XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \
532 XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \
533 - XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c
534 + XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \
535 + Xpms_popen.c
536
537 NEW_WID_SRCS = IconH.c Container.c IconG.c \
538 Notebook.c ComboBox.c GrabShell.c SpinB.c \
539 --- /dev/null 1970-01-01 01:00:00.000000000 +0100
540 +++ lib/Xm/Xpms_popen.c 2005-02-14 14:24:12.942319466 +0100
541 @@ -0,0 +1,182 @@
542 +/*
543 + * Copyright (C) 2004 The X.Org fundation
544 + *
545 + * Permission is hereby granted, free of charge, to any person
546 + * obtaining a copy of this software and associated documentation
547 + * files (the "Software"), to deal in the Software without
548 + * restriction, including without limitation the rights to use, copy,
549 + * modify, merge, publish, distribute, sublicense, and/or sell copies
550 + * of the Software, and to permit persons to whom the Software is fur-
551 + * nished to do so, subject to the following conditions:
552 + *
553 + * The above copyright notice and this permission notice shall be
554 + * included in all copies or substantial portions of the Software.
555 + *
556 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
557 + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
558 + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
559 + * NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR
560 + * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
561 + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
562 + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
563 + *
564 + * Except as contained in this notice, the name of the X.Org fundation
565 + * shall not be used in advertising or otherwise to promote the sale,
566 + * use or other dealings in this Software without prior written
567 + * authorization from the X.Org fundation.
568 + */
569 +
570 +/*
571 +** This is a secure but NOT 100% compatible replacement for popen()
572 +** Note: - don't use pclose() use fclose() for closing the returned
573 +** filedesc.!!!
574 +**
575 +** Known Bugs: - unable to use i/o-redirection like > or <
576 +** Author: - Thomas Biege <thomas@××××.de>
577 +** Credits: - Andreas Pfaller <a.pfaller@×××××××.de> for fixing a SEGV when
578 +** calling strtok()
579 +*/
580 +
581 +#include <sys/types.h>
582 +#include <sys/wait.h>
583 +#include <stdio.h>
584 +#include <stdlib.h>
585 +#include <unistd.h>
586 +#include <string.h>
587 +#include "XpmI.h"
588 +
589 +#define __SEC_POPEN_TOKEN " "
590 +
591 +FILE *Xpms_popen(char *cmd, const char *type)
592 +{
593 + pid_t pid;
594 + int pfd[2];
595 + int rpipe = 0, wpipe = 0, i;
596 + char **argv;
597 + char *ptr;
598 + char *cmdcpy;
599 +
600 +
601 + if(cmd == NULL || cmd == "")
602 + return(NULL);
603 +
604 + if(type[0] != 'r' && type[0] != 'w')
605 + return(NULL);
606 +
607 + if ((cmdcpy = strdup(cmd)) == NULL)
608 + return(NULL);
609 +
610 + argv = NULL;
611 + if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL)
612 + {
613 + free(cmdcpy);
614 + return(NULL);
615 + }
616 +
617 + for(i = 0;; i++)
618 + {
619 + if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL)
620 + {
621 + free(cmdcpy);
622 + return(NULL);
623 + }
624 +
625 + if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL)
626 + {
627 + free(cmdcpy);
628 + return(NULL);
629 + }
630 +
631 + strcpy(argv[i], ptr);
632 +
633 + if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL)
634 + {
635 + if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL)
636 + {
637 + free(cmdcpy);
638 + return(NULL);
639 + }
640 + argv[i+1] = NULL;
641 + break;
642 + }
643 + }
644 +
645 +
646 + if(type[0] == 'r')
647 + rpipe = 1;
648 + else
649 + wpipe = 1;
650 +
651 + if (pipe(pfd) < 0)
652 + {
653 + free(cmdcpy);
654 + return(NULL);
655 + }
656 +
657 + if((pid = fork()) < 0)
658 + {
659 + close(pfd[0]);
660 + close(pfd[1]);
661 + free(cmdcpy);
662 + return(NULL);
663 + }
664 +
665 + if(pid == 0) /* child */
666 + {
667 + if((pid = fork()) < 0)
668 + {
669 + close(pfd[0]);
670 + close(pfd[1]);
671 + free(cmdcpy);
672 + return(NULL);
673 + }
674 + if(pid > 0)
675 + {
676 + exit(0); /* child nr. 1 exits */
677 + }
678 +
679 + /* child nr. 2 */
680 + if(rpipe)
681 + {
682 + close(pfd[0]); /* close reading end, we don't need it */
683 + dup2(STDOUT_FILENO, STDERR_FILENO);
684 + if (pfd[1] != STDOUT_FILENO)
685 + dup2(pfd[1], STDOUT_FILENO); /* redirect stdout to writing end of pipe */
686 + }
687 + else
688 + {
689 + close(pfd[1]); /* close writing end, we don't need it */
690 + if (pfd[0] != STDIN_FILENO)
691 + dup2(pfd[0], STDIN_FILENO); /* redirect stdin to reading end of pipe */
692 + }
693 +
694 + if(strchr(argv[0], '/') == NULL)
695 + execvp(argv[0], argv); /* search in $PATH */
696 + else
697 + execv(argv[0], argv);
698 +
699 + close(pfd[0]);
700 + close(pfd[1]);
701 + free(cmdcpy);
702 + return(NULL); /* exec failed.. ooops! */
703 + }
704 + else /* parent */
705 + {
706 + waitpid(pid, NULL, 0); /* wait for child nr. 1 */
707 +
708 + if(rpipe)
709 + {
710 + close(pfd[1]);
711 + free(cmdcpy);
712 + return(fdopen(pfd[0], "r"));
713 + }
714 + else
715 + {
716 + close(pfd[0]);
717 + free(cmdcpy);
718 + return(fdopen(pfd[1], "w"));
719 + }
720 +
721 + }
722 +}
723 +
724 diff -Nur lib/Xm/XpmAttrib.c lib/Xm/XpmAttrib.c
725 --- lib/Xm/XpmAttrib.c 2005-02-14 15:20:49.346039704 +0100
726 +++ lib/Xm/XpmAttrib.c 2005-02-14 14:26:42.742624081 +0100
727 @@ -44,7 +44,7 @@
728 LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
729 XpmColor ***oldct));
730
731 -LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
732 +LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors));
733
734 /*
735 * Create a colortable compatible with the old style colortable
736 @@ -56,9 +56,9 @@
737 XpmColor ***oldct;
738 {
739 XpmColor **colorTable, **color;
740 - int a;
741 + unsigned int a;
742
743 - if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
744 + if (ncolors >= UINT_MAX / sizeof(XpmColor *))
745 return XpmNoMemory;
746
747 colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
748 @@ -75,9 +75,9 @@
749 static void
750 FreeOldColorTable(colorTable, ncolors)
751 XpmColor **colorTable;
752 - int ncolors;
753 + unsigned int ncolors;
754 {
755 - int a, b;
756 + unsigned int a, b;
757 XpmColor **color;
758 char **sptr;
759
760 @@ -128,7 +128,7 @@
761 XpmExtension *ext;
762 char **sptr;
763
764 - if (extensions) {
765 + if (extensions && nextensions > 0) {
766 for (i = 0, ext = extensions; i < nextensions; i++, ext++) {
767 if (ext->name)
768 XpmFree(ext->name);
769 diff -Nur lib/Xm/XpmCrBufFrI.c lib/Xm/XpmCrBufFrI.c
770 --- lib/Xm/XpmCrBufFrI.c 2003-08-15 11:08:59.000000000 +0200
771 +++ lib/Xm/XpmCrBufFrI.c 2005-02-14 14:28:44.975393496 +0100
772 @@ -41,21 +41,26 @@
773 #endif
774
775
776 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
777 +
778 +
779 #include "XpmI.h"
780
781 LFUNC(WriteColors, int, (char **dataptr, unsigned int *data_size,
782 unsigned int *used_size, XpmColor *colors,
783 unsigned int ncolors, unsigned int cpp));
784
785 -LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size,
786 +LFUNC(WritePixels, void, (char *dataptr, unsigned int data_size,
787 + unsigned int *used_size,
788 unsigned int width, unsigned int height,
789 unsigned int cpp, unsigned int *pixels,
790 XpmColor *colors));
791
792 -LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size,
793 +LFUNC(WriteExtensions, void, (char *dataptr, unsigned int data_size,
794 + unsigned int *used_size,
795 XpmExtension *ext, unsigned int num));
796
797 -LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num));
798 +LFUNC(ExtensionsSize, unsigned int, (XpmExtension *ext, unsigned int num));
799 LFUNC(CommentsSize, int, (XpmInfo *info));
800
801 int
802 @@ -98,11 +103,12 @@
803
804 #undef RETURN
805 #define RETURN(status) \
806 +do \
807 { \
808 if (ptr) \
809 XpmFree(ptr); \
810 return(status); \
811 -}
812 +} while(0)
813
814 int
815 XpmCreateBufferFromXpmImage(buffer_return, image, info)
816 @@ -116,7 +122,7 @@
817 unsigned int cmts, extensions, ext_size = 0;
818 unsigned int l, cmt_size = 0;
819 char *ptr = NULL, *p;
820 - unsigned int ptr_size, used_size;
821 + unsigned int ptr_size, used_size, tmp;
822
823 *buffer_return = NULL;
824
825 @@ -138,7 +144,13 @@
826 #ifdef VOID_SPRINTF
827 used_size = strlen(buf);
828 #endif
829 - ptr_size = used_size + ext_size + cmt_size + 1;
830 + ptr_size = used_size + ext_size + cmt_size + 1; /* ptr_size can't be 0 */
831 + if(ptr_size <= used_size ||
832 + ptr_size <= ext_size ||
833 + ptr_size <= cmt_size)
834 + {
835 + return XpmNoMemory;
836 + }
837 ptr = (char *) XpmMalloc(ptr_size);
838 if (!ptr)
839 return XpmNoMemory;
840 @@ -149,7 +161,7 @@
841 #ifndef VOID_SPRINTF
842 used_size +=
843 #endif
844 - sprintf(ptr + used_size, "/*%s*/\n", info->hints_cmt);
845 + snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->hints_cmt);
846 #ifdef VOID_SPRINTF
847 used_size += strlen(info->hints_cmt) + 5;
848 #endif
849 @@ -167,7 +179,7 @@
850 #ifndef VOID_SPRINTF
851 l +=
852 #endif
853 - sprintf(buf + l, " %d %d", info->x_hotspot, info->y_hotspot);
854 + snprintf(buf + l, sizeof(buf)-l, " %d %d", info->x_hotspot, info->y_hotspot);
855 #ifdef VOID_SPRINTF
856 l = strlen(buf);
857 #endif
858 @@ -189,6 +201,8 @@
859 l = strlen(buf);
860 #endif
861 ptr_size += l;
862 + if(ptr_size <= l)
863 + RETURN(XpmNoMemory);
864 p = (char *) XpmRealloc(ptr, ptr_size);
865 if (!p)
866 RETURN(XpmNoMemory);
867 @@ -201,7 +215,7 @@
868 #ifndef VOID_SPRINTF
869 used_size +=
870 #endif
871 - sprintf(ptr + used_size, "/*%s*/\n", info->colors_cmt);
872 + snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->colors_cmt);
873 #ifdef VOID_SPRINTF
874 used_size += strlen(info->colors_cmt) + 5;
875 #endif
876 @@ -217,7 +231,12 @@
877 * 4 = 1 (for '"') + 3 (for '",\n')
878 * 1 = - 2 (because the last line does not end with ',\n') + 3 (for '};\n')
879 */
880 - ptr_size += image->height * (image->width * image->cpp + 4) + 1;
881 + if(image->width > UINT_MAX / image->cpp ||
