diff options
Diffstat (limited to 'media-libs/imlib/files')
-rw-r--r-- | media-libs/imlib/files/imlib-1.9.15-asneeded.patch | 38 | ||||
-rw-r--r-- | media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch | 11 | ||||
-rw-r--r-- | media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch | 105 | ||||
-rw-r--r-- | media-libs/imlib/files/imlib-1.9.15-libpng15.patch | 142 | ||||
-rw-r--r-- | media-libs/imlib/files/imlib-1.9.15.patch | 70 | ||||
-rw-r--r-- | media-libs/imlib/files/imlib-security.patch | 510 |
6 files changed, 876 insertions, 0 deletions
diff --git a/media-libs/imlib/files/imlib-1.9.15-asneeded.patch b/media-libs/imlib/files/imlib-1.9.15-asneeded.patch new file mode 100644 index 0000000..3b7dd8a --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.15-asneeded.patch @@ -0,0 +1,38 @@ +This code is broken with the newer libtool. Just dropping it is more or less +safe as in any case if libtool does not supports shared libraries it'll issue +an error... + +Adding include is necessary for gcc-4.3. + +--- configure.in 2008-07-16 09:18:35 +0000 ++++ configure.in 2008-07-16 09:18:43 +0000 +@@ -61,6 +61,7 @@ + AC_TRY_RUN([ + #include <glib.h> + #include <gmodule.h> ++#include <stdlib.h> + main () + { + if (g_module_supported ()) +@@ -74,21 +74,6 @@ + CFLAGS="$oCFLAGS" + fi + +-dnl Now we check to see if our libtool supports shared lib deps +-dnl (in a rather ugly way even) +-builddir=`pwd` +-if $dynworks; then +- imlib_libtool_config="$builddir/libtool --config" +- imlib_deplibs_check=`$imlib_libtool_config | \ +- grep '^[[a-z_]]*check[[a-z_]]*_method=[['\''"]]' | \ +- sed 's/.*[['\''"]]\(.*\)[['\''"]]$/\1/'` +- if test "x$imlib_deplibs_check" = "xnone" || \ +- test "x$imlib_deplibs_check" = "xunknown" || \ +- test "x$imlib_deplibs_check" = "x"; then +- dynworks=false +- fi +-fi +- + if $dynworks; then + AC_DEFINE(USE_GMODULE, 1, [ ]) + GMODULE_LIBS="`glib-config --libs gmodule`" diff --git a/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch b/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch new file mode 100644 index 0000000..94595ff --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch @@ -0,0 +1,11 @@ +--- Imlib/load.c.orig 2007-08-13 23:06:20.000000000 -0300 ++++ Imlib/load.c 2007-08-13 23:06:51.000000000 -0300 +@@ -645,7 +645,7 @@ + planes = (int)word; + fread(&word, 2, 1, file); + bpp = (int)word; +- if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32) ++ if (bpp != 1 && bpp != 4 && bpp != 8 && bpp != 16 && bpp != 24 && bpp != 32) + { + fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n"); + return NULL; diff --git a/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch b/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch new file mode 100644 index 0000000..6212ed3 --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch @@ -0,0 +1,105 @@ +Michel Dänzer <daenzer AT debian.org> + +* The boolean value returned via the last parameter to XShmQueryVersion() + isn't honoured everywhere. +* The init functions that take parameters allow the caller to enable shared + pixmaps when they aren't supported (or disabled by configuration files). + + +These result in incorrect rendering when the MIT-SHM extension doesn't support +shared pixmaps, e.g. using EXA with current versions of Xorg. + +http://bugs.gentoo.org/show_bug.cgi?id=197489 + +diff -up -ru imlib-1.9.15.orig/gdk_imlib/misc.c imlib-1.9.15/gdk_imlib/misc.c +--- imlib-1.9.15.orig/gdk_imlib/misc.c 2002-03-04 18:06:32.000000000 +0100 ++++ imlib-1.9.15/gdk_imlib/misc.c 2007-10-28 14:00:04.000000000 +0100 +@@ -674,6 +674,10 @@ gdk_imlib_init_params(GdkImlibInitParams + visual = gdk_rgb_get_visual(); + id->x.visual = GDK_VISUAL_XVISUAL(visual); /* the visual type */ + id->x.depth = visual->depth; /* the depth of the screen in bpp */ ++ ++ id->x.shm = 0; ++ id->x.shmp = 0; ++ id->max_shm = 0; + #ifdef HAVE_SHM + if (XShmQueryExtension(id->x.disp)) + { +@@ -689,17 +693,14 @@ gdk_imlib_init_params(GdkImlibInitParams + id->x.last_xim = NULL; + id->x.last_sxim = NULL; + id->max_shm = 0x7fffffff; +- if (XShmPixmapFormat(id->x.disp) == ZPixmap) ++ if ((XShmPixmapFormat(id->x.disp) == ZPixmap) && ++ (pm == True)) + id->x.shmp = 1; + } + } + } +- else + #endif +- { +- id->x.shm = 0; +- id->x.shmp = 0; +- } ++ + id->cache.on_image = 0; + id->cache.size_image = 0; + id->cache.num_image = 0; +@@ -935,8 +936,8 @@ gdk_imlib_init_params(GdkImlibInitParams + } + if (p->flags & PARAMS_SHAREDPIXMAPS) + { +- if (id->x.shm) +- id->x.shmp = p->sharedpixmaps; ++ if (!p->sharedpixmaps) ++ id->x.shmp = 0; + } + if (p->flags & PARAMS_PALETTEOVERRIDE) + override = p->paletteoverride; +diff -up -ru imlib-1.9.15.orig/Imlib/misc.c imlib-1.9.15/Imlib/misc.c +--- imlib-1.9.15.orig/Imlib/misc.c 2004-09-21 02:22:59.000000000 +0200 ++++ imlib-1.9.15/Imlib/misc.c 2007-10-28 14:00:23.000000000 +0100 +@@ -675,6 +675,10 @@ Imlib_init_with_params(Display * disp, I + id->x.root = DefaultRootWindow(disp); /* the root window id */ + id->x.visual = DefaultVisual(disp, id->x.screen); /* the visual type */ + id->x.depth = DefaultDepth(disp, id->x.screen); /* the depth of the screen in bpp */ ++ ++ id->x.shm = 0; ++ id->x.shmp = 0; ++ id->max_shm = 0; + #ifdef HAVE_SHM + if (XShmQueryExtension(id->x.disp)) + { +@@ -690,17 +694,14 @@ Imlib_init_with_params(Display * disp, I + id->x.last_xim = NULL; + id->x.last_sxim = NULL; + id->max_shm = 0x7fffffff; +- if (XShmPixmapFormat(id->x.disp) == ZPixmap) ++ if ((XShmPixmapFormat(id->x.disp) == ZPixmap && ++ (pm == True))) + id->x.shmp = 1; + } + } + } +- else + #endif +- { +- id->x.shm = 0; +- id->x.shmp = 0; +- } ++ + id->cache.on_image = 0; + id->cache.size_image = 0; + id->cache.num_image = 0; +@@ -952,8 +953,8 @@ Imlib_init_with_params(Display * disp, I + } + if (p->flags & PARAMS_SHAREDPIXMAPS) + { +- if (id->x.shm) +- id->x.shmp = p->sharedpixmaps; ++ if (!p->sharedpixmaps) ++ id->x.shmp = 0; + } + if (p->flags & PARAMS_PALETTEOVERRIDE) + override = p->paletteoverride; diff --git a/media-libs/imlib/files/imlib-1.9.15-libpng15.patch b/media-libs/imlib/files/imlib-1.9.15-libpng15.patch new file mode 100644 index 0000000..7837cd4 --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.15-libpng15.patch @@ -0,0 +1,142 @@ +--- gdk_imlib/io-png.c ++++ gdk_imlib/io-png.c +@@ -40,13 +40,13 @@ + return NULL; + } + +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; + } + +- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) ++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; +@@ -275,13 +275,13 @@ + return NULL; + } + +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; + } + +- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) ++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; +@@ -301,6 +301,9 @@ + /* Setup Translators */ + if (color_type == PNG_COLOR_TYPE_PALETTE) + png_set_expand(png_ptr); ++ if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) ++ png_set_expand(png_ptr); ++ + png_set_strip_16(png_ptr); + png_set_packing(png_ptr); + if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) +@@ -440,13 +443,13 @@ + return NULL; + } + +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; + } + +- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) ++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; +@@ -635,7 +638,7 @@ + png_destroy_write_struct(&png_ptr, (png_infopp) NULL); + return 0; + } +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + fclose(f); + png_destroy_write_struct(&png_ptr, (png_infopp) NULL); +--- Imlib/load.c ++++ Imlib/load.c +@@ -197,12 +197,12 @@ + png_destroy_read_struct(&png_ptr, NULL, NULL); + return NULL; + } +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; + } +- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) ++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; +@@ -260,7 +260,8 @@ + png_read_image(png_ptr, lines); + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + ptr = data; +- if (color_type == PNG_COLOR_TYPE_GRAY_ALPHA) ++ if (color_type == PNG_COLOR_TYPE_GRAY ++ || color_type == PNG_COLOR_TYPE_GRAY_ALPHA) + { + for (y = 0; y < *h; y++) + { +@@ -285,6 +286,7 @@ + } + } + } ++#if 0 + else if (color_type == PNG_COLOR_TYPE_GRAY) + { + for (y = 0; y < *h; y++) +@@ -300,6 +302,7 @@ + } + } + } ++#endif + else + { + for (y = 0; y < *h; y++) +--- Imlib/save.c ++++ Imlib/save.c +@@ -342,7 +342,7 @@ + png_destroy_write_struct(&png_ptr, (png_infopp) NULL); + return 0; + } +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + fclose(f); + png_destroy_write_struct(&png_ptr, (png_infopp) NULL); +--- Imlib/utils.c ++++ Imlib/utils.c +@@ -1981,14 +1981,13 @@ + png_destroy_read_struct(&png_ptr, NULL, NULL); + return NULL; + } +- +- if (setjmp(png_ptr->jmpbuf)) ++ if (setjmp(png_jmpbuf(png_ptr))) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; + } + +- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) ++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA) + { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return NULL; diff --git a/media-libs/imlib/files/imlib-1.9.15.patch b/media-libs/imlib/files/imlib-1.9.15.patch new file mode 100644 index 0000000..c78aea9 --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.15.patch @@ -0,0 +1,70 @@ +diff -ur imlib-1.9.15.orig/configure.in imlib-1.9.15/configure.in +--- imlib-1.9.15.orig/configure.in 2004-09-23 04:13:45.000000000 +0300 ++++ imlib-1.9.15/configure.in 2007-02-05 23:43:18.000000000 +0200 +@@ -17,11 +17,26 @@ + dnl incase it is broken for example. + AC_ARG_ENABLE(shm, [ --enable-shm support shared memory if available [default=yes]], echo $enable_shm, enable_shm="yes") + ++AC_ARG_ENABLE(gdk, [ --enable-gdk enable gdk_imlib compilation [default=yes]],[ ++ if test x$enableval = xyes; then ++ disable_gdk="no" ++ else ++ disable_gdk="yes" ++ fi],disable_gdk=no) ++ ++if test x$disable_gdk = xno; then ++ AC_MSG_RESULT(no) ++ + AM_PATH_GTK(1.2.1,[ + GDK_IMLIB="gdk_imlib utils"],[ + GDK_IMLIB="" + AC_MSG_WARN([*** gdk_imlib will not be built ***])]) + ++else ++ AC_MSG_RESULT(yes) ++ GDK_IMLIB="" ++fi ++ + AC_MSG_CHECKING(whether to build gmodulized imlib) + + AC_ARG_ENABLE(modules, [ --disable-modules Disables dynamic module loading],[ +diff -ur imlib-1.9.15.orig/imlib-config.in imlib-1.9.15/imlib-config.in +--- imlib-1.9.15.orig/imlib-config.in 2004-08-27 19:03:11.000000000 +0300 ++++ imlib-1.9.15/imlib-config.in 2007-02-05 23:46:34.000000000 +0200 +@@ -46,15 +46,9 @@ + echo @VERSION@ + ;; + --cflags) +- if test @includedir@ != /usr/include ; then +- includes=-I@includedir@ +- fi + echo $includes @X_CFLAGS@ + ;; + --cflags-gdk) +- if test @includedir@ != /usr/include ; then +- includes=-I@includedir@ +- fi + echo `@GTK_CONFIG@ --cflags` $includes @X_CFLAGS@ + ;; + --libs) +diff -ur imlib-1.9.15.orig/imlib.m4 imlib-1.9.15/imlib.m4 +--- imlib-1.9.15.orig/imlib.m4 2004-08-27 19:03:11.000000000 +0300 ++++ imlib-1.9.15/imlib.m4 2007-02-05 23:42:57.000000000 +0200 +@@ -6,7 +6,7 @@ + dnl AM_PATH_IMLIB([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]]) + dnl Test for IMLIB, and define IMLIB_CFLAGS and IMLIB_LIBS + dnl +-AC_DEFUN(AM_PATH_IMLIB, ++AC_DEFUN([AM_PATH_IMLIB], + [dnl + dnl Get the cflags and libraries from the imlib-config script + dnl +@@ -164,7 +164,7 @@ + ]) + + # Check for gdk-imlib +-AC_DEFUN(AM_PATH_GDK_IMLIB, ++AC_DEFUN([AM_PATH_GDK_IMLIB], + [dnl + dnl Get the cflags and libraries from the imlib-config script + dnl diff --git a/media-libs/imlib/files/imlib-security.patch b/media-libs/imlib/files/imlib-security.patch new file mode 100644 index 0000000..c820270 --- /dev/null +++ b/media-libs/imlib/files/imlib-security.patch @@ -0,0 +1,510 @@ +diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c +--- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002 ++++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004 +@@ -4,6 +4,8 @@ + #include "Imlib_private.h" + #include <setjmp.h> + ++#define G_MAXINT ((int) 0x7fffffff) ++ + /* Split the ID - damages input */ + + static char * +@@ -41,13 +43,17 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void * _imlib_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) +- return NULL; +- return malloc(w * h * 3); ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) ++ return NULL; ++ return malloc(w * h * 3 + 3); + } + + #ifdef HAVE_LIBJPEG +@@ -360,7 +366,9 @@ + npix = ww * hh; + *w = (int)ww; + *h = (int)hh; +- if(ww > 32767 || hh > 32767) ++ if (ww <= 0 || ww > 32767 || ++ hh <= 0 || hh > 32767 || ++ hh >= (G_MAXINT/sizeof(uint32)) / ww) + { + TIFFClose(tif); + return NULL; +@@ -463,7 +471,7 @@ + } + *w = gif->Image.Width; + *h = gif->Image.Height; +- if (*h > 32767 || *w > 32767) ++ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) + { + return NULL; + } +@@ -965,7 +973,12 @@ + comment = 0; + quote = 0; + context = 0; ++ memset(lookup, 0, sizeof(lookup)); ++ + line = malloc(lsz); ++ if (!line) ++ return NULL; ++ + while (!done) + { + pc = c; +@@ -994,25 +1007,25 @@ + { + /* Header */ + sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n"); + free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n"); + free(line); + return NULL; + } +- if (*w > 32767) ++ if (*w <= 0 || *w > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + free(line); + return NULL; + } +- if (*h > 32767) ++ if (*h <= 0 || *h > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + free(line); +@@ -1045,11 +1058,13 @@ + { + int slen; + int hascolor, iscolor; ++ int space; + + iscolor = 0; + hascolor = 0; + tok[0] = 0; + col[0] = 0; ++ space = sizeof(col) - 1; + s[0] = 0; + len = strlen(line); + strncpy(cmap[j].str, line, cpp); +@@ -1072,10 +1087,10 @@ + { + if (k >= len) + { +- if (col[0]) +- strcat(col, " "); +- if (strlen(col) + strlen(s) < sizeof(col)) +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + if (col[0]) + { +@@ -1105,14 +1120,17 @@ + } + } + } +- strcpy(tok, s); ++ if (slen < sizeof(tok)); ++ strcpy(tok, s); + col[0] = 0; ++ space = sizeof(col) - 1; + } + else + { +- if (col[0]) +- strcat(col, " "); +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -=1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + } + } +@@ -1341,12 +1359,12 @@ + sscanf(s, "%i %i", w, h); + a = *w; + b = *h; +- if (a > 32767) ++ if (a <= 0 || a > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (b > 32767) ++ if (b <= 0 || b > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + return NULL; +diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c +--- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002 ++++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004 +@@ -1496,36 +1496,56 @@ + context = 0; + ptr = NULL; + end = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + while (!done) + { + line = data[count++]; ++ if (!line) ++ break; ++ line = strdup(line); ++ if (!line) ++ break; ++ len = strlen(line); ++ for (i = 0; i < len; ++i) ++ { ++ c = line[i]; ++ if (c < 32) ++ line[i] = 32; ++ else if (c > 127) ++ line[i] = 127; ++ } ++ + if (context == 0) + { + /* Header */ + sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (w > 32767) ++ if (w <= 0 || w > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } +- if (h > 32767) ++ if (h <= 0 || h > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } + cmap = malloc(sizeof(struct _cmap) * ncolors); +@@ -1533,6 +1553,7 @@ + if (!cmap) + { + free(im); ++ free(line); + return NULL; + } + im->rgb_width = w; +@@ -1542,6 +1563,7 @@ + { + free(cmap); + free(im); ++ free(line); + return NULL; + } + im->alpha_data = NULL; +@@ -1817,6 +1839,7 @@ + } + if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) + done = 1; ++ free(line); + } + if (!transp) + { +diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c +--- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004 +@@ -55,7 +55,7 @@ + } + *w = gif->Image.Width; + *h = gif->Image.Height; +- if(*h > 32767 || *w > 32767) ++ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) + { + return