summaryrefslogtreecommitdiffstats
path: root/media-libs/imlib/files
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/imlib/files')
-rw-r--r--media-libs/imlib/files/imlib-1.9.15-asneeded.patch38
-rw-r--r--media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch11
-rw-r--r--media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch105
-rw-r--r--media-libs/imlib/files/imlib-1.9.15-libpng15.patch142
-rw-r--r--media-libs/imlib/files/imlib-1.9.15.patch70
-rw-r--r--media-libs/imlib/files/imlib-security.patch510
6 files changed, 876 insertions, 0 deletions
diff --git a/media-libs/imlib/files/imlib-1.9.15-asneeded.patch b/media-libs/imlib/files/imlib-1.9.15-asneeded.patch
new file mode 100644
index 0000000..3b7dd8a
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15-asneeded.patch
@@ -0,0 +1,38 @@
+This code is broken with the newer libtool. Just dropping it is more or less
+safe as in any case if libtool does not supports shared libraries it'll issue
+an error...
+
+Adding include is necessary for gcc-4.3.
+
+--- configure.in 2008-07-16 09:18:35 +0000
++++ configure.in 2008-07-16 09:18:43 +0000
+@@ -61,6 +61,7 @@
+ AC_TRY_RUN([
+ #include <glib.h>
+ #include <gmodule.h>
++#include <stdlib.h>
+ main ()
+ {
+ if (g_module_supported ())
+@@ -74,21 +74,6 @@
+ CFLAGS="$oCFLAGS"
+ fi
+
+-dnl Now we check to see if our libtool supports shared lib deps
+-dnl (in a rather ugly way even)
+-builddir=`pwd`
+-if $dynworks; then
+- imlib_libtool_config="$builddir/libtool --config"
+- imlib_deplibs_check=`$imlib_libtool_config | \
+- grep '^[[a-z_]]*check[[a-z_]]*_method=[['\''"]]' | \
+- sed 's/.*[['\''"]]\(.*\)[['\''"]]$/\1/'`
+- if test "x$imlib_deplibs_check" = "xnone" || \
+- test "x$imlib_deplibs_check" = "xunknown" || \
+- test "x$imlib_deplibs_check" = "x"; then
+- dynworks=false
+- fi
+-fi
+-
+ if $dynworks; then
+ AC_DEFINE(USE_GMODULE, 1, [ ])
+ GMODULE_LIBS="`glib-config --libs gmodule`"
diff --git a/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch b/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch
new file mode 100644
index 0000000..94595ff
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch
@@ -0,0 +1,11 @@
+--- Imlib/load.c.orig 2007-08-13 23:06:20.000000000 -0300
++++ Imlib/load.c 2007-08-13 23:06:51.000000000 -0300
+@@ -645,7 +645,7 @@
+ planes = (int)word;
+ fread(&word, 2, 1, file);
+ bpp = (int)word;
+- if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32)
++ if (bpp != 1 && bpp != 4 && bpp != 8 && bpp != 16 && bpp != 24 && bpp != 32)
+ {
+ fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n");
+ return NULL;
diff --git a/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch b/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch
new file mode 100644
index 0000000..6212ed3
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch
@@ -0,0 +1,105 @@
+Michel Dänzer <daenzer AT debian.org>
+
+* The boolean value returned via the last parameter to XShmQueryVersion()
+ isn't honoured everywhere.
+* The init functions that take parameters allow the caller to enable shared
+ pixmaps when they aren't supported (or disabled by configuration files).
+
+
+These result in incorrect rendering when the MIT-SHM extension doesn't support
+shared pixmaps, e.g. using EXA with current versions of Xorg.