882 + (tmp = image->width * image->cpp + 4) <= 4 ||
883 + image->height > UINT_MAX / tmp ||
884 + (tmp = image->height * tmp + 1) <= 1 ||
885 + (ptr_size += tmp) <= tmp)
886 + RETURN(XpmNoMemory);
887
888 p = (char *) XpmRealloc(ptr, ptr_size);
889 if (!p)
890 @@ -229,17 +248,17 @@
891 #ifndef VOID_SPRINTF
892 used_size +=
893 #endif
894 - sprintf(ptr + used_size, "/*%s*/\n", info->pixels_cmt);
895 + snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->pixels_cmt);
896 #ifdef VOID_SPRINTF
897 used_size += strlen(info->pixels_cmt) + 5;
898 #endif
899 }
900 - WritePixels(ptr + used_size, &used_size, image->width, image->height,
901 + WritePixels(ptr + used_size, ptr_size - used_size, &used_size, image->width, image->height,
902 image->cpp, image->data, image->colorTable);
903
904 /* print extensions */
905 if (extensions)
906 - WriteExtensions(ptr + used_size, &used_size,
907 + WriteExtensions(ptr + used_size, ptr_size-used_size, &used_size,
908 info->extensions, info->nextensions);
909
910 /* close the array */
911 @@ -250,6 +269,7 @@
912 return (XpmSuccess);
913 }
914
915 +
916 static int
917 WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp)
918 char **dataptr;
919 @@ -259,7 +279,7 @@
920 unsigned int ncolors;
921 unsigned int cpp;
922 {
923 - char buf[BUFSIZ];
924 + char buf[BUFSIZ] = {0};
925 unsigned int a, key, l;
926 char *s, *s2;
927 char **defaults;
928 @@ -269,22 +289,34 @@
929
930 defaults = (char **) colors;
931 s = buf + 1;
932 - strncpy(s, *defaults++, cpp);
933 - s += cpp;
934 -
935 - for (key = 1; key <= NKEYS; key++, defaults++) {
936 - if ((s2 = *defaults)) {
937 -#ifndef VOID_SPRINTF
938 - s +=
939 -#endif
940 - sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2);
941 -#ifdef VOID_SPRINTF
942 - s += strlen(s);
943 -#endif
944 - }
945 - }
946 - strcpy(s, "\",\n");
947 - l = s + 3 - buf;
948 + if(cpp > (sizeof(buf) - (s-buf)))
949 + return(XpmNoMemory);
950 + strncpy(s, *defaults++, cpp);
951 + s += cpp;
952 +
953 + for (key = 1; key <= NKEYS; key++, defaults++) {
954 + if ((s2 = *defaults)) {
955 +#ifndef VOID_SPRINTF
956 + s +=
957 +#endif
958 + /* assume C99 compliance */
959 + snprintf(s, sizeof(buf) - (s-buf), "\t%s %s", xpmColorKeys[key - 1], s2);
960 +#ifdef VOID_SPRINTF
961 + s += strlen(s);
962 +#endif
963 + /* now let's check if s points out-of-bounds */
964 + if((s-buf) > sizeof(buf))
965 + return(XpmNoMemory);
966 + }
967 + }
968 + if(sizeof(buf) - (s-buf) < 4)
969 + return(XpmNoMemory);
970 + strcpy(s, "\",\n");
971 + l = s + 3 - buf;
972 + if( *data_size >= UINT_MAX-l ||
973 + *data_size + l <= *used_size ||
974 + (*data_size + l - *used_size) <= sizeof(buf))
975 + return(XpmNoMemory);
976 s = (char *) XpmRealloc(*dataptr, *data_size + l);
977 if (!s)
978 return (XpmNoMemory);
979 @@ -297,8 +329,9 @@
980 }
981
982 static void
983 -WritePixels(dataptr, used_size, width, height, cpp, pixels, colors)
984 +WritePixels(dataptr, data_size, used_size, width, height, cpp, pixels, colors)
985 char *dataptr;
986 + unsigned int data_size;
987 unsigned int *used_size;
988 unsigned int width;
989 unsigned int height;
990 @@ -309,27 +342,36 @@
991 char *s = dataptr;
992 unsigned int x, y, h;
993
994 + if(height <= 1)
995 + return;
996 +
997 h = height - 1;
998 for (y = 0; y < h; y++) {
999 *s++ = '"';
1000 for (x = 0; x < width; x++, pixels++) {
1001 - strncpy(s, colors[*pixels].string, cpp);
1002 + if(cpp >= (data_size - (s-dataptr)))
1003 + return;
1004 + strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */
1005 s += cpp;
1006 }
1007 + if((data_size - (s-dataptr)) < 4)
1008 + return;
1009 strcpy(s, "\",\n");
1010 s += 3;
1011 }
1012 /* duplicate some code to avoid a test in the loop */
1013 *s++ = '"';
1014 for (x = 0; x < width; x++, pixels++) {
1015 - strncpy(s, colors[*pixels].string, cpp);
1016 + if(cpp >= (data_size - (s-dataptr)))
1017 + return;
1018 + strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */
1019 s += cpp;
1020 }
1021 *s++ = '"';
1022 *used_size += s - dataptr;
1023 }
1024
1025 -static int
1026 +static unsigned int
1027 ExtensionsSize(ext, num)
1028 XpmExtension *ext;
1029 unsigned int num;
1030 @@ -338,21 +380,26 @@
1031 char **line;
1032
1033 size = 0;
1034 + if(num == 0)
1035 + return(0); /* ok? */
1036 for (x = 0; x < num; x++, ext++) {
1037 /* 11 = 10 (for ',\n"XPMEXT ') + 1 (for '"') */
1038 size += strlen(ext->name) + 11;
1039 - a = ext->nlines;
1040 + a = ext->nlines; /* how can we trust ext->nlines to be not out-of-bounds? */
1041 for (y = 0, line = ext->lines; y < a; y++, line++)
1042 /* 4 = 3 (for ',\n"') + 1 (for '"') */
1043 size += strlen(*line) + 4;
1044 }
1045 /* 13 is for ',\n"XPMENDEXT"' */
1046 + if(size > UINT_MAX - 13) /* unlikely */
1047 + return(0);
1048 return size + 13;
1049 }
1050
1051 static void
1052 -WriteExtensions(dataptr, used_size, ext, num)
1053 +WriteExtensions(dataptr, data_size, used_size, ext, num)
1054 char *dataptr;
1055 + unsigned int data_size;
1056 unsigned int *used_size;
1057 XpmExtension *ext;
1058 unsigned int num;
1059 @@ -363,24 +410,24 @@
1060
1061 for (x = 0; x < num; x++, ext++) {
1062 #ifndef VOID_SPRINTF
1063 - s += 11 +
1064 + s +=
1065 #endif
1066 - sprintf(s, ",\n\"XPMEXT %s\"", ext->name);
1067 + snprintf(s, data_size - (s-dataptr), ",\n\"XPMEXT %s\"", ext->name);
1068 #ifdef VOID_SPRINTF
1069 s += strlen(ext->name) + 11;
1070 #endif
1071 a = ext->nlines;
1072 for (y = 0, line = ext->lines; y < a; y++, line++) {
1073 #ifndef VOID_SPRINTF
1074 - s += 4 +
1075 + s +=
1076 #endif
1077 - sprintf(s, ",\n\"%s\"", *line);
1078 + snprintf(s, data_size - (s-dataptr), ",\n\"%s\"", *line);
1079 #ifdef VOID_SPRINTF
1080 s += strlen(*line) + 4;
1081 #endif
1082 }
1083 }
1084 - strcpy(s, ",\n\"XPMENDEXT\"");
1085 + strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1);
1086 *used_size += s - dataptr + 13;
1087 }
1088
1089 @@ -391,6 +438,7 @@
1090 int size = 0;
1091
1092 /* 5 = 2 (for "/_*") + 3 (for "*_/\n") */
1093 + /* wrap possible but *very* unlikely */
1094 if (info->hints_cmt)
1095 size += 5 + strlen(info->hints_cmt);
1096
1097 diff -Nur lib/Xm/XpmCrDatFrI.c lib/Xm/XpmCrDatFrI.c
1098 --- lib/Xm/XpmCrDatFrI.c 2005-02-14 15:20:49.344040101 +0100
1099 +++ lib/Xm/XpmCrDatFrI.c 2005-02-14 14:32:22.610251056 +0100
1100 @@ -38,13 +38,16 @@
1101 #endif
1102
1103
1104 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1105 +
1106 #include "XpmI.h"
1107
1108 LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size,
1109 XpmColor *colors, unsigned int ncolors,
1110 unsigned int cpp));
1111
1112 -LFUNC(CreatePixels, void, (char **dataptr, unsigned int width,
1113 +LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size,
1114 + unsigned int width,
1115 unsigned int height, unsigned int cpp,
1116 unsigned int *pixels, XpmColor *colors));
1117
1118 @@ -52,7 +55,8 @@
1119 unsigned int *ext_size,
1120 unsigned int *ext_nlines));
1121
1122 -LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset,
1123 +LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size,
1124 + unsigned int offset,
1125 XpmExtension *ext, unsigned int num,
1126 unsigned int ext_nlines));
1127
1128 @@ -93,6 +97,7 @@
1129
1130 #undef RETURN
1131 #define RETURN(status) \
1132 +do \
1133 { \
1134 if (header) { \
1135 for (l = 0; l < header_nlines; l++) \
1136 @@ -101,7 +106,7 @@
1137 XpmFree(header); \
1138 } \
1139 return(status); \
1140 -}
1141 +} while(0)
1142
1143 int
1144 XpmCreateDataFromXpmImage(data_return, image, info)
1145 @@ -133,10 +138,15 @@
1146 * is the hints line + the color table lines
1147 */
1148 header_nlines = 1 + image->ncolors;
1149 +
1150 + if(header_nlines <= image->ncolors ||
1151 + header_nlines >= UINT_MAX / sizeof(char *))
1152 + return(XpmNoMemory);
1153 +
1154 header_size = sizeof(char *) * header_nlines;
1155 - if (header_size >= SIZE_MAX / sizeof(char *))
1156 + if (header_size >= UINT_MAX / sizeof(char *))
1157 return (XpmNoMemory);
1158 - header = (char **) XpmCalloc(header_size, sizeof(char *));
1159 + header = (char **) XpmCalloc(header_size, sizeof(char *));
1160 if (!header)
1161 return (XpmNoMemory);
1162
1163 @@ -180,8 +190,22 @@
1164
1165 /* now we know the size needed, alloc the data and copy the header lines */
1166 offset = image->width * image->cpp + 1;
1167 - data_size = header_size + (image->height + ext_nlines) * sizeof(char *)
1168 - + image->height * offset + ext_size;
1169 +
1170 + if(offset <= image->width || offset <= image->cpp)
1171 + RETURN(XpmNoMemory);
1172 +
1173 + if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *))
1174 + RETURN(XpmNoMemory);
1175 + data_size = (image->height + ext_nlines) * sizeof(char *);
1176 +
1177 + if (image->height > UINT_MAX / offset ||
1178 + image->height * offset > UINT_MAX - data_size)
1179 + RETURN(XpmNoMemory);
1180 + data_size += image->height * offset;
1181 +
1182 + if( (header_size + ext_size) >= (UINT_MAX - data_size) )
1183 + RETURN(XpmNoMemory);
1184 + data_size += header_size + ext_size;
1185
1186 data = (char **) XpmMalloc(data_size);
1187 if (!data)
1188 @@ -189,8 +213,10 @@
1189
1190 data_nlines = header_nlines + image->height + ext_nlines;
1191 *data = (char *) (data + data_nlines);
1192 +
1193 + /* can header have less elements then n suggests? */
1194 n = image->ncolors;
1195 - for (l = 0, sptr = data, sptr2 = header; l <= n; l++, sptr++, sptr2++) {
1196 + for (l = 0, sptr = data, sptr2 = header; l <= n && sptr && sptr2; l++, sptr++, sptr2++) {
1197 strcpy(*sptr, *sptr2);
1198 *(sptr + 1) = *sptr + strlen(*sptr2) + 1;
1199 }
1200 @@ -199,12 +225,13 @@
1201 data[header_nlines] = (char *) data + header_size
1202 + (image->height + ext_nlines) * sizeof(char *);
1203
1204 - CreatePixels(data + header_nlines, image->width, image->height,
1205 + CreatePixels(data + header_nlines, data_size-header_nlines, image->width, image->height,
1206 image->cpp, image->data, image->colorTable);
1207
1208 /* print extensions */
1209 if (extensions)
1210 - CreateExtensions(data + header_nlines + image->height - 1, offset,
1211 + CreateExtensions(data + header_nlines + image->height - 1,
