1 |
ulm 13/06/01 16:05:38 |
2 |
|
3 |
Added: 01_all_mwm-configdir.patch |
4 |
02_all_CAN-2004-0687-0688.patch |
5 |
03_all_CAN-2004-0914-newer.patch |
6 |
04_all_CAN-2004-0914_sec8.patch |
7 |
05_all_char_not_supported.patch |
8 |
06_all_pixel_length.patch |
9 |
07_all_popup_timeout.patch |
10 |
08_all_XmResizeHashTable.patch 09_all_utf8.patch |
11 |
10_all_no_demos.patch 11_all_CAN-2005-0605.patch |
12 |
12_all_uil.patch 13_all_automake.patch |
13 |
14_all_ac-editres.patch 15_all_ldflags.patch |
14 |
16_all_mrm_buffer_overflow.patch |
15 |
17_all_automake-1.13.patch |
16 |
Log: |
17 |
Move openmotif to motif. |
18 |
|
19 |
Revision Changes Path |
20 |
1.1 src/patchsets/motif/2.2.3/01_all_mwm-configdir.patch |
21 |
|
22 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&view=markup |
23 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/01_all_mwm-configdir.patch?rev=1.1&content-type=text/plain |
24 |
|
25 |
Index: 01_all_mwm-configdir.patch |
26 |
=================================================================== |
27 |
diff -urN openMotif-2.2.2.orig/clients/mwm/WmResParse.c openMotif-2.2.2/clients/mwm/WmResParse.c |
28 |
--- openMotif-2.2.2.orig/clients/mwm/WmResParse.c 2002-01-10 21:55:37.000000000 +0100 |
29 |
+++ openMotif-2.2.2/clients/mwm/WmResParse.c 2003-06-04 22:20:22.000000000 +0200 |
30 |
@@ -2411,7 +2411,7 @@ |
31 |
if (MwmBehavior) |
32 |
{ |
33 |
strcpy(cfileName, LIBDIR); |
34 |
- strncat(cfileName, "/", MAXWMPATH-strlen(cfileName)); |
35 |
+ strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName)); |
36 |
strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName)); |
37 |
strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
38 |
} |
39 |
@@ -2427,7 +2427,7 @@ |
40 |
* Try /$LANG/system.mwmrc within the install tree |
41 |
*/ |
42 |
strcpy(cfileName, LIBDIR); |
43 |
- strncat(cfileName, "/", MAXWMPATH-strlen(cfileName)); |
44 |
+ strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName)); |
45 |
strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName)); |
46 |
strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
47 |
#endif /* WSM */ |
48 |
@@ -2449,7 +2449,7 @@ |
49 |
if (MwmBehavior) |
50 |
{ |
51 |
strcpy(cfileName, LIBDIR); |
52 |
- strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
53 |
+ strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
54 |
#ifdef PANELIST |
55 |
fileP = fopen (cfileName, "r"); |
56 |
#else /* PANELIST */ |
57 |
@@ -2473,7 +2473,7 @@ |
58 |
* Try /system.mwmrc within the install tree |
59 |
*/ |
60 |
strcpy(cfileName, LIBDIR); |
61 |
- strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
62 |
+ strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); |
63 |
|
64 |
if (LANG != NULL) |
65 |
{ |
66 |
|
67 |
|
68 |
|
69 |
1.1 src/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch |
70 |
|
71 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&view=markup |
72 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch?rev=1.1&content-type=text/plain |
73 |
|
74 |
Index: 02_all_CAN-2004-0687-0688.patch |
75 |
=================================================================== |
76 |
--- openMotif-2.2.3/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2004-09-30 11:52:40.176933831 +0200 |
77 |
+++ openMotif-2.2.3/lib/Xm/Xpmhashtab.c 2004-09-30 11:53:47.288717782 +0200 |
78 |
@@ -141,7 +141,7 @@ |
79 |
xpmHashTable *table; |
80 |
{ |
81 |
xpmHashAtom *atomTable = table->atomTable; |
82 |
- int size = table->size; |
83 |
+ unsigned int size = table->size; |
84 |
xpmHashAtom *t, *p; |
85 |
int i; |
86 |
int oldSize = size; |
87 |
@@ -150,6 +150,8 @@ |
88 |
HASH_TABLE_GROWS |
89 |
table->size = size; |
90 |
table->limit = size / 3; |
91 |
+ if (size >= SIZE_MAX / sizeof(*atomTable)) |
92 |
+ return (XpmNoMemory); |
93 |
atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); |
94 |
if (!atomTable) |
95 |
return (XpmNoMemory); |
96 |
@@ -210,6 +212,8 @@ |
97 |
table->size = INITIAL_HASH_SIZE; |
98 |
table->limit = table->size / 3; |
99 |
table->used = 0; |
100 |
+ if (table->size >= SIZE_MAX / sizeof(*atomTable)) |
101 |
+ return (XpmNoMemory); |
102 |
atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); |
103 |
if (!atomTable) |
104 |
return (XpmNoMemory); |
105 |
--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2004-09-30 11:36:04.545969020 +0200 |
106 |
+++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-09-30 11:37:14.583312219 +0200 |
107 |
@@ -244,6 +244,8 @@ |
108 |
unsigned int x, y, h; |
109 |
|
110 |
h = height - 1; |
111 |
+ if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) |
112 |
+ return (XpmNoMemory); |
113 |
p = buf = (char *) XpmMalloc(width * cpp + 3); |
114 |
if (!buf) |
115 |
return (XpmNoMemory); |
116 |
--- openMotif-2.2.3/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2004-09-30 11:51:30.712472999 +0200 |
117 |
+++ openMotif-2.2.3/lib/Xm/Xpmdata.c 2004-09-30 11:52:26.665789239 +0200 |
118 |
@@ -376,7 +376,7 @@ |
119 |
{ |
120 |
if (!mdata->type) |
121 |
*cmt = NULL; |
122 |
- else if (mdata->CommentLength) { |
123 |
+ else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { |
124 |
*cmt = (char *) XpmMalloc(mdata->CommentLength + 1); |
125 |
strncpy(*cmt, mdata->Comment, mdata->CommentLength); |
126 |
(*cmt)[mdata->CommentLength] = '\0'; |
127 |
--- openMotif-2.2.3/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-09-30 11:38:09.358760225 +0200 |
128 |
+++ openMotif-2.2.3/lib/Xm/XpmI.h 2004-09-30 11:39:58.498714150 +0200 |
129 |
@@ -179,6 +179,18 @@ |
130 |
boundCheckingCalloc((long)(nelem),(long) (elsize)) |
131 |
#endif |
132 |
|
133 |
+#if defined(SCO) || defined(__USLC__) |
134 |
+#include <stdint.h> /* For SIZE_MAX */ |
135 |
+#endif |
136 |
+#include <limits.h> |
137 |
+#ifndef SIZE_MAX |
138 |
+# ifdef ULONG_MAX |
139 |
+# define SIZE_MAX ULONG_MAX |
140 |
+# else |
141 |
+# define SIZE_MAX UINT_MAX |
142 |
+# endif |
143 |
+#endif |
144 |
+ |
145 |
#define XPMMAXCMTLEN BUFSIZ |
146 |
typedef struct { |
147 |
unsigned int type; |
148 |
@@ -276,9 +288,9 @@ |
149 |
} *xpmHashAtom; |
150 |
|
151 |
typedef struct { |
152 |
- int size; |
153 |
- int limit; |
154 |
- int used; |
155 |
+ unsigned int size; |
156 |
+ unsigned int limit; |
157 |
+ unsigned int used; |
158 |
xpmHashAtom *atomTable; |
159 |
} xpmHashTable; |
160 |
|
161 |
--- openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2004-09-30 11:35:18.058379165 +0200 |
162 |
+++ openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c 2004-09-30 11:35:43.951808698 +0200 |
163 |
@@ -134,6 +134,8 @@ |
164 |
*/ |
165 |
header_nlines = 1 + image->ncolors; |
166 |
header_size = sizeof(char *) * header_nlines; |
167 |
+ if (header_size >= SIZE_MAX / sizeof(char *)) |
168 |
+ return (XpmNoMemory); |
169 |
header = (char **) XpmCalloc(header_size, sizeof(char *)); |
170 |
if (!header) |
171 |
return (XpmNoMemory); |
172 |
--- openMotif-2.2.3/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2004-09-30 12:05:34.424607695 +0200 |
173 |
+++ openMotif-2.2.3/lib/Xm/Xpmscan.c 2004-09-30 12:08:16.963282178 +0200 |
174 |
@@ -98,7 +98,8 @@ |
175 |
LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, |
176 |
XpmAttributes *attributes)); |
177 |
|
178 |
-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, |
179 |
+LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, |
180 |
+ unsigned int ncolors, |
181 |
Pixel *pixels, unsigned int mask, |
182 |
unsigned int cpp, XpmAttributes *attributes)); |
183 |
|
184 |
@@ -225,11 +226,17 @@ |
185 |
else |
186 |
cpp = 0; |
187 |
|
188 |
+ if ((height > 0 && width >= SIZE_MAX / height) || |
189 |
+ width * height >= SIZE_MAX / sizeof(unsigned int)) |
190 |
+ RETURN(XpmNoMemory); |
191 |
pmap.pixelindex = |
192 |
(unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); |
193 |
if (!pmap.pixelindex) |
194 |
RETURN(XpmNoMemory); |
195 |
|
196 |
+ if (pmap.size >= SIZE_MAX / sizeof(Pixel)) |
197 |
+ RETURN(XpmNoMemory); |
198 |
+ |
199 |
pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); |
200 |
if (!pmap.pixels) |
201 |
RETURN(XpmNoMemory); |
202 |
@@ -285,6 +292,8 @@ |
203 |
* color |
204 |
*/ |
205 |
|
206 |
+ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) |
207 |
+ RETURN(XpmNoMemory); |
208 |
colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); |
209 |
if (!colorTable) |
210 |
RETURN(XpmNoMemory); |
211 |
@@ -332,6 +341,8 @@ |
212 |
|
213 |
/* first get a character string */ |
214 |
a = 0; |
215 |
+ if (cpp >= SIZE_MAX - 1) |
216 |
+ return (XpmNoMemory); |
217 |
if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) |
218 |
return (XpmNoMemory); |
219 |
*s++ = printable[c = a % MAXPRINTABLE]; |
220 |
@@ -379,7 +390,7 @@ |
221 |
ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) |
222 |
Display *display; |
223 |
XpmColor *colors; |
224 |
- int ncolors; |
225 |
+ unsigned int ncolors; |
226 |
Pixel *pixels; |
227 |
unsigned int mask; |
228 |
unsigned int cpp; |
229 |
@@ -423,6 +434,8 @@ |
230 |
} |
231 |
|
232 |
/* first get character strings and rgb values */ |
233 |
+ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) |
234 |
+ return (XpmNoMemory); |
235 |
xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); |
236 |
if (!xcolors) |
237 |
return (XpmNoMemory); |
238 |
--- openMotif-2.2.3/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2004-09-30 11:33:10.216008908 +0200 |
239 |
+++ openMotif-2.2.3/lib/Xm/XpmAttrib.c 2004-09-30 11:33:41.187737616 +0200 |
240 |
@@ -41,8 +41,8 @@ |
241 |
#include "XpmI.h" |
242 |
|
243 |
/* 3.2 backward compatibility code */ |
244 |
-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, |
245 |
- XpmColor ***oldct)); |
246 |
+LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, |
247 |
+ XpmColor ***oldct)); |
248 |
|
249 |
LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); |
250 |
|
251 |
@@ -52,12 +52,15 @@ |
252 |
static int |
253 |
CreateOldColorTable(ct, ncolors, oldct) |
254 |
XpmColor *ct; |
255 |
- int ncolors; |
256 |
+ unsigned int ncolors; |
257 |
XpmColor ***oldct; |
258 |
{ |
259 |
XpmColor **colorTable, **color; |
260 |
int a; |
261 |
|
262 |
+ if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) |
263 |
+ return XpmNoMemory; |
264 |
+ |
265 |
colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); |
266 |
if (!colorTable) { |
267 |
*oldct = NULL; |
268 |
--- openMotif-2.2.3/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2004-09-30 11:40:22.122457590 +0200 |
269 |
+++ openMotif-2.2.3/lib/Xm/Xpmcreate.c 2004-09-30 12:49:44.411019183 +0200 |
270 |
@@ -804,6 +804,9 @@ |
271 |
|
272 |
ErrorStatus = XpmSuccess; |
273 |
|
274 |
+ if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) |
275 |
+ return (XpmNoMemory); |
276 |
+ |
277 |
/* malloc pixels index tables */ |
278 |
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors); |
279 |
if (!image_pixels) |
280 |
@@ -947,6 +950,8 @@ |
281 |
return (XpmNoMemory); |
282 |
|
283 |
#ifndef FOR_MSW |
284 |
+ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) |
285 |
+ return XpmNoMemory; |
286 |
/* now that bytes_per_line must have been set properly alloc data */ |
287 |
(*image_return)->data = |
288 |
(char *) XpmMalloc((*image_return)->bytes_per_line * height); |
289 |
@@ -1992,6 +1997,9 @@ |
290 |
xpmGetCmt(data, &colors_cmt); |
291 |
|
292 |
/* malloc pixels index tables */ |
293 |
+ if (ncolors >= SIZE_MAX / sizeof(Pixel)) |
294 |
+ return XpmNoMemory; |
295 |
+ |
296 |
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); |
297 |
if (!image_pixels) |
298 |
RETURN(XpmNoMemory); |
299 |
@@ -2207,6 +2215,9 @@ |
300 |
{ |
301 |
unsigned short colidx[256]; |
302 |
|
303 |
+ if (ncolors > 256) |
304 |
+ return (XpmFileInvalid); |
305 |
+ |
306 |
bzero((char *)colidx, 256 * sizeof(short)); |
307 |
for (a = 0; a < ncolors; a++) |
308 |
colidx[(unsigned char)colorTable[a].string[0]] = a + 1; |
309 |
@@ -2305,6 +2316,9 @@ |
310 |
char *s; |
311 |
char buf[BUFSIZ]; |
312 |
|
313 |
+ if (cpp >= sizeof(buf)) |
314 |
+ return (XpmFileInvalid); |
315 |
+ |
316 |
buf[cpp] = '\0'; |
317 |
if (USE_HASHTABLE) { |
318 |
xpmHashAtom *slot; |
319 |
--- openMotif-2.2.3/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2004-09-30 11:54:01.219804716 +0200 |
320 |
+++ openMotif-2.2.3/lib/Xm/Xpmparse.c 2004-09-30 12:47:15.676480282 +0200 |
321 |
@@ -46,6 +46,25 @@ |
322 |
|
323 |
#include "XpmI.h" |
324 |
#include <ctype.h> |
325 |
+#include <string.h> |
326 |
+ |
327 |
+#ifdef HAS_STRLCAT |
328 |
+# define STRLCAT(dst, src, dstsize) { \ |
329 |
+ if (strlcat(dst, src, dstsize) >= (dstsize)) \ |
330 |
+ return (XpmFileInvalid); } |
331 |
+# define STRLCPY(dst, src, dstsize) { \ |
332 |
+ if (strlcpy(dst, src, dstsize) >= (dstsize)) \ |
333 |
+ return (XpmFileInvalid); } |
334 |
+#else |
335 |
+# define STRLCAT(dst, src, dstsize) { \ |
336 |
+ if ((strlen(dst) + strlen(src)) < (dstsize)) \ |
337 |
+ strcat(dst, src); \ |
338 |
+ else return (XpmFileInvalid); } |
339 |
+# define STRLCPY(dst, src, dstsize) { \ |
340 |
+ if (strlen(src) < (dstsize)) \ |
341 |
+ strcpy(dst, src); \ |
342 |
+ else return (XpmFileInvalid); } |
343 |
+#endif |
344 |
|
345 |
LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, |
346 |
unsigned int height, unsigned int ncolors, |
347 |
@@ -215,7 +234,7 @@ |
348 |
unsigned int *extensions; |
349 |
{ |
350 |
unsigned int l; |
351 |
- char buf[BUFSIZ]; |
352 |
+ char buf[BUFSIZ + 1]; |
353 |
|
354 |
if (!data->format) { /* XPM 2 or 3 */ |
355 |
|
356 |
@@ -324,10 +343,10 @@ |
357 |
XpmColor **colorTablePtr; |
358 |
xpmHashTable *hashtable; |
359 |
{ |
360 |
- unsigned int key, l, a, b; |
361 |
+ unsigned int key, l, a, b, len; |
362 |
unsigned int curkey; /* current color key */ |
363 |
unsigned int lastwaskey; /* key read */ |
364 |
- char buf[BUFSIZ]; |
365 |
+ char buf[BUFSIZ + 1]; |
366 |
char curbuf[BUFSIZ]; /* current buffer */ |
367 |
char **sptr, *s; |
368 |
XpmColor *color; |
369 |
@@ -335,6 +354,8 @@ |
370 |
char **defaults; |
371 |
int ErrorStatus; |
372 |
|
373 |
+ if (ncolors >= SIZE_MAX / sizeof(XpmColor)) |
374 |
+ return (XpmNoMemory); |
375 |
colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); |
376 |
if (!colorTable) |
377 |
return (XpmNoMemory); |
378 |
@@ -346,6 +367,10 @@ |
379 |
/* |
380 |
* read pixel value |
381 |
*/ |
382 |
+ if (cpp >= SIZE_MAX - 1) { |
383 |
+ xpmFreeColorTable(colorTable, ncolors); |
384 |
+ return (XpmNoMemory); |
