SECURITY:

fix a possible integer overflow;

http://www.vuxml.org/openbsd/23ac1dfa-9273-11d9-ac88-080020fe8945.html

x11/mlterm/Makefile

@@ -1,7 +1,8 @@
-# $OpenBSD: Makefile,v 1.5 2004/12/17 15:18:33 alek Exp $
+# $OpenBSD: Makefile,v 1.6 2005/03/11 21:30:14 robert Exp $
 
 COMMENT=	"color terminal emulator with transparency and unicode support"
 DISTNAME=	mlterm-2.9.0
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	x11
 
 MAINTAINER=	Waldemar Brodkorb <wbx@openbsd.de>

x11/mlterm/patches/patch-xwindow_x_imagelib_gdk_c

@@ -0,0 +1,55 @@
+$OpenBSD: patch-xwindow_x_imagelib_gdk_c,v 1.1 2005/03/11 21:30:14 robert Exp $
+--- xwindow/x_imagelib_gdk.c.orig	Fri Mar 11 21:52:55 2005
++++ xwindow/x_imagelib_gdk.c	Fri Mar 11 21:57:26 2005
+@@ -294,6 +294,12 @@
+ 	unsigned char *pixel ;
+ 	int i, j ;
+ 
++	if( !width || !height)
++		return -1;
++	
++	if( width > ((SIZE_MAX / 4) - 2) / height)
++		return -1; /* integer overflow */
++		
+ 	*cardinal = malloc( (width * height + 2) *4) ;
+ 	if( !(*cardinal))
+ 		return  -1 ;
+@@ -356,7 +362,7 @@
+ 	int blue
+ 	)
+ {
+-	int  closest ;
++	int  closest = 0 ;
+ 	int  i ;
+ 	unsigned long  min = 0xffffff ;
+ 	unsigned long  diff ;
+@@ -831,6 +837,9 @@
+ 
+ 	width = gdk_pixbuf_get_width( pixbuf) ;
+ 	height = gdk_pixbuf_get_height( pixbuf) ;
++	
++	if( !width || !height)
++		return	NULL ;
+ 
+ 	r_mask = vinfo[0].red_mask ;
+ 	g_mask = vinfo[0].green_mask ;
+@@ -851,6 +860,9 @@
+ 		int r_limit, g_limit, b_limit ;
+ 		u_int16_t *data ;
+ 
++		if( width > (SIZE_MAX / 2) / height)
++			return	NULL ;
++			
+ 		data = (u_int16_t *)malloc( width *  height * 2) ;
+ 		if( !data)
+ 			return  NULL ;
+@@ -883,6 +895,9 @@
+ 	{
+ 		u_int32_t *  data ;
+ 
++		if( width > (SIZE_MAX / 4) / height)
++			return	NULL;
++			
+ 		data = (u_int32_t *)malloc( width *  height * 4) ;
+ 		if( !data)
+ 			return  NULL;