1212 + data_size - header_nlines - image->height + 1, offset,
1213 info->extensions, info->nextensions,
1214 ext_nlines);
1215
1216 @@ -229,18 +256,27 @@
1217 for (a = 0; a < ncolors; a++, colors++, dataptr++) {
1218
1219 defaults = (char **) colors;
1220 + if(sizeof(buf) <= cpp)
1221 + return(XpmNoMemory);
1222 strncpy(buf, *defaults++, cpp);
1223 s = buf + cpp;
1224
1225 + if(sizeof(buf) <= (s-buf))
1226 + return XpmNoMemory;
1227 +
1228 for (key = 1; key <= NKEYS; key++, defaults++) {
1229 if ((s2 = *defaults)) {
1230 #ifndef VOID_SPRINTF
1231 s +=
1232 #endif
1233 - sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2);
1234 + /* assume C99 compliance */
1235 + snprintf(s, sizeof(buf)-(s-buf), "\t%s %s", xpmColorKeys[key - 1], s2);
1236 #ifdef VOID_SPRINTF
1237 - s += strlen(s);
1238 + s += strlen(s);
1239 #endif
1240 + /* does s point out-of-bounds? */
1241 + if(sizeof(buf) < (s-buf))
1242 + return XpmNoMemory;
1243 }
1244 }
1245 l = s - buf + 1;
1246 @@ -254,8 +290,9 @@
1247 }
1248
1249 static void
1250 -CreatePixels(dataptr, width, height, cpp, pixels, colors)
1251 +CreatePixels(dataptr, data_size, width, height, cpp, pixels, colors)
1252 char **dataptr;
1253 + unsigned int data_size;
1254 unsigned int width;
1255 unsigned int height;
1256 unsigned int cpp;
1257 @@ -265,21 +302,38 @@
1258 char *s;
1259 unsigned int x, y, h, offset;
1260
1261 + if(height <= 1)
1262 + return;
1263 +
1264 h = height - 1;
1265 +
1266 offset = width * cpp + 1;
1267 +
1268 + if(offset <= width || offset <= cpp)
1269 + return;
1270 +
1271 + /* why trust h? */
1272 for (y = 0; y < h; y++, dataptr++) {
1273 s = *dataptr;
1274 + /* why trust width? */
1275 for (x = 0; x < width; x++, pixels++) {
1276 - strncpy(s, colors[*pixels].string, cpp);
1277 + if(cpp > (data_size - (s - *dataptr)))
1278 + return;
1279 + strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */
1280 s += cpp;
1281 }
1282 *s = '\0';
1283 + if(offset > data_size)
1284 + return;
1285 *(dataptr + 1) = *dataptr + offset;
1286 }
1287 /* duplicate some code to avoid a test in the loop */
1288 s = *dataptr;
1289 + /* why trust width? */
1290 for (x = 0; x < width; x++, pixels++) {
1291 - strncpy(s, colors[*pixels].string, cpp);
1292 + if(cpp > data_size - (s - *dataptr))
1293 + return;
1294 + strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */
1295 s += cpp;
1296 }
1297 *s = '\0';
1298 @@ -312,8 +366,9 @@
1299 }
1300
1301 static void
1302 -CreateExtensions(dataptr, offset, ext, num, ext_nlines)
1303 +CreateExtensions(dataptr, data_size, offset, ext, num, ext_nlines)
1304 char **dataptr;
1305 + unsigned int data_size;
1306 unsigned int offset;
1307 XpmExtension *ext;
1308 unsigned int num;
1309 @@ -326,12 +381,12 @@
1310 dataptr++;
1311 a = 0;
1312 for (x = 0; x < num; x++, ext++) {
1313 - sprintf(*dataptr, "XPMEXT %s", ext->name);
1314 + snprintf(*dataptr, data_size, "XPMEXT %s", ext->name);
1315 a++;
1316 if (a < ext_nlines)
1317 *(dataptr + 1) = *dataptr + strlen(ext->name) + 8;
1318 dataptr++;
1319 - b = ext->nlines;
1320 + b = ext->nlines; /* can we trust these values? */
1321 for (y = 0, line = ext->lines; y < b; y++, line++) {
1322 strcpy(*dataptr, *line);
1323 a++;
1324 diff -Nur lib/Xm/Xpmcreate.c lib/Xm/Xpmcreate.c
1325 --- lib/Xm/Xpmcreate.c 2005-02-14 15:20:49.348039308 +0100
1326 +++ lib/Xm/Xpmcreate.c 2005-02-14 14:36:37.104801803 +0100
1327 @@ -44,6 +44,8 @@
1328 #endif
1329
1330
1331 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1332 +
1333 #include "XpmI.h"
1334 #include <ctype.h>
1335
1336 @@ -565,7 +567,7 @@
1337 */
1338 } else {
1339 #endif
1340 - int i;
1341 + unsigned int i;
1342
1343 ncols = visual->map_entries;
1344 cols = (XColor *) XpmCalloc(ncols, sizeof(XColor));
1345 @@ -723,6 +725,7 @@
1346 /* function call in case of error, frees only locally allocated variables */
1347 #undef RETURN
1348 #define RETURN(status) \
1349 +do \
1350 { \
1351 if (ximage) XDestroyImage(ximage); \
1352 if (shapeimage) XDestroyImage(shapeimage); \
1353 @@ -733,7 +736,7 @@
1354 if (alloc_pixels) XpmFree(alloc_pixels); \
1355 if (used_pixels) XpmFree(used_pixels); \
1356 return (status); \
1357 -}
1358 +} while(0)
1359
1360 int
1361 XpmCreateImageFromXpmImage(display, image,
1362 @@ -804,7 +807,7 @@
1363
1364 ErrorStatus = XpmSuccess;
1365
1366 - if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
1367 + if (image->ncolors >= UINT_MAX / sizeof(Pixel))
1368 return (XpmNoMemory);
1369
1370 /* malloc pixels index tables */
1371 @@ -950,9 +953,13 @@
1372 return (XpmNoMemory);
1373
1374 #ifndef FOR_MSW
1375 - if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
1376 - return XpmNoMemory;
1377 + if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
1378 + XDestroyImage(*image_return);
1379 + return XpmNoMemory;
1380 + }
1381 /* now that bytes_per_line must have been set properly alloc data */
1382 + if((*image_return)->bytes_per_line == 0 || height == 0)
1383 + return XpmNoMemory;
1384 (*image_return)->data =
1385 (char *) XpmMalloc((*image_return)->bytes_per_line * height);
1386
1387 @@ -980,7 +987,7 @@
1388 LFUNC(_putbits, void, (register char *src, int dstoffset,
1389 register int numbits, register char *dst));
1390
1391 -LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register int nb));
1392 +LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register unsigned int nb));
1393
1394 static unsigned char Const _reverse_byte[0x100] = {
1395 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
1396 @@ -1020,12 +1027,12 @@
1397 static int
1398 _XReverse_Bytes(bpt, nb)
1399 register unsigned char *bpt;
1400 - register int nb;
1401 + register unsigned int nb;
1402 {
1403 do {
1404 *bpt = _reverse_byte[*bpt];
1405 bpt++;
1406 - } while (--nb > 0);
1407 + } while (--nb > 0); /* is nb user-controled? */
1408 return 0;
1409 }
1410
1411 @@ -1164,7 +1171,7 @@
1412 register char *src;
1413 register char *dst;
1414 register unsigned int *iptr;
1415 - register int x, y, i;
1416 + register unsigned int x, y, i;
1417 register char *data;
1418 Pixel pixel, px;
1419 int nbytes, depth, ibu, ibpp;
1420 @@ -1174,8 +1181,8 @@
1421 depth = image->depth;
1422 if (depth == 1) {
1423 ibu = image->bitmap_unit;
1424 - for (y = 0; y < height; y++)
1425 - for (x = 0; x < width; x++, iptr++) {
1426 + for (y = 0; y < height; y++) /* how can we trust height */
1427 + for (x = 0; x < width; x++, iptr++) { /* how can we trust width */
1428 pixel = pixels[*iptr];
1429 for (i = 0, px = pixel; i < sizeof(unsigned long);
1430 i++, px >>= 8)
1431 @@ -1250,12 +1257,12 @@
1432 {
1433 unsigned char *data;
1434 unsigned int *iptr;
1435 - int y;
1436 + unsigned int y;
1437 Pixel pixel;
1438
1439 #ifdef WITHOUT_SPEEDUPS
1440
1441 - int x;
1442 + unsigned int x;
1443 unsigned char *addr;
1444
1445 data = (unsigned char *) image->data;
1446 @@ -1292,7 +1299,7 @@
1447
1448 #else /* WITHOUT_SPEEDUPS */
1449
1450 - int bpl = image->bytes_per_line;
1451 + unsigned int bpl = image->bytes_per_line;
1452 unsigned char *data_ptr, *max_data;
1453
1454 data = (unsigned char *) image->data;
1455 @@ -1360,11 +1367,11 @@
1456 {
1457 unsigned char *data;
1458 unsigned int *iptr;
1459 - int y;
1460 + unsigned int y;
1461
1462 #ifdef WITHOUT_SPEEDUPS
1463
1464 - int x;
1465 + unsigned int x;
1466 unsigned char *addr;
1467
1468 data = (unsigned char *) image->data;
1469 @@ -1388,7 +1395,7 @@
1470
1471 Pixel pixel;
1472
1473 - int bpl = image->bytes_per_line;
1474 + unsigned int bpl = image->bytes_per_line;
1475 unsigned char *data_ptr, *max_data;
1476
1477 data = (unsigned char *) image->data;
1478 @@ -1441,11 +1448,11 @@
1479 {
1480 char *data;
1481 unsigned int *iptr;
1482 - int y;
1483 + unsigned int y;
1484
1485 #ifdef WITHOUT_SPEEDUPS
1486
1487 - int x;
1488 + unsigned int x;
1489
1490 data = image->data;
1491 iptr = pixelindex;
1492 @@ -1455,7 +1462,7 @@
1493
1494 #else /* WITHOUT_SPEEDUPS */
1495
1496 - int bpl = image->bytes_per_line;
1497 + unsigned int bpl = image->bytes_per_line;
1498 char *data_ptr, *max_data;
1499
1500 data = image->data;
1501 @@ -1490,12 +1497,12 @@
1502 PutImagePixels(image, width, height, pixelindex, pixels);
1503 else {
1504 unsigned int *iptr;
1505 - int y;
1506 + unsigned int y;
1507 char *data;
1508
1509 #ifdef WITHOUT_SPEEDUPS
1510
1511 - int x;
1512 + unsigned int x;
1513
1514 data = image->data;
1515 iptr = pixelindex;
1516 @@ -1673,6 +1680,9 @@
1517 Pixel px;
1518 int nbytes;
1519
1520 + if(x < 0 || y < 0)
1521 + return 0;
1522 +
1523 for (i=0, px=pixel; i<sizeof(unsigned long); i++, px>>=8)
1524 ((unsigned char *)&pixel)[i] = px;
1525 src = &ximage->data[XYINDEX(x, y, ximage)];
1526 @@ -1704,7 +1714,10 @@
1527 register int i;
1528 register char *data;
1529 Pixel px;
1530 - int nbytes, ibpp;
1531 + unsigned int nbytes, ibpp;
1532 +
1533 + if(x < 0 || y < 0)
1534 + return 0;
1535
1536 ibpp = ximage->bits_per_pixel;
1537 if (ximage->depth == 4)
1538 @@ -1737,6 +1750,9 @@
1539 {
1540 unsigned char *addr;
1541
1542 + if(x < 0 || y < 0)
1543 + return 0;
1544 +
1545 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1546 *((unsigned long *)addr) = pixel;
1547 return 1;
1548 @@ -1751,6 +1767,9 @@
1549 {
1550 unsigned char *addr;
1551
1552 + if(x < 0 || y < 0)
1553 + return 0;
1554 +
1555 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1556 addr[0] = pixel >> 24;
1557 addr[1] = pixel >> 16;
1558 @@ -1768,6 +1787,9 @@
1559 {
1560 unsigned char *addr;
1561
1562 + if(x < 0 || y < 0)
1563 + return 0;
1564 +
1565 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1566 addr[3] = pixel >> 24;
1567 addr[2] = pixel >> 16;
1568 @@ -1785,6 +1807,9 @@
1569 {
1570 unsigned char *addr;
1571
1572 + if(x < 0 || y < 0)
1573 + return 0;
1574 +
1575 addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)];
1576 addr[0] = pixel >> 8;
1577 addr[1] = pixel;
1578 @@ -1800,6 +1825,9 @@
1579 {
1580 unsigned char *addr;
1581
1582 + if(x < 0 || y < 0)
1583 + return 0;
1584 +
1585 addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)];
1586 addr[1] = pixel >> 8;
1587 addr[0] = pixel;
1588 @@ -1813,6 +1841,9 @@