385 |
+ } |
386 |
color->string = (char *) XpmMalloc(cpp + 1); |
387 |
if (!color->string) { |
388 |
xpmFreeColorTable(colorTable, ncolors); |
389 |
@@ -383,13 +408,14 @@ |
390 |
} |
391 |
if (!lastwaskey && key < NKEYS) { /* open new key */ |
392 |
if (curkey) { /* flush string */ |
393 |
- s = (char *) XpmMalloc(strlen(curbuf) + 1); |
394 |
+ len = strlen(curbuf) + 1; |
395 |
+ s = (char *) XpmMalloc(len); |
396 |
if (!s) { |
397 |
xpmFreeColorTable(colorTable, ncolors); |
398 |
return (XpmNoMemory); |
399 |
} |
400 |
defaults[curkey] = s; |
401 |
- strcpy(s, curbuf); |
402 |
+ memcpy(s, curbuf, len); |
403 |
} |
404 |
curkey = key + 1; /* set new key */ |
405 |
*curbuf = '\0'; /* reset curbuf */ |
406 |
@@ -400,9 +426,9 @@ |
407 |
return (XpmFileInvalid); |
408 |
} |
409 |
if (!lastwaskey) |
410 |
- strcat(curbuf, " "); /* append space */ |
411 |
+ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */ |
412 |
buf[l] = '\0'; |
413 |
- strcat(curbuf, buf);/* append buf */ |
414 |
+ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */ |
415 |
lastwaskey = 0; |
416 |
} |
417 |
} |
418 |
@@ -410,12 +436,13 @@ |
419 |
xpmFreeColorTable(colorTable, ncolors); |
420 |
return (XpmFileInvalid); |
421 |
} |
422 |
- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1); |
423 |
+ len = strlen(curbuf) + 1; |
424 |
+ s = defaults[curkey] = (char *) XpmMalloc(len); |
425 |
if (!s) { |
426 |
xpmFreeColorTable(colorTable, ncolors); |
427 |
return (XpmNoMemory); |
428 |
} |
429 |
- strcpy(s, curbuf); |
430 |
+ memcpy(s, curbuf, len); |
431 |
} |
432 |
} else { /* XPM 1 */ |
433 |
/* get to the beginning of the first string */ |
434 |
@@ -428,6 +455,10 @@ |
435 |
/* |
436 |
* read pixel value |
437 |
*/ |
438 |
+ if (cpp >= SIZE_MAX - 1) { |
439 |
+ xpmFreeColorTable(colorTable, ncolors); |
440 |
+ return (XpmNoMemory); |
441 |
+ } |
442 |
color->string = (char *) XpmMalloc(cpp + 1); |
443 |
if (!color->string) { |
444 |
xpmFreeColorTable(colorTable, ncolors); |
445 |
@@ -456,16 +487,17 @@ |
446 |
*curbuf = '\0'; /* init curbuf */ |
447 |
while ((l = xpmNextWord(data, buf, BUFSIZ))) { |
448 |
if (*curbuf != '\0') |
449 |
- strcat(curbuf, " ");/* append space */ |
450 |
+ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */ |
451 |
buf[l] = '\0'; |
452 |
- strcat(curbuf, buf); /* append buf */ |
453 |
+ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */ |
454 |
} |
455 |
- s = (char *) XpmMalloc(strlen(curbuf) + 1); |
456 |
+ len = strlen(curbuf) + 1; |
457 |
+ s = (char *) XpmMalloc(len); |
458 |
if (!s) { |
459 |
xpmFreeColorTable(colorTable, ncolors); |
460 |
return (XpmNoMemory); |
461 |
} |
462 |
- strcpy(s, curbuf); |
463 |
+ memcpy(s, curbuf, len); |
464 |
color->c_color = s; |
465 |
*curbuf = '\0'; /* reset curbuf */ |
466 |
if (a < ncolors - 1) |
467 |
@@ -490,6 +522,9 @@ |
468 |
unsigned int *iptr, *iptr2; |
469 |
unsigned int a, x, y; |
470 |
|
471 |
+ if ((height > 0 && width >= SIZE_MAX / height) || |
472 |
+ width * height >= SIZE_MAX / sizeof(unsigned int)) |
473 |
+ return XpmNoMemory; |
474 |
#ifndef FOR_MSW |
475 |
iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); |
476 |
#else |
477 |
@@ -513,6 +548,9 @@ |
478 |
{ |
479 |
unsigned short colidx[256]; |
480 |
|
481 |
+ if (ncolors > 256) |
482 |
+ return (XpmFileInvalid); |
483 |
+ |
484 |
bzero((char *)colidx, 256 * sizeof(short)); |
485 |
for (a = 0; a < ncolors; a++) |
486 |
colidx[(unsigned char)colorTable[a].string[0]] = a + 1; |
487 |
@@ -590,6 +628,9 @@ |
488 |
char *s; |
489 |
char buf[BUFSIZ]; |
490 |
|
491 |
+ if (cpp >= sizeof(buf)) |
492 |
+ return (XpmFileInvalid); |
493 |
+ |
494 |
buf[cpp] = '\0'; |
495 |
if (USE_HASHTABLE) { |
496 |
xpmHashAtom *slot; |
497 |
|
498 |
|
499 |
|
500 |
1.1 src/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch |
501 |
|
502 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&view=markup |
503 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch?rev=1.1&content-type=text/plain |
504 |
|
505 |
Index: 03_all_CAN-2004-0914-newer.patch |
506 |
=================================================================== |
507 |
diff -Nur lib/Xm/Imakefile lib/Xm/Imakefile |
508 |
--- lib/Xm/Imakefile 2002-01-15 18:30:40.000000000 +0100 |
509 |
+++ lib/Xm/Imakefile 2005-02-14 14:24:12.000000000 +0100 |
510 |
@@ -211,7 +211,8 @@ |
511 |
XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \ |
512 |
XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \ |
513 |
XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \ |
514 |
- XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c |
515 |
+ XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \ |
516 |
+ Xpms_popen.c |
517 |
|
518 |
#if UseLocalRegex |
519 |
REGEX_SRCS = regexp.c |
520 |
@@ -274,7 +275,8 @@ |
521 |
XpmCrBufFrP.o XpmCrPFrBuf.o XpmRdFToDat.o XpmWrFFrP.o Xpmrgb.o \ |
522 |
XpmCrDatFrI.o XpmCrPFrDat.o XpmRdFToI.o Xpmcreate.o Xpmscan.o \ |
523 |
XpmCrDatFrP.o XpmCrPFrI.o XpmRdFToP.o Xpmdata.o \ |
524 |
- XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o |
525 |
+ XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o \ |
526 |
+ Xpms_popen.o |
527 |
|
528 |
#if UseLocalRegex |
529 |
REGEX_OBJS = regexp.o |
530 |
--- lib/Xm/Makefile.am 2004-11-17 19:03:26.962797006 +0100 |
531 |
+++ lib/Xm/Makefile.am 2004-11-17 19:03:49.421724642 +0100 |
532 |
@@ -241,7 +241,8 @@ |
533 |
XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \ |
534 |
XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \ |
535 |
XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \ |
536 |
- XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c |
537 |
+ XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \ |
538 |
+ Xpms_popen.c |
539 |
|
540 |
NEW_WID_SRCS = IconH.c Container.c IconG.c \ |
541 |
Notebook.c ComboBox.c GrabShell.c SpinB.c \ |
542 |
--- /dev/null 1970-01-01 01:00:00.000000000 +0100 |
543 |
+++ lib/Xm/Xpms_popen.c 2005-02-14 14:24:12.942319466 +0100 |
544 |
@@ -0,0 +1,182 @@ |
545 |
+/* |
546 |
+ * Copyright (C) 2004 The X.Org fundation |
547 |
+ * |
548 |
+ * Permission is hereby granted, free of charge, to any person |
549 |
+ * obtaining a copy of this software and associated documentation |
550 |
+ * files (the "Software"), to deal in the Software without |
551 |
+ * restriction, including without limitation the rights to use, copy, |
552 |
+ * modify, merge, publish, distribute, sublicense, and/or sell copies |
553 |
+ * of the Software, and to permit persons to whom the Software is fur- |
554 |
+ * nished to do so, subject to the following conditions: |
555 |
+ * |
556 |
+ * The above copyright notice and this permission notice shall be |
557 |
+ * included in all copies or substantial portions of the Software. |
558 |
+ * |
559 |
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
560 |
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
561 |
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
562 |
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR |
563 |
+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF |
564 |
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
565 |
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
566 |
+ * |
567 |
+ * Except as contained in this notice, the name of the X.Org fundation |
568 |
+ * shall not be used in advertising or otherwise to promote the sale, |
569 |
+ * use or other dealings in this Software without prior written |
570 |
+ * authorization from the X.Org fundation. |
571 |
+ */ |
572 |
+ |
573 |
+/* |
574 |
+** This is a secure but NOT 100% compatible replacement for popen() |
575 |
+** Note: - don't use pclose() use fclose() for closing the returned |
576 |
+** filedesc.!!! |
577 |
+** |
578 |
+** Known Bugs: - unable to use i/o-redirection like > or < |
579 |
+** Author: - Thomas Biege <thomas@××××.de> |
580 |
+** Credits: - Andreas Pfaller <a.pfaller@×××××××.de> for fixing a SEGV when |
581 |
+** calling strtok() |
582 |
+*/ |
583 |
+ |
584 |
+#include <sys/types.h> |
585 |
+#include <sys/wait.h> |
586 |
+#include <stdio.h> |
587 |
+#include <stdlib.h> |
588 |
+#include <unistd.h> |
589 |
+#include <string.h> |
590 |
+#include "XpmI.h" |
591 |
+ |
592 |
+#define __SEC_POPEN_TOKEN " " |
593 |
+ |
594 |
+FILE *Xpms_popen(char *cmd, const char *type) |
595 |
+{ |
596 |
+ pid_t pid; |
597 |
+ int pfd[2]; |
598 |
+ int rpipe = 0, wpipe = 0, i; |
599 |
+ char **argv; |
600 |
+ char *ptr; |
601 |
+ char *cmdcpy; |
602 |
+ |
603 |
+ |
604 |
+ if(cmd == NULL || cmd == "") |
605 |
+ return(NULL); |
606 |
+ |
607 |
+ if(type[0] != 'r' && type[0] != 'w') |
608 |
+ return(NULL); |
609 |
+ |
610 |
+ if ((cmdcpy = strdup(cmd)) == NULL) |
611 |
+ return(NULL); |
612 |
+ |
613 |
+ argv = NULL; |
614 |
+ if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL) |
615 |
+ { |
616 |
+ free(cmdcpy); |
617 |
+ return(NULL); |
618 |
+ } |
619 |
+ |
620 |
+ for(i = 0;; i++) |
621 |
+ { |
622 |
+ if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL) |
623 |
+ { |
624 |
+ free(cmdcpy); |
625 |
+ return(NULL); |
626 |
+ } |
627 |
+ |
628 |
+ if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL) |
629 |
+ { |
630 |
+ free(cmdcpy); |
631 |
+ return(NULL); |
632 |
+ } |
633 |
+ |
634 |
+ strcpy(argv[i], ptr); |
635 |
+ |
636 |
+ if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL) |
637 |
+ { |
638 |
+ if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL) |
639 |
+ { |
640 |
+ free(cmdcpy); |
641 |
+ return(NULL); |
642 |
+ } |
643 |
+ argv[i+1] = NULL; |
644 |
+ break; |
645 |
+ } |
646 |
+ } |
647 |
+ |
648 |
+ |
649 |
+ if(type[0] == 'r') |
650 |
+ rpipe = 1; |
651 |
+ else |
652 |
+ wpipe = 1; |
653 |
+ |
654 |
+ if (pipe(pfd) < 0) |
655 |
+ { |
656 |
+ free(cmdcpy); |
657 |
+ return(NULL); |
658 |
+ } |
659 |
+ |
660 |
+ if((pid = fork()) < 0) |
661 |
+ { |
662 |
+ close(pfd[0]); |
663 |
+ close(pfd[1]); |
664 |
+ free(cmdcpy); |
665 |
+ return(NULL); |
666 |
+ } |
667 |
+ |
668 |
+ if(pid == 0) /* child */ |
669 |
+ { |
670 |
+ if((pid = fork()) < 0) |
671 |
+ { |
672 |
+ close(pfd[0]); |
673 |
+ close(pfd[1]); |
674 |
+ free(cmdcpy); |
675 |
+ return(NULL); |
676 |
+ } |
677 |
+ if(pid > 0) |
678 |
+ { |
679 |
+ exit(0); /* child nr. 1 exits */ |
680 |
+ } |
681 |
+ |
682 |
+ /* child nr. 2 */ |
683 |
+ if(rpipe) |
684 |
+ { |
685 |
+ close(pfd[0]); /* close reading end, we don't need it */ |
686 |
+ dup2(STDOUT_FILENO, STDERR_FILENO); |
687 |
+ if (pfd[1] != STDOUT_FILENO) |
688 |
+ dup2(pfd[1], STDOUT_FILENO); /* redirect stdout to writing end of pipe */ |
689 |
+ } |
690 |
+ else |
691 |
+ { |
692 |
+ close(pfd[1]); /* close writing end, we don't need it */ |
693 |
+ if (pfd[0] != STDIN_FILENO) |
694 |
+ dup2(pfd[0], STDIN_FILENO); /* redirect stdin to reading end of pipe */ |
695 |
+ } |
696 |
+ |
697 |
+ if(strchr(argv[0], '/') == NULL) |
698 |
+ execvp(argv[0], argv); /* search in $PATH */ |
699 |
+ else |
700 |
+ execv(argv[0], argv); |
701 |
+ |
702 |
+ close(pfd[0]); |
703 |
+ close(pfd[1]); |
704 |
+ free(cmdcpy); |
705 |
+ return(NULL); /* exec failed.. ooops! */ |
706 |
+ } |
707 |
+ else /* parent */ |
708 |
+ { |
709 |
+ waitpid(pid, NULL, 0); /* wait for child nr. 1 */ |
710 |
+ |
711 |
+ if(rpipe) |
712 |
+ { |
713 |
+ close(pfd[1]); |
714 |
+ free(cmdcpy); |
715 |
+ return(fdopen(pfd[0], "r")); |
716 |
+ } |
717 |
+ else |
718 |
+ { |
719 |
+ close(pfd[0]); |
720 |
+ free(cmdcpy); |
721 |
+ return(fdopen(pfd[1], "w")); |
722 |
+ } |
723 |
+ |
724 |
+ } |
725 |
+} |
726 |
+ |
727 |
diff -Nur lib/Xm/XpmAttrib.c lib/Xm/XpmAttrib.c |
728 |
--- lib/Xm/XpmAttrib.c 2005-02-14 15:20:49.346039704 +0100 |
729 |
+++ lib/Xm/XpmAttrib.c 2005-02-14 14:26:42.742624081 +0100 |
730 |
@@ -44,7 +44,7 @@ |
731 |
LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, |
732 |
XpmColor ***oldct)); |
733 |
|
734 |
-LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); |
735 |
+LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors)); |
736 |
|
737 |
/* |
738 |
* Create a colortable compatible with the old style colortable |
739 |
@@ -56,9 +56,9 @@ |
740 |
XpmColor ***oldct; |
741 |
{ |
742 |
XpmColor **colorTable, **color; |
743 |
- int a; |
744 |
+ unsigned int a; |
745 |
|
746 |
- if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) |
747 |
+ if (ncolors >= UINT_MAX / sizeof(XpmColor *)) |
748 |
return XpmNoMemory; |
749 |
|
750 |
colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); |
751 |
@@ -75,9 +75,9 @@ |
752 |
static void |
753 |
FreeOldColorTable(colorTable, ncolors) |
754 |
XpmColor **colorTable; |
755 |
- int ncolors; |
756 |
+ unsigned int ncolors; |
757 |
{ |
758 |
- int a, b; |
759 |
+ unsigned int a, b; |
760 |
XpmColor **color; |
761 |
char **sptr; |
762 |
|
763 |
@@ -128,7 +128,7 @@ |
764 |
XpmExtension *ext; |
765 |
char **sptr; |
766 |
|
767 |
- if (extensions) { |
768 |
+ if (extensions && nextensions > 0) { |
769 |
for (i = 0, ext = extensions; i < nextensions; i++, ext++) { |
770 |
if (ext->name) |
771 |
XpmFree(ext->name); |
772 |
diff -Nur lib/Xm/XpmCrBufFrI.c lib/Xm/XpmCrBufFrI.c |
773 |
--- lib/Xm/XpmCrBufFrI.c 2003-08-15 11:08:59.000000000 +0200 |
774 |
+++ lib/Xm/XpmCrBufFrI.c 2005-02-14 14:28:44.975393496 +0100 |
775 |
@@ -41,21 +41,26 @@ |
776 |
#endif |
777 |
|
778 |
|
779 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
780 |
+ |
781 |
+ |
782 |
#include "XpmI.h" |
783 |
|
784 |
LFUNC(WriteColors, int, (char **dataptr, unsigned int *data_size, |
785 |
unsigned int *used_size, XpmColor *colors, |
786 |
unsigned int ncolors, unsigned int cpp)); |
787 |
|
788 |
-LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size, |
789 |
+LFUNC(WritePixels, void, (char *dataptr, unsigned int data_size, |
790 |
+ unsigned int *used_size, |
791 |
unsigned int width, unsigned int height, |
792 |
unsigned int cpp, unsigned int *pixels, |
793 |
XpmColor *colors)); |
794 |
|
795 |
-LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size, |
796 |
+LFUNC(WriteExtensions, void, (char *dataptr, unsigned int data_size, |
797 |
+ unsigned int *used_size, |
798 |
XpmExtension *ext, unsigned int num)); |
799 |
|
800 |
-LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num)); |
801 |
+LFUNC(ExtensionsSize, unsigned int, (XpmExtension *ext, unsigned int num)); |
802 |
LFUNC(CommentsSize, int, (XpmInfo *info)); |
803 |
|
804 |
int |
805 |
@@ -98,11 +103,12 @@ |
806 |
|
807 |
#undef RETURN |
808 |
#define RETURN(status) \ |