+
+http://bugs.gentoo.org/show_bug.cgi?id=197489
+
+diff -up -ru imlib-1.9.15.orig/gdk_imlib/misc.c imlib-1.9.15/gdk_imlib/misc.c
+--- imlib-1.9.15.orig/gdk_imlib/misc.c 2002-03-04 18:06:32.000000000 +0100
++++ imlib-1.9.15/gdk_imlib/misc.c 2007-10-28 14:00:04.000000000 +0100
+@@ -674,6 +674,10 @@ gdk_imlib_init_params(GdkImlibInitParams
+ visual = gdk_rgb_get_visual();
+ id->x.visual = GDK_VISUAL_XVISUAL(visual); /* the visual type */
+ id->x.depth = visual->depth; /* the depth of the screen in bpp */
++
++ id->x.shm = 0;
++ id->x.shmp = 0;
++ id->max_shm = 0;
+ #ifdef HAVE_SHM
+ if (XShmQueryExtension(id->x.disp))
+ {
+@@ -689,17 +693,14 @@ gdk_imlib_init_params(GdkImlibInitParams
+ id->x.last_xim = NULL;
+ id->x.last_sxim = NULL;
+ id->max_shm = 0x7fffffff;
+- if (XShmPixmapFormat(id->x.disp) == ZPixmap)
++ if ((XShmPixmapFormat(id->x.disp) == ZPixmap) &&
++ (pm == True))
+ id->x.shmp = 1;
+ }
+ }
+ }
+- else
+ #endif
+- {
+- id->x.shm = 0;
+- id->x.shmp = 0;
+- }
++
+ id->cache.on_image = 0;
+ id->cache.size_image = 0;
+ id->cache.num_image = 0;
+@@ -935,8 +936,8 @@ gdk_imlib_init_params(GdkImlibInitParams
+ }
+ if (p->flags & PARAMS_SHAREDPIXMAPS)
+ {
+- if (id->x.shm)
+- id->x.shmp = p->sharedpixmaps;
++ if (!p->sharedpixmaps)
++ id->x.shmp = 0;
+ }
+ if (p->flags & PARAMS_PALETTEOVERRIDE)
+ override = p->paletteoverride;
+diff -up -ru imlib-1.9.15.orig/Imlib/misc.c imlib-1.9.15/Imlib/misc.c
+--- imlib-1.9.15.orig/Imlib/misc.c 2004-09-21 02:22:59.000000000 +0200
++++ imlib-1.9.15/Imlib/misc.c 2007-10-28 14:00:23.000000000 +0100
+@@ -675,6 +675,10 @@ Imlib_init_with_params(Display * disp, I
+ id->x.root = DefaultRootWindow(disp); /* the root window id */
+ id->x.visual = DefaultVisual(disp, id->x.screen); /* the visual type */
+ id->x.depth = DefaultDepth(disp, id->x.screen); /* the depth of the screen in bpp */
++
++ id->x.shm = 0;
++ id->x.shmp = 0;
++ id->max_shm = 0;
+ #ifdef HAVE_SHM
+ if (XShmQueryExtension(id->x.disp))
+ {
+@@ -690,17 +694,14 @@ Imlib_init_with_params(Display * disp, I
+ id->x.last_xim = NULL;
+ id->x.last_sxim = NULL;
+ id->max_shm = 0x7fffffff;
+- if (XShmPixmapFormat(id->x.disp) == ZPixmap)
++ if ((XShmPixmapFormat(id->x.disp) == ZPixmap &&
++ (pm == True)))
+ id->x.shmp = 1;
+ }
+ }
+ }
+- else
+ #endif
+- {
+- id->x.shm = 0;
+- id->x.shmp = 0;
+- }
++
+ id->cache.on_image = 0;
+ id->cache.size_image = 0;
+ id->cache.num_image = 0;
+@@ -952,8 +953,8 @@ Imlib_init_with_params(Display * disp, I
+ }
+ if (p->flags & PARAMS_SHAREDPIXMAPS)
+ {
+- if (id->x.shm)
+- id->x.shmp = p->sharedpixmaps;
++ if (!p->sharedpixmaps)
++ id->x.shmp = 0;
+ }
+ if (p->flags & PARAMS_PALETTEOVERRIDE)
+ override = p->paletteoverride;
diff --git a/media-libs/imlib/files/imlib-1.9.15-libpng15.patch b/media-libs/imlib/files/imlib-1.9.15-libpng15.patch
new file mode 100644
index 0000000..7837cd4
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15-libpng15.patch
@@ -0,0 +1,142 @@
+--- gdk_imlib/io-png.c
++++ gdk_imlib/io-png.c
+@@ -40,13 +40,13 @@
+ return NULL;
+ }
+
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+ }