1589 int y;
1590 unsigned long pixel;
1591 {
1592 + if(x < 0 || y < 0)
1593 + return 0;
1594 +
1595 ximage->data[ZINDEX8(x, y, ximage)] = pixel;
1596 return 1;
1597 }
1598 @@ -1824,6 +1855,9 @@
1599 int y;
1600 unsigned long pixel;
1601 {
1602 + if(x < 0 || y < 0)
1603 + return 0;
1604 +
1605 if (pixel & 1)
1606 ximage->data[ZINDEX1(x, y, ximage)] |= 0x80 >> (x & 7);
1607 else
1608 @@ -1838,6 +1872,9 @@
1609 int y;
1610 unsigned long pixel;
1611 {
1612 + if(x < 0 || y < 0)
1613 + return 0;
1614 +
1615 if (pixel & 1)
1616 ximage->data[ZINDEX1(x, y, ximage)] |= 1 << (x & 7);
1617 else
1618 @@ -1850,6 +1887,7 @@
1619 /* function call in case of error, frees only locally allocated variables */
1620 #undef RETURN
1621 #define RETURN(status) \
1622 +do \
1623 { \
1624 if (USE_HASHTABLE) xpmHashTableFree(&hashtable); \
1625 if (colorTable) xpmFreeColorTable(colorTable, ncolors); \
1626 @@ -1865,7 +1903,7 @@
1627 if (alloc_pixels) XpmFree(alloc_pixels); \
1628 if (used_pixels) XpmFree(used_pixels); \
1629 return(status); \
1630 -}
1631 +} while(0)
1632
1633 /*
1634 * This function parses an Xpm file or data and directly create an XImage
1635 @@ -1997,7 +2035,7 @@
1636 xpmGetCmt(data, &colors_cmt);
1637
1638 /* malloc pixels index tables */
1639 - if (ncolors >= SIZE_MAX / sizeof(Pixel))
1640 + if (ncolors >= UINT_MAX / sizeof(Pixel))
1641 return XpmNoMemory;
1642
1643 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
1644 @@ -2109,7 +2147,7 @@
1645 * free the hastable
1646 */
1647 if (ErrorStatus != XpmSuccess)
1648 - RETURN(ErrorStatus)
1649 + RETURN(ErrorStatus);
1650 else if (USE_HASHTABLE)
1651 xpmHashTableFree(&hashtable);
1652
1653 @@ -2258,11 +2296,11 @@
1654
1655 /* array of pointers malloced by need */
1656 unsigned short *cidx[256];
1657 - int char1;
1658 + unsigned int char1;
1659
1660 bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
1661 for (a = 0; a < ncolors; a++) {
1662 - char1 = colorTable[a].string[0];
1663 + char1 = (unsigned char) colorTable[a].string[0];
1664 if (cidx[char1] == NULL) { /* get new memory */
1665 cidx[char1] = (unsigned short *)
1666 XpmCalloc(256, sizeof(unsigned short));
1667 @@ -2280,7 +2318,7 @@
1668 int cc1 = xpmGetC(data);
1669 if (cc1 > 0 && cc1 < 256) {
1670 int cc2 = xpmGetC(data);
1671 - if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) {
1672 + if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) {
1673 #ifndef FOR_MSW
1674 XPutPixel(image, x, y,
1675 image_pixels[cidx[cc1][cc2] - 1]);
1676 diff -Nur lib/Xm/Xpmdata.c lib/Xm/Xpmdata.c
1677 --- lib/Xm/Xpmdata.c 2005-02-14 15:20:49.343040299 +0100
1678 +++ lib/Xm/Xpmdata.c 2005-02-14 14:38:22.161975990 +0100
1679 @@ -33,6 +33,8 @@
1680 * Developed by Arnaud Le Hors *
1681 \*****************************************************************************/
1682
1683 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1684 +
1685 /* Official version number */
1686 static char *RCS_Version = "$XpmVersion: 3.4i $";
1687
1688 @@ -279,7 +281,7 @@
1689 }
1690 ungetc(c, file);
1691 }
1692 - return (n);
1693 + return (n); /* this returns bytes read + 1 */
1694 }
1695
1696 /*
1697 @@ -376,8 +378,9 @@
1698 {
1699 if (!mdata->type)
1700 *cmt = NULL;
1701 - else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
1702 - *cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
1703 + else if (mdata->CommentLength != 0 && mdata->CommentLength < UINT_MAX - 1) {
1704 + if( (*cmt = (char *) XpmMalloc(mdata->CommentLength + 1)) == NULL)
1705 + return XpmNoMemory;
1706 strncpy(*cmt, mdata->Comment, mdata->CommentLength);
1707 (*cmt)[mdata->CommentLength] = '\0';
1708 mdata->CommentLength = 0;
1709 @@ -405,7 +408,7 @@
1710 xpmParseHeader(mdata)
1711 xpmData *mdata;
1712 {
1713 - char buf[BUFSIZ];
1714 + char buf[BUFSIZ+1] = {0};
1715 int l, n = 0;
1716
1717 if (mdata->type) {
1718 diff -Nur lib/Xm/Xpmhashtab.c lib/Xm/Xpmhashtab.c
1719 --- lib/Xm/Xpmhashtab.c 2005-02-14 15:20:49.342040497 +0100
1720 +++ lib/Xm/Xpmhashtab.c 2005-02-14 14:39:44.386676330 +0100
1721 @@ -144,13 +144,13 @@
1722 unsigned int size = table->size;
1723 xpmHashAtom *t, *p;
1724 int i;
1725 - int oldSize = size;
1726 + unsigned int oldSize = size;
1727
1728 t = atomTable;
1729 HASH_TABLE_GROWS
1730 table->size = size;
1731 table->limit = size / 3;
1732 - if (size >= SIZE_MAX / sizeof(*atomTable))
1733 + if (size >= UINT_MAX / sizeof(*atomTable))
1734 return (XpmNoMemory);
1735 atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
1736 if (!atomTable)
1737 @@ -212,7 +212,7 @@
1738 table->size = INITIAL_HASH_SIZE;
1739 table->limit = table->size / 3;
1740 table->used = 0;
1741 - if (table->size >= SIZE_MAX / sizeof(*atomTable))
1742 + if (table->size >= UINT_MAX / sizeof(*atomTable))
1743 return (XpmNoMemory);
1744 atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
1745 if (!atomTable)
1746 --- lib/Xm/XpmI.h 2005-02-14 15:20:49.344040101 +0100
1747 +++ lib/Xm/XpmI.h 2005-02-14 14:24:12.903327195 +0100
1748 @@ -108,8 +109,10 @@
1749 * lets try to solve include files
1750 */
1751
1752 +#include <sys/types.h>
1753 #include <stdio.h>
1754 #include <stdlib.h>
1755 +#include <limits.h>
1756 /* stdio.h doesn't declare popen on a Sequent DYNIX OS */
1757 #ifdef sequent
1758 extern FILE *popen();
1759 diff -Nur lib/Xm/Xpmmisc.c lib/Xm/Xpmmisc.c
1760 --- lib/Xm/Xpmmisc.c 2002-01-10 21:57:09.000000000 +0100
1761 +++ lib/Xm/Xpmmisc.c 2005-02-14 14:24:12.907326402 +0100
1762 @@ -52,7 +52,7 @@
1763 char *s1;
1764 {
1765 char *s2;
1766 - int l = strlen(s1) + 1;
1767 + size_t l = strlen(s1) + 1;
1768
1769 if (s2 = (char *) XpmMalloc(l))
1770 strcpy(s2, s1);
1771 diff -Nur lib/Xm/Xpmparse.c lib/Xm/Xpmparse.c
1772 --- lib/Xm/Xpmparse.c 2005-02-14 15:20:49.349039110 +0100
1773 +++ lib/Xm/Xpmparse.c 2005-02-14 14:46:55.361242890 +0100
1774 @@ -49,21 +49,21 @@
1775 #include <string.h>
1776
1777 #ifdef HAS_STRLCAT
1778 -# define STRLCAT(dst, src, dstsize) { \
1779 +# define STRLCAT(dst, src, dstsize) do { \
1780 if (strlcat(dst, src, dstsize) >= (dstsize)) \
1781 - return (XpmFileInvalid); }
1782 -# define STRLCPY(dst, src, dstsize) { \
1783 + return (XpmFileInvalid); } while(0)
1784 +# define STRLCPY(dst, src, dstsize) do { \
1785 if (strlcpy(dst, src, dstsize) >= (dstsize)) \
1786 - return (XpmFileInvalid); }
1787 + return (XpmFileInvalid); } while(0)
1788 #else
1789 -# define STRLCAT(dst, src, dstsize) { \
1790 +# define STRLCAT(dst, src, dstsize) do { \
1791 if ((strlen(dst) + strlen(src)) < (dstsize)) \
1792 strcat(dst, src); \
1793 - else return (XpmFileInvalid); }
1794 -# define STRLCPY(dst, src, dstsize) { \
1795 + else return (XpmFileInvalid); } while(0)
1796 +# define STRLCPY(dst, src, dstsize) do { \
1797 if (strlen(src) < (dstsize)) \
1798 strcpy(dst, src); \
1799 - else return (XpmFileInvalid); }
1800 + else return (XpmFileInvalid); } while(0)
1801 #endif
1802
1803 LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
1804 @@ -83,6 +83,7 @@
1805 /* function call in case of error, frees only locally allocated variables */
1806 #undef RETURN
1807 #define RETURN(status) \
1808 +do \
1809 { \
1810 if (colorTable) xpmFreeColorTable(colorTable, ncolors); \
1811 if (pixelindex) XpmFree(pixelindex); \
1812 @@ -90,7 +91,7 @@
1813 if (colors_cmt) XpmFree(colors_cmt); \
1814 if (pixels_cmt) XpmFree(pixels_cmt); \
1815 return(status); \
1816 -}
1817 +} while(0)
1818
1819 /*
1820 * This function parses an Xpm file or data and store the found informations
1821 @@ -354,7 +355,7 @@
1822 char **defaults;
1823 int ErrorStatus;
1824
1825 - if (ncolors >= SIZE_MAX / sizeof(XpmColor))
1826 + if (ncolors >= UINT_MAX / sizeof(XpmColor))
1827 return (XpmNoMemory);
1828 colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
1829 if (!colorTable)
1830 @@ -367,7 +368,7 @@
1831 /*
1832 * read pixel value
1833 */
1834 - if (cpp >= SIZE_MAX - 1) {
1835 + if (cpp >= UINT_MAX - 1) {
1836 xpmFreeColorTable(colorTable, ncolors);
1837 return (XpmNoMemory);
1838 }
1839 @@ -436,7 +437,7 @@
1840 xpmFreeColorTable(colorTable, ncolors);
1841 return (XpmFileInvalid);
1842 }
1843 - len = strlen(curbuf) + 1;
1844 + len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */
1845 s = defaults[curkey] = (char *) XpmMalloc(len);
1846 if (!s) {
1847 xpmFreeColorTable(colorTable, ncolors);
1848 @@ -455,7 +456,7 @@
1849 /*
1850 * read pixel value
1851 */
1852 - if (cpp >= SIZE_MAX - 1) {
1853 + if (cpp >= UINT_MAX - 1) {
1854 xpmFreeColorTable(colorTable, ncolors);
1855 return (XpmNoMemory);
1856 }
1857 @@ -500,7 +501,7 @@
1858 memcpy(s, curbuf, len);
1859 color->c_color = s;
1860 *curbuf = '\0'; /* reset curbuf */
1861 - if (a < ncolors - 1)
1862 + if (a < ncolors - 1) /* can we trust ncolors -> leave data's bounds */
1863 xpmNextString(data); /* get to the next string */
1864 }
1865 }
1866 @@ -519,11 +520,11 @@
1867 xpmHashTable *hashtable;
1868 unsigned int **pixels;
1869 {
1870 - unsigned int *iptr, *iptr2;
1871 + unsigned int *iptr, *iptr2 = NULL;
1872 unsigned int a, x, y;
1873
1874 - if ((height > 0 && width >= SIZE_MAX / height) ||
1875 - width * height >= SIZE_MAX / sizeof(unsigned int))
1876 + if ((height > 0 && width >= UINT_MAX / height) ||
1877 + width * height >= UINT_MAX / sizeof(unsigned int))
1878 return XpmNoMemory;
1879 #ifndef FOR_MSW
1880 iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
1881 @@ -548,8 +549,10 @@
1882 {
1883 unsigned short colidx[256];
1884
1885 - if (ncolors > 256)
1886 + if (ncolors > 256) {
1887 return (XpmFileInvalid);
1888 + XpmFree(iptr2); /* found by Egbert Eich */
1889 + }
1890
1891 bzero((char *)colidx, 256 * sizeof(short));
1892 for (a = 0; a < ncolors; a++)
1893 @@ -576,16 +579,20 @@
1894 {
1895
1896 /* free all allocated pointers at all exits */
1897 -#define FREE_CIDX {int f; for (f = 0; f < 256; f++) \
1898 -if (cidx[f]) XpmFree(cidx[f]);}
1899 +#define FREE_CIDX \
1900 +do \
1901 +{ \
1902 + int f; for (f = 0; f < 256; f++) \
1903 + if (cidx[f]) XpmFree(cidx[f]); \
1904 +} while(0)
1905
1906 /* array of pointers malloced by need */
1907 unsigned short *cidx[256];
1908 - int char1;
