cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct serious bugs in imlib2's xpm loader.

Browse Source 
Obtained from:	enlightenment CVS
Security: http://vuxml.freebsd.org/2001103a-6bbd-11d9-851d-000a95bc6fae.html
This commit is contained in:
Jacques Vidrine 2005-01-21 15:20:34 +00:00
parent ba1ab33456
commit 52552fca63
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=127017
2 changed files with 91 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
graphics/imlib2/Makefile
View File

@ -7,7 +7,7 @@
PORTNAME= imlib2
PORTVERSION= 1.1.2
PORTREVISION= 0
PORTREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= enlightenment

90
graphics/imlib2/files/patch-security-1 Normal file
View File

@ -0,0 +1,90 @@
===================================================================
RCS file: /cvsroot/enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c 2004/12/14 03:50:46 1.2
+++ loaders/loader_xpm.c 2005/01/04 03:34:03 1.3
@@ -192,37 +192,37 @@
{
/* Header */
sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
- if (ncolors > 32766)
+ if ((ncolors > 32766) || (ncolors < 1))
{
fprintf(stderr,
- "IMLIB ERROR: XPM files with colors > 32766 not supported\n");
+ "IMLIB ERROR: XPM files with colors > 32766 or < 1 not supported\n");
free(line);
fclose(f);
xpm_parse_done();
return 0;
}
- if (cpp > 5)
+ if ((cpp > 5) || (cpp < 1))
{
fprintf(stderr,
- "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
+ "IMLIB ERROR: XPM files with characters per pixel > 5 or < 1not supported\n");
free(line);
fclose(f);
xpm_parse_done();
return 0;
}
- if (w > 32767)
+ if ((w > 32767) || (w < 1))
{
fprintf(stderr,
- "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ "IMLIB ERROR: Image width > 32767 or < 1 pixels for file\n");
free(line);
fclose(f);
xpm_parse_done();
return 0;
}
- if (h > 32767)
+ if ((h > 32767) || (h < 1))
{
fprintf(stderr,
- "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ "IMLIB ERROR: Image height > 32767 or < 1 pixels for file\n");
free(line);
fclose(f);
xpm_parse_done();
@@ -284,9 +284,14 @@
if (k >= len)
{
if (col[0])
- strcat(col, " ");
+ {
+ if (strlen(col) < ( sizeof(col) - 2))
+ strcat(col, " ");
+ else
+ done = 1;
+ }
if (strlen(col) + strlen(s) <
- sizeof(col))
+ (sizeof(col) - 1))
strcat(col, s);
}
if (col[0])
@@ -322,9 +327,16 @@
}
else
{
- if (col[0])
- strcat(col, " ");
- strcat(col, s);
+ if (col[0])
+ {
+ if (strlen(col) < ( sizeof(col) - 2))
+ strcat(col, " ");
+ else
+ done = 1;
+ }
+ if (strlen(col) + strlen(s) <
+ (sizeof(col) - 1))
+ strcat(col, s);
}
}
}