+
+- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA)
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+@@ -275,13 +275,13 @@
+ return NULL;
+ }
+
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+ }
+
+- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA)
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+@@ -301,6 +301,9 @@
+ /* Setup Translators */
+ if (color_type == PNG_COLOR_TYPE_PALETTE)
+ png_set_expand(png_ptr);
++ if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8)
++ png_set_expand(png_ptr);
++
+ png_set_strip_16(png_ptr);
+ png_set_packing(png_ptr);
+ if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS))
+@@ -440,13 +443,13 @@
+ return NULL;
+ }
+
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+ }
+
+- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA)
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+@@ -635,7 +638,7 @@
+ png_destroy_write_struct(&png_ptr, (png_infopp) NULL);
+ return 0;
+ }
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ fclose(f);
+ png_destroy_write_struct(&png_ptr, (png_infopp) NULL);
+--- Imlib/load.c
++++ Imlib/load.c
+@@ -197,12 +197,12 @@
+ png_destroy_read_struct(&png_ptr, NULL, NULL);
+ return NULL;
+ }
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+ }
+- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA)
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+@@ -260,7 +260,8 @@
+ png_read_image(png_ptr, lines);
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ ptr = data;
+- if (color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
++ if (color_type == PNG_COLOR_TYPE_GRAY
++ || color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
+ {
+ for (y = 0; y < *h; y++)
+ {
+@@ -285,6 +286,7 @@
+ }
+ }
+ }
++#if 0
+ else if (color_type == PNG_COLOR_TYPE_GRAY)
+ {
+ for (y = 0; y < *h; y++)
+@@ -300,6 +302,7 @@
+ }
+ }
+ }
++#endif
+ else
+ {
+ for (y = 0; y < *h; y++)
+--- Imlib/save.c
++++ Imlib/save.c
+@@ -342,7 +342,7 @@
+ png_destroy_write_struct(&png_ptr, (png_infopp) NULL);
+ return 0;
+ }
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ fclose(f);
+ png_destroy_write_struct(&png_ptr, (png_infopp) NULL);
+--- Imlib/utils.c
++++ Imlib/utils.c
+@@ -1981,14 +1981,13 @@
+ png_destroy_read_struct(&png_ptr, NULL, NULL);
+ return NULL;
+ }
+-
+- if (setjmp(png_ptr->jmpbuf))
++ if (setjmp(png_jmpbuf(png_ptr)))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+ }
+
+- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
++ if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA)
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
diff --git a/media-libs/imlib/files/imlib-1.9.15.patch b/media-libs/imlib/files/imlib-1.9.15.patch
new file mode 100644
index 0000000..c78aea9
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15.patch
@@ -0,0 +1,70 @@
+diff -ur imlib-1.9.15.orig/configure.in imlib-1.9.15/configure.in
+--- imlib-1.9.15.orig/configure.in 2004-09-23 04:13:45.000000000 +0300
++++ imlib-1.9.15/configure.in 2007-02-05 23:43:18.000000000 +0200
+@@ -17,11 +17,26 @@
+ dnl incase it is broken for example.