1909 + unsigned int char1;
1910
1911 bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
1912 for (a = 0; a < ncolors; a++) {
1913 - char1 = colorTable[a].string[0];
1914 + char1 = (unsigned char) colorTable[a].string[0];
1915 if (cidx[char1] == NULL) { /* get new memory */
1916 cidx[char1] = (unsigned short *)
1917 XpmCalloc(256, sizeof(unsigned short));
1918 @@ -604,7 +611,7 @@
1919 int cc1 = xpmGetC(data);
1920 if (cc1 > 0 && cc1 < 256) {
1921 int cc2 = xpmGetC(data);
1922 - if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0)
1923 + if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0)
1924 *iptr = cidx[cc1][cc2] - 1;
1925 else {
1926 FREE_CIDX;
1927 @@ -628,8 +635,10 @@
1928 char *s;
1929 char buf[BUFSIZ];
1930
1931 - if (cpp >= sizeof(buf))
1932 + if (cpp >= sizeof(buf)) {
1933 return (XpmFileInvalid);
1934 + XpmFree(iptr2); /* found by Egbert Eich */
1935 + }
1936
1937 buf[cpp] = '\0';
1938 if (USE_HASHTABLE) {
1939 @@ -639,7 +648,7 @@
1940 xpmNextString(data);
1941 for (x = 0; x < width; x++, iptr++) {
1942 for (a = 0, s = buf; a < cpp; a++, s++)
1943 - *s = xpmGetC(data);
1944 + *s = xpmGetC(data); /* int assigned to char, not a problem here */
1945 slot = xpmHashSlot(hashtable, buf);
1946 if (!*slot) { /* no color matches */
1947 XpmFree(iptr2);
1948 @@ -653,7 +662,7 @@
1949 xpmNextString(data);
1950 for (x = 0; x < width; x++, iptr++) {
1951 for (a = 0, s = buf; a < cpp; a++, s++)
1952 - *s = xpmGetC(data);
1953 + *s = xpmGetC(data); /* int assigned to char, not a problem here */
1954 for (a = 0; a < ncolors; a++)
1955 if (!strcmp(colorTable[a].string, buf))
1956 break;
1957 @@ -708,7 +717,7 @@
1958 while (!notstart && notend) {
1959 /* there starts an extension */
1960 ext = (XpmExtension *)
1961 - XpmRealloc(exts, (num + 1) * sizeof(XpmExtension));
1962 + XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); /* can the loop be forced to iterate often enough to make "(num + 1) * sizeof(XpmExtension)" wrapping? */
1963 if (!ext) {
1964 XpmFree(string);
1965 XpmFreeExtensions(exts, num);
1966 @@ -745,7 +754,7 @@
1967 while ((notstart = strncmp("XPMEXT", string, 6))
1968 && (notend = strncmp("XPMENDEXT", string, 9))) {
1969 sp = (char **)
1970 - XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *));
1971 + XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); /* can we iterate enough for a wrapping? */
1972 if (!sp) {
1973 XpmFree(string);
1974 ext->nlines = nlines;
1975 diff -Nur lib/Xm/XpmRdFToBuf.c lib/Xm/XpmRdFToBuf.c
1976 --- lib/Xm/XpmRdFToBuf.c 2002-01-10 21:57:08.000000000 +0100
1977 +++ lib/Xm/XpmRdFToBuf.c 2005-02-14 14:24:12.904326997 +0100
1978 @@ -43,6 +43,8 @@
1979 #endif
1980
1981
1982 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1983 +
1984 #include "XpmI.h"
1985 #include <sys/stat.h>
1986 #if !defined(FOR_MSW) && !defined(WIN32)
1987 @@ -64,7 +66,8 @@
1988 char *filename;
1989 char **buffer_return;
1990 {
1991 - int fd, fcheck, len;
1992 + int fd, fcheck;
1993 + off_t len;
1994 char *ptr;
1995 struct stat stats;
1996 FILE *fp;
1997 @@ -88,7 +91,7 @@
1998 close(fd);
1999 return XpmOpenFailed;
2000 }
2001 - len = (int) stats.st_size;
2002 + len = stats.st_size;
2003 ptr = (char *) XpmMalloc(len + 1);
2004 if (!ptr) {
2005 fclose(fp);
2006 diff -Nur lib/Xm/XpmRdFToI.c lib/Xm/XpmRdFToI.c
2007 --- lib/Xm/XpmRdFToI.c 2002-01-10 21:57:08.000000000 +0100
2008 +++ lib/Xm/XpmRdFToI.c 2005-02-14 14:24:12.861335519 +0100
2009 @@ -38,6 +38,8 @@
2010 #endif
2011
2012
2013 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2014 +
2015 #include "XpmI.h"
2016 #include <sys/stat.h>
2017 #include <sys/param.h>
2018 @@ -127,6 +129,12 @@
2019 /*
2020 * open the given file to be read as an xpmData which is returned.
2021 */
2022 +#ifndef NO_ZPIPE
2023 + FILE *Xpms_popen(char *cmd, const char *type);
2024 +#else
2025 +# define Xpms_popen popen
2026 +#endif
2027 +
2028 static int
2029 OpenReadFile(filename, mdata)
2030 char *filename;
2031 @@ -144,17 +152,21 @@
2032 mdata->type = XPMFILE;
2033 } else {
2034 #ifndef NO_ZPIPE
2035 - int len = strlen(filename);
2036 + size_t len = strlen(filename);
2037 +
2038 + if(len == 0 ||
2039 + filename[len-1] == '/')
2040 + return(XpmOpenFailed);
2041 if ((len > 2) && !strcmp(".Z", filename + (len - 2))) {
2042 mdata->type = XPMPIPE;
2043 - sprintf(buf, "uncompress -c \"%s\"", filename);
2044 - if (!(mdata->stream.file = popen(buf, "r")))
2045 + snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename);
2046 + if (!(mdata->stream.file = Xpms_popen(buf, "r")))
2047 return (XpmOpenFailed);
2048
2049 } else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) {
2050 mdata->type = XPMPIPE;
2051 - sprintf(buf, "gunzip -qc \"%s\"", filename);
2052 - if (!(mdata->stream.file = popen(buf, "r")))
2053 + snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename);
2054 + if (!(mdata->stream.file = Xpms_popen(buf, "r")))
2055 return (XpmOpenFailed);
2056
2057 } else {
2058 @@ -162,19 +174,19 @@
2059 if (!(compressfile = (char *) XpmMalloc(len + 4)))
2060 return (XpmNoMemory);
2061
2062 - sprintf(compressfile, "%s.Z", filename);
2063 + snprintf(compressfile, len+4, "%s.Z", filename);
2064 if (!stat(compressfile, &status)) {
2065 - sprintf(buf, "uncompress -c \"%s\"", compressfile);
2066 - if (!(mdata->stream.file = popen(buf, "r"))) {
2067 + snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile);
2068 + if (!(mdata->stream.file = Xpms_popen(buf, "r"))) {
2069 XpmFree(compressfile);
2070 return (XpmOpenFailed);
2071 }
2072 mdata->type = XPMPIPE;
2073 } else {
2074 - sprintf(compressfile, "%s.gz", filename);
2075 + snprintf(compressfile, len+4, "%s.gz", filename);
2076 if (!stat(compressfile, &status)) {
2077 - sprintf(buf, "gunzip -c \"%s\"", compressfile);
2078 - if (!(mdata->stream.file = popen(buf, "r"))) {
2079 + snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile);
2080 + if (!(mdata->stream.file = Xpms_popen(buf, "r"))) {
2081 XpmFree(compressfile);
2082 return (XpmOpenFailed);
2083 }
2084 @@ -216,7 +228,7 @@
2085 break;
2086 #ifndef NO_ZPIPE
2087 case XPMPIPE:
2088 - pclose(mdata->stream.file);
2089 + fclose(mdata->stream.file);
2090 break;
2091 #endif
2092 }
2093 diff -Nur lib/Xm/Xpmscan.c lib/Xm/Xpmscan.c
2094 --- lib/Xm/Xpmscan.c 2005-02-14 15:20:49.345039902 +0100
2095 +++ lib/Xm/Xpmscan.c 2005-02-14 14:48:52.388044300 +0100
2096 @@ -43,12 +43,14 @@
2097 #endif
2098
2099
2100 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2101 +
2102 #include "XpmI.h"
2103
2104 #define MAXPRINTABLE 92 /* number of printable ascii chars
2105 * minus \ and " for string compat
2106 * and ? to avoid ANSI trigraphs. */
2107 -
2108 + /* " */
2109 static char *printable =
2110 " .XoO+@#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZ\
2111 ASDFGHJKLPIUYTREWQ!~^/()_`'][{}|";
2112 @@ -163,12 +165,13 @@
2113 /* function call in case of error, frees only locally allocated variables */
2114 #undef RETURN
2115 #define RETURN(status) \
2116 +do \
2117 { \
2118 if (pmap.pixelindex) XpmFree(pmap.pixelindex); \
2119 if (pmap.pixels) XpmFree(pmap.pixels); \
2120 if (colorTable) xpmFreeColorTable(colorTable, pmap.ncolors); \
2121 return(status); \
2122 -}
2123 +} while(0)
2124
2125 /*
2126 * This function scans the given image and stores the found informations in
2127 @@ -226,15 +229,15 @@
2128 else
2129 cpp = 0;
2130
2131 - if ((height > 0 && width >= SIZE_MAX / height) ||
2132 - width * height >= SIZE_MAX / sizeof(unsigned int))
2133 + if ((height > 0 && width >= UINT_MAX / height) ||
2134 + width * height >= UINT_MAX / sizeof(unsigned int))
2135 RETURN(XpmNoMemory);
2136 pmap.pixelindex =
2137 (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
2138 if (!pmap.pixelindex)
2139 RETURN(XpmNoMemory);
2140
2141 - if (pmap.size >= SIZE_MAX / sizeof(Pixel))
2142 + if (pmap.size >= UINT_MAX / sizeof(Pixel))
2143 RETURN(XpmNoMemory);
2144
2145 pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
2146 @@ -292,7 +295,7 @@
2147 * color
2148 */
2149
2150 - if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
2151 + if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor))
2152 RETURN(XpmNoMemory);
2153 colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
2154 if (!colorTable)
2155 @@ -341,7 +344,7 @@
2156
2157 /* first get a character string */
2158 a = 0;
2159 - if (cpp >= SIZE_MAX - 1)
2160 + if (cpp >= UINT_MAX - 1)
2161 return (XpmNoMemory);
2162 if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
2163 return (XpmNoMemory);
2164 @@ -434,7 +437,7 @@
2165 }
2166
2167 /* first get character strings and rgb values */
2168 - if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
2169 + if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1)
2170 return (XpmNoMemory);
2171 xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
2172 if (!xcolors)
2173 @@ -591,7 +594,7 @@
2174 char *dst;
2175 unsigned int *iptr;
2176 char *data;
2177 - int x, y, i;
2178 + unsigned int x, y, i;
2179 int bits, depth, ibu, ibpp, offset;
2180 unsigned long lbt;
2181 Pixel pixel, px;
2182 @@ -693,7 +696,7 @@
2183 unsigned char *addr;
2184 unsigned char *data;
2185 unsigned int *iptr;
2186 - int x, y;
2187 + unsigned int x, y;
2188 unsigned long lbt;
2189 Pixel pixel;
2190 int depth;
2191 @@ -758,7 +761,7 @@
2192 unsigned char *addr;
2193 unsigned char *data;
2194 unsigned int *iptr;
2195 - int x, y;
2196 + unsigned int x, y;
2197 unsigned long lbt;
2198 Pixel pixel;
2199 int depth;
2200 @@ -803,7 +806,7 @@
2201 {
2202 unsigned int *iptr;
2203 unsigned char *data;
2204 - int x, y;
2205 + unsigned int x, y;
2206 unsigned long lbt;
2207 Pixel pixel;
2208 int depth;
2209 @@ -836,7 +839,7 @@
2210 int (*storeFunc) ();
2211 {
2212 unsigned int *iptr;
2213 - int x, y;
2214 + unsigned int x, y;
2215 char *data;
2216 Pixel pixel;
2217 int xoff, yoff, offset, bpl;
2218 diff -Nur lib/Xm/XpmWrFFrBuf.c lib/Xm/XpmWrFFrBuf.c
2219 --- lib/Xm/XpmWrFFrBuf.c 2002-01-10 21:57:08.000000000 +0100
2220 +++ lib/Xm/XpmWrFFrBuf.c 2005-02-14 14:24:12.906326601 +0100
2221 @@ -38,6 +38,8 @@
2222 #endif
2223
2224
2225 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2226 +
