openbsd-ports/x11/openmotif/patches/patch-lib_Xm_Xpmcreate_c

40 lines
1.3 KiB
Plaintext
Raw Normal View History

$OpenBSD: patch-lib_Xm_Xpmcreate_c,v 1.2 2007/07/18 21:41:05 mbalmer Exp $
--- lib/Xm/Xpmcreate.c.orig Tue Dec 6 18:31:15 2005
+++ lib/Xm/Xpmcreate.c Sat Jun 30 10:39:31 2007
2004-09-01 18:57:36 -04:00
@@ -1,4 +1,5 @@
/* $XConsortium: Xpmcreate.c /main/8 1996/09/20 08:15:02 pascale $ */
+/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
/*
* Copyright (C) 1989-95 GROUPE BULL
*
@@ -809,6 +810,9 @@ XpmCreateImageFromXpmImage(display, image,
if (image->ncolors >= UINT_MAX / sizeof(Pixel))
return (XpmNoMemory);
2004-09-01 18:57:36 -04:00
+ if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
+ return (XpmNoMemory);
+
/* malloc pixels index tables */
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
if (!image_pixels)
@@ -2254,6 +2258,9 @@ ParseAndPutPixels(dc, data, width, height, ncolors, cp
if (ncolors > 256)
return (XpmFileInvalid);
2004-09-01 18:57:36 -04:00
+ if (ncolors > 256)
+ return (XpmFileInvalid);
+
bzero((char *)colidx, 256 * sizeof(short));
for (a = 0; a < ncolors; a++)
colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
@@ -2351,6 +2358,9 @@ if (cidx[f]) XpmFree(cidx[f]);}
2004-09-01 18:57:36 -04:00
{
char *s;
char buf[BUFSIZ];
+
+ if (cpp >= sizeof(buf))
+ return (XpmFileInvalid);
if (cpp >= sizeof(buf))
return (XpmFileInvalid);