+ AC_ARG_ENABLE(shm, [ --enable-shm support shared memory if available [default=yes]], echo $enable_shm, enable_shm="yes")
+
++AC_ARG_ENABLE(gdk, [ --enable-gdk enable gdk_imlib compilation [default=yes]],[
++ if test x$enableval = xyes; then
++ disable_gdk="no"
++ else
++ disable_gdk="yes"
++ fi],disable_gdk=no)
++
++if test x$disable_gdk = xno; then
++ AC_MSG_RESULT(no)
++
+ AM_PATH_GTK(1.2.1,[
+ GDK_IMLIB="gdk_imlib utils"],[
+ GDK_IMLIB=""
+ AC_MSG_WARN([*** gdk_imlib will not be built ***])])
+
++else
++ AC_MSG_RESULT(yes)
++ GDK_IMLIB=""
++fi
++
+ AC_MSG_CHECKING(whether to build gmodulized imlib)
+
+ AC_ARG_ENABLE(modules, [ --disable-modules Disables dynamic module loading],[
+diff -ur imlib-1.9.15.orig/imlib-config.in imlib-1.9.15/imlib-config.in
+--- imlib-1.9.15.orig/imlib-config.in 2004-08-27 19:03:11.000000000 +0300
++++ imlib-1.9.15/imlib-config.in 2007-02-05 23:46:34.000000000 +0200
+@@ -46,15 +46,9 @@
+ echo @VERSION@
+ ;;
+ --cflags)
+- if test @includedir@ != /usr/include ; then
+- includes=-I@includedir@
+- fi
+ echo $includes @X_CFLAGS@
+ ;;
+ --cflags-gdk)
+- if test @includedir@ != /usr/include ; then
+- includes=-I@includedir@
+- fi
+ echo `@GTK_CONFIG@ --cflags` $includes @X_CFLAGS@
+ ;;
+ --libs)
+diff -ur imlib-1.9.15.orig/imlib.m4 imlib-1.9.15/imlib.m4
+--- imlib-1.9.15.orig/imlib.m4 2004-08-27 19:03:11.000000000 +0300
++++ imlib-1.9.15/imlib.m4 2007-02-05 23:42:57.000000000 +0200
+@@ -6,7 +6,7 @@
+ dnl AM_PATH_IMLIB([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]])
+ dnl Test for IMLIB, and define IMLIB_CFLAGS and IMLIB_LIBS
+ dnl
+-AC_DEFUN(AM_PATH_IMLIB,
++AC_DEFUN([AM_PATH_IMLIB],
+ [dnl
+ dnl Get the cflags and libraries from the imlib-config script
+ dnl
+@@ -164,7 +164,7 @@
+ ])
+
+ # Check for gdk-imlib
+-AC_DEFUN(AM_PATH_GDK_IMLIB,
++AC_DEFUN([AM_PATH_GDK_IMLIB],
+ [dnl
+ dnl Get the cflags and libraries from the imlib-config script
+ dnl
diff --git a/media-libs/imlib/files/imlib-security.patch b/media-libs/imlib/files/imlib-security.patch
new file mode 100644
index 0000000..c820270
--- /dev/null
+++ b/media-libs/imlib/files/imlib-security.patch
@@ -0,0 +1,510 @@
+diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c
+--- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002
++++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004
+@@ -4,6 +4,8 @@
+ #include "Imlib_private.h"
+ #include <setjmp.h>
+
++#define G_MAXINT ((int) 0x7fffffff)
++
+ /* Split the ID - damages input */
+
+ static char *
+@@ -41,13 +43,17 @@
+
+ /*
+ * Make sure we don't wrap on our memory allocations
++ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp
++ * + 3 is safety margin
+ */
+
+ void * _imlib_malloc_image(unsigned int w, unsigned int h)
+ {
+- if( w > 32767 || h > 32767)
+- return NULL;
+- return malloc(w * h * 3);
++ if (w <= 0 || w > 32767 ||
++ h <= 0 || h > 32767 ||
++ h >= (G_MAXINT/4 - 1) / w)
++ return NULL;
++ return malloc(w * h * 3 + 3);
+ }
+
+ #ifdef HAVE_LIBJPEG
+@@ -360,7 +366,9 @@
+ npix = ww * hh;
+ *w = (int)ww;
+ *h = (int)hh;
+- if(ww > 32767 || hh > 32767)
++ if (ww <= 0 || ww > 32767 ||
++ hh <= 0 || hh > 32767 ||
++ hh >= (G_MAXINT/sizeof(uint32)) / ww)
+ {
+ TIFFClose(tif);
+ return NULL;
+@@ -463,7 +471,7 @@
+ }
+ *w = gif->Image.Width;
+ *h = gif->Image.Height;
+- if (*h > 32767 || *w > 32767)
++ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
+ {
+ return NULL;
+ }
+@@ -965,7 +973,12 @@
+ comment = 0;
+ quote = 0;
+ context = 0;
++ memset(lookup, 0, sizeof(lookup));
++
+ line = malloc(lsz);
++ if (!line)
++ return NULL;
++
+ while (!done)
+ {
+ pc = c;
+@@ -994,25 +1007,25 @@
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (*w > 32767)
++ if (*w <= 0 || *w > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ free(line);
+ return NULL;
+ }
+- if (*h > 32767)
++ if (*h <= 0 || *h > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ free(line);
+@@ -1045,11 +1058,13 @@
+ {
+ int slen;
+ int hascolor, iscolor;
++ int space;
+
+ iscolor = 0;
+ hascolor = 0;
+ tok[0] = 0;
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ s[0] = 0;
+ len = strlen(line);
+ strncpy(cmap[j].str, line, cpp);
+@@ -1072,10 +1087,10 @@
+ {
+ if (k >= len)
+ {
+- if (col[0])
+- strcat(col, " ");
+- if (strlen(col) + strlen(s) < sizeof(col))
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ if (col[0])
+ {
+@@ -1105,14 +1120,17 @@
+ }
+ }
+ }
+- strcpy(tok, s);
++ if (slen < sizeof(tok));
++ strcpy(tok, s);
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ }
+ else
+ {
+- if (col[0])
+- strcat(col, " ");
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -=1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ }
+ }
+@@ -1341,12 +1359,12 @@
+ sscanf(s, "%i %i", w, h);
+ a = *w;
+ b = *h;
+- if (a > 32767)
++ if (a <= 0 || a > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (b > 32767)
++ if (b <= 0 || b > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ return NULL;
+diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c
+--- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002
++++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004
+@@ -1496,36 +1496,56 @@
+ context = 0;
+ ptr = NULL;
+ end = NULL;
++ memset(lookup, 0, sizeof(lookup));
+
+ while (!done)
+ {
+ line = data[count++];
++ if (!line)
++ break;
++ line = strdup(line);
++ if (!line)
++ break;
++ len = strlen(line);
++ for (i = 0; i < len; ++i)
++ {
++ c = line[i];
++ if (c < 32)
++ line[i] = 32;
++ else if (c > 127)
++ line[i] = 127;
++ }
++
+ if (context == 0)
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (w > 32767)
++ if (w <= 0 || w > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (h > 32767)
++ if (h <= 0 || h > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+ cmap = malloc(sizeof(struct _cmap) * ncolors);
+@@ -1533,6 +1553,7 @@
+ if (!cmap)
+ {
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->rgb_width = w;
+@@ -1542,6 +1563,7 @@
+ {
+ free(cmap);
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->alpha_data = NULL;
+@@ -1817,6 +1839,7 @@
+ }
+ if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
+ done = 1;
++ free(line);
+ }
+ if (!transp)
+ {
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c
+--- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004
+@@ -55,7 +55,7 @@
+ }
+ *w = gif->Image.Width;
+ *h = gif->Image.Height;
+- if(*h > 32767 || *w > 32767)
++ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
+ {
+ return NULL;
+ }
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c
+--- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004
+@@ -53,12 +53,12 @@
+ sscanf(s, "%i %i", w, h);
+ a = *w;
+ b = *h;
+- if (a > 32767)
++ if (a <= 0 || a > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (b > 32767)
++ if (b <= 0 || b > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
+ return NULL;
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c
+--- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004
+@@ -36,7 +36,9 @@
+ npix = ww * hh;