2227 #include "XpmI.h"
2228
2229 int
2230 @@ -55,7 +57,7 @@
2231 fcheck = fwrite(buffer, len, 1, fp);
2232 fclose(fp);
2233 if (fcheck != 1)
2234 - return XpmOpenFailed;
2235 + return XpmOpenFailed; /* maybe use a better return value */
2236
2237 return XpmSuccess;
2238 }
2239 diff -Nur lib/Xm/XpmWrFFrI.c lib/Xm/XpmWrFFrI.c
2240 --- lib/Xm/XpmWrFFrI.c 2005-02-14 15:20:49.343040299 +0100
2241 +++ lib/Xm/XpmWrFFrI.c 2005-02-14 14:50:25.766533589 +0100
2242 @@ -38,6 +38,8 @@
2243 #endif
2244
2245
2246 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2247 +
2248 #include "XpmI.h"
2249 #if !defined(NO_ZPIPE) && defined(WIN32)
2250 # define popen _popen
2251 @@ -98,7 +100,7 @@
2252 XpmInfo *info;
2253 {
2254 xpmData mdata;
2255 - char *name, *dot, *s, new_name[BUFSIZ];
2256 + char *name, *dot, *s, new_name[BUFSIZ] = {0};
2257 int ErrorStatus;
2258
2259 /* open file to write */
2260 @@ -117,6 +119,8 @@
2261 #endif
2262 /* let's try to make a valid C syntax name */
2263 if ((dot = index(name, '.'))) {
2264 + strncpy(new_name, name, sizeof(new_name));
2265 + new_name[sizeof(new_name)-1] = 0;
2266 strcpy(new_name, name);
2267 /* change '.' to '_' */
2268 name = s = new_name;
2269 @@ -127,7 +131,8 @@
2270 }
2271 if ((dot = index(name, '-'))) {
2272 if (name != new_name) {
2273 - strcpy(new_name, name);
2274 + strncpy(new_name, name, sizeof(new_name));
2275 + new_name[sizeof(new_name)-1] = 0;
2276 name = new_name;
2277 }
2278 /* change '-' to '_' */
2279 @@ -244,7 +249,7 @@
2280 unsigned int x, y, h;
2281
2282 h = height - 1;
2283 - if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
2284 + if (cpp != 0 && width >= (UINT_MAX - 3)/cpp)
2285 return (XpmNoMemory);
2286 p = buf = (char *) XpmMalloc(width * cpp + 3);
2287 if (!buf)
2288 @@ -296,6 +301,11 @@
2289 /*
2290 * open the given file to be written as an xpmData which is returned
2291 */
2292 +#ifndef NO_ZPIPE
2293 + FILE *Xpms_popen(char *cmd, const char *type);
2294 +#else
2295 +# define Xpms_popen popen
2296 +#endif
2297 static int
2298 OpenWriteFile(filename, mdata)
2299 char *filename;
2300 @@ -311,16 +321,23 @@
2301 mdata->type = XPMFILE;
2302 } else {
2303 #ifndef NO_ZPIPE
2304 - int len = strlen(filename);
2305 + size_t len = strlen(filename);
2306 +
2307 + if(len == 0 ||
2308 + filename[0] == '/' ||
2309 + strstr(filename, "../") != NULL ||
2310 + filename[len-1] == '/')
2311 + return(XpmOpenFailed);
2312 +
2313 if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
2314 - sprintf(buf, "compress > \"%s\"", filename);
2315 - if (!(mdata->stream.file = popen(buf, "w")))
2316 + snprintf(buf, sizeof(buf), "compress > \"%s\"", filename);
2317 + if (!(mdata->stream.file = Xpms_popen(buf, "w")))
2318 return (XpmOpenFailed);
2319
2320 mdata->type = XPMPIPE;
2321 } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
2322 - sprintf(buf, "gzip -q > \"%s\"", filename);
2323 - if (!(mdata->stream.file = popen(buf, "w")))
2324 + snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename);
2325 + if (!(mdata->stream.file = Xpms_popen(buf, "w")))
2326 return (XpmOpenFailed);
2327
2328 mdata->type = XPMPIPE;
2329 @@ -351,7 +368,7 @@
2330 break;
2331 #ifndef NO_ZPIPE
2332 case XPMPIPE:
2333 - pclose(mdata->stream.file);
2334 + fclose(mdata->stream.file);
2335 break;
2336 #endif
2337 }
2338
2339
2340
2341 1.1 src/patchsets/openmotif/2.2.3/04_all_CAN-2004-0914_sec8.patch
2342
2343 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&view=markup
2344 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&content-type=text/plain
2345
2346 Index: 04_all_CAN-2004-0914_sec8.patch
2347 ===================================================================
2348 --- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0914_sec8 2004-11-29 15:04:10.105373839 +0100
2349 +++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-11-29 15:04:10.150367679 +0100
2350 @@ -322,10 +322,7 @@
2351 #ifndef NO_ZPIPE
2352 size_t len = strlen(filename);
2353
2354 - if(len == 0 ||
2355 - filename[0] == '/' ||
2356 - strstr(filename, "../") != NULL ||
2357 - filename[len-1] == '/')
2358 + if(len == 0)
2359 return(XpmOpenFailed);
2360
2361 if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
2362
2363
2364
2365 1.1 src/patchsets/openmotif/2.2.3/05_all_char_not_supported.patch
2366
2367 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/05_all_char_not_supported.patch?rev=1.1&view=markup
2368 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/05_all_char_not_supported.patch?rev=1.1&content-type=text/plain
2369
2370 Index: 05_all_char_not_supported.patch
2371 ===================================================================
2372 --- openMotif-2.2.3/lib/Xm/TextF.c.char_not_supported 2004-06-03 12:59:10.241822710 +0200
2373 +++ openMotif-2.2.3/lib/Xm/TextF.c 2004-06-03 13:02:18.987890852 +0200
2374 @@ -3723,20 +3723,17 @@
2375 cache_ptr = tmp = XmStackAlloc(buf_size, cache);
2376
2377 tmp_str = (wchar_t *)str;
2378 - ret_val = wctomb(tmp, *tmp_str);
2379 + // Fixed MZ BZ#1257: by Brad Despres <brad@××××××××.com>
2380 count = 0;
2381 - while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) )
2382 - {
2383 - count += 1;
2384 - tmp += ret_val;
2385 - buf_size -= ret_val;
2386 - tmp_str++;
2387 - ret_val = wctomb(tmp, *tmp_str);
2388 - }
2389 -
2390 + do {
2391 + ret_val = wctomb(tmp, *tmp_str);
2392 + count += 1;
2393 + tmp += ret_val;
2394 + buf_size -= ret_val;
2395 + tmp_str++;
2396 + } while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) ;
2397 if (ret_val == -1) /* bad character */
2398 return (False);
2399 -
2400 is_printable = XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr);
2401 XmStackFree(cache_ptr, cache);
2402 return (is_printable);
2403
2404
2405
2406 1.1 src/patchsets/openmotif/2.2.3/06_all_pixel_length.patch
2407
2408 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/06_all_pixel_length.patch?rev=1.1&view=markup
2409 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/06_all_pixel_length.patch?rev=1.1&content-type=text/plain
2410
2411 Index: 06_all_pixel_length.patch
2412 ===================================================================
2413 --- openMotif-2.2.3/lib/Xm/DataF.c.pixel_length 2004-06-03 15:11:52.932820812 +0200
2414 +++ openMotif-2.2.3/lib/Xm/DataF.c 2004-06-03 15:12:27.323091126 +0200
2415 @@ -8648,7 +8648,7 @@
2416 curr_str++;
2417 i++;
2418 } else {
2419 - wchar_t tmp;
2420 + wchar_t tmp[XmTextF_max_char_size(tf)+1];
2421 int num_conv;
2422 num_conv = mbtowc(&tmp, curr_str, XmTextF_max_char_size(tf));
2423 if (num_conv >= 0 && df_FindPixelLength(tf, (char*) &tmp, 1)) {
2424
2425
2426
2427 1.1 src/patchsets/openmotif/2.2.3/07_all_popup_timeout.patch
2428
2429 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/07_all_popup_timeout.patch?rev=1.1&view=markup
2430 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/07_all_popup_timeout.patch?rev=1.1&content-type=text/plain
2431
2432 Index: 07_all_popup_timeout.patch
2433 ===================================================================
2434 --- openMotif-2.2.3/lib/Xm/MenuUtil.c.popup_timeout 2002-01-31 15:49:35.000000000 +0100
2435 +++ openMotif-2.2.3/lib/Xm/MenuUtil.c 2004-06-08 17:14:46.311285603 +0200
2436 @@ -156,6 +156,9 @@
2437 cursor, time)) == GrabSuccess)
2438 break;
2439
2440 + if (status == GrabInvalidTime)
2441 + time = CurrentTime;
2442 +
2443 XmeMicroSleep(1000);
2444 }
2445 if (status != GrabSuccess)
2446
2447
2448
2449 1.1 src/patchsets/openmotif/2.2.3/08_all_XmResizeHashTable.patch
2450
2451 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&view=markup
2452 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&content-type=text/plain
2453
2454 Index: 08_all_XmResizeHashTable.patch
2455 ===================================================================
2456 --- lib/Xm/Hash.c
2457 +++ lib/Xm/Hash.c
2458 @@ -198,6 +198,8 @@
2459 } else {
2460 table -> buckets[index] = current;
2461 }
2462 + } else {
2463 + last = current;
2464 }
2465 current = next;
2466 }
2467
2468
2469
2470 1.1 src/patchsets/openmotif/2.2.3/09_all_utf8.patch
2471
2472 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/09_all_utf8.patch?rev=1.1&view=markup
2473 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/09_all_utf8.patch?rev=1.1&content-type=text/plain
2474
2475 Index: 09_all_utf8.patch
2476 ===================================================================
2477 --- openMotif-2.2.3/tools/wml/UilSymCSet.h.utf8 2004-03-04 17:41:48.000000000 +0100
2478 +++ openMotif-2.2.3/tools/wml/UilSymCSet.h 2004-03-17 12:54:23.000000000 +0100
2479 @@ -32,6 +32,7 @@
2480 "JISX0201.1976-0", /* jis_katakana */
2481 "KSC5601.1987-0", /* ksc_hangul */
2482 "KSC5601.1987-1", /* ksc_hangul_gr */
2483 + "UTF-8", /* utf-8 */
2484 };
2485 externaldef(uil_sym_glbl) char **charset_xmstring_names_table =
2486 charset_xmstring_names_table_vec;
2487 @@ -66,6 +67,7 @@
2488 XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */
2489 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */
2490 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */
2491 + XmSTRING_DIRECTION_L_TO_R, /* utf-8 */
2492 };
2493 externaldef(uil_sym_glbl) unsigned char *charset_writing_direction_table =
2494 charset_wrdirection_table_vec;
2495 @@ -100,6 +102,7 @@
2496 XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */
2497 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */
2498 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */
2499 + XmSTRING_DIRECTION_L_TO_R, /* utf-8 */
2500 };
2501 externaldef(uil_sym_glbl) unsigned char *charset_parsing_direction_table =
2502 charset_parsdirection_table_vec;
2503 @@ -134,6 +137,7 @@
2504 sym_k_onebyte_charsize, /* jis_katakana */
2505 sym_k_twobyte_charsize, /* ksc_hangul */
2506 sym_k_twobyte_charsize, /* ksc_hangul_gr */
2507 + sym_k_onebyte_charsize, /* utf-8 */
2508 };
2509 externaldef(uil_sym_glbl) unsigned char *charset_character_size_table =
2510 charset_charsize_table_vec;
2511 @@ -215,6 +219,7 @@
2512 "KSC_HANGUL_GL", /* ksc_hangul */
2513 "KSC_HANGUL_GR", /* ksc_hangul_gr */
