Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ulrich Mueller (ulm)" <ulm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/motif/2.2.3: 01_all_mwm-configdir.patch 02_all_CAN-2004-0687-0688.patch 03_all_CAN-2004-0914-newer.patch 04_all_CAN-2004-0914_sec8.patch 05_all_char_not_supported.patch 06_all_pixel_length.patch 07_all_popup_timeout.patch 08_all_XmResizeHashTable.patch 09_all_utf8.patch 10_all_no_demos.patch 11_all_CAN-2005-0605.patch 12_all_uil.patch 13_all_automake.patch 14_all_ac-editres.patch 15_all_ldflags.patch 16_all_mrm_buffer_overflow.patch 17_all_automake-1.13.patch
Date: Sat, 01 Jun 2013 16:05:43
Message-Id: 20130601160538.514322171E@flycatcher.gentoo.org
1 ulm 13/06/01 16:05:38
2
3 Added: 01_all_mwm-configdir.patch
4 02_all_CAN-2004-0687-0688.patch
5 03_all_CAN-2004-0914-newer.patch
6 04_all_CAN-2004-0914_sec8.patch
7 05_all_char_not_supported.patch
8 06_all_pixel_length.patch
9 07_all_popup_timeout.patch
10 08_all_XmResizeHashTable.patch 09_all_utf8.patch
11 10_all_no_demos.patch 11_all_CAN-2005-0605.patch
12 12_all_uil.patch 13_all_automake.patch
13 14_all_ac-editres.patch 15_all_ldflags.patch
14 16_all_mrm_buffer_overflow.patch
15 17_all_automake-1.13.patch
16 Log:
17 Move openmotif to motif.
18
19 Revision Changes Path
20 1.1 src/patchsets/motif/2.2.3/01_all_mwm-configdir.patch
21
22 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&view=markup
23 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&content-type=text/plain
24
25 Index: 01_all_mwm-configdir.patch
26 ===================================================================
27 diff -urN openMotif-2.2.2.orig/clients/mwm/WmResParse.c openMotif-2.2.2/clients/mwm/WmResParse.c
28 --- openMotif-2.2.2.orig/clients/mwm/WmResParse.c 2002-01-10 21:55:37.000000000 +0100
29 +++ openMotif-2.2.2/clients/mwm/WmResParse.c 2003-06-04 22:20:22.000000000 +0200
30 @@ -2411,7 +2411,7 @@
31 if (MwmBehavior)
32 {
33 strcpy(cfileName, LIBDIR);
34 - strncat(cfileName, "/", MAXWMPATH-strlen(cfileName));
35 + strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName));
36 strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName));
37 strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
38 }
39 @@ -2427,7 +2427,7 @@
40 * Try /$LANG/system.mwmrc within the install tree
41 */
42 strcpy(cfileName, LIBDIR);
43 - strncat(cfileName, "/", MAXWMPATH-strlen(cfileName));
44 + strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName));
45 strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName));
46 strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
47 #endif /* WSM */
48 @@ -2449,7 +2449,7 @@
49 if (MwmBehavior)
50 {
51 strcpy(cfileName, LIBDIR);
52 - strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
53 + strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
54 #ifdef PANELIST
55 fileP = fopen (cfileName, "r");
56 #else /* PANELIST */
57 @@ -2473,7 +2473,7 @@
58 * Try /system.mwmrc within the install tree
59 */
60 strcpy(cfileName, LIBDIR);
61 - strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
62 + strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName));
63
64 if (LANG != NULL)
65 {
66
67
68
69 1.1 src/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch
70
71 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&view=markup
72 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&content-type=text/plain
73
74 Index: 02_all_CAN-2004-0687-0688.patch
75 ===================================================================
76 --- openMotif-2.2.3/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2004-09-30 11:52:40.176933831 +0200
77 +++ openMotif-2.2.3/lib/Xm/Xpmhashtab.c 2004-09-30 11:53:47.288717782 +0200
78 @@ -141,7 +141,7 @@
79 xpmHashTable *table;
80 {
81 xpmHashAtom *atomTable = table->atomTable;
82 - int size = table->size;
83 + unsigned int size = table->size;
84 xpmHashAtom *t, *p;
85 int i;
86 int oldSize = size;
87 @@ -150,6 +150,8 @@
88 HASH_TABLE_GROWS
89 table->size = size;
90 table->limit = size / 3;
91 + if (size >= SIZE_MAX / sizeof(*atomTable))
92 + return (XpmNoMemory);
93 atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
94 if (!atomTable)
95 return (XpmNoMemory);
96 @@ -210,6 +212,8 @@
97 table->size = INITIAL_HASH_SIZE;
98 table->limit = table->size / 3;
99 table->used = 0;
100 + if (table->size >= SIZE_MAX / sizeof(*atomTable))
101 + return (XpmNoMemory);
102 atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
103 if (!atomTable)
104 return (XpmNoMemory);
105 --- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2004-09-30 11:36:04.545969020 +0200
106 +++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-09-30 11:37:14.583312219 +0200
107 @@ -244,6 +244,8 @@
108 unsigned int x, y, h;
109
110 h = height - 1;
111 + if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
112 + return (XpmNoMemory);
113 p = buf = (char *) XpmMalloc(width * cpp + 3);
114 if (!buf)
115 return (XpmNoMemory);
116 --- openMotif-2.2.3/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2004-09-30 11:51:30.712472999 +0200
117 +++ openMotif-2.2.3/lib/Xm/Xpmdata.c 2004-09-30 11:52:26.665789239 +0200
118 @@ -376,7 +376,7 @@
119 {
120 if (!mdata->type)
121 *cmt = NULL;
122 - else if (mdata->CommentLength) {
123 + else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
124 *cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
125 strncpy(*cmt, mdata->Comment, mdata->CommentLength);
126 (*cmt)[mdata->CommentLength] = '\0';
127 --- openMotif-2.2.3/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-09-30 11:38:09.358760225 +0200
128 +++ openMotif-2.2.3/lib/Xm/XpmI.h 2004-09-30 11:39:58.498714150 +0200
129 @@ -179,6 +179,18 @@
130 boundCheckingCalloc((long)(nelem),(long) (elsize))
131 #endif
132
133 +#if defined(SCO) || defined(__USLC__)
134 +#include <stdint.h> /* For SIZE_MAX */
135 +#endif
136 +#include <limits.h>
137 +#ifndef SIZE_MAX
138 +# ifdef ULONG_MAX
139 +# define SIZE_MAX ULONG_MAX
140 +# else
141 +# define SIZE_MAX UINT_MAX
142 +# endif
143 +#endif
144 +
145 #define XPMMAXCMTLEN BUFSIZ
146 typedef struct {
147 unsigned int type;
148 @@ -276,9 +288,9 @@
149 } *xpmHashAtom;
150
151 typedef struct {
152 - int size;
153 - int limit;
154 - int used;
155 + unsigned int size;
156 + unsigned int limit;
157 + unsigned int used;
158 xpmHashAtom *atomTable;
159 } xpmHashTable;
160
161 --- openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2004-09-30 11:35:18.058379165 +0200
162 +++ openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c 2004-09-30 11:35:43.951808698 +0200
163 @@ -134,6 +134,8 @@
164 */
165 header_nlines = 1 + image->ncolors;
166 header_size = sizeof(char *) * header_nlines;
167 + if (header_size >= SIZE_MAX / sizeof(char *))
168 + return (XpmNoMemory);
169 header = (char **) XpmCalloc(header_size, sizeof(char *));
170 if (!header)
171 return (XpmNoMemory);
172 --- openMotif-2.2.3/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2004-09-30 12:05:34.424607695 +0200
173 +++ openMotif-2.2.3/lib/Xm/Xpmscan.c 2004-09-30 12:08:16.963282178 +0200
174 @@ -98,7 +98,8 @@
175 LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp,
176 XpmAttributes *attributes));
177
178 -LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors,
179 +LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors,
180 + unsigned int ncolors,
181 Pixel *pixels, unsigned int mask,
182 unsigned int cpp, XpmAttributes *attributes));
183
184 @@ -225,11 +226,17 @@
185 else
186 cpp = 0;
187
188 + if ((height > 0 && width >= SIZE_MAX / height) ||
189 + width * height >= SIZE_MAX / sizeof(unsigned int))
190 + RETURN(XpmNoMemory);
191 pmap.pixelindex =
192 (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
193 if (!pmap.pixelindex)
194 RETURN(XpmNoMemory);
195
196 + if (pmap.size >= SIZE_MAX / sizeof(Pixel))
197 + RETURN(XpmNoMemory);
198 +
199 pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
200 if (!pmap.pixels)
201 RETURN(XpmNoMemory);
202 @@ -285,6 +292,8 @@
203 * color
204 */
205
206 + if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
207 + RETURN(XpmNoMemory);
208 colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
209 if (!colorTable)
210 RETURN(XpmNoMemory);
211 @@ -332,6 +341,8 @@
212
213 /* first get a character string */
214 a = 0;
215 + if (cpp >= SIZE_MAX - 1)
216 + return (XpmNoMemory);
217 if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
218 return (XpmNoMemory);
219 *s++ = printable[c = a % MAXPRINTABLE];
220 @@ -379,7 +390,7 @@
221 ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes)
222 Display *display;
223 XpmColor *colors;
224 - int ncolors;
225 + unsigned int ncolors;
226 Pixel *pixels;
227 unsigned int mask;
228 unsigned int cpp;
229 @@ -423,6 +434,8 @@
230 }
231
232 /* first get character strings and rgb values */
233 + if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
234 + return (XpmNoMemory);
235 xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
236 if (!xcolors)
237 return (XpmNoMemory);
238 --- openMotif-2.2.3/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2004-09-30 11:33:10.216008908 +0200
239 +++ openMotif-2.2.3/lib/Xm/XpmAttrib.c 2004-09-30 11:33:41.187737616 +0200
240 @@ -41,8 +41,8 @@
241 #include "XpmI.h"
242
243 /* 3.2 backward compatibility code */
244 -LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors,
245 - XpmColor ***oldct));
246 +LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
247 + XpmColor ***oldct));
248
249 LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
250
251 @@ -52,12 +52,15 @@
252 static int
253 CreateOldColorTable(ct, ncolors, oldct)
254 XpmColor *ct;
255 - int ncolors;
256 + unsigned int ncolors;
257 XpmColor ***oldct;
258 {
259 XpmColor **colorTable, **color;
260 int a;
261
262 + if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
263 + return XpmNoMemory;
264 +
265 colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
266 if (!colorTable) {
267 *oldct = NULL;
268 --- openMotif-2.2.3/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2004-09-30 11:40:22.122457590 +0200
269 +++ openMotif-2.2.3/lib/Xm/Xpmcreate.c 2004-09-30 12:49:44.411019183 +0200
270 @@ -804,6 +804,9 @@
271
272 ErrorStatus = XpmSuccess;
273
274 + if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
275 + return (XpmNoMemory);
276 +
277 /* malloc pixels index tables */
278 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
279 if (!image_pixels)
280 @@ -947,6 +950,8 @@
281 return (XpmNoMemory);
282
283 #ifndef FOR_MSW
284 + if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
285 + return XpmNoMemory;
286 /* now that bytes_per_line must have been set properly alloc data */
287 (*image_return)->data =
288 (char *) XpmMalloc((*image_return)->bytes_per_line * height);
289 @@ -1992,6 +1997,9 @@
290 xpmGetCmt(data, &colors_cmt);
291
292 /* malloc pixels index tables */
293 + if (ncolors >= SIZE_MAX / sizeof(Pixel))
294 + return XpmNoMemory;
295 +
296 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
297 if (!image_pixels)
298 RETURN(XpmNoMemory);
299 @@ -2207,6 +2215,9 @@
300 {
301 unsigned short colidx[256];
302
303 + if (ncolors > 256)
304 + return (XpmFileInvalid);
305 +
306 bzero((char *)colidx, 256 * sizeof(short));
307 for (a = 0; a < ncolors; a++)
308 colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
309 @@ -2305,6 +2316,9 @@
310 char *s;
311 char buf[BUFSIZ];
312
313 + if (cpp >= sizeof(buf))
314 + return (XpmFileInvalid);
315 +
316 buf[cpp] = '\0';
317 if (USE_HASHTABLE) {
318 xpmHashAtom *slot;
319 --- openMotif-2.2.3/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2004-09-30 11:54:01.219804716 +0200
320 +++ openMotif-2.2.3/lib/Xm/Xpmparse.c 2004-09-30 12:47:15.676480282 +0200
321 @@ -46,6 +46,25 @@
322
323 #include "XpmI.h"
324 #include <ctype.h>
325 +#include <string.h>
326 +
327 +#ifdef HAS_STRLCAT
328 +# define STRLCAT(dst, src, dstsize) { \
329 + if (strlcat(dst, src, dstsize) >= (dstsize)) \
330 + return (XpmFileInvalid); }
331 +# define STRLCPY(dst, src, dstsize) { \
332 + if (strlcpy(dst, src, dstsize) >= (dstsize)) \
333 + return (XpmFileInvalid); }
334 +#else
335 +# define STRLCAT(dst, src, dstsize) { \
336 + if ((strlen(dst) + strlen(src)) < (dstsize)) \
337 + strcat(dst, src); \
338 + else return (XpmFileInvalid); }
339 +# define STRLCPY(dst, src, dstsize) { \
340 + if (strlen(src) < (dstsize)) \
341 + strcpy(dst, src); \
342 + else return (XpmFileInvalid); }
343 +#endif
344
345 LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
346 unsigned int height, unsigned int ncolors,
347 @@ -215,7 +234,7 @@
348 unsigned int *extensions;
349 {
350 unsigned int l;
351 - char buf[BUFSIZ];
352 + char buf[BUFSIZ + 1];
353
354 if (!data->format) { /* XPM 2 or 3 */
355
356 @@ -324,10 +343,10 @@
357 XpmColor **colorTablePtr;
358 xpmHashTable *hashtable;
359 {
360 - unsigned int key, l, a, b;
361 + unsigned int key, l, a, b, len;
362 unsigned int curkey; /* current color key */
363 unsigned int lastwaskey; /* key read */
364 - char buf[BUFSIZ];
365 + char buf[BUFSIZ + 1];
366 char curbuf[BUFSIZ]; /* current buffer */
367 char **sptr, *s;
368 XpmColor *color;
369 @@ -335,6 +354,8 @@
370 char **defaults;
371 int ErrorStatus;
372
373 + if (ncolors >= SIZE_MAX / sizeof(XpmColor))
374 + return (XpmNoMemory);
375 colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
376 if (!colorTable)
377 return (XpmNoMemory);
378 @@ -346,6 +367,10 @@
379 /*
380 * read pixel value
381 */
382 + if (cpp >= SIZE_MAX - 1) {
383 + xpmFreeColorTable(colorTable, ncolors);
384 + return (XpmNoMemory);
385 + }
386 color->string = (char *) XpmMalloc(cpp + 1);
387 if (!color->string) {
388 xpmFreeColorTable(colorTable, ncolors);
389 @@ -383,13 +408,14 @@
390 }
391 if (!lastwaskey && key < NKEYS) { /* open new key */
392 if (curkey) { /* flush string */
393 - s = (char *) XpmMalloc(strlen(curbuf) + 1);
394 + len = strlen(curbuf) + 1;
395 + s = (char *) XpmMalloc(len);
396 if (!s) {
397 xpmFreeColorTable(colorTable, ncolors);
398 return (XpmNoMemory);
399 }
400 defaults[curkey] = s;
401 - strcpy(s, curbuf);
402 + memcpy(s, curbuf, len);
403 }
404 curkey = key + 1; /* set new key */
405 *curbuf = '\0'; /* reset curbuf */
406 @@ -400,9 +426,9 @@
407 return (XpmFileInvalid);
408 }
409 if (!lastwaskey)
410 - strcat(curbuf, " "); /* append space */
411 + STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
412 buf[l] = '\0';
413 - strcat(curbuf, buf);/* append buf */
414 + STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
415 lastwaskey = 0;
416 }
417 }
418 @@ -410,12 +436,13 @@
419 xpmFreeColorTable(colorTable, ncolors);
420 return (XpmFileInvalid);
421 }
422 - s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1);
423 + len = strlen(curbuf) + 1;
424 + s = defaults[curkey] = (char *) XpmMalloc(len);
425 if (!s) {
426 xpmFreeColorTable(colorTable, ncolors);
427 return (XpmNoMemory);
428 }
429 - strcpy(s, curbuf);
430 + memcpy(s, curbuf, len);
431 }
432 } else { /* XPM 1 */
433 /* get to the beginning of the first string */
434 @@ -428,6 +455,10 @@
435 /*
436 * read pixel value
437 */
438 + if (cpp >= SIZE_MAX - 1) {
439 + xpmFreeColorTable(colorTable, ncolors);
440 + return (XpmNoMemory);
441 + }
442 color->string = (char *) XpmMalloc(cpp + 1);
443 if (!color->string) {
444 xpmFreeColorTable(colorTable, ncolors);
445 @@ -456,16 +487,17 @@
446 *curbuf = '\0'; /* init curbuf */
447 while ((l = xpmNextWord(data, buf, BUFSIZ))) {
448 if (*curbuf != '\0')
449 - strcat(curbuf, " ");/* append space */
450 + STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
451 buf[l] = '\0';
452 - strcat(curbuf, buf); /* append buf */
453 + STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */
454 }
455 - s = (char *) XpmMalloc(strlen(curbuf) + 1);
456 + len = strlen(curbuf) + 1;
457 + s = (char *) XpmMalloc(len);
458 if (!s) {
459 xpmFreeColorTable(colorTable, ncolors);
460 return (XpmNoMemory);
461 }
462 - strcpy(s, curbuf);
463 + memcpy(s, curbuf, len);
464 color->c_color = s;
465 *curbuf = '\0'; /* reset curbuf */
466 if (a < ncolors - 1)
467 @@ -490,6 +522,9 @@
468 unsigned int *iptr, *iptr2;
469 unsigned int a, x, y;
470
471 + if ((height > 0 && width >= SIZE_MAX / height) ||
472 + width * height >= SIZE_MAX / sizeof(unsigned int))
473 + return XpmNoMemory;
474 #ifndef FOR_MSW
475 iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
476 #else
477 @@ -513,6 +548,9 @@
478 {
479 unsigned short colidx[256];
480
481 + if (ncolors > 256)
482 + return (XpmFileInvalid);
483 +
484 bzero((char *)colidx, 256 * sizeof(short));
485 for (a = 0; a < ncolors; a++)
486 colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
487 @@ -590,6 +628,9 @@
488 char *s;
489 char buf[BUFSIZ];
490
491 + if (cpp >= sizeof(buf))
492 + return (XpmFileInvalid);
493 +
494 buf[cpp] = '\0';
495 if (USE_HASHTABLE) {
496 xpmHashAtom *slot;
497
498
499
500 1.1 src/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch
501
502 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&view=markup
503 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&content-type=text/plain
504
505 Index: 03_all_CAN-2004-0914-newer.patch
506 ===================================================================
507 diff -Nur lib/Xm/Imakefile lib/Xm/Imakefile
508 --- lib/Xm/Imakefile 2002-01-15 18:30:40.000000000 +0100
509 +++ lib/Xm/Imakefile 2005-02-14 14:24:12.000000000 +0100
510 @@ -211,7 +211,8 @@
511 XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \
512 XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \
513 XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \
514 - XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c
515 + XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \
516 + Xpms_popen.c
517
518 #if UseLocalRegex
519 REGEX_SRCS = regexp.c
520 @@ -274,7 +275,8 @@
521 XpmCrBufFrP.o XpmCrPFrBuf.o XpmRdFToDat.o XpmWrFFrP.o Xpmrgb.o \
522 XpmCrDatFrI.o XpmCrPFrDat.o XpmRdFToI.o Xpmcreate.o Xpmscan.o \
523 XpmCrDatFrP.o XpmCrPFrI.o XpmRdFToP.o Xpmdata.o \
524 - XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o
525 + XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o \
526 + Xpms_popen.o
527
528 #if UseLocalRegex
529 REGEX_OBJS = regexp.o
530 --- lib/Xm/Makefile.am 2004-11-17 19:03:26.962797006 +0100
531 +++ lib/Xm/Makefile.am 2004-11-17 19:03:49.421724642 +0100
532 @@ -241,7 +241,8 @@
533 XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \
534 XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \
535 XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \
536 - XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c
537 + XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \
538 + Xpms_popen.c
539
540 NEW_WID_SRCS = IconH.c Container.c IconG.c \
541 Notebook.c ComboBox.c GrabShell.c SpinB.c \
542 --- /dev/null 1970-01-01 01:00:00.000000000 +0100
543 +++ lib/Xm/Xpms_popen.c 2005-02-14 14:24:12.942319466 +0100
544 @@ -0,0 +1,182 @@
545 +/*
546 + * Copyright (C) 2004 The X.Org fundation
547 + *
548 + * Permission is hereby granted, free of charge, to any person
549 + * obtaining a copy of this software and associated documentation
550 + * files (the "Software"), to deal in the Software without
551 + * restriction, including without limitation the rights to use, copy,
552 + * modify, merge, publish, distribute, sublicense, and/or sell copies
553 + * of the Software, and to permit persons to whom the Software is fur-
554 + * nished to do so, subject to the following conditions:
555 + *
556 + * The above copyright notice and this permission notice shall be
557 + * included in all copies or substantial portions of the Software.
558 + *
559 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
560 + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
561 + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
562 + * NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR
563 + * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
564 + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
565 + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
566 + *
567 + * Except as contained in this notice, the name of the X.Org fundation
568 + * shall not be used in advertising or otherwise to promote the sale,
569 + * use or other dealings in this Software without prior written
570 + * authorization from the X.Org fundation.
571 + */
572 +
573 +/*
574 +** This is a secure but NOT 100% compatible replacement for popen()
575 +** Note: - don't use pclose() use fclose() for closing the returned
576 +** filedesc.!!!
577 +**
578 +** Known Bugs: - unable to use i/o-redirection like > or <
579 +** Author: - Thomas Biege <thomas@××××.de>
580 +** Credits: - Andreas Pfaller <a.pfaller@×××××××.de> for fixing a SEGV when
581 +** calling strtok()
582 +*/
583 +
584 +#include <sys/types.h>
585 +#include <sys/wait.h>
586 +#include <stdio.h>
587 +#include <stdlib.h>
588 +#include <unistd.h>
589 +#include <string.h>
590 +#include "XpmI.h"
591 +
592 +#define __SEC_POPEN_TOKEN " "
593 +
594 +FILE *Xpms_popen(char *cmd, const char *type)
595 +{
596 + pid_t pid;
597 + int pfd[2];
598 + int rpipe = 0, wpipe = 0, i;
599 + char **argv;
600 + char *ptr;
601 + char *cmdcpy;
602 +
603 +
604 + if(cmd == NULL || cmd == "")
605 + return(NULL);
606 +
607 + if(type[0] != 'r' && type[0] != 'w')
608 + return(NULL);
609 +
610 + if ((cmdcpy = strdup(cmd)) == NULL)
611 + return(NULL);
612 +
613 + argv = NULL;
614 + if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL)
615 + {
616 + free(cmdcpy);
617 + return(NULL);
618 + }
619 +
620 + for(i = 0;; i++)
621 + {
622 + if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL)
623 + {
624 + free(cmdcpy);
625 + return(NULL);
626 + }
627 +
628 + if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL)
629 + {
630 + free(cmdcpy);
631 + return(NULL);
632 + }
633 +
634 + strcpy(argv[i], ptr);
635 +
636 + if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL)
637 + {
638 + if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL)
639 + {
640 + free(cmdcpy);
641 + return(NULL);
642 + }
643 + argv[i+1] = NULL;
644 + break;
645 + }
646 + }
647 +
648 +
649 + if(type[0] == 'r')
650 + rpipe = 1;
651 + else
652 + wpipe = 1;
653 +
654 + if (pipe(pfd) < 0)
655 + {
656 + free(cmdcpy);
657 + return(NULL);
658 + }
659 +
660 + if((pid = fork()) < 0)
661 + {
662 + close(pfd[0]);
663 + close(pfd[1]);
664 + free(cmdcpy);
665 + return(NULL);
666 + }
667 +
668 + if(pid == 0) /* child */
669 + {
670 + if((pid = fork()) < 0)
671 + {
672 + close(pfd[0]);
673 + close(pfd[1]);
674 + free(cmdcpy);
675 + return(NULL);
676 + }
677 + if(pid > 0)
678 + {
679 + exit(0); /* child nr. 1 exits */
680 + }
681 +
682 + /* child nr. 2 */
683 + if(rpipe)
684 + {
685 + close(pfd[0]); /* close reading end, we don't need it */
686 + dup2(STDOUT_FILENO, STDERR_FILENO);
687 + if (pfd[1] != STDOUT_FILENO)
688 + dup2(pfd[1], STDOUT_FILENO); /* redirect stdout to writing end of pipe */
689 + }
690 + else
691 + {
692 + close(pfd[1]); /* close writing end, we don't need it */
693 + if (pfd[0] != STDIN_FILENO)
694 + dup2(pfd[0], STDIN_FILENO); /* redirect stdin to reading end of pipe */
695 + }
696 +
697 + if(strchr(argv[0], '/') == NULL)
698 + execvp(argv[0], argv); /* search in $PATH */
699 + else
700 + execv(argv[0], argv);
701 +
702 + close(pfd[0]);
703 + close(pfd[1]);
704 + free(cmdcpy);
705 + return(NULL); /* exec failed.. ooops! */
706 + }
707 + else /* parent */
708 + {
709 + waitpid(pid, NULL, 0); /* wait for child nr. 1 */
710 +
711 + if(rpipe)
712 + {
713 + close(pfd[1]);
714 + free(cmdcpy);
715 + return(fdopen(pfd[0], "r"));
716 + }
717 + else
718 + {
719 + close(pfd[0]);
720 + free(cmdcpy);
721 + return(fdopen(pfd[1], "w"));
722 + }
723 +
724 + }
725 +}
726 +
727 diff -Nur lib/Xm/XpmAttrib.c lib/Xm/XpmAttrib.c
728 --- lib/Xm/XpmAttrib.c 2005-02-14 15:20:49.346039704 +0100
729 +++ lib/Xm/XpmAttrib.c 2005-02-14 14:26:42.742624081 +0100
730 @@ -44,7 +44,7 @@
731 LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
732 XpmColor ***oldct));
733
734 -LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
735 +LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors));
736
737 /*
738 * Create a colortable compatible with the old style colortable
739 @@ -56,9 +56,9 @@
740 XpmColor ***oldct;
741 {
742 XpmColor **colorTable, **color;
743 - int a;
744 + unsigned int a;
745
746 - if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
747 + if (ncolors >= UINT_MAX / sizeof(XpmColor *))
748 return XpmNoMemory;
749
750 colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
751 @@ -75,9 +75,9 @@
752 static void
753 FreeOldColorTable(colorTable, ncolors)
754 XpmColor **colorTable;
755 - int ncolors;
756 + unsigned int ncolors;
757 {
758 - int a, b;
759 + unsigned int a, b;
760 XpmColor **color;
761 char **sptr;
762
763 @@ -128,7 +128,7 @@
764 XpmExtension *ext;
765 char **sptr;
766
767 - if (extensions) {
768 + if (extensions && nextensions > 0) {
769 for (i = 0, ext = extensions; i < nextensions; i++, ext++) {
770 if (ext->name)
771 XpmFree(ext->name);
772 diff -Nur lib/Xm/XpmCrBufFrI.c lib/Xm/XpmCrBufFrI.c
773 --- lib/Xm/XpmCrBufFrI.c 2003-08-15 11:08:59.000000000 +0200
774 +++ lib/Xm/XpmCrBufFrI.c 2005-02-14 14:28:44.975393496 +0100
775 @@ -41,21 +41,26 @@
776 #endif
777
778
779 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
780 +
781 +
782 #include "XpmI.h"
783
784 LFUNC(WriteColors, int, (char **dataptr, unsigned int *data_size,
785 unsigned int *used_size, XpmColor *colors,
786 unsigned int ncolors, unsigned int cpp));
787
788 -LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size,
789 +LFUNC(WritePixels, void, (char *dataptr, unsigned int data_size,
790 + unsigned int *used_size,
791 unsigned int width, unsigned int height,
792 unsigned int cpp, unsigned int *pixels,
793 XpmColor *colors));
794
795 -LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size,
796 +LFUNC(WriteExtensions, void, (char *dataptr, unsigned int data_size,
797 + unsigned int *used_size,
798 XpmExtension *ext, unsigned int num));
799
800 -LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num));
801 +LFUNC(ExtensionsSize, unsigned int, (XpmExtension *ext, unsigned int num));
802 LFUNC(CommentsSize, int, (XpmInfo *info));
803
804 int
805 @@ -98,11 +103,12 @@
806
807 #undef RETURN
808 #define RETURN(status) \
809 +do \
810 { \
811 if (ptr) \
812 XpmFree(ptr); \
813 return(status); \
814 -}
815 +} while(0)
816
817 int
818 XpmCreateBufferFromXpmImage(buffer_return, image, info)
819 @@ -116,7 +122,7 @@
820 unsigned int cmts, extensions, ext_size = 0;
821 unsigned int l, cmt_size = 0;
822 char *ptr = NULL, *p;
823 - unsigned int ptr_size, used_size;
824 + unsigned int ptr_size, used_size, tmp;
825
826 *buffer_return = NULL;
827
828 @@ -138,7 +144,13 @@
829 #ifdef VOID_SPRINTF
830 used_size = strlen(buf);
831 #endif
832 - ptr_size = used_size + ext_size + cmt_size + 1;
833 + ptr_size = used_size + ext_size + cmt_size + 1; /* ptr_size can't be 0 */
834 + if(ptr_size <= used_size ||
835 + ptr_size <= ext_size ||
836 + ptr_size <= cmt_size)
837 + {
838 + return XpmNoMemory;
839 + }
840 ptr = (char *) XpmMalloc(ptr_size);
841 if (!ptr)
842 return XpmNoMemory;
843 @@ -149,7 +161,7 @@
844 #ifndef VOID_SPRINTF
845 used_size +=
846 #endif
847 - sprintf(ptr + used_size, "/*%s*/\n", info->hints_cmt);
848 + snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->hints_cmt);
849 #ifdef VOID_SPRINTF
850 used_size += strlen(info->hints_cmt) + 5;
851 #endif
852 @@ -167,7 +179,7 @@
853 #ifndef VOID_SPRINTF
854 l +=
855 #endif
856 - sprintf(buf + l, " %d %d", info->x_hotspot, info->y_hotspot);
857 + snprintf(buf + l, sizeof(buf)-l, " %d %d", info->x_hotspot, info->y_hotspot);
858 #ifdef VOID_SPRINTF
859 l = strlen(buf);
860 #endif
861 @@ -189,6 +201,8 @@
862 l = strlen(buf);
863 #endif
864 ptr_size += l;
865 + if(ptr_size <= l)
866 + RETURN(XpmNoMemory);
867 p = (char *) XpmRealloc(ptr, ptr_size);
868 if (!p)
869 RETURN(XpmNoMemory);
870 @@ -201,7 +215,7 @@
871 #ifndef VOID_SPRINTF
872 used_size +=
873 #endif
874 - sprintf(ptr + used_size, "/*%s*/\n", info->colors_cmt);
875 + snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->colors_cmt);
876 #ifdef VOID_SPRINTF
877 used_size += strlen(info->colors_cmt) + 5;
878 #endif
879 @@ -217,7 +231,12 @@
880 * 4 = 1 (for '"') + 3 (for '",\n')
881 * 1 = - 2 (because the last line does not end with ',\n') + 3 (for '};\n')
882 */
883 - ptr_size += image->height * (image->width * image->cpp + 4) + 1;
884 + if(image->width > UINT_MAX / image->cpp ||
885 + (tmp = image->width * image->cpp + 4) <= 4 ||
886 + image->height > UINT_MAX / tmp ||
887 + (tmp = image->height * tmp + 1) <= 1 ||
888 + (ptr_size += tmp) <= tmp)
889 + RETURN(XpmNoMemory);
890
891 p = (char *) XpmRealloc(ptr, ptr_size);
892 if (!p)
893 @@ -229,17 +248,17 @@
894 #ifndef VOID_SPRINTF
895 used_size +=
896 #endif
897 - sprintf(ptr + used_size, "/*%s*/\n", info->pixels_cmt);
898 + snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->pixels_cmt);
899 #ifdef VOID_SPRINTF
900 used_size += strlen(info->pixels_cmt) + 5;
901 #endif
902 }
903 - WritePixels(ptr + used_size, &used_size, image->width, image->height,
904 + WritePixels(ptr + used_size, ptr_size - used_size, &used_size, image->width, image->height,
905 image->cpp, image->data, image->colorTable);
906
907 /* print extensions */
908 if (extensions)
909 - WriteExtensions(ptr + used_size, &used_size,
910 + WriteExtensions(ptr + used_size, ptr_size-used_size, &used_size,
911 info->extensions, info->nextensions);
912
913 /* close the array */
914 @@ -250,6 +269,7 @@
915 return (XpmSuccess);
916 }
917
918 +
919 static int
920 WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp)
921 char **dataptr;
922 @@ -259,7 +279,7 @@
923 unsigned int ncolors;
924 unsigned int cpp;
925 {
926 - char buf[BUFSIZ];
927 + char buf[BUFSIZ] = {0};
928 unsigned int a, key, l;
929 char *s, *s2;
930 char **defaults;
931 @@ -269,22 +289,34 @@
932
933 defaults = (char **) colors;
934 s = buf + 1;
935 - strncpy(s, *defaults++, cpp);
936 - s += cpp;
937 -
938 - for (key = 1; key <= NKEYS; key++, defaults++) {
939 - if ((s2 = *defaults)) {
940 -#ifndef VOID_SPRINTF
941 - s +=
942 -#endif
943 - sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2);
944 -#ifdef VOID_SPRINTF
945 - s += strlen(s);
946 -#endif
947 - }
948 - }
949 - strcpy(s, "\",\n");
950 - l = s + 3 - buf;
951 + if(cpp > (sizeof(buf) - (s-buf)))
952 + return(XpmNoMemory);
953 + strncpy(s, *defaults++, cpp);
954 + s += cpp;
955 +
956 + for (key = 1; key <= NKEYS; key++, defaults++) {
957 + if ((s2 = *defaults)) {
958 +#ifndef VOID_SPRINTF
959 + s +=
960 +#endif
961 + /* assume C99 compliance */
962 + snprintf(s, sizeof(buf) - (s-buf), "\t%s %s", xpmColorKeys[key - 1], s2);
963 +#ifdef VOID_SPRINTF
964 + s += strlen(s);
965 +#endif
966 + /* now let's check if s points out-of-bounds */
967 + if((s-buf) > sizeof(buf))
968 + return(XpmNoMemory);
969 + }
970 + }
971 + if(sizeof(buf) - (s-buf) < 4)
972 + return(XpmNoMemory);
973 + strcpy(s, "\",\n");
974 + l = s + 3 - buf;
975 + if( *data_size >= UINT_MAX-l ||
976 + *data_size + l <= *used_size ||
977 + (*data_size + l - *used_size) <= sizeof(buf))
978 + return(XpmNoMemory);
979 s = (char *) XpmRealloc(*dataptr, *data_size + l);
980 if (!s)
981 return (XpmNoMemory);
982 @@ -297,8 +329,9 @@
983 }
984
985 static void
986 -WritePixels(dataptr, used_size, width, height, cpp, pixels, colors)
987 +WritePixels(dataptr, data_size, used_size, width, height, cpp, pixels, colors)
988 char *dataptr;
989 + unsigned int data_size;
990 unsigned int *used_size;
991 unsigned int width;
992 unsigned int height;
993 @@ -309,27 +342,36 @@
994 char *s = dataptr;
995 unsigned int x, y, h;
996
997 + if(height <= 1)
998 + return;
999 +
1000 h = height - 1;
1001 for (y = 0; y < h; y++) {
1002 *s++ = '"';
1003 for (x = 0; x < width; x++, pixels++) {
1004 - strncpy(s, colors[*pixels].string, cpp);
1005 + if(cpp >= (data_size - (s-dataptr)))
1006 + return;
1007 + strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */
1008 s += cpp;
1009 }
1010 + if((data_size - (s-dataptr)) < 4)
1011 + return;
1012 strcpy(s, "\",\n");
1013 s += 3;
1014 }
1015 /* duplicate some code to avoid a test in the loop */
1016 *s++ = '"';
1017 for (x = 0; x < width; x++, pixels++) {
1018 - strncpy(s, colors[*pixels].string, cpp);
1019 + if(cpp >= (data_size - (s-dataptr)))
1020 + return;
1021 + strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */
1022 s += cpp;
1023 }
1024 *s++ = '"';
1025 *used_size += s - dataptr;
1026 }
1027
1028 -static int
1029 +static unsigned int
1030 ExtensionsSize(ext, num)
1031 XpmExtension *ext;
1032 unsigned int num;
1033 @@ -338,21 +380,26 @@
1034 char **line;
1035
1036 size = 0;
1037 + if(num == 0)
1038 + return(0); /* ok? */
1039 for (x = 0; x < num; x++, ext++) {
1040 /* 11 = 10 (for ',\n"XPMEXT ') + 1 (for '"') */
1041 size += strlen(ext->name) + 11;
1042 - a = ext->nlines;
1043 + a = ext->nlines; /* how can we trust ext->nlines to be not out-of-bounds? */
1044 for (y = 0, line = ext->lines; y < a; y++, line++)
1045 /* 4 = 3 (for ',\n"') + 1 (for '"') */
1046 size += strlen(*line) + 4;
1047 }
1048 /* 13 is for ',\n"XPMENDEXT"' */
1049 + if(size > UINT_MAX - 13) /* unlikely */
1050 + return(0);
1051 return size + 13;
1052 }
1053
1054 static void
1055 -WriteExtensions(dataptr, used_size, ext, num)
1056 +WriteExtensions(dataptr, data_size, used_size, ext, num)
1057 char *dataptr;
1058 + unsigned int data_size;
1059 unsigned int *used_size;
1060 XpmExtension *ext;
1061 unsigned int num;
1062 @@ -363,24 +410,24 @@
1063
1064 for (x = 0; x < num; x++, ext++) {
1065 #ifndef VOID_SPRINTF
1066 - s += 11 +
1067 + s +=
1068 #endif
1069 - sprintf(s, ",\n\"XPMEXT %s\"", ext->name);
1070 + snprintf(s, data_size - (s-dataptr), ",\n\"XPMEXT %s\"", ext->name);
1071 #ifdef VOID_SPRINTF
1072 s += strlen(ext->name) + 11;
1073 #endif
1074 a = ext->nlines;
1075 for (y = 0, line = ext->lines; y < a; y++, line++) {
1076 #ifndef VOID_SPRINTF
1077 - s += 4 +
1078 + s +=
1079 #endif
1080 - sprintf(s, ",\n\"%s\"", *line);
1081 + snprintf(s, data_size - (s-dataptr), ",\n\"%s\"", *line);
1082 #ifdef VOID_SPRINTF
1083 s += strlen(*line) + 4;
1084 #endif
1085 }
1086 }
1087 - strcpy(s, ",\n\"XPMENDEXT\"");
1088 + strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1);
1089 *used_size += s - dataptr + 13;
1090 }
1091
1092 @@ -391,6 +438,7 @@
1093 int size = 0;
1094
1095 /* 5 = 2 (for "/_*") + 3 (for "*_/\n") */
1096 + /* wrap possible but *very* unlikely */
1097 if (info->hints_cmt)
1098 size += 5 + strlen(info->hints_cmt);
1099
1100 diff -Nur lib/Xm/XpmCrDatFrI.c lib/Xm/XpmCrDatFrI.c
1101 --- lib/Xm/XpmCrDatFrI.c 2005-02-14 15:20:49.344040101 +0100
1102 +++ lib/Xm/XpmCrDatFrI.c 2005-02-14 14:32:22.610251056 +0100
1103 @@ -38,13 +38,16 @@
1104 #endif
1105
1106
1107 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1108 +
1109 #include "XpmI.h"
1110
1111 LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size,
1112 XpmColor *colors, unsigned int ncolors,
1113 unsigned int cpp));
1114
1115 -LFUNC(CreatePixels, void, (char **dataptr, unsigned int width,
1116 +LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size,
1117 + unsigned int width,
1118 unsigned int height, unsigned int cpp,
1119 unsigned int *pixels, XpmColor *colors));
1120
1121 @@ -52,7 +55,8 @@
1122 unsigned int *ext_size,
1123 unsigned int *ext_nlines));
1124
1125 -LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset,
1126 +LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size,
1127 + unsigned int offset,
1128 XpmExtension *ext, unsigned int num,
1129 unsigned int ext_nlines));
1130
1131 @@ -93,6 +97,7 @@
1132
1133 #undef RETURN
1134 #define RETURN(status) \
1135 +do \
1136 { \
1137 if (header) { \
1138 for (l = 0; l < header_nlines; l++) \
1139 @@ -101,7 +106,7 @@
1140 XpmFree(header); \
1141 } \
1142 return(status); \
1143 -}
1144 +} while(0)
1145
1146 int
1147 XpmCreateDataFromXpmImage(data_return, image, info)
1148 @@ -133,10 +138,15 @@
1149 * is the hints line + the color table lines
1150 */
1151 header_nlines = 1 + image->ncolors;
1152 +
1153 + if(header_nlines <= image->ncolors ||
1154 + header_nlines >= UINT_MAX / sizeof(char *))
1155 + return(XpmNoMemory);
1156 +
1157 header_size = sizeof(char *) * header_nlines;
1158 - if (header_size >= SIZE_MAX / sizeof(char *))
1159 + if (header_size >= UINT_MAX / sizeof(char *))
1160 return (XpmNoMemory);
1161 - header = (char **) XpmCalloc(header_size, sizeof(char *));
1162 + header = (char **) XpmCalloc(header_size, sizeof(char *));
1163 if (!header)
1164 return (XpmNoMemory);
1165
1166 @@ -180,8 +190,22 @@
1167
1168 /* now we know the size needed, alloc the data and copy the header lines */
1169 offset = image->width * image->cpp + 1;
1170 - data_size = header_size + (image->height + ext_nlines) * sizeof(char *)
1171 - + image->height * offset + ext_size;
1172 +
1173 + if(offset <= image->width || offset <= image->cpp)
1174 + RETURN(XpmNoMemory);
1175 +
1176 + if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *))
1177 + RETURN(XpmNoMemory);
1178 + data_size = (image->height + ext_nlines) * sizeof(char *);
1179 +
1180 + if (image->height > UINT_MAX / offset ||
1181 + image->height * offset > UINT_MAX - data_size)
1182 + RETURN(XpmNoMemory);
1183 + data_size += image->height * offset;
1184 +
1185 + if( (header_size + ext_size) >= (UINT_MAX - data_size) )
1186 + RETURN(XpmNoMemory);
1187 + data_size += header_size + ext_size;
1188
1189 data = (char **) XpmMalloc(data_size);
1190 if (!data)
1191 @@ -189,8 +213,10 @@
1192
1193 data_nlines = header_nlines + image->height + ext_nlines;
1194 *data = (char *) (data + data_nlines);
1195 +
1196 + /* can header have less elements then n suggests? */
1197 n = image->ncolors;
1198 - for (l = 0, sptr = data, sptr2 = header; l <= n; l++, sptr++, sptr2++) {
1199 + for (l = 0, sptr = data, sptr2 = header; l <= n && sptr && sptr2; l++, sptr++, sptr2++) {
1200 strcpy(*sptr, *sptr2);
1201 *(sptr + 1) = *sptr + strlen(*sptr2) + 1;
1202 }
1203 @@ -199,12 +225,13 @@
1204 data[header_nlines] = (char *) data + header_size
1205 + (image->height + ext_nlines) * sizeof(char *);
1206
1207 - CreatePixels(data + header_nlines, image->width, image->height,
1208 + CreatePixels(data + header_nlines, data_size-header_nlines, image->width, image->height,
1209 image->cpp, image->data, image->colorTable);
1210
1211 /* print extensions */
1212 if (extensions)
1213 - CreateExtensions(data + header_nlines + image->height - 1, offset,
1214 + CreateExtensions(data + header_nlines + image->height - 1,
1215 + data_size - header_nlines - image->height + 1, offset,
1216 info->extensions, info->nextensions,
1217 ext_nlines);
1218
1219 @@ -229,18 +256,27 @@
1220 for (a = 0; a < ncolors; a++, colors++, dataptr++) {
1221
1222 defaults = (char **) colors;
1223 + if(sizeof(buf) <= cpp)
1224 + return(XpmNoMemory);
1225 strncpy(buf, *defaults++, cpp);
1226 s = buf + cpp;
1227
1228 + if(sizeof(buf) <= (s-buf))
1229 + return XpmNoMemory;
1230 +
1231 for (key = 1; key <= NKEYS; key++, defaults++) {
1232 if ((s2 = *defaults)) {
1233 #ifndef VOID_SPRINTF
1234 s +=
1235 #endif
1236 - sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2);
1237 + /* assume C99 compliance */
1238 + snprintf(s, sizeof(buf)-(s-buf), "\t%s %s", xpmColorKeys[key - 1], s2);
1239 #ifdef VOID_SPRINTF
1240 - s += strlen(s);
1241 + s += strlen(s);
1242 #endif
1243 + /* does s point out-of-bounds? */
1244 + if(sizeof(buf) < (s-buf))
1245 + return XpmNoMemory;
1246 }
1247 }
1248 l = s - buf + 1;
1249 @@ -254,8 +290,9 @@
1250 }
1251
1252 static void
1253 -CreatePixels(dataptr, width, height, cpp, pixels, colors)
1254 +CreatePixels(dataptr, data_size, width, height, cpp, pixels, colors)
1255 char **dataptr;
1256 + unsigned int data_size;
1257 unsigned int width;
1258 unsigned int height;
1259 unsigned int cpp;
1260 @@ -265,21 +302,38 @@
1261 char *s;
1262 unsigned int x, y, h, offset;
1263
1264 + if(height <= 1)
1265 + return;
1266 +
1267 h = height - 1;
1268 +
1269 offset = width * cpp + 1;
1270 +
1271 + if(offset <= width || offset <= cpp)
1272 + return;
1273 +
1274 + /* why trust h? */
1275 for (y = 0; y < h; y++, dataptr++) {
1276 s = *dataptr;
1277 + /* why trust width? */
1278 for (x = 0; x < width; x++, pixels++) {
1279 - strncpy(s, colors[*pixels].string, cpp);
1280 + if(cpp > (data_size - (s - *dataptr)))
1281 + return;
1282 + strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */
1283 s += cpp;
1284 }
1285 *s = '\0';
1286 + if(offset > data_size)
1287 + return;
1288 *(dataptr + 1) = *dataptr + offset;
1289 }
1290 /* duplicate some code to avoid a test in the loop */
1291 s = *dataptr;
1292 + /* why trust width? */
1293 for (x = 0; x < width; x++, pixels++) {
1294 - strncpy(s, colors[*pixels].string, cpp);
1295 + if(cpp > data_size - (s - *dataptr))
1296 + return;
1297 + strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */
1298 s += cpp;
1299 }
1300 *s = '\0';
1301 @@ -312,8 +366,9 @@
1302 }
1303
1304 static void
1305 -CreateExtensions(dataptr, offset, ext, num, ext_nlines)
1306 +CreateExtensions(dataptr, data_size, offset, ext, num, ext_nlines)
1307 char **dataptr;
1308 + unsigned int data_size;
1309 unsigned int offset;
1310 XpmExtension *ext;
1311 unsigned int num;
1312 @@ -326,12 +381,12 @@
1313 dataptr++;
1314 a = 0;
1315 for (x = 0; x < num; x++, ext++) {
1316 - sprintf(*dataptr, "XPMEXT %s", ext->name);
1317 + snprintf(*dataptr, data_size, "XPMEXT %s", ext->name);
1318 a++;
1319 if (a < ext_nlines)
1320 *(dataptr + 1) = *dataptr + strlen(ext->name) + 8;
1321 dataptr++;
1322 - b = ext->nlines;
1323 + b = ext->nlines; /* can we trust these values? */
1324 for (y = 0, line = ext->lines; y < b; y++, line++) {
1325 strcpy(*dataptr, *line);
1326 a++;
1327 diff -Nur lib/Xm/Xpmcreate.c lib/Xm/Xpmcreate.c
1328 --- lib/Xm/Xpmcreate.c 2005-02-14 15:20:49.348039308 +0100
1329 +++ lib/Xm/Xpmcreate.c 2005-02-14 14:36:37.104801803 +0100
1330 @@ -44,6 +44,8 @@
1331 #endif
1332
1333
1334 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1335 +
1336 #include "XpmI.h"
1337 #include <ctype.h>
1338
1339 @@ -565,7 +567,7 @@
1340 */
1341 } else {
1342 #endif
1343 - int i;
1344 + unsigned int i;
1345
1346 ncols = visual->map_entries;
1347 cols = (XColor *) XpmCalloc(ncols, sizeof(XColor));
1348 @@ -723,6 +725,7 @@
1349 /* function call in case of error, frees only locally allocated variables */
1350 #undef RETURN
1351 #define RETURN(status) \
1352 +do \
1353 { \
1354 if (ximage) XDestroyImage(ximage); \
1355 if (shapeimage) XDestroyImage(shapeimage); \
1356 @@ -733,7 +736,7 @@
1357 if (alloc_pixels) XpmFree(alloc_pixels); \
1358 if (used_pixels) XpmFree(used_pixels); \
1359 return (status); \
1360 -}
1361 +} while(0)
1362
1363 int
1364 XpmCreateImageFromXpmImage(display, image,
1365 @@ -804,7 +807,7 @@
1366
1367 ErrorStatus = XpmSuccess;
1368
1369 - if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
1370 + if (image->ncolors >= UINT_MAX / sizeof(Pixel))
1371 return (XpmNoMemory);
1372
1373 /* malloc pixels index tables */
1374 @@ -950,9 +953,13 @@
1375 return (XpmNoMemory);
1376
1377 #ifndef FOR_MSW
1378 - if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
1379 - return XpmNoMemory;
1380 + if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
1381 + XDestroyImage(*image_return);
1382 + return XpmNoMemory;
1383 + }
1384 /* now that bytes_per_line must have been set properly alloc data */
1385 + if((*image_return)->bytes_per_line == 0 || height == 0)
1386 + return XpmNoMemory;
1387 (*image_return)->data =
1388 (char *) XpmMalloc((*image_return)->bytes_per_line * height);
1389
1390 @@ -980,7 +987,7 @@
1391 LFUNC(_putbits, void, (register char *src, int dstoffset,
1392 register int numbits, register char *dst));
1393
1394 -LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register int nb));
1395 +LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register unsigned int nb));
1396
1397 static unsigned char Const _reverse_byte[0x100] = {
1398 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
1399 @@ -1020,12 +1027,12 @@
1400 static int
1401 _XReverse_Bytes(bpt, nb)
1402 register unsigned char *bpt;
1403 - register int nb;
1404 + register unsigned int nb;
1405 {
1406 do {
1407 *bpt = _reverse_byte[*bpt];
1408 bpt++;
1409 - } while (--nb > 0);
1410 + } while (--nb > 0); /* is nb user-controled? */
1411 return 0;
1412 }
1413
1414 @@ -1164,7 +1171,7 @@
1415 register char *src;
1416 register char *dst;
1417 register unsigned int *iptr;
1418 - register int x, y, i;
1419 + register unsigned int x, y, i;
1420 register char *data;
1421 Pixel pixel, px;
1422 int nbytes, depth, ibu, ibpp;
1423 @@ -1174,8 +1181,8 @@
1424 depth = image->depth;
1425 if (depth == 1) {
1426 ibu = image->bitmap_unit;
1427 - for (y = 0; y < height; y++)
1428 - for (x = 0; x < width; x++, iptr++) {
1429 + for (y = 0; y < height; y++) /* how can we trust height */
1430 + for (x = 0; x < width; x++, iptr++) { /* how can we trust width */
1431 pixel = pixels[*iptr];
1432 for (i = 0, px = pixel; i < sizeof(unsigned long);
1433 i++, px >>= 8)
1434 @@ -1250,12 +1257,12 @@
1435 {
1436 unsigned char *data;
1437 unsigned int *iptr;
1438 - int y;
1439 + unsigned int y;
1440 Pixel pixel;
1441
1442 #ifdef WITHOUT_SPEEDUPS
1443
1444 - int x;
1445 + unsigned int x;
1446 unsigned char *addr;
1447
1448 data = (unsigned char *) image->data;
1449 @@ -1292,7 +1299,7 @@
1450
1451 #else /* WITHOUT_SPEEDUPS */
1452
1453 - int bpl = image->bytes_per_line;
1454 + unsigned int bpl = image->bytes_per_line;
1455 unsigned char *data_ptr, *max_data;
1456
1457 data = (unsigned char *) image->data;
1458 @@ -1360,11 +1367,11 @@
1459 {
1460 unsigned char *data;
1461 unsigned int *iptr;
1462 - int y;
1463 + unsigned int y;
1464
1465 #ifdef WITHOUT_SPEEDUPS
1466
1467 - int x;
1468 + unsigned int x;
1469 unsigned char *addr;
1470
1471 data = (unsigned char *) image->data;
1472 @@ -1388,7 +1395,7 @@
1473
1474 Pixel pixel;
1475
1476 - int bpl = image->bytes_per_line;
1477 + unsigned int bpl = image->bytes_per_line;
1478 unsigned char *data_ptr, *max_data;
1479
1480 data = (unsigned char *) image->data;
1481 @@ -1441,11 +1448,11 @@
1482 {
1483 char *data;
1484 unsigned int *iptr;
1485 - int y;
1486 + unsigned int y;
1487
1488 #ifdef WITHOUT_SPEEDUPS
1489
1490 - int x;
1491 + unsigned int x;
1492
1493 data = image->data;
1494 iptr = pixelindex;
1495 @@ -1455,7 +1462,7 @@
1496
1497 #else /* WITHOUT_SPEEDUPS */
1498
1499 - int bpl = image->bytes_per_line;
1500 + unsigned int bpl = image->bytes_per_line;
1501 char *data_ptr, *max_data;
1502
1503 data = image->data;
1504 @@ -1490,12 +1497,12 @@
1505 PutImagePixels(image, width, height, pixelindex, pixels);
1506 else {
1507 unsigned int *iptr;
1508 - int y;
1509 + unsigned int y;
1510 char *data;
1511
1512 #ifdef WITHOUT_SPEEDUPS
1513
1514 - int x;
1515 + unsigned int x;
1516
1517 data = image->data;
1518 iptr = pixelindex;
1519 @@ -1673,6 +1680,9 @@
1520 Pixel px;
1521 int nbytes;
1522
1523 + if(x < 0 || y < 0)
1524 + return 0;
1525 +
1526 for (i=0, px=pixel; i<sizeof(unsigned long); i++, px>>=8)
1527 ((unsigned char *)&pixel)[i] = px;
1528 src = &ximage->data[XYINDEX(x, y, ximage)];
1529 @@ -1704,7 +1714,10 @@
1530 register int i;
1531 register char *data;
1532 Pixel px;
1533 - int nbytes, ibpp;
1534 + unsigned int nbytes, ibpp;
1535 +
1536 + if(x < 0 || y < 0)
1537 + return 0;
1538
1539 ibpp = ximage->bits_per_pixel;
1540 if (ximage->depth == 4)
1541 @@ -1737,6 +1750,9 @@
1542 {
1543 unsigned char *addr;
1544
1545 + if(x < 0 || y < 0)
1546 + return 0;
1547 +
1548 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1549 *((unsigned long *)addr) = pixel;
1550 return 1;
1551 @@ -1751,6 +1767,9 @@
1552 {
1553 unsigned char *addr;
1554
1555 + if(x < 0 || y < 0)
1556 + return 0;
1557 +
1558 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1559 addr[0] = pixel >> 24;
1560 addr[1] = pixel >> 16;
1561 @@ -1768,6 +1787,9 @@
1562 {
1563 unsigned char *addr;
1564
1565 + if(x < 0 || y < 0)
1566 + return 0;
1567 +
1568 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1569 addr[3] = pixel >> 24;
1570 addr[2] = pixel >> 16;
1571 @@ -1785,6 +1807,9 @@
1572 {
1573 unsigned char *addr;
1574
1575 + if(x < 0 || y < 0)
1576 + return 0;
1577 +
1578 addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)];
1579 addr[0] = pixel >> 8;
1580 addr[1] = pixel;
1581 @@ -1800,6 +1825,9 @@
1582 {
1583 unsigned char *addr;
1584
1585 + if(x < 0 || y < 0)
1586 + return 0;
1587 +
1588 addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)];
1589 addr[1] = pixel >> 8;
1590 addr[0] = pixel;
1591 @@ -1813,6 +1841,9 @@
1592 int y;
1593 unsigned long pixel;
1594 {
1595 + if(x < 0 || y < 0)
1596 + return 0;
1597 +
1598 ximage->data[ZINDEX8(x, y, ximage)] = pixel;
1599 return 1;
1600 }
1601 @@ -1824,6 +1855,9 @@
1602 int y;
1603 unsigned long pixel;
1604 {
1605 + if(x < 0 || y < 0)
1606 + return 0;
1607 +
1608 if (pixel & 1)
1609 ximage->data[ZINDEX1(x, y, ximage)] |= 0x80 >> (x & 7);
1610 else
1611 @@ -1838,6 +1872,9 @@
1612 int y;
1613 unsigned long pixel;
1614 {
1615 + if(x < 0 || y < 0)
1616 + return 0;
1617 +
1618 if (pixel & 1)
1619 ximage->data[ZINDEX1(x, y, ximage)] |= 1 << (x & 7);
1620 else
1621 @@ -1850,6 +1887,7 @@
1622 /* function call in case of error, frees only locally allocated variables */
1623 #undef RETURN
1624 #define RETURN(status) \
1625 +do \
1626 { \
1627 if (USE_HASHTABLE) xpmHashTableFree(&hashtable); \
1628 if (colorTable) xpmFreeColorTable(colorTable, ncolors); \
1629 @@ -1865,7 +1903,7 @@
1630 if (alloc_pixels) XpmFree(alloc_pixels); \
1631 if (used_pixels) XpmFree(used_pixels); \
1632 return(status); \
1633 -}
1634 +} while(0)
1635
1636 /*
1637 * This function parses an Xpm file or data and directly create an XImage
1638 @@ -1997,7 +2035,7 @@
1639 xpmGetCmt(data, &colors_cmt);
1640
1641 /* malloc pixels index tables */
1642 - if (ncolors >= SIZE_MAX / sizeof(Pixel))
1643 + if (ncolors >= UINT_MAX / sizeof(Pixel))
1644 return XpmNoMemory;
1645
1646 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
1647 @@ -2109,7 +2147,7 @@
1648 * free the hastable
1649 */
1650 if (ErrorStatus != XpmSuccess)
1651 - RETURN(ErrorStatus)
1652 + RETURN(ErrorStatus);
1653 else if (USE_HASHTABLE)
1654 xpmHashTableFree(&hashtable);
1655
1656 @@ -2258,11 +2296,11 @@
1657
1658 /* array of pointers malloced by need */
1659 unsigned short *cidx[256];
1660 - int char1;
1661 + unsigned int char1;
1662
1663 bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
1664 for (a = 0; a < ncolors; a++) {
1665 - char1 = colorTable[a].string[0];
1666 + char1 = (unsigned char) colorTable[a].string[0];
1667 if (cidx[char1] == NULL) { /* get new memory */
1668 cidx[char1] = (unsigned short *)
1669 XpmCalloc(256, sizeof(unsigned short));
1670 @@ -2280,7 +2318,7 @@
1671 int cc1 = xpmGetC(data);
1672 if (cc1 > 0 && cc1 < 256) {
1673 int cc2 = xpmGetC(data);
1674 - if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) {
1675 + if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) {
1676 #ifndef FOR_MSW
1677 XPutPixel(image, x, y,
1678 image_pixels[cidx[cc1][cc2] - 1]);
1679 diff -Nur lib/Xm/Xpmdata.c lib/Xm/Xpmdata.c
1680 --- lib/Xm/Xpmdata.c 2005-02-14 15:20:49.343040299 +0100
1681 +++ lib/Xm/Xpmdata.c 2005-02-14 14:38:22.161975990 +0100
1682 @@ -33,6 +33,8 @@
1683 * Developed by Arnaud Le Hors *
1684 \*****************************************************************************/
1685
1686 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1687 +
1688 /* Official version number */
1689 static char *RCS_Version = "$XpmVersion: 3.4i $";
1690
1691 @@ -279,7 +281,7 @@
1692 }
1693 ungetc(c, file);
1694 }
1695 - return (n);
1696 + return (n); /* this returns bytes read + 1 */
1697 }
1698
1699 /*
1700 @@ -376,8 +378,9 @@
1701 {
1702 if (!mdata->type)
1703 *cmt = NULL;
1704 - else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
1705 - *cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
1706 + else if (mdata->CommentLength != 0 && mdata->CommentLength < UINT_MAX - 1) {
1707 + if( (*cmt = (char *) XpmMalloc(mdata->CommentLength + 1)) == NULL)
1708 + return XpmNoMemory;
1709 strncpy(*cmt, mdata->Comment, mdata->CommentLength);
1710 (*cmt)[mdata->CommentLength] = '\0';
1711 mdata->CommentLength = 0;
1712 @@ -405,7 +408,7 @@
1713 xpmParseHeader(mdata)
1714 xpmData *mdata;
1715 {
1716 - char buf[BUFSIZ];
1717 + char buf[BUFSIZ+1] = {0};
1718 int l, n = 0;
1719
1720 if (mdata->type) {
1721 diff -Nur lib/Xm/Xpmhashtab.c lib/Xm/Xpmhashtab.c
1722 --- lib/Xm/Xpmhashtab.c 2005-02-14 15:20:49.342040497 +0100
1723 +++ lib/Xm/Xpmhashtab.c 2005-02-14 14:39:44.386676330 +0100
1724 @@ -144,13 +144,13 @@
1725 unsigned int size = table->size;
1726 xpmHashAtom *t, *p;
1727 int i;
1728 - int oldSize = size;
1729 + unsigned int oldSize = size;
1730
1731 t = atomTable;
1732 HASH_TABLE_GROWS
1733 table->size = size;
1734 table->limit = size / 3;
1735 - if (size >= SIZE_MAX / sizeof(*atomTable))
1736 + if (size >= UINT_MAX / sizeof(*atomTable))
1737 return (XpmNoMemory);
1738 atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
1739 if (!atomTable)
1740 @@ -212,7 +212,7 @@
1741 table->size = INITIAL_HASH_SIZE;
1742 table->limit = table->size / 3;
1743 table->used = 0;
1744 - if (table->size >= SIZE_MAX / sizeof(*atomTable))
1745 + if (table->size >= UINT_MAX / sizeof(*atomTable))
1746 return (XpmNoMemory);
1747 atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
1748 if (!atomTable)
1749 --- lib/Xm/XpmI.h 2005-02-14 15:20:49.344040101 +0100
1750 +++ lib/Xm/XpmI.h 2005-02-14 14:24:12.903327195 +0100
1751 @@ -108,8 +109,10 @@
1752 * lets try to solve include files
1753 */
1754
1755 +#include <sys/types.h>
1756 #include <stdio.h>
1757 #include <stdlib.h>
1758 +#include <limits.h>
1759 /* stdio.h doesn't declare popen on a Sequent DYNIX OS */
1760 #ifdef sequent
1761 extern FILE *popen();
1762 diff -Nur lib/Xm/Xpmmisc.c lib/Xm/Xpmmisc.c
1763 --- lib/Xm/Xpmmisc.c 2002-01-10 21:57:09.000000000 +0100
1764 +++ lib/Xm/Xpmmisc.c 2005-02-14 14:24:12.907326402 +0100
1765 @@ -52,7 +52,7 @@
1766 char *s1;
1767 {
1768 char *s2;
1769 - int l = strlen(s1) + 1;
1770 + size_t l = strlen(s1) + 1;
1771
1772 if (s2 = (char *) XpmMalloc(l))
1773 strcpy(s2, s1);
1774 diff -Nur lib/Xm/Xpmparse.c lib/Xm/Xpmparse.c
1775 --- lib/Xm/Xpmparse.c 2005-02-14 15:20:49.349039110 +0100
1776 +++ lib/Xm/Xpmparse.c 2005-02-14 14:46:55.361242890 +0100
1777 @@ -49,21 +49,21 @@
1778 #include <string.h>
1779
1780 #ifdef HAS_STRLCAT
1781 -# define STRLCAT(dst, src, dstsize) { \
1782 +# define STRLCAT(dst, src, dstsize) do { \
1783 if (strlcat(dst, src, dstsize) >= (dstsize)) \
1784 - return (XpmFileInvalid); }
1785 -# define STRLCPY(dst, src, dstsize) { \
1786 + return (XpmFileInvalid); } while(0)
1787 +# define STRLCPY(dst, src, dstsize) do { \
1788 if (strlcpy(dst, src, dstsize) >= (dstsize)) \
1789 - return (XpmFileInvalid); }
1790 + return (XpmFileInvalid); } while(0)
1791 #else
1792 -# define STRLCAT(dst, src, dstsize) { \
1793 +# define STRLCAT(dst, src, dstsize) do { \
1794 if ((strlen(dst) + strlen(src)) < (dstsize)) \
1795 strcat(dst, src); \
1796 - else return (XpmFileInvalid); }
1797 -# define STRLCPY(dst, src, dstsize) { \
1798 + else return (XpmFileInvalid); } while(0)
1799 +# define STRLCPY(dst, src, dstsize) do { \
1800 if (strlen(src) < (dstsize)) \
1801 strcpy(dst, src); \
1802 - else return (XpmFileInvalid); }
1803 + else return (XpmFileInvalid); } while(0)
1804 #endif
1805
1806 LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
1807 @@ -83,6 +83,7 @@
1808 /* function call in case of error, frees only locally allocated variables */
1809 #undef RETURN
1810 #define RETURN(status) \
1811 +do \
1812 { \
1813 if (colorTable) xpmFreeColorTable(colorTable, ncolors); \
1814 if (pixelindex) XpmFree(pixelindex); \
1815 @@ -90,7 +91,7 @@
1816 if (colors_cmt) XpmFree(colors_cmt); \
1817 if (pixels_cmt) XpmFree(pixels_cmt); \
1818 return(status); \
1819 -}
1820 +} while(0)
1821
1822 /*
1823 * This function parses an Xpm file or data and store the found informations
1824 @@ -354,7 +355,7 @@
1825 char **defaults;
1826 int ErrorStatus;
1827
1828 - if (ncolors >= SIZE_MAX / sizeof(XpmColor))
1829 + if (ncolors >= UINT_MAX / sizeof(XpmColor))
1830 return (XpmNoMemory);
1831 colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
1832 if (!colorTable)
1833 @@ -367,7 +368,7 @@
1834 /*
1835 * read pixel value
1836 */
1837 - if (cpp >= SIZE_MAX - 1) {
1838 + if (cpp >= UINT_MAX - 1) {
1839 xpmFreeColorTable(colorTable, ncolors);
1840 return (XpmNoMemory);
1841 }
1842 @@ -436,7 +437,7 @@
1843 xpmFreeColorTable(colorTable, ncolors);
1844 return (XpmFileInvalid);
1845 }
1846 - len = strlen(curbuf) + 1;
1847 + len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */
1848 s = defaults[curkey] = (char *) XpmMalloc(len);
1849 if (!s) {
1850 xpmFreeColorTable(colorTable, ncolors);
1851 @@ -455,7 +456,7 @@
1852 /*
1853 * read pixel value
1854 */
1855 - if (cpp >= SIZE_MAX - 1) {
1856 + if (cpp >= UINT_MAX - 1) {
1857 xpmFreeColorTable(colorTable, ncolors);
1858 return (XpmNoMemory);
1859 }
1860 @@ -500,7 +501,7 @@
1861 memcpy(s, curbuf, len);
1862 color->c_color = s;
1863 *curbuf = '\0'; /* reset curbuf */
1864 - if (a < ncolors - 1)
1865 + if (a < ncolors - 1) /* can we trust ncolors -> leave data's bounds */
1866 xpmNextString(data); /* get to the next string */
1867 }
1868 }
1869 @@ -519,11 +520,11 @@
1870 xpmHashTable *hashtable;
1871 unsigned int **pixels;
1872 {
1873 - unsigned int *iptr, *iptr2;
1874 + unsigned int *iptr, *iptr2 = NULL;
1875 unsigned int a, x, y;
1876
1877 - if ((height > 0 && width >= SIZE_MAX / height) ||
1878 - width * height >= SIZE_MAX / sizeof(unsigned int))
1879 + if ((height > 0 && width >= UINT_MAX / height) ||
1880 + width * height >= UINT_MAX / sizeof(unsigned int))
1881 return XpmNoMemory;
1882 #ifndef FOR_MSW
1883 iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
1884 @@ -548,8 +549,10 @@
1885 {
1886 unsigned short colidx[256];
1887
1888 - if (ncolors > 256)
1889 + if (ncolors > 256) {
1890 return (XpmFileInvalid);
1891 + XpmFree(iptr2); /* found by Egbert Eich */
1892 + }
1893
1894 bzero((char *)colidx, 256 * sizeof(short));
1895 for (a = 0; a < ncolors; a++)
1896 @@ -576,16 +579,20 @@
1897 {
1898
1899 /* free all allocated pointers at all exits */
1900 -#define FREE_CIDX {int f; for (f = 0; f < 256; f++) \
1901 -if (cidx[f]) XpmFree(cidx[f]);}
1902 +#define FREE_CIDX \
1903 +do \
1904 +{ \
1905 + int f; for (f = 0; f < 256; f++) \
1906 + if (cidx[f]) XpmFree(cidx[f]); \
1907 +} while(0)
1908
1909 /* array of pointers malloced by need */
1910 unsigned short *cidx[256];
1911 - int char1;
1912 + unsigned int char1;
1913
1914 bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
1915 for (a = 0; a < ncolors; a++) {
1916 - char1 = colorTable[a].string[0];
1917 + char1 = (unsigned char) colorTable[a].string[0];
1918 if (cidx[char1] == NULL) { /* get new memory */
1919 cidx[char1] = (unsigned short *)
1920 XpmCalloc(256, sizeof(unsigned short));
1921 @@ -604,7 +611,7 @@
1922 int cc1 = xpmGetC(data);
1923 if (cc1 > 0 && cc1 < 256) {
1924 int cc2 = xpmGetC(data);
1925 - if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0)
1926 + if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0)
1927 *iptr = cidx[cc1][cc2] - 1;
1928 else {
1929 FREE_CIDX;
1930 @@ -628,8 +635,10 @@
1931 char *s;
1932 char buf[BUFSIZ];
1933
1934 - if (cpp >= sizeof(buf))
1935 + if (cpp >= sizeof(buf)) {
1936 return (XpmFileInvalid);
1937 + XpmFree(iptr2); /* found by Egbert Eich */
1938 + }
1939
1940 buf[cpp] = '\0';
1941 if (USE_HASHTABLE) {
1942 @@ -639,7 +648,7 @@
1943 xpmNextString(data);
1944 for (x = 0; x < width; x++, iptr++) {
1945 for (a = 0, s = buf; a < cpp; a++, s++)
1946 - *s = xpmGetC(data);
1947 + *s = xpmGetC(data); /* int assigned to char, not a problem here */
1948 slot = xpmHashSlot(hashtable, buf);
1949 if (!*slot) { /* no color matches */
1950 XpmFree(iptr2);
1951 @@ -653,7 +662,7 @@
1952 xpmNextString(data);
1953 for (x = 0; x < width; x++, iptr++) {
1954 for (a = 0, s = buf; a < cpp; a++, s++)
1955 - *s = xpmGetC(data);
1956 + *s = xpmGetC(data); /* int assigned to char, not a problem here */
1957 for (a = 0; a < ncolors; a++)
1958 if (!strcmp(colorTable[a].string, buf))
1959 break;
1960 @@ -708,7 +717,7 @@
1961 while (!notstart && notend) {
1962 /* there starts an extension */
1963 ext = (XpmExtension *)
1964 - XpmRealloc(exts, (num + 1) * sizeof(XpmExtension));
1965 + XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); /* can the loop be forced to iterate often enough to make "(num + 1) * sizeof(XpmExtension)" wrapping? */
1966 if (!ext) {
1967 XpmFree(string);
1968 XpmFreeExtensions(exts, num);
1969 @@ -745,7 +754,7 @@
1970 while ((notstart = strncmp("XPMEXT", string, 6))
1971 && (notend = strncmp("XPMENDEXT", string, 9))) {
1972 sp = (char **)
1973 - XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *));
1974 + XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); /* can we iterate enough for a wrapping? */
1975 if (!sp) {
1976 XpmFree(string);
1977 ext->nlines = nlines;
1978 diff -Nur lib/Xm/XpmRdFToBuf.c lib/Xm/XpmRdFToBuf.c
1979 --- lib/Xm/XpmRdFToBuf.c 2002-01-10 21:57:08.000000000 +0100
1980 +++ lib/Xm/XpmRdFToBuf.c 2005-02-14 14:24:12.904326997 +0100
1981 @@ -43,6 +43,8 @@
1982 #endif
1983
1984
1985 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
1986 +
1987 #include "XpmI.h"
1988 #include <sys/stat.h>
1989 #if !defined(FOR_MSW) && !defined(WIN32)
1990 @@ -64,7 +66,8 @@
1991 char *filename;
1992 char **buffer_return;
1993 {
1994 - int fd, fcheck, len;
1995 + int fd, fcheck;
1996 + off_t len;
1997 char *ptr;
1998 struct stat stats;
1999 FILE *fp;
2000 @@ -88,7 +91,7 @@
2001 close(fd);
2002 return XpmOpenFailed;
2003 }
2004 - len = (int) stats.st_size;
2005 + len = stats.st_size;
2006 ptr = (char *) XpmMalloc(len + 1);
2007 if (!ptr) {
2008 fclose(fp);
2009 diff -Nur lib/Xm/XpmRdFToI.c lib/Xm/XpmRdFToI.c
2010 --- lib/Xm/XpmRdFToI.c 2002-01-10 21:57:08.000000000 +0100
2011 +++ lib/Xm/XpmRdFToI.c 2005-02-14 14:24:12.861335519 +0100
2012 @@ -38,6 +38,8 @@
2013 #endif
2014
2015
2016 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2017 +
2018 #include "XpmI.h"
2019 #include <sys/stat.h>
2020 #include <sys/param.h>
2021 @@ -127,6 +129,12 @@
2022 /*
2023 * open the given file to be read as an xpmData which is returned.
2024 */
2025 +#ifndef NO_ZPIPE
2026 + FILE *Xpms_popen(char *cmd, const char *type);
2027 +#else
2028 +# define Xpms_popen popen
2029 +#endif
2030 +
2031 static int
2032 OpenReadFile(filename, mdata)
2033 char *filename;
2034 @@ -144,17 +152,21 @@
2035 mdata->type = XPMFILE;
2036 } else {
2037 #ifndef NO_ZPIPE
2038 - int len = strlen(filename);
2039 + size_t len = strlen(filename);
2040 +
2041 + if(len == 0 ||
2042 + filename[len-1] == '/')
2043 + return(XpmOpenFailed);
2044 if ((len > 2) && !strcmp(".Z", filename + (len - 2))) {
2045 mdata->type = XPMPIPE;
2046 - sprintf(buf, "uncompress -c \"%s\"", filename);
2047 - if (!(mdata->stream.file = popen(buf, "r")))
2048 + snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename);
2049 + if (!(mdata->stream.file = Xpms_popen(buf, "r")))
2050 return (XpmOpenFailed);
2051
2052 } else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) {
2053 mdata->type = XPMPIPE;
2054 - sprintf(buf, "gunzip -qc \"%s\"", filename);
2055 - if (!(mdata->stream.file = popen(buf, "r")))
2056 + snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename);
2057 + if (!(mdata->stream.file = Xpms_popen(buf, "r")))
2058 return (XpmOpenFailed);
2059
2060 } else {
2061 @@ -162,19 +174,19 @@
2062 if (!(compressfile = (char *) XpmMalloc(len + 4)))
2063 return (XpmNoMemory);
2064
2065 - sprintf(compressfile, "%s.Z", filename);
2066 + snprintf(compressfile, len+4, "%s.Z", filename);
2067 if (!stat(compressfile, &status)) {
2068 - sprintf(buf, "uncompress -c \"%s\"", compressfile);
2069 - if (!(mdata->stream.file = popen(buf, "r"))) {
2070 + snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile);
2071 + if (!(mdata->stream.file = Xpms_popen(buf, "r"))) {
2072 XpmFree(compressfile);
2073 return (XpmOpenFailed);
2074 }
2075 mdata->type = XPMPIPE;
2076 } else {
2077 - sprintf(compressfile, "%s.gz", filename);
2078 + snprintf(compressfile, len+4, "%s.gz", filename);
2079 if (!stat(compressfile, &status)) {
2080 - sprintf(buf, "gunzip -c \"%s\"", compressfile);
2081 - if (!(mdata->stream.file = popen(buf, "r"))) {
2082 + snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile);
2083 + if (!(mdata->stream.file = Xpms_popen(buf, "r"))) {
2084 XpmFree(compressfile);
2085 return (XpmOpenFailed);
2086 }
2087 @@ -216,7 +228,7 @@
2088 break;
2089 #ifndef NO_ZPIPE
2090 case XPMPIPE:
2091 - pclose(mdata->stream.file);
2092 + fclose(mdata->stream.file);
2093 break;
2094 #endif
2095 }
2096 diff -Nur lib/Xm/Xpmscan.c lib/Xm/Xpmscan.c
2097 --- lib/Xm/Xpmscan.c 2005-02-14 15:20:49.345039902 +0100
2098 +++ lib/Xm/Xpmscan.c 2005-02-14 14:48:52.388044300 +0100
2099 @@ -43,12 +43,14 @@
2100 #endif
2101
2102
2103 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2104 +
2105 #include "XpmI.h"
2106
2107 #define MAXPRINTABLE 92 /* number of printable ascii chars
2108 * minus \ and " for string compat
2109 * and ? to avoid ANSI trigraphs. */
2110 -
2111 + /* " */
2112 static char *printable =
2113 " .XoO+@#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZ\
2114 ASDFGHJKLPIUYTREWQ!~^/()_`'][{}|";
2115 @@ -163,12 +165,13 @@
2116 /* function call in case of error, frees only locally allocated variables */
2117 #undef RETURN
2118 #define RETURN(status) \
2119 +do \
2120 { \
2121 if (pmap.pixelindex) XpmFree(pmap.pixelindex); \
2122 if (pmap.pixels) XpmFree(pmap.pixels); \
2123 if (colorTable) xpmFreeColorTable(colorTable, pmap.ncolors); \
2124 return(status); \
2125 -}
2126 +} while(0)
2127
2128 /*
2129 * This function scans the given image and stores the found informations in
2130 @@ -226,15 +229,15 @@
2131 else
2132 cpp = 0;
2133
2134 - if ((height > 0 && width >= SIZE_MAX / height) ||
2135 - width * height >= SIZE_MAX / sizeof(unsigned int))
2136 + if ((height > 0 && width >= UINT_MAX / height) ||
2137 + width * height >= UINT_MAX / sizeof(unsigned int))
2138 RETURN(XpmNoMemory);
2139 pmap.pixelindex =
2140 (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
2141 if (!pmap.pixelindex)
2142 RETURN(XpmNoMemory);
2143
2144 - if (pmap.size >= SIZE_MAX / sizeof(Pixel))
2145 + if (pmap.size >= UINT_MAX / sizeof(Pixel))
2146 RETURN(XpmNoMemory);
2147
2148 pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
2149 @@ -292,7 +295,7 @@
2150 * color
2151 */
2152
2153 - if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
2154 + if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor))
2155 RETURN(XpmNoMemory);
2156 colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
2157 if (!colorTable)
2158 @@ -341,7 +344,7 @@
2159
2160 /* first get a character string */
2161 a = 0;
2162 - if (cpp >= SIZE_MAX - 1)
2163 + if (cpp >= UINT_MAX - 1)
2164 return (XpmNoMemory);
2165 if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
2166 return (XpmNoMemory);
2167 @@ -434,7 +437,7 @@
2168 }
2169
2170 /* first get character strings and rgb values */
2171 - if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
2172 + if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1)
2173 return (XpmNoMemory);
2174 xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
2175 if (!xcolors)
2176 @@ -591,7 +594,7 @@
2177 char *dst;
2178 unsigned int *iptr;
2179 char *data;
2180 - int x, y, i;
2181 + unsigned int x, y, i;
2182 int bits, depth, ibu, ibpp, offset;
2183 unsigned long lbt;
2184 Pixel pixel, px;
2185 @@ -693,7 +696,7 @@
2186 unsigned char *addr;
2187 unsigned char *data;
2188 unsigned int *iptr;
2189 - int x, y;
2190 + unsigned int x, y;
2191 unsigned long lbt;
2192 Pixel pixel;
2193 int depth;
2194 @@ -758,7 +761,7 @@
2195 unsigned char *addr;
2196 unsigned char *data;
2197 unsigned int *iptr;
2198 - int x, y;
2199 + unsigned int x, y;
2200 unsigned long lbt;
2201 Pixel pixel;
2202 int depth;
2203 @@ -803,7 +806,7 @@
2204 {
2205 unsigned int *iptr;
2206 unsigned char *data;
2207 - int x, y;
2208 + unsigned int x, y;
2209 unsigned long lbt;
2210 Pixel pixel;
2211 int depth;
2212 @@ -836,7 +839,7 @@
2213 int (*storeFunc) ();
2214 {
2215 unsigned int *iptr;
2216 - int x, y;
2217 + unsigned int x, y;
2218 char *data;
2219 Pixel pixel;
2220 int xoff, yoff, offset, bpl;
2221 diff -Nur lib/Xm/XpmWrFFrBuf.c lib/Xm/XpmWrFFrBuf.c
2222 --- lib/Xm/XpmWrFFrBuf.c 2002-01-10 21:57:08.000000000 +0100
2223 +++ lib/Xm/XpmWrFFrBuf.c 2005-02-14 14:24:12.906326601 +0100
2224 @@ -38,6 +38,8 @@
2225 #endif
2226
2227
2228 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2229 +
2230 #include "XpmI.h"
2231
2232 int
2233 @@ -55,7 +57,7 @@
2234 fcheck = fwrite(buffer, len, 1, fp);
2235 fclose(fp);
2236 if (fcheck != 1)
2237 - return XpmOpenFailed;
2238 + return XpmOpenFailed; /* maybe use a better return value */
2239
2240 return XpmSuccess;
2241 }
2242 diff -Nur lib/Xm/XpmWrFFrI.c lib/Xm/XpmWrFFrI.c
2243 --- lib/Xm/XpmWrFFrI.c 2005-02-14 15:20:49.343040299 +0100
2244 +++ lib/Xm/XpmWrFFrI.c 2005-02-14 14:50:25.766533589 +0100
2245 @@ -38,6 +38,8 @@
2246 #endif
2247
2248
2249 +/* October 2004, source code review by Thomas Biege <thomas@××××.de> */
2250 +
2251 #include "XpmI.h"
2252 #if !defined(NO_ZPIPE) && defined(WIN32)
2253 # define popen _popen
2254 @@ -98,7 +100,7 @@
2255 XpmInfo *info;
2256 {
2257 xpmData mdata;
2258 - char *name, *dot, *s, new_name[BUFSIZ];
2259 + char *name, *dot, *s, new_name[BUFSIZ] = {0};
2260 int ErrorStatus;
2261
2262 /* open file to write */
2263 @@ -117,6 +119,8 @@
2264 #endif
2265 /* let's try to make a valid C syntax name */
2266 if ((dot = index(name, '.'))) {
2267 + strncpy(new_name, name, sizeof(new_name));
2268 + new_name[sizeof(new_name)-1] = 0;
2269 strcpy(new_name, name);
2270 /* change '.' to '_' */
2271 name = s = new_name;
2272 @@ -127,7 +131,8 @@
2273 }
2274 if ((dot = index(name, '-'))) {
2275 if (name != new_name) {
2276 - strcpy(new_name, name);
2277 + strncpy(new_name, name, sizeof(new_name));
2278 + new_name[sizeof(new_name)-1] = 0;
2279 name = new_name;
2280 }
2281 /* change '-' to '_' */
2282 @@ -244,7 +249,7 @@
2283 unsigned int x, y, h;
2284
2285 h = height - 1;
2286 - if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
2287 + if (cpp != 0 && width >= (UINT_MAX - 3)/cpp)
2288 return (XpmNoMemory);
2289 p = buf = (char *) XpmMalloc(width * cpp + 3);
2290 if (!buf)
2291 @@ -296,6 +301,11 @@
2292 /*
2293 * open the given file to be written as an xpmData which is returned
2294 */
2295 +#ifndef NO_ZPIPE
2296 + FILE *Xpms_popen(char *cmd, const char *type);
2297 +#else
2298 +# define Xpms_popen popen
2299 +#endif
2300 static int
2301 OpenWriteFile(filename, mdata)
2302 char *filename;
2303 @@ -311,16 +321,23 @@
2304 mdata->type = XPMFILE;
2305 } else {
2306 #ifndef NO_ZPIPE
2307 - int len = strlen(filename);
2308 + size_t len = strlen(filename);
2309 +
2310 + if(len == 0 ||
2311 + filename[0] == '/' ||
2312 + strstr(filename, "../") != NULL ||
2313 + filename[len-1] == '/')
2314 + return(XpmOpenFailed);
2315 +
2316 if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
2317 - sprintf(buf, "compress > \"%s\"", filename);
2318 - if (!(mdata->stream.file = popen(buf, "w")))
2319 + snprintf(buf, sizeof(buf), "compress > \"%s\"", filename);
2320 + if (!(mdata->stream.file = Xpms_popen(buf, "w")))
2321 return (XpmOpenFailed);
2322
2323 mdata->type = XPMPIPE;
2324 } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
2325 - sprintf(buf, "gzip -q > \"%s\"", filename);
2326 - if (!(mdata->stream.file = popen(buf, "w")))
2327 + snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename);
2328 + if (!(mdata->stream.file = Xpms_popen(buf, "w")))
2329 return (XpmOpenFailed);
2330
2331 mdata->type = XPMPIPE;
2332 @@ -351,7 +368,7 @@
2333 break;
2334 #ifndef NO_ZPIPE
2335 case XPMPIPE:
2336 - pclose(mdata->stream.file);
2337 + fclose(mdata->stream.file);
2338 break;
2339 #endif
2340 }
2341
2342
2343
2344 1.1 src/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch
2345
2346 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&view=markup
2347 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&content-type=text/plain
2348
2349 Index: 04_all_CAN-2004-0914_sec8.patch
2350 ===================================================================
2351 --- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0914_sec8 2004-11-29 15:04:10.105373839 +0100
2352 +++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-11-29 15:04:10.150367679 +0100
2353 @@ -322,10 +322,7 @@
2354 #ifndef NO_ZPIPE
2355 size_t len = strlen(filename);
2356
2357 - if(len == 0 ||
2358 - filename[0] == '/' ||
2359 - strstr(filename, "../") != NULL ||
2360 - filename[len-1] == '/')
2361 + if(len == 0)
2362 return(XpmOpenFailed);
2363
2364 if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
2365
2366
2367
2368 1.1 src/patchsets/motif/2.2.3/05_all_char_not_supported.patch
2369
2370 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/05_all_char_not_supported.patch?rev=1.1&view=markup
2371 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/05_all_char_not_supported.patch?rev=1.1&content-type=text/plain
2372
2373 Index: 05_all_char_not_supported.patch
2374 ===================================================================
2375 --- openMotif-2.2.3/lib/Xm/TextF.c.char_not_supported 2004-06-03 12:59:10.241822710 +0200
2376 +++ openMotif-2.2.3/lib/Xm/TextF.c 2004-06-03 13:02:18.987890852 +0200
2377 @@ -3723,20 +3723,17 @@
2378 cache_ptr = tmp = XmStackAlloc(buf_size, cache);
2379
2380 tmp_str = (wchar_t *)str;
2381 - ret_val = wctomb(tmp, *tmp_str);
2382 + // Fixed MZ BZ#1257: by Brad Despres <brad@××××××××.com>
2383 count = 0;
2384 - while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) )
2385 - {
2386 - count += 1;
2387 - tmp += ret_val;
2388 - buf_size -= ret_val;
2389 - tmp_str++;
2390 - ret_val = wctomb(tmp, *tmp_str);
2391 - }
2392 -
2393 + do {
2394 + ret_val = wctomb(tmp, *tmp_str);
2395 + count += 1;
2396 + tmp += ret_val;
2397 + buf_size -= ret_val;
2398 + tmp_str++;
2399 + } while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) ;
2400 if (ret_val == -1) /* bad character */
2401 return (False);
2402 -
2403 is_printable = XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr);
2404 XmStackFree(cache_ptr, cache);
2405 return (is_printable);
2406
2407
2408
2409 1.1 src/patchsets/motif/2.2.3/06_all_pixel_length.patch
2410
2411 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/06_all_pixel_length.patch?rev=1.1&view=markup
2412 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/06_all_pixel_length.patch?rev=1.1&content-type=text/plain
2413
2414 Index: 06_all_pixel_length.patch
2415 ===================================================================
2416 --- openMotif-2.2.3/lib/Xm/DataF.c.pixel_length 2004-06-03 15:11:52.932820812 +0200
2417 +++ openMotif-2.2.3/lib/Xm/DataF.c 2004-06-03 15:12:27.323091126 +0200
2418 @@ -8648,7 +8648,7 @@
2419 curr_str++;
2420 i++;
2421 } else {
2422 - wchar_t tmp;
2423 + wchar_t tmp[XmTextF_max_char_size(tf)+1];
2424 int num_conv;
2425 num_conv = mbtowc(&tmp, curr_str, XmTextF_max_char_size(tf));
2426 if (num_conv >= 0 && df_FindPixelLength(tf, (char*) &tmp, 1)) {
2427
2428
2429
2430 1.1 src/patchsets/motif/2.2.3/07_all_popup_timeout.patch
2431
2432 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/07_all_popup_timeout.patch?rev=1.1&view=markup
2433 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/07_all_popup_timeout.patch?rev=1.1&content-type=text/plain
2434
2435 Index: 07_all_popup_timeout.patch
2436 ===================================================================
2437 --- openMotif-2.2.3/lib/Xm/MenuUtil.c.popup_timeout 2002-01-31 15:49:35.000000000 +0100
2438 +++ openMotif-2.2.3/lib/Xm/MenuUtil.c 2004-06-08 17:14:46.311285603 +0200
2439 @@ -156,6 +156,9 @@
2440 cursor, time)) == GrabSuccess)
2441 break;
2442
2443 + if (status == GrabInvalidTime)
2444 + time = CurrentTime;
2445 +
2446 XmeMicroSleep(1000);
2447 }
2448 if (status != GrabSuccess)
2449
2450
2451
2452 1.1 src/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch
2453
2454 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&view=markup
2455 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&content-type=text/plain
2456
2457 Index: 08_all_XmResizeHashTable.patch
2458 ===================================================================
2459 --- lib/Xm/Hash.c
2460 +++ lib/Xm/Hash.c
2461 @@ -198,6 +198,8 @@
2462 } else {
2463 table -> buckets[index] = current;
2464 }
2465 + } else {
2466 + last = current;
2467 }
2468 current = next;
2469 }
2470
2471
2472
2473 1.1 src/patchsets/motif/2.2.3/09_all_utf8.patch
2474
2475 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/09_all_utf8.patch?rev=1.1&view=markup
2476 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/09_all_utf8.patch?rev=1.1&content-type=text/plain
2477
2478 Index: 09_all_utf8.patch
2479 ===================================================================
2480 --- openMotif-2.2.3/tools/wml/UilSymCSet.h.utf8 2004-03-04 17:41:48.000000000 +0100
2481 +++ openMotif-2.2.3/tools/wml/UilSymCSet.h 2004-03-17 12:54:23.000000000 +0100
2482 @@ -32,6 +32,7 @@
2483 "JISX0201.1976-0", /* jis_katakana */
2484 "KSC5601.1987-0", /* ksc_hangul */
2485 "KSC5601.1987-1", /* ksc_hangul_gr */
2486 + "UTF-8", /* utf-8 */
2487 };
2488 externaldef(uil_sym_glbl) char **charset_xmstring_names_table =
2489 charset_xmstring_names_table_vec;
2490 @@ -66,6 +67,7 @@
2491 XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */
2492 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */
2493 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */
2494 + XmSTRING_DIRECTION_L_TO_R, /* utf-8 */
2495 };
2496 externaldef(uil_sym_glbl) unsigned char *charset_writing_direction_table =
2497 charset_wrdirection_table_vec;
2498 @@ -100,6 +102,7 @@
2499 XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */
2500 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */
2501 XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */
2502 + XmSTRING_DIRECTION_L_TO_R, /* utf-8 */
2503 };
2504 externaldef(uil_sym_glbl) unsigned char *charset_parsing_direction_table =
2505 charset_parsdirection_table_vec;
2506 @@ -134,6 +137,7 @@
2507 sym_k_onebyte_charsize, /* jis_katakana */
2508 sym_k_twobyte_charsize, /* ksc_hangul */
2509 sym_k_twobyte_charsize, /* ksc_hangul_gr */
2510 + sym_k_onebyte_charsize, /* utf-8 */
2511 };
2512 externaldef(uil_sym_glbl) unsigned char *charset_character_size_table =
2513 charset_charsize_table_vec;
2514 @@ -215,6 +219,7 @@
2515 "KSC_HANGUL_GL", /* ksc_hangul */
2516 "KSC_HANGUL_GR", /* ksc_hangul_gr */
2517 "KSC5601.1987-1", /* ksc_hangul_gr */
2518 + "UTF-8", /* utf-8 */
2519 };
2520 externaldef(uil_sym_glbl) char **charset_lang_names_table =
2521 charset_lang_names_table_vec;
2522 @@ -295,10 +300,11 @@
2523 sym_k_ksc_hangul_charset,
2524 sym_k_ksc_hangul_gr_charset,
2525 sym_k_ksc_hangul_gr_charset,
2526 + sym_k_utf8_charset,
2527 };
2528 externaldef(uil_sym_glbl) unsigned short int *charset_lang_codes_table =
2529 charset_lang_codes_table_vec;
2530 /*
2531 * The number of entries in charset_lang_..._table tables
2532 */
2533 -externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 72;
2534 +externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 73;
2535 --- openMotif-2.2.3/tools/wml/UilSymGen.h.utf8 2004-03-04 17:41:48.000000000 +0100
2536 +++ openMotif-2.2.3/tools/wml/UilSymGen.h 2004-03-17 12:54:23.000000000 +0100
2537 @@ -1417,6 +1417,7 @@
2538 #define sym_k_jis_katakana_charset 21
2539 #define sym_k_ksc_hangul_charset 22
2540 #define sym_k_ksc_hangul_gr_charset 23
2541 +#define sym_k_utf8_charset 24
2542
2543 /* Define literals for automatic children */
2544
2545 --- openMotif-2.2.3/tools/wml/motif.wml.utf8 2003-10-08 23:07:47.000000000 +0200
2546 +++ openMotif-2.2.3/tools/wml/motif.wml 2004-03-17 12:56:09.000000000 +0100
2547 @@ -163,6 +163,9 @@
2548 ksc_hangul_gr
2549 { XmStringCharsetName = "KSC5601.1987-1";
2550 CharacterSize = TwoByte; };
2551 + utf8
2552 + { XmStringCharsetName = "UTF-8"; };
2553 +
2554 XmFONTLIST_DEFAULT_TAG
2555 { FontListElementTag = XmFONTLIST_DEFAULT_TAG; };
2556
2557
2558
2559
2560 1.1 src/patchsets/motif/2.2.3/10_all_no_demos.patch
2561
2562 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/10_all_no_demos.patch?rev=1.1&view=markup
2563 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/10_all_no_demos.patch?rev=1.1&content-type=text/plain
2564
2565 Index: 10_all_no_demos.patch
2566 ===================================================================
2567 --- openmotif/configure.in.no_demos 2003-09-19 18:40:33.000000000 +0200
2568 +++ openmotif/configure.in 2003-12-16 12:16:33.000000000 +0100
2569 @@ -259,88 +259,4 @@
2570 doc/man/man5/Makefile \
2571 tools/Makefile \
2572 tools/wml/Makefile \
2573 -demos/Makefile \
2574 -demos/lib/Makefile \
2575 -demos/lib/Xmd/Makefile \
2576 -demos/lib/Wsm/Makefile \
2577 -demos/lib/Exm/Makefile \
2578 -demos/lib/Exm/wml/Makefile \
2579 -demos/programs/Makefile \
2580 -demos/programs/Exm/Makefile \
2581 -demos/programs/Exm/app_in_c/Makefile \
2582 -demos/programs/Exm/app_in_uil/Makefile \
2583 -demos/programs/Exm/simple_app/Makefile \
2584 -demos/programs/airport/Makefile \
2585 -demos/programs/animate/Makefile \
2586 -demos/programs/drag_and_drop/Makefile \
2587 -demos/programs/draw/Makefile \
2588 -demos/programs/earth/Makefile \
2589 -demos/programs/filemanager/Makefile \
2590 -demos/programs/fileview/Makefile \
2591 -demos/programs/getsubres/Makefile \
2592 -demos/programs/hellomotif/Makefile \
2593 -demos/programs/hellomotifi18n/Makefile \
2594 -demos/programs/hellomotifi18n/C/Makefile \
2595 -demos/programs/hellomotifi18n/C/uid/Makefile \
2596 -demos/programs/hellomotifi18n/english/Makefile \
2597 -demos/programs/hellomotifi18n/english/uid/Makefile \
2598 -demos/programs/hellomotifi18n/french/Makefile \
2599 -demos/programs/hellomotifi18n/french/uid/Makefile \
2600 -demos/programs/hellomotifi18n/hebrew/Makefile \
2601 -demos/programs/hellomotifi18n/hebrew/uid/Makefile \
2602 -demos/programs/hellomotifi18n/japan/Makefile \
2603 -demos/programs/hellomotifi18n/japan/uid/Makefile \
2604 -demos/programs/hellomotifi18n/japanese/Makefile \
2605 -demos/programs/hellomotifi18n/japanese/uid/Makefile \
2606 -demos/programs/hellomotifi18n/swedish/Makefile \
2607 -demos/programs/hellomotifi18n/swedish/uid/Makefile \
2608 -demos/programs/i18ninput/Makefile \
2609 -demos/programs/panner/Makefile \
2610 -demos/programs/periodic/Makefile \
2611 -demos/programs/piano/Makefile \
2612 -demos/programs/popups/Makefile \
2613 -demos/programs/sampler2_0/Makefile \
2614 -demos/programs/setdate/Makefile \
2615 -demos/programs/todo/Makefile \
2616 -demos/programs/workspace/Makefile \
2617 -demos/programs/tooltips/Makefile \
2618 -demos/programs/FontSel/Makefile \
2619 -demos/programs/ButtonBox/Makefile \
2620 -demos/programs/ColorSel/Makefile \
2621 -demos/programs/Column/Makefile \
2622 -demos/programs/DropDown/Makefile \
2623 -demos/programs/MultiList/Makefile \
2624 -demos/programs/MultiList/pixmaps/Makefile \
2625 -demos/programs/IconB/Makefile \
2626 -demos/programs/Outline/Makefile \
2627 -demos/programs/Paned/Makefile \
2628 -demos/programs/TabStack/Makefile \
2629 -demos/programs/Tree/Makefile \
2630 -demos/programs/pixmaps/Makefile \
2631 -demos/unsupported/Makefile \
2632 -demos/unsupported/Exm/Makefile \
2633 -demos/unsupported/aicon/Makefile \
2634 -demos/unsupported/dainput/Makefile \
2635 -demos/unsupported/dogs/Makefile \
2636 -demos/unsupported/hellomotif/Makefile \
2637 -demos/unsupported/motifshell/Makefile \
2638 -demos/unsupported/uilsymdump/Makefile \
2639 -demos/unsupported/xmapdef/Makefile \
2640 -demos/unsupported/xmfonts/Makefile \
2641 -demos/unsupported/xmforc/Makefile \
2642 -demos/unsupported/xmform/Makefile \
2643 -demos/doc/Makefile \
2644 -demos/doc/programGuide/Makefile \
2645 -demos/doc/programGuide/ch05/Makefile \
2646 -demos/doc/programGuide/ch05/Scale/Makefile \
2647 -demos/doc/programGuide/ch06/Makefile \
2648 -demos/doc/programGuide/ch06/spin_box/Makefile \
2649 -demos/doc/programGuide/ch06/combo_box/Makefile \
2650 -demos/doc/programGuide/ch08/Makefile \
2651 -demos/doc/programGuide/ch08/Notebook/Makefile \
2652 -demos/doc/programGuide/ch08/Container/Makefile \
2653 -demos/doc/programGuide/ch16/Makefile \
2654 -demos/doc/programGuide/ch17/Makefile \
2655 -demos/doc/programGuide/ch17/simple_drop/Makefile \
2656 -demos/doc/programGuide/ch17/simple_drag/Makefile \
2657 ])
2658 --- openmotif/Makefile.am.no_demos 2003-12-16 12:17:02.000000000 +0100
2659 +++ openmotif/Makefile.am 2003-12-16 12:17:03.000000000 +0100
2660 @@ -28,6 +28,5 @@
2661 include \
2662 tools \
2663 clients \
2664 - doc \
2665 - demos
2666 + doc
2667 AUTOMAKE_OPTIONS = 1.4
2668
2669
2670
2671 1.1 src/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch
2672
2673 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&view=markup
2674 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&content-type=text/plain
2675
2676 Index: 11_all_CAN-2005-0605.patch
2677 ===================================================================
2678 --- lib/Xm/Xpmscan.c.orig 2005-03-02 17:00:16.415070960 +0100
2679 +++ lib/Xm/Xpmscan.c 2005-03-02 17:01:38.949709879 +0100
2680 @@ -672,8 +672,8 @@
2681 char *dst;
2682 unsigned int *iptr;
2683 char *data;
2684 - unsigned int x, y, i;
2685 - int bits, depth, ibu, ibpp, offset;
2686 + unsigned int x, y;
2687 + int bits, depth, ibu, ibpp, offset, i;
2688 unsigned long lbt;
2689 Pixel pixel, px;
2690
2691 @@ -684,6 +684,9 @@
2692 ibpp = image->bits_per_pixel;
2693 offset = image->xoffset;
2694
2695 + if (image->bitmap_unit < 0)
2696 + return (XpmNoMemory);
2697 +
2698 if ((image->bits_per_pixel | image->depth) == 1) {
2699 ibu = image->bitmap_unit;
2700 for (y = 0; y < height; y++)
2701 --- lib/Xm/Xpmcreate.c.orig 2005-03-02 17:02:00.626412844 +0100
2702 +++ lib/Xm/Xpmcreate.c 2005-03-02 17:02:35.183562480 +0100
2703 @@ -1265,10 +1265,10 @@
2704 register char *src;
2705 register char *dst;
2706 register unsigned int *iptr;
2707 - register unsigned int x, y, i;
2708 + register unsigned int x, y;
2709 register char *data;
2710 Pixel pixel, px;
2711 - int nbytes, depth, ibu, ibpp;
2712 + int nbytes, depth, ibu, ibpp, i;
2713
2714 data = image->data;
2715 iptr = pixelindex;
2716
2717
2718
2719 1.1 src/patchsets/motif/2.2.3/12_all_uil.patch
2720
2721 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/12_all_uil.patch?rev=1.1&view=markup
2722 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/12_all_uil.patch?rev=1.1&content-type=text/plain
2723
2724 Index: 12_all_uil.patch
2725 ===================================================================
2726 --- openMotif-2.2.3/lib/Mrm/Mrmhier.c.UIL 2002-01-11 14:56:24.000000000 +0100
2727 +++ openMotif-2.2.3/lib/Mrm/Mrmhier.c 2005-12-31 07:42:31.485196184 +0100
2728 @@ -712,7 +712,7 @@
2729 * Local variables
2730 */
2731 Cardinal result; /* function results */
2732 - char dummy[300]; /* file name (unused) */
2733 + char *dummy; /* file name (unused) */
2734 char err_stg[300];
2735
2736 /*
2737 @@ -764,11 +764,13 @@
2738
2739 if (resolvedname == 0)
2740 {
2741 - sprintf (err_stg, _MrmMMsg_0031, name) ;
2742 + snprintf (err_stg, 300, _MrmMMsg_0031, name) ;
2743 return Urm__UT_Error ("I18NOpenFile", err_stg, NULL, NULL, MrmNOT_FOUND);
2744 }
2745
2746 + dummy = XtMalloc(strlen(resolvedname)+1);
2747 result = UrmIdbOpenFileRead (resolvedname, os_ext, file_id_return, dummy) ;
2748 + XtFree(dummy);
2749 switch ( result )
2750 {
2751 case MrmSUCCESS:
2752 --- openMotif-2.2.3/clients/uil/UilIODef.h.UIL 2002-01-04 22:13:33.000000000 +0100
2753 +++ openMotif-2.2.3/clients/uil/UilIODef.h 2005-12-31 07:42:15.129682600 +0100
2754 @@ -69,13 +69,18 @@
2755 #define NULL 0L
2756 #endif
2757
2758 +#include <X11/Xos.h>
2759 +#ifndef PATH_MAX
2760 +# define PATH_MAX 256
2761 +#endif
2762 +
2763 typedef struct
2764 {
2765 FILE *az_file_ptr;
2766 char *c_buffer;
2767 boolean v_position_before_get;
2768 z_key last_key;
2769 - char expanded_name[ 256 ];
2770 + char expanded_name[ PATH_MAX ];
2771 } uil_fcb_type;
2772
2773 #endif /* UilIODef_h */
2774 --- openMotif-2.2.3/clients/uil/UilLstLst.c.UIL 2002-01-10 21:55:43.000000000 +0100
2775 +++ openMotif-2.2.3/clients/uil/UilLstLst.c 2005-12-31 07:42:19.447026264 +0100
2776 @@ -164,7 +164,7 @@
2777 lst_l_page_no = 0;
2778 lst_v_listing_open = TRUE;
2779
2780 - sprintf(lst_c_title1,
2781 + snprintf(lst_c_title1, 132,
2782 "%s %s \t%s\t\t Page ",
2783 _host_compiler, _compiler_version,
2784 current_time(&ctime_buf));
2785 @@ -270,6 +270,17 @@
2786 {
2787 /* place the file name in the expanded_name buffer */
2788
2789 + if (strlen(Uil_cmd_z_command.ac_listing_file) >= PATH_MAX)
2790 + {
2791 + char *p;
2792 + int len=0;
2793 + if((p = rindex(Uil_cmd_z_command.ac_listing_file, '/')) != NULL)
2794 + len = strlen(++p);
2795 + if(p == NULL || len >= PATH_MAX)
2796 + p = "<unknown>";
2797 + strcpy(az_fcb->expanded_name, p);
2798 + return src_k_open_error;
2799 + }
2800 strcpy(az_fcb->expanded_name, Uil_cmd_z_command.ac_listing_file);
2801
2802 /* open the file */
2803 @@ -529,7 +540,7 @@
2804 char buffer [132];
2805
2806 az_fcb = src_az_source_file_table [i];
2807 - sprintf (buffer,
2808 + snprintf (buffer, 132,
2809 " File (%d) %s",
2810 i, az_fcb->expanded_name );
2811 lst_output_line( buffer, FALSE );
2812 @@ -598,7 +609,7 @@
2813 }
2814
2815
2816 - sprintf(buffer, "%s (%d) %s",
2817 + snprintf(buffer, 132, "%s (%d) %s",
2818 diag_get_message_abbrev( az_msg->l_message_number ),
2819 msg_no,
2820 az_msg->c_text);
2821 --- openMotif-2.2.3/clients/uil/UilP2Out.c.UIL 2002-01-10 21:55:44.000000000 +0100
2822 +++ openMotif-2.2.3/clients/uil/UilP2Out.c 2005-12-31 07:42:23.022482712 +0100
2823 @@ -189,7 +189,7 @@
2824 int topmost_index;
2825 struct
2826 { MrmOsOpenParam os_param;
2827 - char result_file[256];
2828 + char result_file[PATH_MAX];
2829 } uid_fcb;
2830
2831
2832 @@ -234,15 +234,20 @@
2833 if (sym_az_module_entry->az_version != NULL)
2834 module_version = sym_az_module_entry->az_version->value.c_value;
2835
2836 - urm_status = UrmIdbOpenFileWrite
2837 - ( Uil_cmd_z_command.ac_resource_file,
2838 - & uid_fcb.os_param,
2839 - _host_compiler,
2840 - _compiler_version,
2841 - module_name,
2842 - module_version,
2843 - &out_az_idbfile_id,
2844 - uid_fcb.result_file );
2845 + if (strlen(Uil_cmd_z_command.ac_resource_file) < PATH_MAX)
2846 + {
2847 + urm_status = UrmIdbOpenFileWrite
2848 + ( Uil_cmd_z_command.ac_resource_file,
2849 + & uid_fcb.os_param,
2850 + _host_compiler,
2851 + _compiler_version,
2852 + module_name,
2853 + module_version,
2854 + &out_az_idbfile_id,
2855 + uid_fcb.result_file );
2856 + } else {
2857 + urm_status = MrmFAILURE;
2858 + }
2859
2860 if (urm_status != MrmSUCCESS)
2861 {
2862 @@ -2961,7 +2966,7 @@
2863 {
2864 char buffer[132];
2865
2866 - sprintf(buffer, "while %s encountered %s",
2867 + snprintf(buffer, 132, "while %s encountered %s",
2868 problem,
2869 Urm__UT_LatestErrorMessage());
2870
2871 --- openMotif-2.2.3/clients/uil/UilSrcSrc.c.UIL 2002-01-10 21:55:47.000000000 +0100
2872 +++ openMotif-2.2.3/clients/uil/UilSrcSrc.c 2005-12-31 07:42:27.176851152 +0100
2873 @@ -626,11 +626,15 @@
2874 static unsigned short main_dir_len = 0;
2875 boolean main_file;
2876 int i; /* loop index through include files */
2877 - char buffer[256];
2878 + char buffer[PATH_MAX];
2879 + int c_file_name_len;
2880
2881 + az_fcb->az_file_ptr = NULL;
2882 + c_file_name_len = strlen(c_file_name);
2883
2884 /* place the file name in the expanded_name buffer */
2885 -
2886 + if(c_file_name_len >= PATH_MAX)
2887 + return src_k_open_error;
2888 strcpy(buffer, c_file_name);
2889
2890 /* Determine if this is the main file or an include file. */
2891 @@ -644,7 +648,7 @@
2892
2893 /* Save the directory info for the main file. */
2894
2895 - for (len = strlen (c_file_name),
2896 + for (len = c_file_name_len,
2897 ptr = & c_file_name [len - 1];
2898 len > 0; len--, ptr--) {
2899 if ((* ptr) == '/') {
2900 @@ -673,9 +677,11 @@
2901 }
2902
2903 if (!specific_directory) {
2904 + if (main_dir_len + c_file_name_len >= PATH_MAX)
2905 + goto open_label;
2906 _move (buffer, main_fcb -> expanded_name, main_dir_len);
2907 _move (& buffer [main_dir_len],
2908 - c_file_name, strlen (c_file_name) + 1); /* + NULL */
2909 + c_file_name, c_file_name_len + 1); /* + NULL */
2910 } else {
2911 strcpy (buffer, c_file_name);
2912 }
2913 @@ -695,16 +701,22 @@
2914
2915 for (i = 0; i < Uil_cmd_z_command.include_dir_count; i++) {
2916 int inc_dir_len;
2917 + int need_slash=0;
2918
2919 inc_dir_len = strlen (Uil_cmd_z_command.ac_include_dir[i]);
2920 if (inc_dir_len == 0) {
2921 search_user_include = False;
2922 }
2923 + if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/')
2924 + need_slash=1;
2925 + if (inc_dir_len + need_slash + c_file_name_len >= PATH_MAX)
2926 + goto open_label;
2927 +
2928 _move (buffer, Uil_cmd_z_command.ac_include_dir[i], inc_dir_len);
2929
2930 /* Add '/' if not specified at end of directory */
2931
2932 - if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') {
2933 + if (need_slash) {
2934 buffer [inc_dir_len] = '/';
2935 inc_dir_len++;
2936 };
2937 @@ -723,9 +735,11 @@
2938
2939 /* Look in the default include directory. */
2940 if (search_user_include) {
2941 + if (sizeof(c_include_dir)-1 + c_file_name_len >= PATH_MAX)
2942 + goto open_label;
2943 _move(buffer, c_include_dir, sizeof c_include_dir - 1); /* no NULL */
2944 _move(&buffer[sizeof c_include_dir - 1],
2945 - c_file_name, strlen (c_file_name) + 1); /* + NULL */
2946 + c_file_name, c_file_name_len + 1); /* + NULL */
2947
2948 /* Open the include file. */
2949 az_fcb->az_file_ptr = fopen (buffer, "r");
2950 --- openMotif-2.2.3/clients/uil/UilSarMod.c.UIL 2002-01-10 21:55:45.000000000 +0100
2951 +++ openMotif-2.2.3/clients/uil/UilSarMod.c 2005-12-31 07:42:35.593571616 +0100
2952 @@ -379,7 +379,7 @@
2953 */
2954
2955 if (Uil_cmd_z_command.v_listing_file)
2956 - sprintf(Uil_lst_c_title2,
2957 + snprintf(Uil_lst_c_title2, 132,
2958 "Module: %s",
2959 name_entry->c_text );
2960
2961 @@ -479,7 +479,7 @@
2962 */
2963
2964 if (Uil_cmd_z_command.v_listing_file)
2965 - sprintf(Uil_lst_c_title2,
2966 + snprintf(Uil_lst_c_title2, 132,
2967 "Module: %s \t Version: %s",
2968 sym_az_module_entry->obj_header.az_name->c_text,
2969 value_entry->value.c_value );
2970 --- openMotif-2.2.3/clients/uil/UilDiags.c.UIL 2002-01-10 21:55:42.000000000 +0100
2971 +++ openMotif-2.2.3/clients/uil/UilDiags.c 2005-12-31 07:42:39.273012256 +0100
2972 @@ -293,12 +293,12 @@
2973 va_start(ap, l_start_column);
2974
2975 #ifndef NO_MESSAGE_CATALOG
2976 - vsprintf( msg_buffer,
2977 + vsnprintf( msg_buffer, 132,
2978 catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ],
2979 diag_rz_msg_table[ message_number ].ac_text),
2980 ap );
2981 #else
2982 - vsprintf( msg_buffer,
2983 + vsnprintf( msg_buffer, 132,
2984 diag_rz_msg_table[ message_number ].ac_text,
2985 ap );
2986 #endif
2987 @@ -317,13 +317,13 @@
2988 */
2989
2990 #ifndef NO_MESSAGE_CATALOG
2991 - sprintf( loc_buffer,
2992 + snprintf( loc_buffer, 132,
2993 catgets(uil_catd, UIL_SET_MISC,
2994 UIL_MISC_0, "\t\t line: %d file: %s"),
2995 az_src_rec->w_line_number,
2996 src_get_file_name( az_src_rec ) );
2997 #else
2998 - sprintf( loc_buffer,
2999 + snprintf( loc_buffer, 132,
3000 "\t\t line: %d file: %s",
3001 az_src_rec->w_line_number,
3002 src_get_file_name( az_src_rec ) );
3003 @@ -371,7 +371,7 @@
3004
3005 if (l_start_column != diag_k_no_column)
3006 #ifndef NO_MESSAGE_CATALOG
3007 - sprintf(loc_buffer,
3008 + snprintf(loc_buffer, 132,
3009 catgets(uil_catd, UIL_SET_MISC,
3010 UIL_MISC_1,
3011 "\t\t line: %d position: %d file: %s"),
3012 @@ -379,7 +379,7 @@
3013 l_start_column + 1,
3014 src_get_file_name( az_src_rec ) );
3015 #else
3016 - sprintf(loc_buffer,
3017 + snprintf(loc_buffer, 132,
3018 "\t\t line: %d position: %d file: %s",
3019 az_src_rec->w_line_number,
3020 l_start_column + 1,
3021 @@ -387,13 +387,13 @@
3022 #endif
3023 else
3024 #ifndef NO_MESSAGE_CATALOG
3025 - sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC,
3026 + snprintf( loc_buffer, 132, catgets(uil_catd, UIL_SET_MISC,
3027 UIL_MISC_0,
3028 "\t\t line: %d file: %s"),
3029 az_src_rec->w_line_number,
3030 src_get_file_name( az_src_rec ) );
3031 #else
3032 - sprintf( loc_buffer,
3033 + snprintf( loc_buffer, 132,
3034 "\t\t line: %d file: %s",
3035 az_src_rec->w_line_number,
3036 src_get_file_name( az_src_rec ) );
3037 --- openMotif-2.2.3/clients/uil/UilSymDef.h.UIL 2002-01-04 22:13:38.000000000 +0100
3038 +++ openMotif-2.2.3/clients/uil/UilSymDef.h 2005-12-31 07:42:44.106277488 +0100
3039 @@ -65,6 +65,11 @@
3040
3041 #include <Mrm/MrmPublic.h>
3042 #include <Xm/Xm.h>
3043 +#include <X11/Xos.h>
3044 +#ifndef PATH_MAX
3045 +# define PATH_MAX 256
3046 +#endif
3047 +
3048
3049 /*
3050 ** constraint check access macro
3051 @@ -874,10 +879,10 @@
3052 sym_section_entry_type *sections;
3053 /* pointer to a section list; this list is all of the sections that */
3054 /* exist in this include file. */
3055 - char file_name[255];
3056 + char file_name[PATH_MAX];
3057 /* the file name as specified in the include statement in the UIL */
3058 /* source. */
3059 - char full_file_name[255];
3060 + char full_file_name[PATH_MAX];
3061 /* the expanded name for the include file actually opened. */
3062 } sym_include_file_entry_type;
3063
3064 @@ -894,9 +899,9 @@
3065 /* common header */
3066 struct _src_source_record_type *src_record_list;
3067 /* pointer to a list of source records. */
3068 - char file_name[255];
3069 + char file_name[PATH_MAX];
3070 /* the main UIL file name as specified on the command line. */
3071 - char full_file_name[255];
3072 + char full_file_name[PATH_MAX];
3073 /* the expanded name for the main UIL file that was actually */
3074 /* opened. */
3075 sym_section_entry_type *sections;
3076
3077
3078
3079 1.1 src/patchsets/motif/2.2.3/13_all_automake.patch
3080
3081 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/13_all_automake.patch?rev=1.1&view=markup
3082 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/13_all_automake.patch?rev=1.1&content-type=text/plain
3083
3084 Index: 13_all_automake.patch
3085 ===================================================================
3086 --- clients/uil/Makefile.am Fri Aug 15 04:56:19 2003
3087 +++ clients/uil/Makefile.am.new Tue Feb 8 12:06:15 2005
3088 @@ -65,6 +65,7 @@
3089 lib_LTLIBRARIES = libUil.la
3090
3091 libUil_la_SOURCES = $(SRCS)
3092 +libUil_la_CFLAGS = $(AM_CFLAGS)
3093
3094 libUil_la_DEPENDENCIES = UilDBDef.h UilParser.lo
3095
3096
3097
3098
3099 1.1 src/patchsets/motif/2.2.3/14_all_ac-editres.patch
3100
3101 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/14_all_ac-editres.patch?rev=1.1&view=markup
3102 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/14_all_ac-editres.patch?rev=1.1&content-type=text/plain
3103
3104 Index: 14_all_ac-editres.patch
3105 ===================================================================
3106 http://bugs.gentoo.org/82081
3107
3108 --- openMotif-2.2.3-orig/configure.in
3109 +++ openMotif-2.2.3/configure.in
3110 @@ -58,6 +58,7 @@
3111 X_XMU=-lXmu
3112 AC_DEFINE(HAVE_LIBXMU, [], [HAVE_LIBXMU])
3113 , X_XMU="", -lXt -lX11)
3114 +,,[[#include <X11/Intrinsic.h>]]
3115 )
3116 AC_SUBST(X_XMU)
3117 LIBS="$save_LIBS"
3118
3119
3120
3121 1.1 src/patchsets/motif/2.2.3/15_all_ldflags.patch
3122
3123 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/15_all_ldflags.patch?rev=1.1&view=markup
3124 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/15_all_ldflags.patch?rev=1.1&content-type=text/plain
3125
3126 Index: 15_all_ldflags.patch
3127 ===================================================================
3128 http://bugs.gentoo.org/293573
3129
3130 --- openMotif-2.2.3-orig/clients/uil/Makefile.am
3131 +++ openMotif-2.2.3/clients/uil/Makefile.am
3132 @@ -6,7 +6,7 @@
3133 #
3134 bin_PROGRAMS = uil
3135
3136 -LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@
3137 +AM_LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@
3138
3139 UilParser.lo: UilParser.c
3140 $(LTCOMPILE) -DCALLABLE -c UilParser.c
3141 --- openMotif-2.2.3-orig/lib/Mrm/Makefile.am
3142 +++ openMotif-2.2.3/lib/Mrm/Makefile.am
3143 @@ -8,7 +8,7 @@
3144
3145 libMrm_la_LIBADD = ../Xm/libXm.la ${X_LIBS} -lXt ${X_PRE_LIBS} -lX11 ${X_EXTRA_LIBS}
3146
3147 -LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@
3148 +AM_LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@
3149
3150 lib_LTLIBRARIES = libMrm.la
3151
3152 --- openMotif-2.2.3-orig/lib/Xm/Makefile.am
3153 +++ openMotif-2.2.3/lib/Xm/Makefile.am
3154 @@ -9,7 +9,7 @@
3155 ${X_CFLAGS}
3156 xmdir = $(includedir)/Xm
3157
3158 -LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@
3159 +AM_LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@
3160
3161 lib_LTLIBRARIES = libXm.la
3162
3163
3164
3165
3166 1.1 src/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch
3167
3168 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch?rev=1.1&view=markup
3169 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch?rev=1.1&content-type=text/plain
3170
3171 Index: 16_all_mrm_buffer_overflow.patch
3172 ===================================================================
3173 http://bugs.gentoo.org/340249
3174 Patch backported from openmotif-2.3.3
3175
3176 --- openMotif-2.2.3-orig/lib/Mrm/MrmIheader.c
3177 +++ openMotif-2.2.3/lib/Mrm/MrmIheader.c
3178 @@ -228,9 +228,10 @@
3179
3180 {
3181 /* sscanf() may call ungetc(), which would write the XmConst string. */
3182 - char buf[XtNumber(idb__database_version) + 1];
3183 + char *buf = XtMalloc(strlen(idb__database_version) + 1);
3184 strcpy(buf, idb__database_version);
3185 sscanf(buf, "URM %d.%d", &db_major, &db_minor);
3186 + XtFree(buf);
3187 }
3188
3189 if ((file_major > db_major) ||
3190
3191
3192
3193 1.1 src/patchsets/motif/2.2.3/17_all_automake-1.13.patch
3194
3195 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/17_all_automake-1.13.patch?rev=1.1&view=markup
3196 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/17_all_automake-1.13.patch?rev=1.1&content-type=text/plain
3197
3198 Index: 17_all_automake-1.13.patch
3199 ===================================================================
3200 http://bugs.motifzone.net/show_bug.cgi?id=1595
3201
3202 --- openMotif-2.2.3-orig/configure.in
3203 +++ openMotif-2.2.3/configure.in
3204 @@ -23,12 +23,11 @@
3205 dnl
3206 dnl AC_DISABLE_STATIC
3207
3208 -AM_CONFIG_HEADER(include/config.h)
3209 +AC_CONFIG_HEADERS(include/config.h)
3210
3211 dnl Checks for programs.
3212 AC_PROG_CC
3213 AC_PROG_CPP
3214 -AM_PROG_CC_STDC
3215 AM_PROG_LIBTOOL
3216 AC_EXEEXT
Report Message
Find on MARC Find on Google Groups