NULL; + } +diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c +--- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004 +@@ -53,12 +53,12 @@ + sscanf(s, "%i %i", w, h); + a = *w; + b = *h; +- if (a > 32767) ++ if (a <= 0 || a > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (b > 32767) ++ if (b <= 0 || b > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); + return NULL; +diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c +--- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004 +@@ -36,7 +36,9 @@ + npix = ww * hh; + *w = (int)ww; + *h = (int)hh; +- if(ww > 32767 || hh > 32767) ++ if (ww <= 0 || ww > 32767 || ++ hh <= 0 || hh > 32767 || ++ hh >= (G_MAXINT/sizeof(uint32)) / ww) + { + TIFFClose(tif); + return NULL; +diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c +--- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004 +@@ -40,8 +40,12 @@ + context = 0; + i = j = 0; + cmap = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + line = malloc(lsz); ++ if (!line) ++ return NULL; ++ + while (!done) + { + pc = c; +@@ -70,25 +74,25 @@ + { + /* Header */ + sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n"); + free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n"); + free(line); + return NULL; + } +- if (*w > 32767) ++ if (*w <= 0 || *w > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); + free(line); + return NULL; + } +- if (*h > 32767) ++ if (*h <= 0 || *h > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); + free(line); +@@ -120,11 +124,13 @@ + { + int slen; + int hascolor, iscolor; ++ int space; + + hascolor = 0; + iscolor = 0; + tok[0] = 0; + col[0] = 0; ++ space = sizeof(col) - 1; + s[0] = 0; + len = strlen(line); + strncpy(cmap[j].str, line, cpp); +@@ -147,10 +153,10 @@ + { + if (k >= len) + { +- if (col[0]) +- strcat(col, " "); +- if (strlen(col) + strlen(s) < sizeof(col)) +- strcat(col, s); ++ if (col[0] && space > 0) ++ strncat(col, " ", space), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + if (col[0]) + { +@@ -180,14 +186,17 @@ + } + } + } +- strcpy(tok, s); ++ if (slen < sizeof(tok)) ++ strcpy(tok, s); + col[0] = 0; ++ space = sizeof(col) - 1; + } + else + { +- if (col[0]) +- strcat(col, " "); +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + } + } +diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c +--- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004 +@@ -1355,11 +1355,16 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void *_gdk_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) + return NULL; +- return malloc(w * h * 3); ++ return malloc(w * h * 3 + 3); + } ++ +diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c +--- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004 +@@ -1236,36 +1236,56 @@ + context = 0; + ptr = NULL; + end = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + while (!done) + { + line = data[count++]; ++ if (!line) ++ break; ++ line = strdup(line); ++ if (!line) ++ break; ++ len = strlen(line); ++ for (i = 0; i < len; ++i) ++ { ++ c = line[i]; ++ if (c < 32) ++ line[i] = 32; ++ else if (c > 127) ++ line[i] = 127; ++ } ++ + if (context == 0) + { + /* Header */ + sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (w > 32767) ++ if (w <= 0 || w > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } +- if (h > 32767) ++ if (h <= 0 || h > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } + cmap = malloc(sizeof(struct _cmap) * ncolors); +@@ -1273,6 +1293,7 @@ + if (!cmap) + { + free(im); ++ free(line); + return NULL; + } + im->rgb_width = w; +@@ -1282,6 +1303,7 @@ + { + free(cmap); + free(im); ++ free(line); + return NULL; + } + im->alpha_data = NULL; +@@ -1355,7 +1377,7 @@ + strcpy(col + colptr, " "); + colptr++; + } +- if (colptr + ls <= sizeof(col)) ++ if (colptr + ls < sizeof(col)) + { + strcpy(col + colptr, s); + colptr += ls; +@@ -1558,6 +1580,7 @@ + } + if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) + done = 1; ++ free(line); + } + if (!transp) + { |