2514 "KSC5601.1987-1", /* ksc_hangul_gr */
2515 + "UTF-8", /* utf-8 */
2516 };
2517 externaldef(uil_sym_glbl) char **charset_lang_names_table =
2518 charset_lang_names_table_vec;
2519 @@ -295,10 +300,11 @@
2520 sym_k_ksc_hangul_charset,
2521 sym_k_ksc_hangul_gr_charset,
2522 sym_k_ksc_hangul_gr_charset,
2523 + sym_k_utf8_charset,
2524 };
2525 externaldef(uil_sym_glbl) unsigned short int *charset_lang_codes_table =
2526 charset_lang_codes_table_vec;
2527 /*
2528 * The number of entries in charset_lang_..._table tables
2529 */
2530 -externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 72;
2531 +externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 73;
2532 --- openMotif-2.2.3/tools/wml/UilSymGen.h.utf8 2004-03-04 17:41:48.000000000 +0100
2533 +++ openMotif-2.2.3/tools/wml/UilSymGen.h 2004-03-17 12:54:23.000000000 +0100
2534 @@ -1417,6 +1417,7 @@
2535 #define sym_k_jis_katakana_charset 21
2536 #define sym_k_ksc_hangul_charset 22
2537 #define sym_k_ksc_hangul_gr_charset 23
2538 +#define sym_k_utf8_charset 24
2539
2540 /* Define literals for automatic children */
2541
2542 --- openMotif-2.2.3/tools/wml/motif.wml.utf8 2003-10-08 23:07:47.000000000 +0200
2543 +++ openMotif-2.2.3/tools/wml/motif.wml 2004-03-17 12:56:09.000000000 +0100
2544 @@ -163,6 +163,9 @@
2545 ksc_hangul_gr
2546 { XmStringCharsetName = "KSC5601.1987-1";
2547 CharacterSize = TwoByte; };
2548 + utf8
2549 + { XmStringCharsetName = "UTF-8"; };
2550 +
2551 XmFONTLIST_DEFAULT_TAG
2552 { FontListElementTag = XmFONTLIST_DEFAULT_TAG; };
2553
2554
2555
2556
2557 1.1 src/patchsets/openmotif/2.2.3/10_all_no_demos.patch
2558
2559 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/10_all_no_demos.patch?rev=1.1&view=markup
2560 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/10_all_no_demos.patch?rev=1.1&content-type=text/plain
2561
2562 Index: 10_all_no_demos.patch
2563 ===================================================================
2564 --- openmotif/configure.in.no_demos 2003-09-19 18:40:33.000000000 +0200
2565 +++ openmotif/configure.in 2003-12-16 12:16:33.000000000 +0100
2566 @@ -259,88 +259,4 @@
2567 doc/man/man5/Makefile \
2568 tools/Makefile \
2569 tools/wml/Makefile \
2570 -demos/Makefile \
2571 -demos/lib/Makefile \
2572 -demos/lib/Xmd/Makefile \
2573 -demos/lib/Wsm/Makefile \
2574 -demos/lib/Exm/Makefile \
2575 -demos/lib/Exm/wml/Makefile \
2576 -demos/programs/Makefile \
2577 -demos/programs/Exm/Makefile \
2578 -demos/programs/Exm/app_in_c/Makefile \
2579 -demos/programs/Exm/app_in_uil/Makefile \
2580 -demos/programs/Exm/simple_app/Makefile \
2581 -demos/programs/airport/Makefile \
2582 -demos/programs/animate/Makefile \
2583 -demos/programs/drag_and_drop/Makefile \
2584 -demos/programs/draw/Makefile \
2585 -demos/programs/earth/Makefile \
2586 -demos/programs/filemanager/Makefile \
2587 -demos/programs/fileview/Makefile \
2588 -demos/programs/getsubres/Makefile \
2589 -demos/programs/hellomotif/Makefile \
2590 -demos/programs/hellomotifi18n/Makefile \
2591 -demos/programs/hellomotifi18n/C/Makefile \
2592 -demos/programs/hellomotifi18n/C/uid/Makefile \
2593 -demos/programs/hellomotifi18n/english/Makefile \
2594 -demos/programs/hellomotifi18n/english/uid/Makefile \
2595 -demos/programs/hellomotifi18n/french/Makefile \
2596 -demos/programs/hellomotifi18n/french/uid/Makefile \
2597 -demos/programs/hellomotifi18n/hebrew/Makefile \
2598 -demos/programs/hellomotifi18n/hebrew/uid/Makefile \
2599 -demos/programs/hellomotifi18n/japan/Makefile \
2600 -demos/programs/hellomotifi18n/japan/uid/Makefile \
2601 -demos/programs/hellomotifi18n/japanese/Makefile \
2602 -demos/programs/hellomotifi18n/japanese/uid/Makefile \
2603 -demos/programs/hellomotifi18n/swedish/Makefile \
2604 -demos/programs/hellomotifi18n/swedish/uid/Makefile \
2605 -demos/programs/i18ninput/Makefile \
2606 -demos/programs/panner/Makefile \
2607 -demos/programs/periodic/Makefile \
2608 -demos/programs/piano/Makefile \
2609 -demos/programs/popups/Makefile \
2610 -demos/programs/sampler2_0/Makefile \
2611 -demos/programs/setdate/Makefile \
2612 -demos/programs/todo/Makefile \
2613 -demos/programs/workspace/Makefile \
2614 -demos/programs/tooltips/Makefile \
2615 -demos/programs/FontSel/Makefile \
2616 -demos/programs/ButtonBox/Makefile \
2617 -demos/programs/ColorSel/Makefile \
2618 -demos/programs/Column/Makefile \
2619 -demos/programs/DropDown/Makefile \
2620 -demos/programs/MultiList/Makefile \
2621 -demos/programs/MultiList/pixmaps/Makefile \
2622 -demos/programs/IconB/Makefile \
2623 -demos/programs/Outline/Makefile \
2624 -demos/programs/Paned/Makefile \
2625 -demos/programs/TabStack/Makefile \
2626 -demos/programs/Tree/Makefile \
2627 -demos/programs/pixmaps/Makefile \
2628 -demos/unsupported/Makefile \
2629 -demos/unsupported/Exm/Makefile \
2630 -demos/unsupported/aicon/Makefile \
2631 -demos/unsupported/dainput/Makefile \
2632 -demos/unsupported/dogs/Makefile \
2633 -demos/unsupported/hellomotif/Makefile \
2634 -demos/unsupported/motifshell/Makefile \
2635 -demos/unsupported/uilsymdump/Makefile \
2636 -demos/unsupported/xmapdef/Makefile \
2637 -demos/unsupported/xmfonts/Makefile \
2638 -demos/unsupported/xmforc/Makefile \
2639 -demos/unsupported/xmform/Makefile \
2640 -demos/doc/Makefile \
2641 -demos/doc/programGuide/Makefile \
2642 -demos/doc/programGuide/ch05/Makefile \
2643 -demos/doc/programGuide/ch05/Scale/Makefile \
2644 -demos/doc/programGuide/ch06/Makefile \
2645 -demos/doc/programGuide/ch06/spin_box/Makefile \
2646 -demos/doc/programGuide/ch06/combo_box/Makefile \
2647 -demos/doc/programGuide/ch08/Makefile \
2648 -demos/doc/programGuide/ch08/Notebook/Makefile \
2649 -demos/doc/programGuide/ch08/Container/Makefile \
2650 -demos/doc/programGuide/ch16/Makefile \
2651 -demos/doc/programGuide/ch17/Makefile \
2652 -demos/doc/programGuide/ch17/simple_drop/Makefile \
2653 -demos/doc/programGuide/ch17/simple_drag/Makefile \
2654 ])
2655 --- openmotif/Makefile.am.no_demos 2003-12-16 12:17:02.000000000 +0100
2656 +++ openmotif/Makefile.am 2003-12-16 12:17:03.000000000 +0100
2657 @@ -28,6 +28,5 @@
2658 include \
2659 tools \
2660 clients \
2661 - doc \
2662 - demos
2663 + doc
2664 AUTOMAKE_OPTIONS = 1.4
2665
2666
2667
2668 1.1 src/patchsets/openmotif/2.2.3/11_all_CAN-2005-0605.patch
2669
2670 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&view=markup
2671 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&content-type=text/plain
2672
2673 Index: 11_all_CAN-2005-0605.patch
2674 ===================================================================
2675 --- lib/Xm/Xpmscan.c.orig 2005-03-02 17:00:16.415070960 +0100
2676 +++ lib/Xm/Xpmscan.c 2005-03-02 17:01:38.949709879 +0100
2677 @@ -672,8 +672,8 @@
2678 char *dst;
2679 unsigned int *iptr;
2680 char *data;
2681 - unsigned int x, y, i;
2682 - int bits, depth, ibu, ibpp, offset;
2683 + unsigned int x, y;
2684 + int bits, depth, ibu, ibpp, offset, i;
2685 unsigned long lbt;
2686 Pixel pixel, px;
2687
2688 @@ -684,6 +684,9 @@
2689 ibpp = image->bits_per_pixel;
2690 offset = image->xoffset;
2691
2692 + if (image->bitmap_unit < 0)
2693 + return (XpmNoMemory);
2694 +
2695 if ((image->bits_per_pixel | image->depth) == 1) {
2696 ibu = image->bitmap_unit;
2697 for (y = 0; y < height; y++)
2698 --- lib/Xm/Xpmcreate.c.orig 2005-03-02 17:02:00.626412844 +0100
2699 +++ lib/Xm/Xpmcreate.c 2005-03-02 17:02:35.183562480 +0100
2700 @@ -1265,10 +1265,10 @@
2701 register char *src;
2702 register char *dst;
2703 register unsigned int *iptr;
2704 - register unsigned int x, y, i;
2705 + register unsigned int x, y;
2706 register char *data;
2707 Pixel pixel, px;
2708 - int nbytes, depth, ibu, ibpp;
2709 + int nbytes, depth, ibu, ibpp, i;
2710
2711 data = image->data;
2712 iptr = pixelindex;
2713
2714
2715
2716 1.1 src/patchsets/openmotif/2.2.3/12_all_uil.patch
2717
2718 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/12_all_uil.patch?rev=1.1&view=markup
2719 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/12_all_uil.patch?rev=1.1&content-type=text/plain
2720
2721 Index: 12_all_uil.patch
2722 ===================================================================
2723 --- openMotif-2.2.3/lib/Mrm/Mrmhier.c.UIL 2002-01-11 14:56:24.000000000 +0100
2724 +++ openMotif-2.2.3/lib/Mrm/Mrmhier.c 2005-12-31 07:42:31.485196184 +0100
2725 @@ -712,7 +712,7 @@
2726 * Local variables
2727 */
2728 Cardinal result; /* function results */
2729 - char dummy[300]; /* file name (unused) */
2730 + char *dummy; /* file name (unused) */
2731 char err_stg[300];
2732
2733 /*
2734 @@ -764,11 +764,13 @@
2735
2736 if (resolvedname == 0)
2737 {
2738 - sprintf (err_stg, _MrmMMsg_0031, name) ;
2739 + snprintf (err_stg, 300, _MrmMMsg_0031, name) ;
2740 return Urm__UT_Error ("I18NOpenFile", err_stg, NULL, NULL, MrmNOT_FOUND);
2741 }
2742
2743 + dummy = XtMalloc(strlen(resolvedname)+1);
2744 result = UrmIdbOpenFileRead (resolvedname, os_ext, file_id_return, dummy) ;
2745 + XtFree(dummy);
2746 switch ( result )
2747 {
2748 case MrmSUCCESS:
2749 --- openMotif-2.2.3/clients/uil/UilIODef.h.UIL 2002-01-04 22:13:33.000000000 +0100
2750 +++ openMotif-2.2.3/clients/uil/UilIODef.h 2005-12-31 07:42:15.129682600 +0100
2751 @@ -69,13 +69,18 @@
2752 #define NULL 0L
2753 #endif
2754
2755 +#include <X11/Xos.h>
2756 +#ifndef PATH_MAX
2757 +# define PATH_MAX 256
2758 +#endif
2759 +
2760 typedef struct
2761 {
2762 FILE *az_file_ptr;
2763 char *c_buffer;
2764 boolean v_position_before_get;
2765 z_key last_key;
2766 - char expanded_name[ 256 ];
2767 + char expanded_name[ PATH_MAX ];
2768 } uil_fcb_type;
2769
2770 #endif /* UilIODef_h */
2771 --- openMotif-2.2.3/clients/uil/UilLstLst.c.UIL 2002-01-10 21:55:43.000000000 +0100
2772 +++ openMotif-2.2.3/clients/uil/UilLstLst.c 2005-12-31 07:42:19.447026264 +0100
2773 @@ -164,7 +164,7 @@
2774 lst_l_page_no = 0;
2775 lst_v_listing_open = TRUE;
2776
2777 - sprintf(lst_c_title1,
2778 + snprintf(lst_c_title1, 132,
2779 "%s %s \t%s\t\t Page ",
2780 _host_compiler, _compiler_version,
2781 current_time(&ctime_buf));
2782 @@ -270,6 +270,17 @@
2783 {
2784 /* place the file name in the expanded_name buffer */