809 |
+do \ |
810 |
{ \ |
811 |
if (ptr) \ |
812 |
XpmFree(ptr); \ |
813 |
return(status); \ |
814 |
-} |
815 |
+} while(0) |
816 |
|
817 |
int |
818 |
XpmCreateBufferFromXpmImage(buffer_return, image, info) |
819 |
@@ -116,7 +122,7 @@ |
820 |
unsigned int cmts, extensions, ext_size = 0; |
821 |
unsigned int l, cmt_size = 0; |
822 |
char *ptr = NULL, *p; |
823 |
- unsigned int ptr_size, used_size; |
824 |
+ unsigned int ptr_size, used_size, tmp; |
825 |
|
826 |
*buffer_return = NULL; |
827 |
|
828 |
@@ -138,7 +144,13 @@ |
829 |
#ifdef VOID_SPRINTF |
830 |
used_size = strlen(buf); |
831 |
#endif |
832 |
- ptr_size = used_size + ext_size + cmt_size + 1; |
833 |
+ ptr_size = used_size + ext_size + cmt_size + 1; /* ptr_size can't be 0 */ |
834 |
+ if(ptr_size <= used_size || |
835 |
+ ptr_size <= ext_size || |
836 |
+ ptr_size <= cmt_size) |
837 |
+ { |
838 |
+ return XpmNoMemory; |
839 |
+ } |
840 |
ptr = (char *) XpmMalloc(ptr_size); |
841 |
if (!ptr) |
842 |
return XpmNoMemory; |
843 |
@@ -149,7 +161,7 @@ |
844 |
#ifndef VOID_SPRINTF |
845 |
used_size += |
846 |
#endif |
847 |
- sprintf(ptr + used_size, "/*%s*/\n", info->hints_cmt); |
848 |
+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->hints_cmt); |
849 |
#ifdef VOID_SPRINTF |
850 |
used_size += strlen(info->hints_cmt) + 5; |
851 |
#endif |
852 |
@@ -167,7 +179,7 @@ |
853 |
#ifndef VOID_SPRINTF |
854 |
l += |
855 |
#endif |
856 |
- sprintf(buf + l, " %d %d", info->x_hotspot, info->y_hotspot); |
857 |
+ snprintf(buf + l, sizeof(buf)-l, " %d %d", info->x_hotspot, info->y_hotspot); |
858 |
#ifdef VOID_SPRINTF |
859 |
l = strlen(buf); |
860 |
#endif |
861 |
@@ -189,6 +201,8 @@ |
862 |
l = strlen(buf); |
863 |
#endif |
864 |
ptr_size += l; |
865 |
+ if(ptr_size <= l) |
866 |
+ RETURN(XpmNoMemory); |
867 |
p = (char *) XpmRealloc(ptr, ptr_size); |
868 |
if (!p) |
869 |
RETURN(XpmNoMemory); |
870 |
@@ -201,7 +215,7 @@ |
871 |
#ifndef VOID_SPRINTF |
872 |
used_size += |
873 |
#endif |
874 |
- sprintf(ptr + used_size, "/*%s*/\n", info->colors_cmt); |
875 |
+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->colors_cmt); |
876 |
#ifdef VOID_SPRINTF |
877 |
used_size += strlen(info->colors_cmt) + 5; |
878 |
#endif |
879 |
@@ -217,7 +231,12 @@ |
880 |
* 4 = 1 (for '"') + 3 (for '",\n') |
881 |
* 1 = - 2 (because the last line does not end with ',\n') + 3 (for '};\n') |
882 |
*/ |
883 |
- ptr_size += image->height * (image->width * image->cpp + 4) + 1; |
884 |
+ if(image->width > UINT_MAX / image->cpp || |
885 |
+ (tmp = image->width * image->cpp + 4) <= 4 || |
886 |
+ image->height > UINT_MAX / tmp || |
887 |
+ (tmp = image->height * tmp + 1) <= 1 || |
888 |
+ (ptr_size += tmp) <= tmp) |
889 |
+ RETURN(XpmNoMemory); |
890 |
|
891 |
p = (char *) XpmRealloc(ptr, ptr_size); |
892 |
if (!p) |
893 |
@@ -229,17 +248,17 @@ |
894 |
#ifndef VOID_SPRINTF |
895 |
used_size += |
896 |
#endif |
897 |
- sprintf(ptr + used_size, "/*%s*/\n", info->pixels_cmt); |
898 |
+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->pixels_cmt); |
899 |
#ifdef VOID_SPRINTF |
900 |
used_size += strlen(info->pixels_cmt) + 5; |
901 |
#endif |
902 |
} |
903 |
- WritePixels(ptr + used_size, &used_size, image->width, image->height, |
904 |
+ WritePixels(ptr + used_size, ptr_size - used_size, &used_size, image->width, image->height, |
905 |
image->cpp, image->data, image->colorTable); |
906 |
|
907 |
/* print extensions */ |
908 |
if (extensions) |
909 |
- WriteExtensions(ptr + used_size, &used_size, |
910 |
+ WriteExtensions(ptr + used_size, ptr_size-used_size, &used_size, |
911 |
info->extensions, info->nextensions); |
912 |
|
913 |
/* close the array */ |
914 |
@@ -250,6 +269,7 @@ |
915 |
return (XpmSuccess); |
916 |
} |
917 |
|
918 |
+ |
919 |
static int |
920 |
WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp) |
921 |
char **dataptr; |
922 |
@@ -259,7 +279,7 @@ |
923 |
unsigned int ncolors; |
924 |
unsigned int cpp; |
925 |
{ |
926 |
- char buf[BUFSIZ]; |
927 |
+ char buf[BUFSIZ] = {0}; |
928 |
unsigned int a, key, l; |
929 |
char *s, *s2; |
930 |
char **defaults; |
931 |
@@ -269,22 +289,34 @@ |
932 |
|
933 |
defaults = (char **) colors; |
934 |
s = buf + 1; |
935 |
- strncpy(s, *defaults++, cpp); |
936 |
- s += cpp; |
937 |
- |
938 |
- for (key = 1; key <= NKEYS; key++, defaults++) { |
939 |
- if ((s2 = *defaults)) { |
940 |
-#ifndef VOID_SPRINTF |
941 |
- s += |
942 |
-#endif |
943 |
- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2); |
944 |
-#ifdef VOID_SPRINTF |
945 |
- s += strlen(s); |
946 |
-#endif |
947 |
- } |
948 |
- } |
949 |
- strcpy(s, "\",\n"); |
950 |
- l = s + 3 - buf; |
951 |
+ if(cpp > (sizeof(buf) - (s-buf))) |
952 |
+ return(XpmNoMemory); |
953 |
+ strncpy(s, *defaults++, cpp); |
954 |
+ s += cpp; |
955 |
+ |
956 |
+ for (key = 1; key <= NKEYS; key++, defaults++) { |
957 |
+ if ((s2 = *defaults)) { |
958 |
+#ifndef VOID_SPRINTF |
959 |
+ s += |
960 |
+#endif |
961 |
+ /* assume C99 compliance */ |
962 |
+ snprintf(s, sizeof(buf) - (s-buf), "\t%s %s", xpmColorKeys[key - 1], s2); |
963 |
+#ifdef VOID_SPRINTF |
964 |
+ s += strlen(s); |
965 |
+#endif |
966 |
+ /* now let's check if s points out-of-bounds */ |
967 |
+ if((s-buf) > sizeof(buf)) |
968 |
+ return(XpmNoMemory); |
969 |
+ } |
970 |
+ } |
971 |
+ if(sizeof(buf) - (s-buf) < 4) |
972 |
+ return(XpmNoMemory); |
973 |
+ strcpy(s, "\",\n"); |
974 |
+ l = s + 3 - buf; |
975 |
+ if( *data_size >= UINT_MAX-l || |
976 |
+ *data_size + l <= *used_size || |
977 |
+ (*data_size + l - *used_size) <= sizeof(buf)) |
978 |
+ return(XpmNoMemory); |
979 |
s = (char *) XpmRealloc(*dataptr, *data_size + l); |
980 |
if (!s) |
981 |
return (XpmNoMemory); |
982 |
@@ -297,8 +329,9 @@ |
983 |
} |
984 |
|
985 |
static void |
986 |
-WritePixels(dataptr, used_size, width, height, cpp, pixels, colors) |
987 |
+WritePixels(dataptr, data_size, used_size, width, height, cpp, pixels, colors) |
988 |
char *dataptr; |
989 |
+ unsigned int data_size; |
990 |
unsigned int *used_size; |
991 |
unsigned int width; |
992 |
unsigned int height; |
993 |
@@ -309,27 +342,36 @@ |
994 |
char *s = dataptr; |
995 |
unsigned int x, y, h; |
996 |
|
997 |
+ if(height <= 1) |
998 |
+ return; |
999 |
+ |
1000 |
h = height - 1; |
1001 |
for (y = 0; y < h; y++) { |
1002 |
*s++ = '"'; |
1003 |
for (x = 0; x < width; x++, pixels++) { |
1004 |
- strncpy(s, colors[*pixels].string, cpp); |
1005 |
+ if(cpp >= (data_size - (s-dataptr))) |
1006 |
+ return; |
1007 |
+ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */ |
1008 |
s += cpp; |
1009 |
} |
1010 |
+ if((data_size - (s-dataptr)) < 4) |
1011 |
+ return; |
1012 |
strcpy(s, "\",\n"); |
1013 |
s += 3; |
1014 |
} |
1015 |
/* duplicate some code to avoid a test in the loop */ |
1016 |
*s++ = '"'; |
1017 |
for (x = 0; x < width; x++, pixels++) { |
1018 |
- strncpy(s, colors[*pixels].string, cpp); |
1019 |
+ if(cpp >= (data_size - (s-dataptr))) |
1020 |
+ return; |
1021 |
+ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */ |
1022 |
s += cpp; |
1023 |
} |
1024 |
*s++ = '"'; |
1025 |
*used_size += s - dataptr; |
1026 |
} |
1027 |
|
1028 |
-static int |
1029 |
+static unsigned int |
1030 |
ExtensionsSize(ext, num) |
1031 |
XpmExtension *ext; |
1032 |
unsigned int num; |
1033 |
@@ -338,21 +380,26 @@ |
1034 |
char **line; |
1035 |
|
1036 |
size = 0; |
1037 |
+ if(num == 0) |
1038 |
+ return(0); /* ok? */ |
1039 |
for (x = 0; x < num; x++, ext++) { |
1040 |
/* 11 = 10 (for ',\n"XPMEXT ') + 1 (for '"') */ |
1041 |
size += strlen(ext->name) + 11; |
1042 |
- a = ext->nlines; |
1043 |
+ a = ext->nlines; /* how can we trust ext->nlines to be not out-of-bounds? */ |
1044 |
for (y = 0, line = ext->lines; y < a; y++, line++) |
1045 |
/* 4 = 3 (for ',\n"') + 1 (for '"') */ |
1046 |
size += strlen(*line) + 4; |
1047 |
} |
1048 |
/* 13 is for ',\n"XPMENDEXT"' */ |
1049 |
+ if(size > UINT_MAX - 13) /* unlikely */ |
1050 |
+ return(0); |
1051 |
return size + 13; |
1052 |
} |
1053 |
|
1054 |
static void |
1055 |
-WriteExtensions(dataptr, used_size, ext, num) |
1056 |
+WriteExtensions(dataptr, data_size, used_size, ext, num) |
1057 |
char *dataptr; |
1058 |
+ unsigned int data_size; |
1059 |
unsigned int *used_size; |
1060 |
XpmExtension *ext; |
1061 |
unsigned int num; |
1062 |
@@ -363,24 +410,24 @@ |
1063 |
|
1064 |
for (x = 0; x < num; x++, ext++) { |
1065 |
#ifndef VOID_SPRINTF |
1066 |
- s += 11 + |
1067 |
+ s += |
1068 |
#endif |
1069 |
- sprintf(s, ",\n\"XPMEXT %s\"", ext->name); |
1070 |
+ snprintf(s, data_size - (s-dataptr), ",\n\"XPMEXT %s\"", ext->name); |
1071 |
#ifdef VOID_SPRINTF |
1072 |
s += strlen(ext->name) + 11; |
1073 |
#endif |
1074 |
a = ext->nlines; |
1075 |
for (y = 0, line = ext->lines; y < a; y++, line++) { |
1076 |
#ifndef VOID_SPRINTF |
1077 |
- s += 4 + |
1078 |
+ s += |
1079 |
#endif |
1080 |
- sprintf(s, ",\n\"%s\"", *line); |
1081 |
+ snprintf(s, data_size - (s-dataptr), ",\n\"%s\"", *line); |
1082 |
#ifdef VOID_SPRINTF |
1083 |
s += strlen(*line) + 4; |
1084 |
#endif |
1085 |
} |
1086 |
} |
1087 |
- strcpy(s, ",\n\"XPMENDEXT\""); |
1088 |
+ strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1); |
1089 |
*used_size += s - dataptr + 13; |
1090 |
} |
1091 |
|
1092 |
@@ -391,6 +438,7 @@ |
1093 |
int size = 0; |
1094 |
|
1095 |
/* 5 = 2 (for "/_*") + 3 (for "*_/\n") */ |
1096 |
+ /* wrap possible but *very* unlikely */ |
1097 |
if (info->hints_cmt) |
1098 |
size += 5 + strlen(info->hints_cmt); |
1099 |
|
1100 |
diff -Nur lib/Xm/XpmCrDatFrI.c lib/Xm/XpmCrDatFrI.c |
1101 |
--- lib/Xm/XpmCrDatFrI.c 2005-02-14 15:20:49.344040101 +0100 |
1102 |
+++ lib/Xm/XpmCrDatFrI.c 2005-02-14 14:32:22.610251056 +0100 |
1103 |
@@ -38,13 +38,16 @@ |
1104 |
#endif |
1105 |
|
1106 |
|
1107 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1108 |
+ |
1109 |
#include "XpmI.h" |
1110 |
|
1111 |
LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size, |
1112 |
XpmColor *colors, unsigned int ncolors, |
1113 |
unsigned int cpp)); |
1114 |
|
1115 |
-LFUNC(CreatePixels, void, (char **dataptr, unsigned int width, |
1116 |
+LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size, |
1117 |
+ unsigned int width, |
1118 |
unsigned int height, unsigned int cpp, |
1119 |
unsigned int *pixels, XpmColor *colors)); |
1120 |
|
1121 |
@@ -52,7 +55,8 @@ |
1122 |
unsigned int *ext_size, |
1123 |
unsigned int *ext_nlines)); |
1124 |
|
1125 |
-LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset, |
1126 |
+LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size, |
1127 |
+ unsigned int offset, |
1128 |
XpmExtension *ext, unsigned int num, |
1129 |
unsigned int ext_nlines)); |
1130 |
|
1131 |
@@ -93,6 +97,7 @@ |
1132 |
|
1133 |
#undef RETURN |
1134 |
#define RETURN(status) \ |
1135 |
+do \ |
1136 |
{ \ |
1137 |
if (header) { \ |
1138 |
for (l = 0; l < header_nlines; l++) \ |
1139 |
@@ -101,7 +106,7 @@ |
1140 |
XpmFree(header); \ |
1141 |
} \ |
1142 |
return(status); \ |
1143 |
-} |
1144 |
+} while(0) |
1145 |
|
1146 |
int |
1147 |
XpmCreateDataFromXpmImage(data_return, image, info) |
1148 |
@@ -133,10 +138,15 @@ |
1149 |
* is the hints line + the color table lines |
1150 |
*/ |
1151 |
header_nlines = 1 + image->ncolors; |
1152 |
+ |
1153 |
+ if(header_nlines <= image->ncolors || |
1154 |
+ header_nlines >= UINT_MAX / sizeof(char *)) |
1155 |
+ return(XpmNoMemory); |
1156 |
+ |
1157 |
header_size = sizeof(char *) * header_nlines; |
1158 |
- if (header_size >= SIZE_MAX / sizeof(char *)) |
1159 |
+ if (header_size >= UINT_MAX / sizeof(char *)) |
1160 |
return (XpmNoMemory); |
1161 |
- header = (char **) XpmCalloc(header_size, sizeof(char *)); |
1162 |
+ header = (char **) XpmCalloc(header_size, sizeof(char *)); |
1163 |
if (!header) |
1164 |
return (XpmNoMemory); |
1165 |
|
1166 |
@@ -180,8 +190,22 @@ |
1167 |
|
1168 |
/* now we know the size needed, alloc the data and copy the header lines */ |
1169 |
offset = image->width * image->cpp + 1; |
1170 |
- data_size = header_size + (image->height + ext_nlines) * sizeof(char *) |
1171 |
- + image->height * offset + ext_size; |
1172 |
+ |
1173 |
+ if(offset <= image->width || offset <= image->cpp) |
1174 |
+ RETURN(XpmNoMemory); |
1175 |
+ |
1176 |
+ if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *)) |
1177 |
+ RETURN(XpmNoMemory); |
1178 |
+ data_size = (image->height + ext_nlines) * sizeof(char *); |
1179 |
+ |
1180 |
+ if (image->height > UINT_MAX / offset || |
1181 |
+ image->height * offset > UINT_MAX - data_size) |
1182 |
+ RETURN(XpmNoMemory); |
1183 |
+ data_size += image->height * offset; |
1184 |
+ |
1185 |
+ if( (header_size + ext_size) >= (UINT_MAX - data_size) ) |
1186 |
+ RETURN(XpmNoMemory); |
1187 |
+ data_size += header_size + ext_size; |
1188 |
|
1189 |
data = (char **) XpmMalloc(data_size); |
1190 |
if (!data) |
1191 |
@@ -189,8 +213,10 @@ |
1192 |
|
1193 |
data_nlines = header_nlines + image->height + ext_nlines; |
1194 |
*data = (char *) (data + data_nlines); |
1195 |
+ |
1196 |
+ /* can header have less elements then n suggests? */ |
1197 |
n = image->ncolors; |
1198 |
- for (l = 0, sptr = data, sptr2 = header; l <= n; l++, sptr++, sptr2++) { |
1199 |
+ for (l = 0, sptr = data, sptr2 = header; l <= n && sptr && sptr2; l++, sptr++, sptr2++) { |
1200 |
strcpy(*sptr, *sptr2); |
1201 |
*(sptr + 1) = *sptr + strlen(*sptr2) + 1; |
1202 |
} |
1203 |
@@ -199,12 +225,13 @@ |
1204 |
data[header_nlines] = (char *) data + header_size |
1205 |
+ (image->height + ext_nlines) * sizeof(char *); |
1206 |
|
1207 |
- CreatePixels(data + header_nlines, image->width, image->height, |
1208 |
+ CreatePixels(data + header_nlines, data_size-header_nlines, image->width, image->height, |
1209 |
image->cpp, image->data, image->colorTable); |
1210 |
|
1211 |
/* print extensions */ |
1212 |
if (extensions) |
1213 |
- CreateExtensions(data + header_nlines + image->height - 1, offset, |
1214 |
+ CreateExtensions(data + header_nlines + image->height - 1, |
1215 |
+ data_size - header_nlines - image->height + 1, offset, |
1216 |
info->extensions, info->nextensions, |
1217 |
ext_nlines); |
1218 |
|
1219 |
@@ -229,18 +256,27 @@ |
1220 |
for (a = 0; a < ncolors; a++, colors++, dataptr++) { |
1221 |
|
1222 |
defaults = (char **) colors; |
1223 |
+ if(sizeof(buf) <= cpp) |
1224 |
+ return(XpmNoMemory); |
1225 |
strncpy(buf, *defaults++, cpp); |
1226 |
s = buf + cpp; |
1227 |
|
1228 |
+ if(sizeof(buf) <= (s-buf)) |
1229 |
+ return XpmNoMemory; |
1230 |
+ |
1231 |
for (key = 1; key <= NKEYS; key++, defaults++) { |
1232 |
if ((s2 = *defaults)) { |
1233 |
#ifndef VOID_SPRINTF |
1234 |
s += |
1235 |
#endif |
1236 |
- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2); |
1237 |
+ /* assume C99 compliance */ |
1238 |
+ snprintf(s, sizeof(buf)-(s-buf), "\t%s %s", xpmColorKeys[key - 1], s2); |
1239 |
#ifdef VOID_SPRINTF |
1240 |
- s += strlen(s); |
1241 |
+ s += strlen(s); |
1242 |
#endif |
1243 |
+ /* does s point out-of-bounds? */ |
1244 |
+ if(sizeof(buf) < (s-buf)) |
1245 |
+ return XpmNoMemory; |
1246 |
} |
1247 |
} |
1248 |
l = s - buf + 1; |
1249 |
@@ -254,8 +290,9 @@ |
1250 |
} |
1251 |
|
1252 |
static void |
1253 |
-CreatePixels(dataptr, width, height, cpp, pixels, colors) |
1254 |
+CreatePixels(dataptr, data_size, width, height, cpp, pixels, colors) |
1255 |
char **dataptr; |
1256 |
+ unsigned int data_size; |
1257 |
unsigned int width; |
1258 |
unsigned int height; |
1259 |
unsigned int cpp; |
1260 |
@@ -265,21 +302,38 @@ |
1261 |
char *s; |
1262 |
unsigned int x, y, h, offset; |
1263 |
|
1264 |
+ if(height <= 1) |
1265 |
+ return; |
1266 |
+ |
1267 |
h = height - 1; |
1268 |
+ |
1269 |
offset = width * cpp + 1; |
1270 |
+ |
1271 |
+ if(offset <= width || offset <= cpp) |
1272 |
+ return; |
1273 |
+ |
1274 |
+ /* why trust h? */ |
1275 |
for (y = 0; y < h; y++, dataptr++) { |
1276 |
s = *dataptr; |
1277 |
+ /* why trust width? */ |
1278 |
for (x = 0; x < width; x++, pixels++) { |
1279 |
- strncpy(s, colors[*pixels].string, cpp); |
1280 |
+ if(cpp > (data_size - (s - *dataptr))) |
1281 |
+ return; |
1282 |
+ strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */ |
1283 |
s += cpp; |
1284 |
} |
1285 |
*s = '\0'; |
1286 |
+ if(offset > data_size) |
1287 |
+ return; |
1288 |
*(dataptr + 1) = *dataptr + offset; |
1289 |
} |
1290 |
/* duplicate some code to avoid a test in the loop */ |
1291 |
s = *dataptr; |
1292 |
+ /* why trust width? */ |
1293 |
for (x = 0; x < width; x++, pixels++) { |
1294 |
- strncpy(s, colors[*pixels].string, cpp); |
1295 |
+ if(cpp > data_size - (s - *dataptr)) |
1296 |
+ return; |
1297 |
+ strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */ |
1298 |
s += cpp; |
1299 |
} |
1300 |
*s = '\0'; |
1301 |
@@ -312,8 +366,9 @@ |
1302 |
} |
1303 |
|
1304 |
static void |
1305 |
-CreateExtensions(dataptr, offset, ext, num, ext_nlines) |
1306 |
+CreateExtensions(dataptr, data_size, offset, ext, num, ext_nlines) |
1307 |
char **dataptr; |
1308 |
+ unsigned int data_size; |
1309 |
unsigned int offset; |
1310 |
XpmExtension *ext; |
1311 |
unsigned int num; |
1312 |
@@ -326,12 +381,12 @@ |
1313 |
dataptr++; |
1314 |
a = 0; |
1315 |
for (x = 0; x < num; x++, ext++) { |
1316 |
- sprintf(*dataptr, "XPMEXT %s", ext->name); |
1317 |
+ snprintf(*dataptr, data_size, "XPMEXT %s", ext->name); |
1318 |
a++; |
1319 |
if (a < ext_nlines) |
1320 |
*(dataptr + 1) = *dataptr + strlen(ext->name) + 8; |
1321 |
dataptr++; |
1322 |
- b = ext->nlines; |
1323 |
+ b = ext->nlines; /* can we trust these values? */ |
1324 |
for (y = 0, line = ext->lines; y < b; y++, line++) { |
1325 |
strcpy(*dataptr, *line); |
1326 |
a++; |
1327 |
diff -Nur lib/Xm/Xpmcreate.c lib/Xm/Xpmcreate.c |
1328 |
--- lib/Xm/Xpmcreate.c 2005-02-14 15:20:49.348039308 +0100 |
1329 |
+++ lib/Xm/Xpmcreate.c 2005-02-14 14:36:37.104801803 +0100 |
1330 |
@@ -44,6 +44,8 @@ |
1331 |
#endif |
1332 |
|
1333 |
|
1334 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1335 |
+ |
1336 |
#include "XpmI.h" |
1337 |
#include <ctype.h> |
1338 |
|
1339 |
@@ -565,7 +567,7 @@ |
1340 |
*/ |
1341 |
} else { |
1342 |
#endif |
1343 |
- int i; |
1344 |
+ unsigned int i; |
1345 |
|
1346 |
ncols = visual->map_entries; |
1347 |
cols = (XColor *) XpmCalloc(ncols, sizeof(XColor)); |
1348 |
@@ -723,6 +725,7 @@ |
1349 |
/* function call in case of error, frees only locally allocated variables */ |
1350 |
#undef RETURN |
1351 |
#define RETURN(status) \ |
1352 |
+do \ |
1353 |
{ \ |
1354 |
if (ximage) XDestroyImage(ximage); \ |
1355 |
if (shapeimage) XDestroyImage(shapeimage); \ |
1356 |
@@ -733,7 +736,7 @@ |
1357 |
if (alloc_pixels) XpmFree(alloc_pixels); \ |
1358 |
if (used_pixels) XpmFree(used_pixels); \ |
1359 |
return (status); \ |
1360 |
-} |
1361 |
+} while(0) |
1362 |
|
1363 |
int |
1364 |
XpmCreateImageFromXpmImage(display, image, |
1365 |
@@ -804,7 +807,7 @@ |
1366 |
|
1367 |
ErrorStatus = XpmSuccess; |
1368 |
|
1369 |
- if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) |
1370 |
+ if (image->ncolors >= UINT_MAX / sizeof(Pixel)) |
1371 |
return (XpmNoMemory); |
1372 |
|
1373 |
/* malloc pixels index tables */ |
1374 |
@@ -950,9 +953,13 @@ |
1375 |
return (XpmNoMemory); |
1376 |
|
1377 |
#ifndef FOR_MSW |
1378 |
- if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) |
1379 |
- return XpmNoMemory; |
1380 |
+ if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) { |
1381 |
+ XDestroyImage(*image_return); |
1382 |
+ return XpmNoMemory; |
1383 |
+ } |
1384 |
/* now that bytes_per_line must have been set properly alloc data */ |
1385 |
+ if((*image_return)->bytes_per_line == 0 || height == 0) |
1386 |
+ return XpmNoMemory; |
1387 |
(*image_return)->data = |
1388 |
(char *) XpmMalloc((*image_return)->bytes_per_line * height); |
1389 |
|
1390 |
@@ -980,7 +987,7 @@ |
1391 |
LFUNC(_putbits, void, (register char *src, int dstoffset, |
1392 |
register int numbits, register char *dst)); |
1393 |
|
1394 |
-LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register int nb)); |
1395 |
+LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register unsigned int nb)); |
1396 |
|
1397 |
static unsigned char Const _reverse_byte[0x100] = { |
1398 |
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, |
1399 |
@@ -1020,12 +1027,12 @@ |
1400 |
static int |
1401 |
_XReverse_Bytes(bpt, nb) |
1402 |
register unsigned char *bpt; |
1403 |
- register int nb; |
1404 |
+ register unsigned int nb; |
1405 |
{ |
1406 |
do { |
1407 |
*bpt = _reverse_byte[*bpt]; |
1408 |
bpt++; |
1409 |
- } while (--nb > 0); |
1410 |
+ } while (--nb > 0); /* is nb user-controled? */ |
1411 |
return 0; |
1412 |
} |
1413 |
|
1414 |
@@ -1164,7 +1171,7 @@ |
1415 |
register char *src; |
1416 |
register char *dst; |
1417 |
register unsigned int *iptr; |
1418 |
- register int x, y, i; |
1419 |
+ register unsigned int x, y, i; |
1420 |
register char *data; |
1421 |
Pixel pixel, px; |
1422 |
int nbytes, depth, ibu, ibpp; |
1423 |
@@ -1174,8 +1181,8 @@ |
1424 |
depth = image->depth; |
1425 |
if (depth == 1) { |
1426 |
ibu = image->bitmap_unit; |
1427 |
- for (y = 0; y < height; y++) |
1428 |
- for (x = 0; x < width; x++, iptr++) { |
1429 |
+ for (y = 0; y < height; y++) /* how can we trust height */ |
1430 |
+ for (x = 0; x < width; x++, iptr++) { /* how can we trust width */ |
1431 |
pixel = pixels[*iptr]; |
1432 |
for (i = 0, px = pixel; i < sizeof(unsigned long); |
1433 |
i++, px >>= 8) |
1434 |
@@ -1250,12 +1257,12 @@ |
1435 |
{ |
1436 |
unsigned char *data; |
1437 |
unsigned int *iptr; |
1438 |
- int y; |
1439 |
+ unsigned int y; |
1440 |
Pixel pixel; |
1441 |
|
1442 |
#ifdef WITHOUT_SPEEDUPS |
1443 |
|
1444 |
- int x; |
1445 |
+ unsigned int x; |
1446 |
unsigned char *addr; |
1447 |
|
1448 |
data = (unsigned char *) image->data; |
1449 |
@@ -1292,7 +1299,7 @@ |
1450 |
|
1451 |
#else /* WITHOUT_SPEEDUPS */ |
1452 |
|
1453 |
- int bpl = image->bytes_per_line; |
1454 |
+ unsigned int bpl = image->bytes_per_line; |
1455 |
unsigned char *data_ptr, *max_data; |
1456 |
|
1457 |
data = (unsigned char *) image->data; |
1458 |
@@ -1360,11 +1367,11 @@ |
1459 |
{ |
1460 |
unsigned char *data; |
1461 |
unsigned int *iptr; |
1462 |
- int y; |
1463 |
+ unsigned int y; |
1464 |
|
1465 |
#ifdef WITHOUT_SPEEDUPS |
1466 |
|
1467 |
- int x; |
1468 |
+ unsigned int x; |
1469 |
unsigned char *addr; |
1470 |
|
1471 |
data = (unsigned char *) image->data; |
1472 |
@@ -1388,7 +1395,7 @@ |
1473 |
|
1474 |
Pixel pixel; |
1475 |
|
1476 |
- int bpl = image->bytes_per_line; |
1477 |
+ unsigned int bpl = image->bytes_per_line; |
1478 |
unsigned char *data_ptr, *max_data; |
1479 |
|
1480 |
data = (unsigned char *) image->data; |
1481 |
@@ -1441,11 +1448,11 @@ |
1482 |
{ |
1483 |
char *data; |
1484 |
unsigned int *iptr; |
1485 |
- int y; |
1486 |
+ unsigned int y; |
1487 |
|
1488 |
#ifdef WITHOUT_SPEEDUPS |
1489 |
|
1490 |
- int x; |
1491 |
+ unsigned int x; |
1492 |
|
1493 |
data = image->data; |
1494 |
iptr = pixelindex; |
1495 |
@@ -1455,7 +1462,7 @@ |
1496 |
|
1497 |
#else /* WITHOUT_SPEEDUPS */ |
1498 |
|
1499 |
- int bpl = image->bytes_per_line; |
1500 |
+ unsigned int bpl = image->bytes_per_line; |
1501 |
char *data_ptr, *max_data; |
1502 |
|
1503 |
data = image->data; |
1504 |
@@ -1490,12 +1497,12 @@ |
1505 |
PutImagePixels(image, width, height, pixelindex, pixels); |
1506 |
else { |
1507 |
unsigned int *iptr; |
1508 |
- int y; |
1509 |
+ unsigned int y; |
1510 |
char *data; |
1511 |
|
1512 |
#ifdef WITHOUT_SPEEDUPS |
1513 |
|
1514 |
- int x; |
1515 |
+ unsigned int x; |
1516 |
|
1517 |
data = image->data; |
1518 |
iptr = pixelindex; |
1519 |
@@ -1673,6 +1680,9 @@ |
1520 |
Pixel px; |
1521 |
int nbytes; |
1522 |
|
1523 |
+ if(x < 0 || y < 0) |
1524 |
+ return 0; |
1525 |
+ |
1526 |
for (i=0, px=pixel; i<sizeof(unsigned long); i++, px>>=8) |
1527 |
((unsigned char *)&pixel)[i] = px; |
1528 |
src = &ximage->data[XYINDEX(x, y, ximage)]; |
1529 |
@@ -1704,7 +1714,10 @@ |
1530 |
register int i; |
1531 |
register char *data; |
1532 |
Pixel px; |
1533 |
- int nbytes, ibpp; |
1534 |
+ unsigned int nbytes, ibpp; |
1535 |
+ |
1536 |
+ if(x < 0 || y < 0) |
1537 |
+ return 0; |
1538 |
|
1539 |
ibpp = ximage->bits_per_pixel; |
1540 |
if (ximage->depth == 4) |
1541 |
@@ -1737,6 +1750,9 @@ |
1542 |
{ |
1543 |
unsigned char *addr; |
1544 |
|
1545 |
+ if(x < 0 || y < 0) |
1546 |
+ return 0; |
1547 |
+ |
1548 |
addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; |
1549 |
*((unsigned long *)addr) = pixel; |
1550 |
return 1; |
1551 |
@@ -1751,6 +1767,9 @@ |
1552 |
{ |
1553 |
unsigned char *addr; |
1554 |
|
1555 |
+ if(x < 0 || y < 0) |
1556 |
+ return 0; |
1557 |
+ |
1558 |
addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; |
1559 |
addr[0] = pixel >> 24; |
1560 |
addr[1] = pixel >> 16; |
1561 |
@@ -1768,6 +1787,9 @@ |
1562 |
{ |
1563 |
unsigned char *addr; |
1564 |
|
1565 |
+ if(x < 0 || y < 0) |
1566 |
+ return 0; |
1567 |
+ |
1568 |
addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; |
1569 |
addr[3] = pixel >> 24; |
1570 |
addr[2] = pixel >> 16; |
1571 |
@@ -1785,6 +1807,9 @@ |
1572 |
{ |
1573 |
unsigned char *addr; |
1574 |
|
1575 |
+ if(x < 0 || y < 0) |
1576 |
+ return 0; |
1577 |
+ |
1578 |
addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)]; |
1579 |
addr[0] = pixel >> 8; |
1580 |
addr[1] = pixel; |
1581 |
@@ -1800,6 +1825,9 @@ |
1582 |
{ |
1583 |
unsigned char *addr; |
1584 |
|
1585 |
+ if(x < 0 || y < 0) |
1586 |
+ return 0; |
1587 |
+ |
1588 |
addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)]; |
1589 |
addr[1] = pixel >> 8; |
1590 |
addr[0] = pixel; |
1591 |
@@ -1813,6 +1841,9 @@ |
1592 |
int y; |
1593 |
unsigned long pixel; |
1594 |
{ |
1595 |
+ if(x < 0 || y < 0) |
1596 |
+ return 0; |
1597 |
+ |
1598 |
ximage->data[ZINDEX8(x, y, ximage)] = pixel; |
1599 |
return 1; |
1600 |
} |
1601 |
@@ -1824,6 +1855,9 @@ |
1602 |
int y; |
1603 |
unsigned long pixel; |
1604 |
{ |
1605 |
+ if(x < 0 || y < 0) |
1606 |
+ return 0; |
1607 |
+ |
1608 |
if (pixel & 1) |
1609 |
ximage->data[ZINDEX1(x, y, ximage)] |= 0x80 >> (x & 7); |
1610 |
else |
1611 |
@@ -1838,6 +1872,9 @@ |
1612 |
int y; |
1613 |
unsigned long pixel; |
1614 |
{ |
1615 |
+ if(x < 0 || y < 0) |
1616 |
+ return 0; |
1617 |
+ |
1618 |
if (pixel & 1) |
1619 |
ximage->data[ZINDEX1(x, y, ximage)] |= 1 << (x & 7); |
1620 |
else |
1621 |
@@ -1850,6 +1887,7 @@ |
1622 |
/* function call in case of error, frees only locally allocated variables */ |
1623 |
#undef RETURN |
1624 |
#define RETURN(status) \ |
1625 |
+do \ |
1626 |
{ \ |
1627 |
if (USE_HASHTABLE) xpmHashTableFree(&hashtable); \ |
1628 |
if (colorTable) xpmFreeColorTable(colorTable, ncolors); \ |
1629 |
@@ -1865,7 +1903,7 @@ |
1630 |
if (alloc_pixels) XpmFree(alloc_pixels); \ |
1631 |
if (used_pixels) XpmFree(used_pixels); \ |
1632 |
return(status); \ |
1633 |
-} |
1634 |
+} while(0) |
1635 |
|
1636 |
/* |
1637 |
* This function parses an Xpm file or data and directly create an XImage |
1638 |
@@ -1997,7 +2035,7 @@ |
1639 |
xpmGetCmt(data, &colors_cmt); |
1640 |
|
1641 |
/* malloc pixels index tables */ |
1642 |
- if (ncolors >= SIZE_MAX / sizeof(Pixel)) |
1643 |
+ if (ncolors >= UINT_MAX / sizeof(Pixel)) |
1644 |
return XpmNoMemory; |
1645 |
|
1646 |
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); |
1647 |
@@ -2109,7 +2147,7 @@ |
1648 |
* free the hastable |
1649 |
*/ |
1650 |
if (ErrorStatus != XpmSuccess) |
1651 |
- RETURN(ErrorStatus) |
1652 |
+ RETURN(ErrorStatus); |
1653 |
else if (USE_HASHTABLE) |
1654 |
xpmHashTableFree(&hashtable); |
1655 |
|
1656 |
@@ -2258,11 +2296,11 @@ |
1657 |
|
1658 |
/* array of pointers malloced by need */ |
1659 |
unsigned short *cidx[256]; |
1660 |
- int char1; |
1661 |
+ unsigned int char1; |
1662 |
|
1663 |
bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */ |
1664 |
for (a = 0; a < ncolors; a++) { |
1665 |
- char1 = colorTable[a].string[0]; |
1666 |
+ char1 = (unsigned char) colorTable[a].string[0]; |
1667 |
if (cidx[char1] == NULL) { /* get new memory */ |
1668 |
cidx[char1] = (unsigned short *) |
1669 |
XpmCalloc(256, sizeof(unsigned short)); |
1670 |
@@ -2280,7 +2318,7 @@ |
1671 |
int cc1 = xpmGetC(data); |
1672 |
if (cc1 > 0 && cc1 < 256) { |
1673 |
int cc2 = xpmGetC(data); |
1674 |
- if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) { |
1675 |
+ if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) { |
1676 |
#ifndef FOR_MSW |
1677 |
XPutPixel(image, x, y, |
1678 |
image_pixels[cidx[cc1][cc2] - 1]); |
1679 |
diff -Nur lib/Xm/Xpmdata.c lib/Xm/Xpmdata.c |
1680 |
--- lib/Xm/Xpmdata.c 2005-02-14 15:20:49.343040299 +0100 |
1681 |
+++ lib/Xm/Xpmdata.c 2005-02-14 14:38:22.161975990 +0100 |
1682 |
@@ -33,6 +33,8 @@ |
1683 |
* Developed by Arnaud Le Hors * |
1684 |
\*****************************************************************************/ |
1685 |
|
1686 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1687 |
+ |
1688 |
/* Official version number */ |
1689 |
static char *RCS_Version = "$XpmVersion: 3.4i $"; |
1690 |
|
1691 |
@@ -279,7 +281,7 @@ |
1692 |
} |
1693 |
ungetc(c, file); |
1694 |
} |
1695 |
- return (n); |
1696 |
+ return (n); /* this returns bytes read + 1 */ |
1697 |
} |
1698 |
|
1699 |
/* |
1700 |
@@ -376,8 +378,9 @@ |
1701 |
{ |
1702 |
if (!mdata->type) |
1703 |
*cmt = NULL; |
1704 |
- else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { |
1705 |
- *cmt = (char *) XpmMalloc(mdata->CommentLength + 1); |
1706 |
+ else if (mdata->CommentLength != 0 && mdata->CommentLength < UINT_MAX - 1) { |
1707 |
+ if( (*cmt = (char *) XpmMalloc(mdata->CommentLength + 1)) == NULL) |
1708 |
+ return XpmNoMemory; |
1709 |
strncpy(*cmt, mdata->Comment, mdata->CommentLength); |
1710 |
(*cmt)[mdata->CommentLength] = '\0'; |
1711 |
mdata->CommentLength = 0; |
1712 |
@@ -405,7 +408,7 @@ |
1713 |
xpmParseHeader(mdata) |
1714 |
xpmData *mdata; |
1715 |
{ |
1716 |
- char buf[BUFSIZ]; |
1717 |
+ char buf[BUFSIZ+1] = {0}; |
1718 |
int l, n = 0; |
1719 |
|
1720 |
if (mdata->type) { |
1721 |
diff -Nur lib/Xm/Xpmhashtab.c lib/Xm/Xpmhashtab.c |
1722 |
--- lib/Xm/Xpmhashtab.c 2005-02-14 15:20:49.342040497 +0100 |
1723 |
+++ lib/Xm/Xpmhashtab.c 2005-02-14 14:39:44.386676330 +0100 |
1724 |
@@ -144,13 +144,13 @@ |
1725 |
unsigned int size = table->size; |
1726 |
xpmHashAtom *t, *p; |
1727 |
int i; |
1728 |
- int oldSize = size; |
1729 |
+ unsigned int oldSize = size; |
1730 |
|
1731 |
t = atomTable; |
1732 |
HASH_TABLE_GROWS |
1733 |
table->size = size; |
1734 |
table->limit = size / 3; |
1735 |
- if (size >= SIZE_MAX / sizeof(*atomTable)) |
1736 |
+ if (size >= UINT_MAX / sizeof(*atomTable)) |
1737 |
return (XpmNoMemory); |
1738 |
atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); |
1739 |
if (!atomTable) |
1740 |
@@ -212,7 +212,7 @@ |
1741 |
table->size = INITIAL_HASH_SIZE; |
1742 |
table->limit = table->size / 3; |
1743 |
table->used = 0; |
1744 |
- if (table->size >= SIZE_MAX / sizeof(*atomTable)) |
1745 |
+ if (table->size >= UINT_MAX / sizeof(*atomTable)) |
1746 |
return (XpmNoMemory); |
1747 |
atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); |
1748 |
if (!atomTable) |
1749 |
--- lib/Xm/XpmI.h 2005-02-14 15:20:49.344040101 +0100 |
1750 |
+++ lib/Xm/XpmI.h 2005-02-14 14:24:12.903327195 +0100 |
1751 |
@@ -108,8 +109,10 @@ |
1752 |
* lets try to solve include files |
1753 |
*/ |
1754 |
|
1755 |
+#include <sys/types.h> |
1756 |
#include <stdio.h> |
1757 |
#include <stdlib.h> |
1758 |
+#include <limits.h> |
1759 |
/* stdio.h doesn't declare popen on a Sequent DYNIX OS */ |
1760 |
#ifdef sequent |
1761 |
extern FILE *popen(); |
1762 |
diff -Nur lib/Xm/Xpmmisc.c lib/Xm/Xpmmisc.c |
1763 |
--- lib/Xm/Xpmmisc.c 2002-01-10 21:57:09.000000000 +0100 |
1764 |
+++ lib/Xm/Xpmmisc.c 2005-02-14 14:24:12.907326402 +0100 |
1765 |
@@ -52,7 +52,7 @@ |
1766 |
char *s1; |
1767 |
{ |
1768 |
char *s2; |
1769 |
- int l = strlen(s1) + 1; |
1770 |
+ size_t l = strlen(s1) + 1; |
1771 |
|
1772 |
if (s2 = (char *) XpmMalloc(l)) |
1773 |
strcpy(s2, s1); |
1774 |
diff -Nur lib/Xm/Xpmparse.c lib/Xm/Xpmparse.c |
1775 |
--- lib/Xm/Xpmparse.c 2005-02-14 15:20:49.349039110 +0100 |
1776 |
+++ lib/Xm/Xpmparse.c 2005-02-14 14:46:55.361242890 +0100 |
1777 |
@@ -49,21 +49,21 @@ |
1778 |
#include <string.h> |
1779 |
|
1780 |
#ifdef HAS_STRLCAT |
1781 |
-# define STRLCAT(dst, src, dstsize) { \ |
1782 |
+# define STRLCAT(dst, src, dstsize) do { \ |
1783 |
if (strlcat(dst, src, dstsize) >= (dstsize)) \ |
1784 |
- return (XpmFileInvalid); } |
1785 |
-# define STRLCPY(dst, src, dstsize) { \ |
1786 |
+ return (XpmFileInvalid); } while(0) |
1787 |
+# define STRLCPY(dst, src, dstsize) do { \ |
1788 |
if (strlcpy(dst, src, dstsize) >= (dstsize)) \ |
1789 |
- return (XpmFileInvalid); } |
1790 |
+ return (XpmFileInvalid); } while(0) |
1791 |
#else |
1792 |
-# define STRLCAT(dst, src, dstsize) { \ |
1793 |
+# define STRLCAT(dst, src, dstsize) do { \ |
1794 |
if ((strlen(dst) + strlen(src)) < (dstsize)) \ |
1795 |
strcat(dst, src); \ |
1796 |
- else return (XpmFileInvalid); } |
1797 |
-# define STRLCPY(dst, src, dstsize) { \ |
1798 |
+ else return (XpmFileInvalid); } while(0) |
1799 |
+# define STRLCPY(dst, src, dstsize) do { \ |
1800 |
if (strlen(src) < (dstsize)) \ |
1801 |
strcpy(dst, src); \ |
1802 |
- else return (XpmFileInvalid); } |
1803 |
+ else return (XpmFileInvalid); } while(0) |
1804 |
#endif |
1805 |
|
1806 |
LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, |
1807 |
@@ -83,6 +83,7 @@ |
1808 |
/* function call in case of error, frees only locally allocated variables */ |
1809 |
#undef RETURN |
1810 |
#define RETURN(status) \ |
1811 |
+do \ |
1812 |
{ \ |
1813 |
if (colorTable) xpmFreeColorTable(colorTable, ncolors); \ |
1814 |
if (pixelindex) XpmFree(pixelindex); \ |
1815 |
@@ -90,7 +91,7 @@ |
1816 |
if (colors_cmt) XpmFree(colors_cmt); \ |
1817 |
if (pixels_cmt) XpmFree(pixels_cmt); \ |
1818 |
return(status); \ |
1819 |
-} |
1820 |
+} while(0) |
1821 |
|
1822 |
/* |
1823 |
* This function parses an Xpm file or data and store the found informations |
1824 |
@@ -354,7 +355,7 @@ |
1825 |
char **defaults; |
1826 |
int ErrorStatus; |
1827 |
|
1828 |
- if (ncolors >= SIZE_MAX / sizeof(XpmColor)) |
1829 |
+ if (ncolors >= UINT_MAX / sizeof(XpmColor)) |
1830 |
return (XpmNoMemory); |
1831 |
colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); |
1832 |
if (!colorTable) |
1833 |
@@ -367,7 +368,7 @@ |
1834 |
/* |
1835 |
* read pixel value |
1836 |
*/ |
1837 |
- if (cpp >= SIZE_MAX - 1) { |
1838 |
+ if (cpp >= UINT_MAX - 1) { |
1839 |
xpmFreeColorTable(colorTable, ncolors); |
1840 |
return (XpmNoMemory); |
1841 |
} |
1842 |
@@ -436,7 +437,7 @@ |
1843 |
xpmFreeColorTable(colorTable, ncolors); |
1844 |
return (XpmFileInvalid); |
1845 |
} |
1846 |
- len = strlen(curbuf) + 1; |
1847 |
+ len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */ |
1848 |
s = defaults[curkey] = (char *) XpmMalloc(len); |
1849 |
if (!s) { |
1850 |
xpmFreeColorTable(colorTable, ncolors); |
1851 |
@@ -455,7 +456,7 @@ |
1852 |
/* |
1853 |
* read pixel value |
1854 |
*/ |
1855 |
- if (cpp >= SIZE_MAX - 1) { |
1856 |
+ if (cpp >= UINT_MAX - 1) { |
1857 |
xpmFreeColorTable(colorTable, ncolors); |
1858 |
return (XpmNoMemory); |
1859 |
} |
1860 |
@@ -500,7 +501,7 @@ |
1861 |
memcpy(s, curbuf, len); |
1862 |
color->c_color = s; |
1863 |
*curbuf = '\0'; /* reset curbuf */ |
1864 |
- if (a < ncolors - 1) |
1865 |
+ if (a < ncolors - 1) /* can we trust ncolors -> leave data's bounds */ |
1866 |
xpmNextString(data); /* get to the next string */ |
1867 |
} |
1868 |
} |
1869 |
@@ -519,11 +520,11 @@ |
1870 |
xpmHashTable *hashtable; |
1871 |
unsigned int **pixels; |
1872 |
{ |
1873 |
- unsigned int *iptr, *iptr2; |
1874 |
+ unsigned int *iptr, *iptr2 = NULL; |
1875 |
unsigned int a, x, y; |
1876 |
|
1877 |
- if ((height > 0 && width >= SIZE_MAX / height) || |
1878 |
- width * height >= SIZE_MAX / sizeof(unsigned int)) |
1879 |
+ if ((height > 0 && width >= UINT_MAX / height) || |
1880 |
+ width * height >= UINT_MAX / sizeof(unsigned int)) |
1881 |
return XpmNoMemory; |
1882 |
#ifndef FOR_MSW |
1883 |
iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); |
1884 |
@@ -548,8 +549,10 @@ |
1885 |
{ |
1886 |
unsigned short colidx[256]; |
1887 |
|
1888 |
- if (ncolors > 256) |
1889 |
+ if (ncolors > 256) { |
1890 |
return (XpmFileInvalid); |
1891 |
+ XpmFree(iptr2); /* found by Egbert Eich */ |
1892 |
+ } |
1893 |
|
1894 |
bzero((char *)colidx, 256 * sizeof(short)); |
1895 |
for (a = 0; a < ncolors; a++) |
1896 |
@@ -576,16 +579,20 @@ |
1897 |
{ |
1898 |
|
1899 |
/* free all allocated pointers at all exits */ |
1900 |
-#define FREE_CIDX {int f; for (f = 0; f < 256; f++) \ |
1901 |
-if (cidx[f]) XpmFree(cidx[f]);} |
1902 |
+#define FREE_CIDX \ |
1903 |
+do \ |
1904 |
+{ \ |
1905 |
+ int f; for (f = 0; f < 256; f++) \ |
1906 |
+ if (cidx[f]) XpmFree(cidx[f]); \ |
1907 |
+} while(0) |
1908 |
|
1909 |
/* array of pointers malloced by need */ |
1910 |
unsigned short *cidx[256]; |
1911 |
- int char1; |
1912 |
+ unsigned int char1; |
1913 |
|
1914 |
bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */ |
1915 |
for (a = 0; a < ncolors; a++) { |
1916 |
- char1 = colorTable[a].string[0]; |
1917 |
+ char1 = (unsigned char) colorTable[a].string[0]; |
1918 |
if (cidx[char1] == NULL) { /* get new memory */ |
1919 |
cidx[char1] = (unsigned short *) |
1920 |
XpmCalloc(256, sizeof(unsigned short)); |
1921 |
@@ -604,7 +611,7 @@ |
1922 |
int cc1 = xpmGetC(data); |
1923 |
if (cc1 > 0 && cc1 < 256) { |
1924 |
int cc2 = xpmGetC(data); |
1925 |
- if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) |
1926 |
+ if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) |
1927 |
*iptr = cidx[cc1][cc2] - 1; |
1928 |
else { |
1929 |
FREE_CIDX; |
1930 |
@@ -628,8 +635,10 @@ |
1931 |
char *s; |
1932 |
char buf[BUFSIZ]; |
1933 |
|
1934 |
- if (cpp >= sizeof(buf)) |
1935 |
+ if (cpp >= sizeof(buf)) { |
1936 |
return (XpmFileInvalid); |
1937 |
+ XpmFree(iptr2); /* found by Egbert Eich */ |
1938 |
+ } |
1939 |
|
1940 |
buf[cpp] = '\0'; |
1941 |
if (USE_HASHTABLE) { |
1942 |
@@ -639,7 +648,7 @@ |
1943 |
xpmNextString(data); |
1944 |
for (x = 0; x < width; x++, iptr++) { |
1945 |
for (a = 0, s = buf; a < cpp; a++, s++) |
1946 |
- *s = xpmGetC(data); |
1947 |
+ *s = xpmGetC(data); /* int assigned to char, not a problem here */ |
1948 |
slot = xpmHashSlot(hashtable, buf); |
1949 |
if (!*slot) { /* no color matches */ |
1950 |
XpmFree(iptr2); |
1951 |
@@ -653,7 +662,7 @@ |
1952 |
xpmNextString(data); |
1953 |
for (x = 0; x < width; x++, iptr++) { |
1954 |
for (a = 0, s = buf; a < cpp; a++, s++) |
1955 |
- *s = xpmGetC(data); |
1956 |
+ *s = xpmGetC(data); /* int assigned to char, not a problem here */ |
1957 |
for (a = 0; a < ncolors; a++) |
1958 |
if (!strcmp(colorTable[a].string, buf)) |
1959 |
break; |
1960 |
@@ -708,7 +717,7 @@ |
1961 |
while (!notstart && notend) { |
1962 |
/* there starts an extension */ |
1963 |
ext = (XpmExtension *) |
1964 |
- XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); |
1965 |
+ XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); /* can the loop be forced to iterate often enough to make "(num + 1) * sizeof(XpmExtension)" wrapping? */ |
1966 |
if (!ext) { |
1967 |
XpmFree(string); |
1968 |
XpmFreeExtensions(exts, num); |
1969 |
@@ -745,7 +754,7 @@ |
1970 |
while ((notstart = strncmp("XPMEXT", string, 6)) |
1971 |
&& (notend = strncmp("XPMENDEXT", string, 9))) { |
1972 |
sp = (char **) |
1973 |
- XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); |
1974 |
+ XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); /* can we iterate enough for a wrapping? */ |
1975 |
if (!sp) { |
1976 |
XpmFree(string); |
1977 |
ext->nlines = nlines; |
1978 |
diff -Nur lib/Xm/XpmRdFToBuf.c lib/Xm/XpmRdFToBuf.c |
1979 |
--- lib/Xm/XpmRdFToBuf.c 2002-01-10 21:57:08.000000000 +0100 |
1980 |
+++ lib/Xm/XpmRdFToBuf.c 2005-02-14 14:24:12.904326997 +0100 |
1981 |
@@ -43,6 +43,8 @@ |
1982 |
#endif |
1983 |
|
1984 |
|
1985 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
1986 |
+ |
1987 |
#include "XpmI.h" |
1988 |
#include <sys/stat.h> |
1989 |
#if !defined(FOR_MSW) && !defined(WIN32) |
1990 |
@@ -64,7 +66,8 @@ |
1991 |
char *filename; |
1992 |
char **buffer_return; |
1993 |
{ |
1994 |
- int fd, fcheck, len; |
1995 |
+ int fd, fcheck; |
1996 |
+ off_t len; |
1997 |
char *ptr; |
1998 |
struct stat stats; |
1999 |
FILE *fp; |
2000 |
@@ -88,7 +91,7 @@ |
2001 |
close(fd); |
2002 |
return XpmOpenFailed; |
2003 |
} |
2004 |
- len = (int) stats.st_size; |
2005 |
+ len = stats.st_size; |
2006 |
ptr = (char *) XpmMalloc(len + 1); |
2007 |
if (!ptr) { |
2008 |
fclose(fp); |
2009 |
diff -Nur lib/Xm/XpmRdFToI.c lib/Xm/XpmRdFToI.c |
2010 |
--- lib/Xm/XpmRdFToI.c 2002-01-10 21:57:08.000000000 +0100 |
2011 |
+++ lib/Xm/XpmRdFToI.c 2005-02-14 14:24:12.861335519 +0100 |
2012 |
@@ -38,6 +38,8 @@ |
2013 |
#endif |
2014 |
|
2015 |
|
2016 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2017 |
+ |
2018 |
#include "XpmI.h" |
2019 |
#include <sys/stat.h> |
2020 |
#include <sys/param.h> |
2021 |
@@ -127,6 +129,12 @@ |
2022 |
/* |
2023 |
* open the given file to be read as an xpmData which is returned. |
2024 |
*/ |
2025 |
+#ifndef NO_ZPIPE |
2026 |
+ FILE *Xpms_popen(char *cmd, const char *type); |
2027 |
+#else |
2028 |
+# define Xpms_popen popen |
2029 |
+#endif |
2030 |
+ |
2031 |
static int |
2032 |
OpenReadFile(filename, mdata) |
2033 |
char *filename; |
2034 |
@@ -144,17 +152,21 @@ |
2035 |
mdata->type = XPMFILE; |
2036 |
} else { |
2037 |
#ifndef NO_ZPIPE |
2038 |
- int len = strlen(filename); |
2039 |
+ size_t len = strlen(filename); |
2040 |
+ |
2041 |
+ if(len == 0 || |
2042 |
+ filename[len-1] == '/') |
2043 |
+ return(XpmOpenFailed); |
2044 |
if ((len > 2) && !strcmp(".Z", filename + (len - 2))) { |
2045 |
mdata->type = XPMPIPE; |
2046 |
- sprintf(buf, "uncompress -c \"%s\"", filename); |
2047 |
- if (!(mdata->stream.file = popen(buf, "r"))) |
2048 |
+ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename); |
2049 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) |
2050 |
return (XpmOpenFailed); |
2051 |
|
2052 |
} else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) { |
2053 |
mdata->type = XPMPIPE; |
2054 |
- sprintf(buf, "gunzip -qc \"%s\"", filename); |
2055 |
- if (!(mdata->stream.file = popen(buf, "r"))) |
2056 |
+ snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename); |
2057 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) |
2058 |
return (XpmOpenFailed); |
2059 |
|
2060 |
} else { |
2061 |
@@ -162,19 +174,19 @@ |
2062 |
if (!(compressfile = (char *) XpmMalloc(len + 4))) |
2063 |
return (XpmNoMemory); |
2064 |
|
2065 |
- sprintf(compressfile, "%s.Z", filename); |
2066 |
+ snprintf(compressfile, len+4, "%s.Z", filename); |
2067 |
if (!stat(compressfile, &status)) { |
2068 |
- sprintf(buf, "uncompress -c \"%s\"", compressfile); |
2069 |
- if (!(mdata->stream.file = popen(buf, "r"))) { |
2070 |
+ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile); |
2071 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) { |
2072 |
XpmFree(compressfile); |
2073 |
return (XpmOpenFailed); |
2074 |
} |
2075 |
mdata->type = XPMPIPE; |
2076 |
} else { |
2077 |
- sprintf(compressfile, "%s.gz", filename); |
2078 |
+ snprintf(compressfile, len+4, "%s.gz", filename); |
2079 |
if (!stat(compressfile, &status)) { |
2080 |
- sprintf(buf, "gunzip -c \"%s\"", compressfile); |
2081 |
- if (!(mdata->stream.file = popen(buf, "r"))) { |
2082 |
+ snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile); |
2083 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) { |
2084 |
XpmFree(compressfile); |
2085 |
return (XpmOpenFailed); |
2086 |
} |
2087 |
@@ -216,7 +228,7 @@ |
2088 |
break; |
2089 |
#ifndef NO_ZPIPE |
2090 |
case XPMPIPE: |
2091 |
- pclose(mdata->stream.file); |
2092 |
+ fclose(mdata->stream.file); |
2093 |
break; |
2094 |
#endif |
2095 |
} |
2096 |
diff -Nur lib/Xm/Xpmscan.c lib/Xm/Xpmscan.c |
2097 |
--- lib/Xm/Xpmscan.c 2005-02-14 15:20:49.345039902 +0100 |
2098 |
+++ lib/Xm/Xpmscan.c 2005-02-14 14:48:52.388044300 +0100 |
2099 |
@@ -43,12 +43,14 @@ |
2100 |
#endif |
2101 |
|
2102 |
|
2103 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2104 |
+ |
2105 |
#include "XpmI.h" |
2106 |
|
2107 |
#define MAXPRINTABLE 92 /* number of printable ascii chars |
2108 |
* minus \ and " for string compat |
2109 |
* and ? to avoid ANSI trigraphs. */ |
2110 |
- |
2111 |
+ /* " */ |
2112 |
static char *printable = |
2113 |
" .XoO+@#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZ\ |
2114 |
ASDFGHJKLPIUYTREWQ!~^/()_`'][{}|"; |
2115 |
@@ -163,12 +165,13 @@ |
2116 |
/* function call in case of error, frees only locally allocated variables */ |
2117 |
#undef RETURN |
2118 |
#define RETURN(status) \ |
2119 |
+do \ |
2120 |
{ \ |
2121 |
if (pmap.pixelindex) XpmFree(pmap.pixelindex); \ |
2122 |
if (pmap.pixels) XpmFree(pmap.pixels); \ |
2123 |
if (colorTable) xpmFreeColorTable(colorTable, pmap.ncolors); \ |
2124 |
return(status); \ |
2125 |
-} |
2126 |
+} while(0) |
2127 |
|
2128 |
/* |
2129 |
* This function scans the given image and stores the found informations in |
2130 |
@@ -226,15 +229,15 @@ |
2131 |
else |
2132 |
cpp = 0; |
2133 |
|
2134 |
- if ((height > 0 && width >= SIZE_MAX / height) || |
2135 |
- width * height >= SIZE_MAX / sizeof(unsigned int)) |
2136 |
+ if ((height > 0 && width >= UINT_MAX / height) || |
2137 |
+ width * height >= UINT_MAX / sizeof(unsigned int)) |
2138 |
RETURN(XpmNoMemory); |
2139 |
pmap.pixelindex = |
2140 |
(unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); |
2141 |
if (!pmap.pixelindex) |
2142 |
RETURN(XpmNoMemory); |
2143 |
|
2144 |
- if (pmap.size >= SIZE_MAX / sizeof(Pixel)) |
2145 |
+ if (pmap.size >= UINT_MAX / sizeof(Pixel)) |
2146 |
RETURN(XpmNoMemory); |
2147 |
|
2148 |
pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); |
2149 |
@@ -292,7 +295,7 @@ |
2150 |
* color |
2151 |
*/ |
2152 |
|
2153 |
- if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) |
2154 |
+ if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor)) |
2155 |
RETURN(XpmNoMemory); |
2156 |
colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); |
2157 |
if (!colorTable) |
2158 |
@@ -341,7 +344,7 @@ |
2159 |
|
2160 |
/* first get a character string */ |
2161 |
a = 0; |
2162 |
- if (cpp >= SIZE_MAX - 1) |
2163 |
+ if (cpp >= UINT_MAX - 1) |
2164 |
return (XpmNoMemory); |
2165 |
if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) |
2166 |
return (XpmNoMemory); |
2167 |
@@ -434,7 +437,7 @@ |
2168 |
} |
2169 |
|
2170 |
/* first get character strings and rgb values */ |
2171 |
- if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) |
2172 |
+ if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1) |
2173 |
return (XpmNoMemory); |
2174 |
xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); |
2175 |
if (!xcolors) |
2176 |
@@ -591,7 +594,7 @@ |
2177 |
char *dst; |
2178 |
unsigned int *iptr; |
2179 |
char *data; |
2180 |
- int x, y, i; |
2181 |
+ unsigned int x, y, i; |
2182 |
int bits, depth, ibu, ibpp, offset; |
2183 |
unsigned long lbt; |
2184 |
Pixel pixel, px; |
2185 |
@@ -693,7 +696,7 @@ |
2186 |
unsigned char *addr; |
2187 |
unsigned char *data; |
2188 |
unsigned int *iptr; |
2189 |
- int x, y; |
2190 |
+ unsigned int x, y; |
2191 |
unsigned long lbt; |
2192 |
Pixel pixel; |
2193 |
int depth; |
2194 |
@@ -758,7 +761,7 @@ |
2195 |
unsigned char *addr; |
2196 |
unsigned char *data; |
2197 |
unsigned int *iptr; |
2198 |
- int x, y; |
2199 |
+ unsigned int x, y; |
2200 |
unsigned long lbt; |
2201 |
Pixel pixel; |
2202 |
int depth; |
2203 |
@@ -803,7 +806,7 @@ |
2204 |
{ |
2205 |
unsigned int *iptr; |
2206 |
unsigned char *data; |
2207 |
- int x, y; |
2208 |
+ unsigned int x, y; |
2209 |
unsigned long lbt; |
2210 |
Pixel pixel; |
2211 |
int depth; |
2212 |
@@ -836,7 +839,7 @@ |
2213 |
int (*storeFunc) (); |
2214 |
{ |
2215 |
unsigned int *iptr; |
2216 |
- int x, y; |
2217 |
+ unsigned int x, y; |
2218 |
char *data; |
2219 |
Pixel pixel; |
2220 |
int xoff, yoff, offset, bpl; |
2221 |
diff -Nur lib/Xm/XpmWrFFrBuf.c lib/Xm/XpmWrFFrBuf.c |
2222 |
--- lib/Xm/XpmWrFFrBuf.c 2002-01-10 21:57:08.000000000 +0100 |
2223 |
+++ lib/Xm/XpmWrFFrBuf.c 2005-02-14 14:24:12.906326601 +0100 |
2224 |
@@ -38,6 +38,8 @@ |
2225 |
#endif |
2226 |
|
2227 |
|
2228 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2229 |
+ |
2230 |
#include "XpmI.h" |
2231 |
|
2232 |
int |
2233 |
@@ -55,7 +57,7 @@ |
2234 |
fcheck = fwrite(buffer, len, 1, fp); |
2235 |
fclose(fp); |
2236 |
if (fcheck != 1) |
2237 |
- return XpmOpenFailed; |
2238 |
+ return XpmOpenFailed; /* maybe use a better return value */ |
2239 |
|
2240 |
return XpmSuccess; |
2241 |
} |
2242 |
diff -Nur lib/Xm/XpmWrFFrI.c lib/Xm/XpmWrFFrI.c |
2243 |
--- lib/Xm/XpmWrFFrI.c 2005-02-14 15:20:49.343040299 +0100 |
2244 |
+++ lib/Xm/XpmWrFFrI.c 2005-02-14 14:50:25.766533589 +0100 |
2245 |
@@ -38,6 +38,8 @@ |
2246 |
#endif |
2247 |
|
2248 |
|
2249 |
+/* October 2004, source code review by Thomas Biege <thomas@××××.de> */ |
2250 |
+ |
2251 |
#include "XpmI.h" |
2252 |
#if !defined(NO_ZPIPE) && defined(WIN32) |
2253 |
# define popen _popen |
2254 |
@@ -98,7 +100,7 @@ |
2255 |
XpmInfo *info; |
2256 |
{ |
2257 |
xpmData mdata; |
2258 |
- char *name, *dot, *s, new_name[BUFSIZ]; |
2259 |
+ char *name, *dot, *s, new_name[BUFSIZ] = {0}; |
2260 |
int ErrorStatus; |
2261 |
|
2262 |
/* open file to write */ |
2263 |
@@ -117,6 +119,8 @@ |
2264 |
#endif |
2265 |
/* let's try to make a valid C syntax name */ |
2266 |
if ((dot = index(name, '.'))) { |
2267 |
+ strncpy(new_name, name, sizeof(new_name)); |
2268 |
+ new_name[sizeof(new_name)-1] = 0; |
2269 |
strcpy(new_name, name); |
2270 |
/* change '.' to '_' */ |
2271 |
name = s = new_name; |
2272 |
@@ -127,7 +131,8 @@ |
2273 |
} |
2274 |
if ((dot = index(name, '-'))) { |
2275 |
if (name != new_name) { |
2276 |
- strcpy(new_name, name); |
2277 |
+ strncpy(new_name, name, sizeof(new_name)); |
2278 |
+ new_name[sizeof(new_name)-1] = 0; |
2279 |
name = new_name; |
2280 |
} |
2281 |
/* change '-' to '_' */ |
2282 |
@@ -244,7 +249,7 @@ |
2283 |
unsigned int x, y, h; |
2284 |
|
2285 |
h = height - 1; |
2286 |
- if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) |
2287 |
+ if (cpp != 0 && width >= (UINT_MAX - 3)/cpp) |
2288 |
return (XpmNoMemory); |
2289 |
p = buf = (char *) XpmMalloc(width * cpp + 3); |
2290 |
if (!buf) |
2291 |
@@ -296,6 +301,11 @@ |
2292 |
/* |
2293 |
* open the given file to be written as an xpmData which is returned |
2294 |
*/ |
2295 |
+#ifndef NO_ZPIPE |
2296 |
+ FILE *Xpms_popen(char *cmd, const char *type); |
2297 |
+#else |
2298 |
+# define Xpms_popen popen |
2299 |
+#endif |
2300 |
static int |
2301 |
OpenWriteFile(filename, mdata) |
2302 |
char *filename; |
2303 |
@@ -311,16 +321,23 @@ |
2304 |
mdata->type = XPMFILE; |
2305 |
} else { |
2306 |
#ifndef NO_ZPIPE |
2307 |
- int len = strlen(filename); |
2308 |
+ size_t len = strlen(filename); |
2309 |
+ |
2310 |
+ if(len == 0 || |
2311 |
+ filename[0] == '/' || |
2312 |
+ strstr(filename, "../") != NULL || |
2313 |
+ filename[len-1] == '/') |
2314 |
+ return(XpmOpenFailed); |
2315 |
+ |
2316 |
if (len > 2 && !strcmp(".Z", filename + (len - 2))) { |
2317 |
- sprintf(buf, "compress > \"%s\"", filename); |
2318 |
- if (!(mdata->stream.file = popen(buf, "w"))) |
2319 |
+ snprintf(buf, sizeof(buf), "compress > \"%s\"", filename); |
2320 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "w"))) |
2321 |
return (XpmOpenFailed); |
2322 |
|
2323 |
mdata->type = XPMPIPE; |
2324 |
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { |
2325 |
- sprintf(buf, "gzip -q > \"%s\"", filename); |
2326 |
- if (!(mdata->stream.file = popen(buf, "w"))) |
2327 |
+ snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename); |
2328 |
+ if (!(mdata->stream.file = Xpms_popen(buf, "w"))) |
2329 |
return (XpmOpenFailed); |
2330 |
|
2331 |
mdata->type = XPMPIPE; |
2332 |
@@ -351,7 +368,7 @@ |
2333 |
break; |
2334 |
#ifndef NO_ZPIPE |
2335 |
case XPMPIPE: |
2336 |
- pclose(mdata->stream.file); |
2337 |
+ fclose(mdata->stream.file); |
2338 |
break; |
2339 |
#endif |
2340 |
} |
2341 |
|
2342 |
|
2343 |
|
2344 |
1.1 src/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch |
2345 |
|
2346 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&view=markup |
2347 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch?rev=1.1&content-type=text/plain |
2348 |
|
2349 |
Index: 04_all_CAN-2004-0914_sec8.patch |
2350 |
=================================================================== |
2351 |
--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0914_sec8 2004-11-29 15:04:10.105373839 +0100 |
2352 |
+++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-11-29 15:04:10.150367679 +0100 |
2353 |
@@ -322,10 +322,7 @@ |
2354 |
#ifndef NO_ZPIPE |
2355 |
size_t len = strlen(filename); |
2356 |
|
2357 |
- if(len == 0 || |
2358 |
- filename[0] == '/' || |
2359 |
- strstr(filename, "../") != NULL || |
2360 |
- filename[len-1] == '/') |
2361 |
+ if(len == 0) |
2362 |
return(XpmOpenFailed); |
2363 |
|
2364 |
if (len > 2 && !strcmp(".Z", filename + (len - 2))) { |
2365 |
|
2366 |
|
2367 |
|
2368 |
1.1 src/patchsets/motif/2.2.3/05_all_char_not_supported.patch |
2369 |
|
2370 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/05_all_char_not_supported.patch?rev=1.1&view=markup |
2371 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/05_all_char_not_supported.patch?rev=1.1&content-type=text/plain |
2372 |
|
2373 |
Index: 05_all_char_not_supported.patch |
2374 |
=================================================================== |
2375 |
--- openMotif-2.2.3/lib/Xm/TextF.c.char_not_supported 2004-06-03 12:59:10.241822710 +0200 |
2376 |
+++ openMotif-2.2.3/lib/Xm/TextF.c 2004-06-03 13:02:18.987890852 +0200 |
2377 |
@@ -3723,20 +3723,17 @@ |
2378 |
cache_ptr = tmp = XmStackAlloc(buf_size, cache); |
2379 |
|
2380 |
tmp_str = (wchar_t *)str; |
2381 |
- ret_val = wctomb(tmp, *tmp_str); |
2382 |
+ // Fixed MZ BZ#1257: by Brad Despres <brad@××××××××.com> |
2383 |
count = 0; |
2384 |
- while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) |
2385 |
- { |
2386 |
- count += 1; |
2387 |
- tmp += ret_val; |
2388 |
- buf_size -= ret_val; |
2389 |
- tmp_str++; |
2390 |
- ret_val = wctomb(tmp, *tmp_str); |
2391 |
- } |
2392 |
- |
2393 |
+ do { |
2394 |
+ ret_val = wctomb(tmp, *tmp_str); |
2395 |
+ count += 1; |
2396 |
+ tmp += ret_val; |
2397 |
+ buf_size -= ret_val; |
2398 |
+ tmp_str++; |
2399 |
+ } while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) ; |
2400 |
if (ret_val == -1) /* bad character */ |
2401 |
return (False); |
2402 |
- |
2403 |
is_printable = XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr); |
2404 |
XmStackFree(cache_ptr, cache); |
2405 |
return (is_printable); |
2406 |
|
2407 |
|
2408 |
|
2409 |
1.1 src/patchsets/motif/2.2.3/06_all_pixel_length.patch |
2410 |
|
2411 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/06_all_pixel_length.patch?rev=1.1&view=markup |
2412 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/06_all_pixel_length.patch?rev=1.1&content-type=text/plain |
2413 |
|
2414 |
Index: 06_all_pixel_length.patch |
2415 |
=================================================================== |
2416 |
--- openMotif-2.2.3/lib/Xm/DataF.c.pixel_length 2004-06-03 15:11:52.932820812 +0200 |
2417 |
+++ openMotif-2.2.3/lib/Xm/DataF.c 2004-06-03 15:12:27.323091126 +0200 |
2418 |
@@ -8648,7 +8648,7 @@ |
2419 |
curr_str++; |
2420 |
i++; |
2421 |
} else { |
2422 |
- wchar_t tmp; |
2423 |
+ wchar_t tmp[XmTextF_max_char_size(tf)+1]; |
2424 |
int num_conv; |
2425 |
num_conv = mbtowc(&tmp, curr_str, XmTextF_max_char_size(tf)); |
2426 |
if (num_conv >= 0 && df_FindPixelLength(tf, (char*) &tmp, 1)) { |
2427 |
|
2428 |
|
2429 |
|
2430 |
1.1 src/patchsets/motif/2.2.3/07_all_popup_timeout.patch |
2431 |
|
2432 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/07_all_popup_timeout.patch?rev=1.1&view=markup |
2433 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/07_all_popup_timeout.patch?rev=1.1&content-type=text/plain |
2434 |
|
2435 |
Index: 07_all_popup_timeout.patch |
2436 |
=================================================================== |
2437 |
--- openMotif-2.2.3/lib/Xm/MenuUtil.c.popup_timeout 2002-01-31 15:49:35.000000000 +0100 |
2438 |
+++ openMotif-2.2.3/lib/Xm/MenuUtil.c 2004-06-08 17:14:46.311285603 +0200 |
2439 |
@@ -156,6 +156,9 @@ |
2440 |
cursor, time)) == GrabSuccess) |
2441 |
break; |
2442 |
|
2443 |
+ if (status == GrabInvalidTime) |
2444 |
+ time = CurrentTime; |
2445 |
+ |
2446 |
XmeMicroSleep(1000); |
2447 |
} |
2448 |
if (status != GrabSuccess) |
2449 |
|
2450 |
|
2451 |
|
2452 |
1.1 src/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch |
2453 |
|
2454 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&view=markup |
2455 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch?rev=1.1&content-type=text/plain |
2456 |
|
2457 |
Index: 08_all_XmResizeHashTable.patch |
2458 |
=================================================================== |
2459 |
--- lib/Xm/Hash.c |
2460 |
+++ lib/Xm/Hash.c |
2461 |
@@ -198,6 +198,8 @@ |
2462 |
} else { |
2463 |
table -> buckets[index] = current; |
2464 |
} |
2465 |
+ } else { |
2466 |
+ last = current; |
2467 |
} |
2468 |
current = next; |
2469 |
} |
2470 |
|
2471 |
|
2472 |
|
2473 |
1.1 src/patchsets/motif/2.2.3/09_all_utf8.patch |
2474 |
|
2475 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/09_all_utf8.patch?rev=1.1&view=markup |
2476 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/09_all_utf8.patch?rev=1.1&content-type=text/plain |
2477 |
|
2478 |
Index: 09_all_utf8.patch |
2479 |
=================================================================== |
2480 |
--- openMotif-2.2.3/tools/wml/UilSymCSet.h.utf8 2004-03-04 17:41:48.000000000 +0100 |
2481 |
+++ openMotif-2.2.3/tools/wml/UilSymCSet.h 2004-03-17 12:54:23.000000000 +0100 |
2482 |
@@ -32,6 +32,7 @@ |
2483 |
"JISX0201.1976-0", /* jis_katakana */ |
2484 |
"KSC5601.1987-0", /* ksc_hangul */ |
2485 |
"KSC5601.1987-1", /* ksc_hangul_gr */ |
2486 |
+ "UTF-8", /* utf-8 */ |
2487 |
}; |
2488 |
externaldef(uil_sym_glbl) char **charset_xmstring_names_table = |
2489 |
charset_xmstring_names_table_vec; |
2490 |
@@ -66,6 +67,7 @@ |
2491 |
XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */ |
2492 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */ |
2493 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */ |
2494 |
+ XmSTRING_DIRECTION_L_TO_R, /* utf-8 */ |
2495 |
}; |
2496 |
externaldef(uil_sym_glbl) unsigned char *charset_writing_direction_table = |
2497 |
charset_wrdirection_table_vec; |
2498 |
@@ -100,6 +102,7 @@ |
2499 |
XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */ |
2500 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */ |
2501 |
XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */ |
2502 |
+ XmSTRING_DIRECTION_L_TO_R, /* utf-8 */ |
2503 |
}; |
2504 |
externaldef(uil_sym_glbl) unsigned char *charset_parsing_direction_table = |
2505 |
charset_parsdirection_table_vec; |
2506 |
@@ -134,6 +137,7 @@ |
2507 |
sym_k_onebyte_charsize, /* jis_katakana */ |
2508 |
sym_k_twobyte_charsize, /* ksc_hangul */ |
2509 |
sym_k_twobyte_charsize, /* ksc_hangul_gr */ |
2510 |
+ sym_k_onebyte_charsize, /* utf-8 */ |
2511 |
}; |
2512 |
externaldef(uil_sym_glbl) unsigned char *charset_character_size_table = |
2513 |
charset_charsize_table_vec; |
2514 |
@@ -215,6 +219,7 @@ |
2515 |
"KSC_HANGUL_GL", /* ksc_hangul */ |
2516 |
"KSC_HANGUL_GR", /* ksc_hangul_gr */ |
2517 |
"KSC5601.1987-1", /* ksc_hangul_gr */ |
2518 |
+ "UTF-8", /* utf-8 */ |
2519 |
}; |
2520 |
externaldef(uil_sym_glbl) char **charset_lang_names_table = |
2521 |
charset_lang_names_table_vec; |
2522 |
@@ -295,10 +300,11 @@ |
2523 |
sym_k_ksc_hangul_charset, |
2524 |
sym_k_ksc_hangul_gr_charset, |
2525 |
sym_k_ksc_hangul_gr_charset, |
2526 |
+ sym_k_utf8_charset, |
2527 |
}; |
2528 |
externaldef(uil_sym_glbl) unsigned short int *charset_lang_codes_table = |
2529 |
charset_lang_codes_table_vec; |
2530 |
/* |
2531 |
* The number of entries in charset_lang_..._table tables |
2532 |
*/ |
2533 |
-externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 72; |
2534 |
+externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 73; |
2535 |
--- openMotif-2.2.3/tools/wml/UilSymGen.h.utf8 2004-03-04 17:41:48.000000000 +0100 |
2536 |
+++ openMotif-2.2.3/tools/wml/UilSymGen.h 2004-03-17 12:54:23.000000000 +0100 |
2537 |
@@ -1417,6 +1417,7 @@ |
2538 |
#define sym_k_jis_katakana_charset 21 |
2539 |
#define sym_k_ksc_hangul_charset 22 |
2540 |
#define sym_k_ksc_hangul_gr_charset 23 |
2541 |
+#define sym_k_utf8_charset 24 |
2542 |
|
2543 |
/* Define literals for automatic children */ |
2544 |
|
2545 |
--- openMotif-2.2.3/tools/wml/motif.wml.utf8 2003-10-08 23:07:47.000000000 +0200 |
2546 |
+++ openMotif-2.2.3/tools/wml/motif.wml 2004-03-17 12:56:09.000000000 +0100 |
2547 |
@@ -163,6 +163,9 @@ |
2548 |
ksc_hangul_gr |
2549 |
{ XmStringCharsetName = "KSC5601.1987-1"; |
2550 |
CharacterSize = TwoByte; }; |
2551 |
+ utf8 |
2552 |
+ { XmStringCharsetName = "UTF-8"; }; |
2553 |
+ |
2554 |
XmFONTLIST_DEFAULT_TAG |
2555 |
{ FontListElementTag = XmFONTLIST_DEFAULT_TAG; }; |
2556 |
|
2557 |
|
2558 |
|
2559 |
|
2560 |
1.1 src/patchsets/motif/2.2.3/10_all_no_demos.patch |
2561 |
|
2562 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/10_all_no_demos.patch?rev=1.1&view=markup |
2563 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/10_all_no_demos.patch?rev=1.1&content-type=text/plain |
2564 |
|
2565 |
Index: 10_all_no_demos.patch |
2566 |
=================================================================== |
2567 |
--- openmotif/configure.in.no_demos 2003-09-19 18:40:33.000000000 +0200 |
2568 |
+++ openmotif/configure.in 2003-12-16 12:16:33.000000000 +0100 |
2569 |
@@ -259,88 +259,4 @@ |
2570 |
doc/man/man5/Makefile \ |
2571 |
tools/Makefile \ |
2572 |
tools/wml/Makefile \ |
2573 |
-demos/Makefile \ |
2574 |
-demos/lib/Makefile \ |
2575 |
-demos/lib/Xmd/Makefile \ |
2576 |
-demos/lib/Wsm/Makefile \ |
2577 |
-demos/lib/Exm/Makefile \ |
2578 |
-demos/lib/Exm/wml/Makefile \ |
2579 |
-demos/programs/Makefile \ |
2580 |
-demos/programs/Exm/Makefile \ |
2581 |
-demos/programs/Exm/app_in_c/Makefile \ |
2582 |
-demos/programs/Exm/app_in_uil/Makefile \ |
2583 |
-demos/programs/Exm/simple_app/Makefile \ |
2584 |
-demos/programs/airport/Makefile \ |
2585 |
-demos/programs/animate/Makefile \ |
2586 |
-demos/programs/drag_and_drop/Makefile \ |
2587 |
-demos/programs/draw/Makefile \ |
2588 |
-demos/programs/earth/Makefile \ |
2589 |
-demos/programs/filemanager/Makefile \ |
2590 |
-demos/programs/fileview/Makefile \ |
2591 |
-demos/programs/getsubres/Makefile \ |
2592 |
-demos/programs/hellomotif/Makefile \ |
2593 |
-demos/programs/hellomotifi18n/Makefile \ |
2594 |
-demos/programs/hellomotifi18n/C/Makefile \ |
2595 |
-demos/programs/hellomotifi18n/C/uid/Makefile \ |
2596 |
-demos/programs/hellomotifi18n/english/Makefile \ |
2597 |
-demos/programs/hellomotifi18n/english/uid/Makefile \ |
2598 |
-demos/programs/hellomotifi18n/french/Makefile \ |
2599 |
-demos/programs/hellomotifi18n/french/uid/Makefile \ |
2600 |
-demos/programs/hellomotifi18n/hebrew/Makefile \ |
2601 |
-demos/programs/hellomotifi18n/hebrew/uid/Makefile \ |
2602 |
-demos/programs/hellomotifi18n/japan/Makefile \ |
2603 |
-demos/programs/hellomotifi18n/japan/uid/Makefile \ |
2604 |
-demos/programs/hellomotifi18n/japanese/Makefile \ |
2605 |
-demos/programs/hellomotifi18n/japanese/uid/Makefile \ |
2606 |
-demos/programs/hellomotifi18n/swedish/Makefile \ |
2607 |
-demos/programs/hellomotifi18n/swedish/uid/Makefile \ |
2608 |
-demos/programs/i18ninput/Makefile \ |
2609 |
-demos/programs/panner/Makefile \ |
2610 |
-demos/programs/periodic/Makefile \ |
2611 |
-demos/programs/piano/Makefile \ |
2612 |
-demos/programs/popups/Makefile \ |
2613 |
-demos/programs/sampler2_0/Makefile \ |
2614 |
-demos/programs/setdate/Makefile \ |
2615 |
-demos/programs/todo/Makefile \ |
2616 |
-demos/programs/workspace/Makefile \ |
2617 |
-demos/programs/tooltips/Makefile \ |
2618 |
-demos/programs/FontSel/Makefile \ |
2619 |
-demos/programs/ButtonBox/Makefile \ |
2620 |
-demos/programs/ColorSel/Makefile \ |
2621 |
-demos/programs/Column/Makefile \ |
2622 |
-demos/programs/DropDown/Makefile \ |
2623 |
-demos/programs/MultiList/Makefile \ |
2624 |
-demos/programs/MultiList/pixmaps/Makefile \ |
2625 |
-demos/programs/IconB/Makefile \ |
2626 |
-demos/programs/Outline/Makefile \ |
2627 |
-demos/programs/Paned/Makefile \ |
2628 |
-demos/programs/TabStack/Makefile \ |
2629 |
-demos/programs/Tree/Makefile \ |
2630 |
-demos/programs/pixmaps/Makefile \ |
2631 |
-demos/unsupported/Makefile \ |
2632 |
-demos/unsupported/Exm/Makefile \ |
2633 |
-demos/unsupported/aicon/Makefile \ |
2634 |
-demos/unsupported/dainput/Makefile \ |
2635 |
-demos/unsupported/dogs/Makefile \ |
2636 |
-demos/unsupported/hellomotif/Makefile \ |
2637 |
-demos/unsupported/motifshell/Makefile \ |
2638 |
-demos/unsupported/uilsymdump/Makefile \ |
2639 |
-demos/unsupported/xmapdef/Makefile \ |
2640 |
-demos/unsupported/xmfonts/Makefile \ |
2641 |
-demos/unsupported/xmforc/Makefile \ |
2642 |
-demos/unsupported/xmform/Makefile \ |
2643 |
-demos/doc/Makefile \ |
2644 |
-demos/doc/programGuide/Makefile \ |
2645 |
-demos/doc/programGuide/ch05/Makefile \ |
2646 |
-demos/doc/programGuide/ch05/Scale/Makefile \ |
2647 |
-demos/doc/programGuide/ch06/Makefile \ |
2648 |
-demos/doc/programGuide/ch06/spin_box/Makefile \ |
2649 |
-demos/doc/programGuide/ch06/combo_box/Makefile \ |
2650 |
-demos/doc/programGuide/ch08/Makefile \ |
2651 |
-demos/doc/programGuide/ch08/Notebook/Makefile \ |
2652 |
-demos/doc/programGuide/ch08/Container/Makefile \ |
2653 |
-demos/doc/programGuide/ch16/Makefile \ |
2654 |
-demos/doc/programGuide/ch17/Makefile \ |
2655 |
-demos/doc/programGuide/ch17/simple_drop/Makefile \ |
2656 |
-demos/doc/programGuide/ch17/simple_drag/Makefile \ |
2657 |
]) |
2658 |
--- openmotif/Makefile.am.no_demos 2003-12-16 12:17:02.000000000 +0100 |
2659 |
+++ openmotif/Makefile.am 2003-12-16 12:17:03.000000000 +0100 |
2660 |
@@ -28,6 +28,5 @@ |
2661 |
include \ |
2662 |
tools \ |
2663 |
clients \ |
2664 |
- doc \ |
2665 |
- demos |
2666 |
+ doc |
2667 |
AUTOMAKE_OPTIONS = 1.4 |
2668 |
|
2669 |
|
2670 |
|
2671 |
1.1 src/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch |
2672 |
|
2673 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&view=markup |
2674 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch?rev=1.1&content-type=text/plain |
2675 |
|
2676 |
Index: 11_all_CAN-2005-0605.patch |
2677 |
=================================================================== |
2678 |
--- lib/Xm/Xpmscan.c.orig 2005-03-02 17:00:16.415070960 +0100 |
2679 |
+++ lib/Xm/Xpmscan.c 2005-03-02 17:01:38.949709879 +0100 |
2680 |
@@ -672,8 +672,8 @@ |
2681 |
char *dst; |
2682 |
unsigned int *iptr; |
2683 |
char *data; |
2684 |
- unsigned int x, y, i; |
2685 |
- int bits, depth, ibu, ibpp, offset; |
2686 |
+ unsigned int x, y; |
2687 |
+ int bits, depth, ibu, ibpp, offset, i; |
2688 |
unsigned long lbt; |
2689 |
Pixel pixel, px; |
2690 |
|
2691 |
@@ -684,6 +684,9 @@ |
2692 |
ibpp = image->bits_per_pixel; |
2693 |
offset = image->xoffset; |
2694 |
|
2695 |
+ if (image->bitmap_unit < 0) |
2696 |
+ return (XpmNoMemory); |
2697 |
+ |
2698 |
if ((image->bits_per_pixel | image->depth) == 1) { |
2699 |
ibu = image->bitmap_unit; |
2700 |
for (y = 0; y < height; y++) |
2701 |
--- lib/Xm/Xpmcreate.c.orig 2005-03-02 17:02:00.626412844 +0100 |
2702 |
+++ lib/Xm/Xpmcreate.c 2005-03-02 17:02:35.183562480 +0100 |
2703 |
@@ -1265,10 +1265,10 @@ |
2704 |
register char *src; |
2705 |
register char *dst; |
2706 |
register unsigned int *iptr; |
2707 |
- register unsigned int x, y, i; |
2708 |
+ register unsigned int x, y; |
2709 |
register char *data; |
2710 |
Pixel pixel, px; |
2711 |
- int nbytes, depth, ibu, ibpp; |
2712 |
+ int nbytes, depth, ibu, ibpp, i; |
2713 |
|
2714 |
data = image->data; |
2715 |
iptr = pixelindex; |
2716 |
|
2717 |
|
2718 |
|
2719 |
1.1 src/patchsets/motif/2.2.3/12_all_uil.patch |
2720 |
|
2721 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/12_all_uil.patch?rev=1.1&view=markup |
2722 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/12_all_uil.patch?rev=1.1&content-type=text/plain |
2723 |
|
2724 |
Index: 12_all_uil.patch |
2725 |
=================================================================== |
2726 |
--- openMotif-2.2.3/lib/Mrm/Mrmhier.c.UIL 2002-01-11 14:56:24.000000000 +0100 |
2727 |
+++ openMotif-2.2.3/lib/Mrm/Mrmhier.c 2005-12-31 07:42:31.485196184 +0100 |
2728 |
@@ -712,7 +712,7 @@ |
2729 |
* Local variables |
2730 |
*/ |
2731 |
Cardinal result; /* function results */ |
2732 |
- char dummy[300]; /* file name (unused) */ |
2733 |
+ char *dummy; /* file name (unused) */ |
2734 |
char err_stg[300]; |
2735 |
|
2736 |
/* |
2737 |
@@ -764,11 +764,13 @@ |
2738 |
|
2739 |
if (resolvedname == 0) |
2740 |
{ |
2741 |
- sprintf (err_stg, _MrmMMsg_0031, name) ; |
2742 |
+ snprintf (err_stg, 300, _MrmMMsg_0031, name) ; |
2743 |
return Urm__UT_Error ("I18NOpenFile", err_stg, NULL, NULL, MrmNOT_FOUND); |
2744 |
} |
2745 |
|
2746 |
+ dummy = XtMalloc(strlen(resolvedname)+1); |
2747 |
result = UrmIdbOpenFileRead (resolvedname, os_ext, file_id_return, dummy) ; |
2748 |
+ XtFree(dummy); |
2749 |
switch ( result ) |
2750 |
{ |
2751 |
case MrmSUCCESS: |
2752 |
--- openMotif-2.2.3/clients/uil/UilIODef.h.UIL 2002-01-04 22:13:33.000000000 +0100 |
2753 |
+++ openMotif-2.2.3/clients/uil/UilIODef.h 2005-12-31 07:42:15.129682600 +0100 |
2754 |
@@ -69,13 +69,18 @@ |
2755 |
#define NULL 0L |
2756 |
#endif |
2757 |
|
2758 |
+#include <X11/Xos.h> |
2759 |
+#ifndef PATH_MAX |
2760 |
+# define PATH_MAX 256 |
2761 |
+#endif |
2762 |
+ |
2763 |
typedef struct |
2764 |
{ |
2765 |
FILE *az_file_ptr; |
2766 |
char *c_buffer; |
2767 |
boolean v_position_before_get; |
2768 |
z_key last_key; |
2769 |
- char expanded_name[ 256 ]; |
2770 |
+ char expanded_name[ PATH_MAX ]; |
2771 |
} uil_fcb_type; |
2772 |
|
2773 |
#endif /* UilIODef_h */ |
2774 |
--- openMotif-2.2.3/clients/uil/UilLstLst.c.UIL 2002-01-10 21:55:43.000000000 +0100 |
2775 |
+++ openMotif-2.2.3/clients/uil/UilLstLst.c 2005-12-31 07:42:19.447026264 +0100 |
2776 |
@@ -164,7 +164,7 @@ |
2777 |
lst_l_page_no = 0; |
2778 |
lst_v_listing_open = TRUE; |
2779 |
|
2780 |
- sprintf(lst_c_title1, |
2781 |
+ snprintf(lst_c_title1, 132, |
2782 |
"%s %s \t%s\t\t Page ", |
2783 |
_host_compiler, _compiler_version, |
2784 |
current_time(&ctime_buf)); |
2785 |
@@ -270,6 +270,17 @@ |
2786 |
{ |
2787 |
/* place the file name in the expanded_name buffer */ |
2788 |
|
2789 |
+ if (strlen(Uil_cmd_z_command.ac_listing_file) >= PATH_MAX) |
2790 |
+ { |
2791 |
+ char *p; |
2792 |
+ int len=0; |
2793 |
+ if((p = rindex(Uil_cmd_z_command.ac_listing_file, '/')) != NULL) |
2794 |
+ len = strlen(++p); |
2795 |
+ if(p == NULL || len >= PATH_MAX) |
2796 |
+ p = "<unknown>"; |
2797 |
+ strcpy(az_fcb->expanded_name, p); |
2798 |
+ return src_k_open_error; |
2799 |
+ } |
2800 |
strcpy(az_fcb->expanded_name, Uil_cmd_z_command.ac_listing_file); |
2801 |
|
2802 |
/* open the file */ |
2803 |
@@ -529,7 +540,7 @@ |
2804 |
char buffer [132]; |
2805 |
|
2806 |
az_fcb = src_az_source_file_table [i]; |
2807 |
- sprintf (buffer, |
2808 |
+ snprintf (buffer, 132, |
2809 |
" File (%d) %s", |
2810 |
i, az_fcb->expanded_name ); |
2811 |
lst_output_line( buffer, FALSE ); |
2812 |
@@ -598,7 +609,7 @@ |
2813 |
} |
2814 |
|
2815 |
|
2816 |
- sprintf(buffer, "%s (%d) %s", |
2817 |
+ snprintf(buffer, 132, "%s (%d) %s", |
2818 |
diag_get_message_abbrev( az_msg->l_message_number ), |
2819 |
msg_no, |
2820 |
az_msg->c_text); |
2821 |
--- openMotif-2.2.3/clients/uil/UilP2Out.c.UIL 2002-01-10 21:55:44.000000000 +0100 |
2822 |
+++ openMotif-2.2.3/clients/uil/UilP2Out.c 2005-12-31 07:42:23.022482712 +0100 |
2823 |
@@ -189,7 +189,7 @@ |
2824 |
int topmost_index; |
2825 |
struct |
2826 |
{ MrmOsOpenParam os_param; |
2827 |
- char result_file[256]; |
2828 |
+ char result_file[PATH_MAX]; |
2829 |
} uid_fcb; |
2830 |
|
2831 |
|
2832 |
@@ -234,15 +234,20 @@ |
2833 |
if (sym_az_module_entry->az_version != NULL) |
2834 |
module_version = sym_az_module_entry->az_version->value.c_value; |
2835 |
|
2836 |
- urm_status = UrmIdbOpenFileWrite |
2837 |
- ( Uil_cmd_z_command.ac_resource_file, |
2838 |
- & uid_fcb.os_param, |
2839 |
- _host_compiler, |
2840 |
- _compiler_version, |
2841 |
- module_name, |
2842 |
- module_version, |
2843 |
- &out_az_idbfile_id, |
2844 |
- uid_fcb.result_file ); |
2845 |
+ if (strlen(Uil_cmd_z_command.ac_resource_file) < PATH_MAX) |
2846 |
+ { |
2847 |
+ urm_status = UrmIdbOpenFileWrite |
2848 |
+ ( Uil_cmd_z_command.ac_resource_file, |
2849 |
+ & uid_fcb.os_param, |
2850 |
+ _host_compiler, |
2851 |
+ _compiler_version, |
2852 |
+ module_name, |
2853 |
+ module_version, |
2854 |
+ &out_az_idbfile_id, |
2855 |
+ uid_fcb.result_file ); |
2856 |
+ } else { |
2857 |
+ urm_status = MrmFAILURE; |
2858 |
+ } |
2859 |
|
2860 |
if (urm_status != MrmSUCCESS) |
2861 |
{ |
2862 |
@@ -2961,7 +2966,7 @@ |
2863 |
{ |
2864 |
char buffer[132]; |
2865 |
|
2866 |
- sprintf(buffer, "while %s encountered %s", |
2867 |
+ snprintf(buffer, 132, "while %s encountered %s", |
2868 |
problem, |
2869 |
Urm__UT_LatestErrorMessage()); |
2870 |
|
2871 |
--- openMotif-2.2.3/clients/uil/UilSrcSrc.c.UIL 2002-01-10 21:55:47.000000000 +0100 |
2872 |
+++ openMotif-2.2.3/clients/uil/UilSrcSrc.c 2005-12-31 07:42:27.176851152 +0100 |
2873 |
@@ -626,11 +626,15 @@ |
2874 |
static unsigned short main_dir_len = 0; |
2875 |
boolean main_file; |
2876 |
int i; /* loop index through include files */ |
2877 |
- char buffer[256]; |
2878 |
+ char buffer[PATH_MAX]; |
2879 |
+ int c_file_name_len; |
2880 |
|
2881 |
+ az_fcb->az_file_ptr = NULL; |
2882 |
+ c_file_name_len = strlen(c_file_name); |
2883 |
|
2884 |
/* place the file name in the expanded_name buffer */ |
2885 |
- |
2886 |
+ if(c_file_name_len >= PATH_MAX) |
2887 |
+ return src_k_open_error; |
2888 |
strcpy(buffer, c_file_name); |
2889 |
|
2890 |
/* Determine if this is the main file or an include file. */ |
2891 |
@@ -644,7 +648,7 @@ |
2892 |
|
2893 |
/* Save the directory info for the main file. */ |
2894 |
|
2895 |
- for (len = strlen (c_file_name), |
2896 |
+ for (len = c_file_name_len, |
2897 |
ptr = & c_file_name [len - 1]; |
2898 |
len > 0; len--, ptr--) { |
2899 |
if ((* ptr) == '/') { |
2900 |
@@ -673,9 +677,11 @@ |
2901 |
} |
2902 |
|
2903 |
if (!specific_directory) { |
2904 |
+ if (main_dir_len + c_file_name_len >= PATH_MAX) |
2905 |
+ goto open_label; |
2906 |
_move (buffer, main_fcb -> expanded_name, main_dir_len); |
2907 |
_move (& buffer [main_dir_len], |
2908 |
- c_file_name, strlen (c_file_name) + 1); /* + NULL */ |
2909 |
+ c_file_name, c_file_name_len + 1); /* + NULL */ |
2910 |
} else { |
2911 |
strcpy (buffer, c_file_name); |
2912 |
} |
2913 |
@@ -695,16 +701,22 @@ |
2914 |
|
2915 |
for (i = 0; i < Uil_cmd_z_command.include_dir_count; i++) { |
2916 |
int inc_dir_len; |
2917 |
+ int need_slash=0; |
2918 |
|
2919 |
inc_dir_len = strlen (Uil_cmd_z_command.ac_include_dir[i]); |
2920 |
if (inc_dir_len == 0) { |
2921 |
search_user_include = False; |
2922 |
} |
2923 |
+ if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') |
2924 |
+ need_slash=1; |
2925 |
+ if (inc_dir_len + need_slash + c_file_name_len >= PATH_MAX) |
2926 |
+ goto open_label; |
2927 |
+ |
2928 |
_move (buffer, Uil_cmd_z_command.ac_include_dir[i], inc_dir_len); |
2929 |
|
2930 |
/* Add '/' if not specified at end of directory */ |
2931 |
|
2932 |
- if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') { |
2933 |
+ if (need_slash) { |
2934 |
buffer [inc_dir_len] = '/'; |
2935 |
inc_dir_len++; |
2936 |
}; |
2937 |
@@ -723,9 +735,11 @@ |
2938 |
|
2939 |
/* Look in the default include directory. */ |
2940 |
if (search_user_include) { |
2941 |
+ if (sizeof(c_include_dir)-1 + c_file_name_len >= PATH_MAX) |
2942 |
+ goto open_label; |
2943 |
_move(buffer, c_include_dir, sizeof c_include_dir - 1); /* no NULL */ |
2944 |
_move(&buffer[sizeof c_include_dir - 1], |
2945 |
- c_file_name, strlen (c_file_name) + 1); /* + NULL */ |
2946 |
+ c_file_name, c_file_name_len + 1); /* + NULL */ |
2947 |
|
2948 |
/* Open the include file. */ |
2949 |
az_fcb->az_file_ptr = fopen (buffer, "r"); |
2950 |
--- openMotif-2.2.3/clients/uil/UilSarMod.c.UIL 2002-01-10 21:55:45.000000000 +0100 |
2951 |
+++ openMotif-2.2.3/clients/uil/UilSarMod.c 2005-12-31 07:42:35.593571616 +0100 |
2952 |
@@ -379,7 +379,7 @@ |
2953 |
*/ |
2954 |
|
2955 |
if (Uil_cmd_z_command.v_listing_file) |
2956 |
- sprintf(Uil_lst_c_title2, |
2957 |
+ snprintf(Uil_lst_c_title2, 132, |
2958 |
"Module: %s", |
2959 |
name_entry->c_text ); |
2960 |
|
2961 |
@@ -479,7 +479,7 @@ |
2962 |
*/ |
2963 |
|
2964 |
if (Uil_cmd_z_command.v_listing_file) |
2965 |
- sprintf(Uil_lst_c_title2, |
2966 |
+ snprintf(Uil_lst_c_title2, 132, |
2967 |
"Module: %s \t Version: %s", |
2968 |
sym_az_module_entry->obj_header.az_name->c_text, |
2969 |
value_entry->value.c_value ); |
2970 |
--- openMotif-2.2.3/clients/uil/UilDiags.c.UIL 2002-01-10 21:55:42.000000000 +0100 |
2971 |
+++ openMotif-2.2.3/clients/uil/UilDiags.c 2005-12-31 07:42:39.273012256 +0100 |
2972 |
@@ -293,12 +293,12 @@ |
2973 |
va_start(ap, l_start_column); |
2974 |
|
2975 |
#ifndef NO_MESSAGE_CATALOG |
2976 |
- vsprintf( msg_buffer, |
2977 |
+ vsnprintf( msg_buffer, 132, |
2978 |
catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ], |
2979 |
diag_rz_msg_table[ message_number ].ac_text), |
2980 |
ap ); |
2981 |
#else |
2982 |
- vsprintf( msg_buffer, |
2983 |
+ vsnprintf( msg_buffer, 132, |
2984 |
diag_rz_msg_table[ message_number ].ac_text, |
2985 |
ap ); |
2986 |
#endif |
2987 |
@@ -317,13 +317,13 @@ |
2988 |
*/ |
2989 |
|
2990 |
#ifndef NO_MESSAGE_CATALOG |
2991 |
- sprintf( loc_buffer, |
2992 |
+ snprintf( loc_buffer, 132, |
2993 |
catgets(uil_catd, UIL_SET_MISC, |
2994 |
UIL_MISC_0, "\t\t line: %d file: %s"), |
2995 |
az_src_rec->w_line_number, |
2996 |
src_get_file_name( az_src_rec ) ); |
2997 |
#else |
2998 |
- sprintf( loc_buffer, |
2999 |
+ snprintf( loc_buffer, 132, |
3000 |
"\t\t line: %d file: %s", |
3001 |
az_src_rec->w_line_number, |
3002 |
src_get_file_name( az_src_rec ) ); |
3003 |
@@ -371,7 +371,7 @@ |
3004 |
|
3005 |
if (l_start_column != diag_k_no_column) |
3006 |
#ifndef NO_MESSAGE_CATALOG |
3007 |
- sprintf(loc_buffer, |
3008 |
+ snprintf(loc_buffer, 132, |
3009 |
catgets(uil_catd, UIL_SET_MISC, |
3010 |
UIL_MISC_1, |
3011 |
"\t\t line: %d position: %d file: %s"), |
3012 |
@@ -379,7 +379,7 @@ |
3013 |
l_start_column + 1, |
3014 |
src_get_file_name( az_src_rec ) ); |
3015 |
#else |
3016 |
- sprintf(loc_buffer, |
3017 |
+ snprintf(loc_buffer, 132, |
3018 |
"\t\t line: %d position: %d file: %s", |
3019 |
az_src_rec->w_line_number, |
3020 |
l_start_column + 1, |
3021 |
@@ -387,13 +387,13 @@ |
3022 |
#endif |
3023 |
else |
3024 |
#ifndef NO_MESSAGE_CATALOG |
3025 |
- sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC, |
3026 |
+ snprintf( loc_buffer, 132, catgets(uil_catd, UIL_SET_MISC, |
3027 |
UIL_MISC_0, |
3028 |
"\t\t line: %d file: %s"), |
3029 |
az_src_rec->w_line_number, |
3030 |
src_get_file_name( az_src_rec ) ); |
3031 |
#else |
3032 |
- sprintf( loc_buffer, |
3033 |
+ snprintf( loc_buffer, 132, |
3034 |
"\t\t line: %d file: %s", |
3035 |
az_src_rec->w_line_number, |
3036 |
src_get_file_name( az_src_rec ) ); |
3037 |
--- openMotif-2.2.3/clients/uil/UilSymDef.h.UIL 2002-01-04 22:13:38.000000000 +0100 |
3038 |
+++ openMotif-2.2.3/clients/uil/UilSymDef.h 2005-12-31 07:42:44.106277488 +0100 |
3039 |
@@ -65,6 +65,11 @@ |
3040 |
|
3041 |
#include <Mrm/MrmPublic.h> |
3042 |
#include <Xm/Xm.h> |
3043 |
+#include <X11/Xos.h> |
3044 |
+#ifndef PATH_MAX |
3045 |
+# define PATH_MAX 256 |
3046 |
+#endif |
3047 |
+ |
3048 |
|
3049 |
/* |
3050 |
** constraint check access macro |
3051 |
@@ -874,10 +879,10 @@ |
3052 |
sym_section_entry_type *sections; |
3053 |
/* pointer to a section list; this list is all of the sections that */ |
3054 |
/* exist in this include file. */ |
3055 |
- char file_name[255]; |
3056 |
+ char file_name[PATH_MAX]; |
3057 |
/* the file name as specified in the include statement in the UIL */ |
3058 |
/* source. */ |
3059 |
- char full_file_name[255]; |
3060 |
+ char full_file_name[PATH_MAX]; |
3061 |
/* the expanded name for the include file actually opened. */ |
3062 |
} sym_include_file_entry_type; |
3063 |
|
3064 |
@@ -894,9 +899,9 @@ |
3065 |
/* common header */ |
3066 |
struct _src_source_record_type *src_record_list; |
3067 |
/* pointer to a list of source records. */ |
3068 |
- char file_name[255]; |
3069 |
+ char file_name[PATH_MAX]; |
3070 |
/* the main UIL file name as specified on the command line. */ |
3071 |
- char full_file_name[255]; |
3072 |
+ char full_file_name[PATH_MAX]; |
3073 |
/* the expanded name for the main UIL file that was actually */ |
3074 |
/* opened. */ |
3075 |
sym_section_entry_type *sections; |
3076 |
|
3077 |
|
3078 |
|
3079 |
1.1 src/patchsets/motif/2.2.3/13_all_automake.patch |
3080 |
|
3081 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/13_all_automake.patch?rev=1.1&view=markup |
3082 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/13_all_automake.patch?rev=1.1&content-type=text/plain |
3083 |
|
3084 |
Index: 13_all_automake.patch |
3085 |
=================================================================== |
3086 |
--- clients/uil/Makefile.am Fri Aug 15 04:56:19 2003 |
3087 |
+++ clients/uil/Makefile.am.new Tue Feb 8 12:06:15 2005 |
3088 |
@@ -65,6 +65,7 @@ |
3089 |
lib_LTLIBRARIES = libUil.la |
3090 |
|
3091 |
libUil_la_SOURCES = $(SRCS) |
3092 |
+libUil_la_CFLAGS = $(AM_CFLAGS) |
3093 |
|
3094 |
libUil_la_DEPENDENCIES = UilDBDef.h UilParser.lo |
3095 |
|
3096 |
|
3097 |
|
3098 |
|
3099 |
1.1 src/patchsets/motif/2.2.3/14_all_ac-editres.patch |
3100 |
|
3101 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/14_all_ac-editres.patch?rev=1.1&view=markup |
3102 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/14_all_ac-editres.patch?rev=1.1&content-type=text/plain |
3103 |
|
3104 |
Index: 14_all_ac-editres.patch |
3105 |
=================================================================== |
3106 |
http://bugs.gentoo.org/82081 |
3107 |
|
3108 |
--- openMotif-2.2.3-orig/configure.in |
3109 |
+++ openMotif-2.2.3/configure.in |
3110 |
@@ -58,6 +58,7 @@ |
3111 |
X_XMU=-lXmu |
3112 |
AC_DEFINE(HAVE_LIBXMU, [], [HAVE_LIBXMU]) |
3113 |
, X_XMU="", -lXt -lX11) |
3114 |
+,,[[#include <X11/Intrinsic.h>]] |
3115 |
) |
3116 |
AC_SUBST(X_XMU) |
3117 |
LIBS="$save_LIBS" |
3118 |
|
3119 |
|
3120 |
|
3121 |
1.1 src/patchsets/motif/2.2.3/15_all_ldflags.patch |
3122 |
|
3123 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/15_all_ldflags.patch?rev=1.1&view=markup |
3124 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/15_all_ldflags.patch?rev=1.1&content-type=text/plain |
3125 |
|
3126 |
Index: 15_all_ldflags.patch |
3127 |
=================================================================== |
3128 |
http://bugs.gentoo.org/293573 |
3129 |
|
3130 |
--- openMotif-2.2.3-orig/clients/uil/Makefile.am |
3131 |
+++ openMotif-2.2.3/clients/uil/Makefile.am |
3132 |
@@ -6,7 +6,7 @@ |
3133 |
# |
3134 |
bin_PROGRAMS = uil |
3135 |
|
3136 |
-LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@ |
3137 |
+AM_LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@ |
3138 |
|
3139 |
UilParser.lo: UilParser.c |
3140 |
$(LTCOMPILE) -DCALLABLE -c UilParser.c |
3141 |
--- openMotif-2.2.3-orig/lib/Mrm/Makefile.am |
3142 |
+++ openMotif-2.2.3/lib/Mrm/Makefile.am |
3143 |
@@ -8,7 +8,7 @@ |
3144 |
|
3145 |
libMrm_la_LIBADD = ../Xm/libXm.la ${X_LIBS} -lXt ${X_PRE_LIBS} -lX11 ${X_EXTRA_LIBS} |
3146 |
|
3147 |
-LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@ |
3148 |
+AM_LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@ |
3149 |
|
3150 |
lib_LTLIBRARIES = libMrm.la |
3151 |
|
3152 |
--- openMotif-2.2.3-orig/lib/Xm/Makefile.am |
3153 |
+++ openMotif-2.2.3/lib/Xm/Makefile.am |
3154 |
@@ -9,7 +9,7 @@ |
3155 |
${X_CFLAGS} |
3156 |
xmdir = $(includedir)/Xm |
3157 |
|
3158 |
-LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@ |
3159 |
+AM_LDFLAGS = -version-info @CURRENT@:@REVISION@:@AGE@ |
3160 |
|
3161 |
lib_LTLIBRARIES = libXm.la |
3162 |
|
3163 |
|
3164 |
|
3165 |
|
3166 |
1.1 src/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch |
3167 |
|
3168 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch?rev=1.1&view=markup |
3169 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch?rev=1.1&content-type=text/plain |
3170 |
|
3171 |
Index: 16_all_mrm_buffer_overflow.patch |
3172 |
=================================================================== |
3173 |
http://bugs.gentoo.org/340249 |
3174 |
Patch backported from openmotif-2.3.3 |
3175 |
|
3176 |
--- openMotif-2.2.3-orig/lib/Mrm/MrmIheader.c |
3177 |
+++ openMotif-2.2.3/lib/Mrm/MrmIheader.c |
3178 |
@@ -228,9 +228,10 @@ |
3179 |
|
3180 |
{ |
3181 |
/* sscanf() may call ungetc(), which would write the XmConst string. */ |
3182 |
- char buf[XtNumber(idb__database_version) + 1]; |
3183 |
+ char *buf = XtMalloc(strlen(idb__database_version) + 1); |
3184 |
strcpy(buf, idb__database_version); |
3185 |
sscanf(buf, "URM %d.%d", &db_major, &db_minor); |
3186 |
+ XtFree(buf); |
3187 |
} |
3188 |
|
3189 |
if ((file_major > db_major) || |
3190 |
|
3191 |
|
3192 |
|
3193 |
1.1 src/patchsets/motif/2.2.3/17_all_automake-1.13.patch |
3194 |
|
3195 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/17_all_automake-1.13.patch?rev=1.1&view=markup |
3196 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/motif/2.2.3/17_all_automake-1.13.patch?rev=1.1&content-type=text/plain |
3197 |
|
3198 |
Index: 17_all_automake-1.13.patch |
3199 |
=================================================================== |
3200 |
http://bugs.motifzone.net/show_bug.cgi?id=1595 |
3201 |
|
3202 |
--- openMotif-2.2.3-orig/configure.in |
3203 |
+++ openMotif-2.2.3/configure.in |
3204 |
@@ -23,12 +23,11 @@ |
3205 |
dnl |
3206 |
dnl AC_DISABLE_STATIC |
3207 |
|
3208 |
-AM_CONFIG_HEADER(include/config.h) |
3209 |
+AC_CONFIG_HEADERS(include/config.h) |
3210 |
|
3211 |
dnl Checks for programs. |
3212 |
AC_PROG_CC |
3213 |
AC_PROG_CPP |
3214 |
-AM_PROG_CC_STDC |
3215 |
AM_PROG_LIBTOOL |
3216 |
AC_EXEEXT |