+ *w = (int)ww;
+ *h = (int)hh;
+- if(ww > 32767 || hh > 32767)
++ if (ww <= 0 || ww > 32767 ||
++ hh <= 0 || hh > 32767 ||
++ hh >= (G_MAXINT/sizeof(uint32)) / ww)
+ {
+ TIFFClose(tif);
+ return NULL;
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c
+--- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004
+@@ -40,8 +40,12 @@
+ context = 0;
+ i = j = 0;
+ cmap = NULL;
++ memset(lookup, 0, sizeof(lookup));
+
+ line = malloc(lsz);
++ if (!line)
++ return NULL;
++
+ while (!done)
+ {
+ pc = c;
+@@ -70,25 +74,25 @@
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (*w > 32767)
++ if (*w <= 0 || *w > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
+ free(line);
+ return NULL;
+ }
+- if (*h > 32767)
++ if (*h <= 0 || *h > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
+ free(line);
+@@ -120,11 +124,13 @@
+ {
+ int slen;
+ int hascolor, iscolor;
++ int space;
+
+ hascolor = 0;
+ iscolor = 0;
+ tok[0] = 0;
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ s[0] = 0;
+ len = strlen(line);
+ strncpy(cmap[j].str, line, cpp);
+@@ -147,10 +153,10 @@
+ {
+ if (k >= len)
+ {
+- if (col[0])
+- strcat(col, " ");
+- if (strlen(col) + strlen(s) < sizeof(col))
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strncat(col, " ", space), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ if (col[0])
+ {
+@@ -180,14 +186,17 @@
+ }
+ }
+ }
+- strcpy(tok, s);
++ if (slen < sizeof(tok))
++ strcpy(tok, s);
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ }
+ else
+ {
+- if (col[0])
+- strcat(col, " ");
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ }
+ }
+diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c
+--- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004
+@@ -1355,11 +1355,16 @@
+
+ /*
+ * Make sure we don't wrap on our memory allocations
++ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp
++ * + 3 is safety margin
+ */
+
+ void *_gdk_malloc_image(unsigned int w, unsigned int h)
+ {
+- if( w > 32767 || h > 32767)
++ if (w <= 0 || w > 32767 ||
++ h <= 0 || h > 32767 ||
++ h >= (G_MAXINT/4 - 1) / w)
+ return NULL;
+- return malloc(w * h * 3);
++ return malloc(w * h * 3 + 3);
+ }
++
+diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c
+--- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004
+@@ -1236,36 +1236,56 @@
+ context = 0;
+ ptr = NULL;
+ end = NULL;
++ memset(lookup, 0, sizeof(lookup));
+
+ while (!done)
+ {
+ line = data[count++];
++ if (!line)
++ break;
++ line = strdup(line);
++ if (!line)
++ break;
++ len = strlen(line);
++ for (i = 0; i < len; ++i)
++ {
++ c = line[i];
++ if (c < 32)
++ line[i] = 32;
++ else if (c > 127)
++ line[i] = 127;
++ }
++
+ if (context == 0)
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (w > 32767)
++ if (w <= 0 || w > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (h > 32767)
++ if (h <= 0 || h > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+ cmap = malloc(sizeof(struct _cmap) * ncolors);
+@@ -1273,6 +1293,7 @@
+ if (!cmap)
+ {
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->rgb_width = w;
+@@ -1282,6 +1303,7 @@
+ {
+ free(cmap);
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->alpha_data = NULL;
+@@ -1355,7 +1377,7 @@
+ strcpy(col + colptr, " ");
+ colptr++;
+ }
+- if (colptr + ls <= sizeof(col))
++ if (colptr + ls < sizeof(col))
+ {
+ strcpy(col + colptr, s);
+ colptr += ls;
+@@ -1558,6 +1580,7 @@
+ }
+ if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
+ done = 1;
++ free(line);
+ }
+ if (!transp)
+ {