2785
2786 + if (strlen(Uil_cmd_z_command.ac_listing_file) >= PATH_MAX)
2787 + {
2788 + char *p;
2789 + int len=0;
2790 + if((p = rindex(Uil_cmd_z_command.ac_listing_file, '/')) != NULL)
2791 + len = strlen(++p);
2792 + if(p == NULL || len >= PATH_MAX)
2793 + p = "<unknown>";
2794 + strcpy(az_fcb->expanded_name, p);
2795 + return src_k_open_error;
2796 + }
2797 strcpy(az_fcb->expanded_name, Uil_cmd_z_command.ac_listing_file);
2798
2799 /* open the file */
2800 @@ -529,7 +540,7 @@
2801 char buffer [132];
2802
2803 az_fcb = src_az_source_file_table [i];
2804 - sprintf (buffer,
2805 + snprintf (buffer, 132,
2806 " File (%d) %s",
2807 i, az_fcb->expanded_name );
2808 lst_output_line( buffer, FALSE );
2809 @@ -598,7 +609,7 @@
2810 }
2811
2812
2813 - sprintf(buffer, "%s (%d) %s",
2814 + snprintf(buffer, 132, "%s (%d) %s",
2815 diag_get_message_abbrev( az_msg->l_message_number ),
2816 msg_no,
2817 az_msg->c_text);
2818 --- openMotif-2.2.3/clients/uil/UilP2Out.c.UIL 2002-01-10 21:55:44.000000000 +0100
2819 +++ openMotif-2.2.3/clients/uil/UilP2Out.c 2005-12-31 07:42:23.022482712 +0100
2820 @@ -189,7 +189,7 @@
2821 int topmost_index;
2822 struct
2823 { MrmOsOpenParam os_param;
2824 - char result_file[256];
2825 + char result_file[PATH_MAX];
2826 } uid_fcb;
2827
2828
2829 @@ -234,15 +234,20 @@
2830 if (sym_az_module_entry->az_version != NULL)
2831 module_version = sym_az_module_entry->az_version->value.c_value;
2832
2833 - urm_status = UrmIdbOpenFileWrite
2834 - ( Uil_cmd_z_command.ac_resource_file,
2835 - & uid_fcb.os_param,
2836 - _host_compiler,
2837 - _compiler_version,
2838 - module_name,
2839 - module_version,
2840 - &out_az_idbfile_id,
2841 - uid_fcb.result_file );
2842 + if (strlen(Uil_cmd_z_command.ac_resource_file) < PATH_MAX)
2843 + {
2844 + urm_status = UrmIdbOpenFileWrite
2845 + ( Uil_cmd_z_command.ac_resource_file,
2846 + & uid_fcb.os_param,
2847 + _host_compiler,
2848 + _compiler_version,
2849 + module_name,
2850 + module_version,
2851 + &out_az_idbfile_id,
2852 + uid_fcb.result_file );
2853 + } else {
2854 + urm_status = MrmFAILURE;
2855 + }
2856
2857 if (urm_status != MrmSUCCESS)
2858 {
2859 @@ -2961,7 +2966,7 @@
2860 {
2861 char buffer[132];
2862
2863 - sprintf(buffer, "while %s encountered %s",
2864 + snprintf(buffer, 132, "while %s encountered %s",
2865 problem,
2866 Urm__UT_LatestErrorMessage());
2867
2868 --- openMotif-2.2.3/clients/uil/UilSrcSrc.c.UIL 2002-01-10 21:55:47.000000000 +0100
2869 +++ openMotif-2.2.3/clients/uil/UilSrcSrc.c 2005-12-31 07:42:27.176851152 +0100
2870 @@ -626,11 +626,15 @@
2871 static unsigned short main_dir_len = 0;
2872 boolean main_file;
2873 int i; /* loop index through include files */
2874 - char buffer[256];
2875 + char buffer[PATH_MAX];
2876 + int c_file_name_len;
2877
2878 + az_fcb->az_file_ptr = NULL;
2879 + c_file_name_len = strlen(c_file_name);
2880
2881 /* place the file name in the expanded_name buffer */
2882 -
2883 + if(c_file_name_len >= PATH_MAX)
2884 + return src_k_open_error;
2885 strcpy(buffer, c_file_name);
2886
2887 /* Determine if this is the main file or an include file. */
2888 @@ -644,7 +648,7 @@
2889
2890 /* Save the directory info for the main file. */
2891
2892 - for (len = strlen (c_file_name),
2893 + for (len = c_file_name_len,
2894 ptr = & c_file_name [len - 1];
2895 len > 0; len--, ptr--) {
2896 if ((* ptr) == '/') {
2897 @@ -673,9 +677,11 @@
2898 }
2899
2900 if (!specific_directory) {
2901 + if (main_dir_len + c_file_name_len >= PATH_MAX)
2902 + goto open_label;
2903 _move (buffer, main_fcb -> expanded_name, main_dir_len);
2904 _move (& buffer [main_dir_len],
2905 - c_file_name, strlen (c_file_name) + 1); /* + NULL */
2906 + c_file_name, c_file_name_len + 1); /* + NULL */
2907 } else {
2908 strcpy (buffer, c_file_name);
2909 }
2910 @@ -695,16 +701,22 @@
2911
2912 for (i = 0; i < Uil_cmd_z_command.include_dir_count; i++) {
2913 int inc_dir_len;
2914 + int need_slash=0;
2915
2916 inc_dir_len = strlen (Uil_cmd_z_command.ac_include_dir[i]);
2917 if (inc_dir_len == 0) {
2918 search_user_include = False;
2919 }
2920 + if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/')
2921 + need_slash=1;
2922 + if (inc_dir_len + need_slash + c_file_name_len >= PATH_MAX)
2923 + goto open_label;
2924 +
2925 _move (buffer, Uil_cmd_z_command.ac_include_dir[i], inc_dir_len);
2926
2927 /* Add '/' if not specified at end of directory */
2928
2929 - if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') {
2930 + if (need_slash) {
2931 buffer [inc_dir_len] = '/';
2932 inc_dir_len++;
2933 };
2934 @@ -723,9 +735,11 @@
2935
2936 /* Look in the default include directory. */
2937 if (search_user_include) {
2938 + if (sizeof(c_include_dir)-1 + c_file_name_len >= PATH_MAX)
2939 + goto open_label;
2940 _move(buffer, c_include_dir, sizeof c_include_dir - 1); /* no NULL */
2941 _move(&buffer[sizeof c_include_dir - 1],
2942 - c_file_name, strlen (c_file_name) + 1); /* + NULL */
2943 + c_file_name, c_file_name_len + 1); /* + NULL */
2944
2945 /* Open the include file. */
2946 az_fcb->az_file_ptr = fopen (buffer, "r");
2947 --- openMotif-2.2.3/clients/uil/UilSarMod.c.UIL 2002-01-10 21:55:45.000000000 +0100
2948 +++ openMotif-2.2.3/clients/uil/UilSarMod.c 2005-12-31 07:42:35.593571616 +0100
2949 @@ -379,7 +379,7 @@
2950 */
2951
2952 if (Uil_cmd_z_command.v_listing_file)
2953 - sprintf(Uil_lst_c_title2,
2954 + snprintf(Uil_lst_c_title2, 132,
2955 "Module: %s",
2956 name_entry->c_text );
2957
2958 @@ -479,7 +479,7 @@
2959 */
2960
2961 if (Uil_cmd_z_command.v_listing_file)
2962 - sprintf(Uil_lst_c_title2,
2963 + snprintf(Uil_lst_c_title2, 132,
2964 "Module: %s \t Version: %s",
2965 sym_az_module_entry->obj_header.az_name->c_text,
2966 value_entry->value.c_value );
2967 --- openMotif-2.2.3/clients/uil/UilDiags.c.UIL 2002-01-10 21:55:42.000000000 +0100
2968 +++ openMotif-2.2.3/clients/uil/UilDiags.c 2005-12-31 07:42:39.273012256 +0100
2969 @@ -293,12 +293,12 @@
2970 va_start(ap, l_start_column);
2971
2972 #ifndef NO_MESSAGE_CATALOG
2973 - vsprintf( msg_buffer,
2974 + vsnprintf( msg_buffer, 132,
2975 catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ],
2976 diag_rz_msg_table[ message_number ].ac_text),
2977 ap );
2978 #else
2979 - vsprintf( msg_buffer,
2980 + vsnprintf( msg_buffer, 132,
2981 diag_rz_msg_table[ message_number ].ac_text,
2982 ap );
2983 #endif
2984 @@ -317,13 +317,13 @@
2985 */
2986
2987 #ifndef NO_MESSAGE_CATALOG
2988 - sprintf( loc_buffer,
2989 + snprintf( loc_buffer, 132,
2990 catgets(uil_catd, UIL_SET_MISC,
2991 UIL_MISC_0, "\t\t line: %d file: %s"),
2992 az_src_rec->w_line_number,
2993 src_get_file_name( az_src_rec ) );
2994 #else
2995 - sprintf( loc_buffer,
2996 + snprintf( loc_buffer, 132,
2997 "\t\t line: %d file: %s",
2998 az_src_rec->w_line_number,
2999 src_get_file_name( az_src_rec ) );
3000 @@ -371,7 +371,7 @@
3001
3002 if (l_start_column != diag_k_no_column)
3003 #ifndef NO_MESSAGE_CATALOG
3004 - sprintf(loc_buffer,
3005 + snprintf(loc_buffer, 132,
3006 catgets(uil_catd, UIL_SET_MISC,
3007 UIL_MISC_1,
3008 "\t\t line: %d position: %d file: %s"),
3009 @@ -379,7 +379,7 @@
3010 l_start_column + 1,
3011 src_get_file_name( az_src_rec ) );
3012 #else
3013 - sprintf(loc_buffer,
3014 + snprintf(loc_buffer, 132,
3015 "\t\t line: %d position: %d file: %s",
3016 az_src_rec->w_line_number,
3017 l_start_column + 1,
3018 @@ -387,13 +387,13 @@
3019 #endif
3020 else
3021 #ifndef NO_MESSAGE_CATALOG
3022 - sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC,
3023 + snprintf( loc_buffer, 132, catgets(uil_catd, UIL_SET_MISC,
3024 UIL_MISC_0,
3025 "\t\t line: %d file: %s"),
3026 az_src_rec->w_line_number,
3027 src_get_file_name( az_src_rec ) );
3028 #else
3029 - sprintf( loc_buffer,
3030 + snprintf( loc_buffer, 132,
3031 "\t\t line: %d file: %s",
3032 az_src_rec->w_line_number,
3033 src_get_file_name( az_src_rec ) );
3034 --- openMotif-2.2.3/clients/uil/UilSymDef.h.UIL 2002-01-04 22:13:38.000000000 +0100
3035 +++ openMotif-2.2.3/clients/uil/UilSymDef.h 2005-12-31 07:42:44.106277488 +0100
3036 @@ -65,6 +65,11 @@
3037
3038 #include <Mrm/MrmPublic.h>
3039 #include <Xm/Xm.h>
3040 +#include <X11/Xos.h>
3041 +#ifndef PATH_MAX
3042 +# define PATH_MAX 256
3043 +#endif
3044 +
3045
3046 /*
3047 ** constraint check access macro
3048 @@ -874,10 +879,10 @@
3049 sym_section_entry_type *sections;
3050 /* pointer to a section list; this list is all of the sections that */
3051 /* exist in this include file. */
3052 - char file_name[255];
3053 + char file_name[PATH_MAX];
3054 /* the file name as specified in the include statement in the UIL */
3055 /* source. */
3056 - char full_file_name[255];
3057 + char full_file_name[PATH_MAX];
3058 /* the expanded name for the include file actually opened. */
3059 } sym_include_file_entry_type;
3060
3061 @@ -894,9 +899,9 @@
3062 /* common header */
3063 struct _src_source_record_type *src_record_list;
3064 /* pointer to a list of source records. */
3065 - char file_name[255];
3066 + char file_name[PATH_MAX];
3067 /* the main UIL file name as specified on the command line. */
3068 - char full_file_name[255];
3069 + char full_file_name[PATH_MAX];
3070 /* the expanded name for the main UIL file that was actually */
3071 /* opened. */
3072 sym_section_entry_type *sections;
3073
3074
3075
3076 1.1 src/patchsets/openmotif/2.2.3/13_all_automake.patch
3077
3078 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/13_all_automake.patch?rev=1.1&view=markup
3079 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/openmotif/2.2.3/13_all_automake.patch?rev=1.1&content-type=text/plain
3080
3081 Index: 13_all_automake.patch
3082 ===================================================================
3083 --- clients/uil/Makefile.am Fri Aug 15 04:56:19 2003
3084 +++ clients/uil/Makefile.am.new Tue Feb 8 12:06:15 2005
3085 @@ -65,6 +65,7 @@
3086 lib_LTLIBRARIES = libUil.la
3087
3088 libUil_la_SOURCES = $(SRCS)
3089 +libUil_la_CFLAGS = $(AM_CFLAGS)
3090
3091 libUil_la_DEPENDENCIES = UilDBDef.h UilParser.lo
3092
3093
3094
3095
3096 --
3097 gentoo-commits@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups