openbsd-ports/graphics/xzgv/patches/patch-src_main_c
ajacoutot 57f0b5d904 SECURITY - fix a heap overflow
While here:
- remove quotes around COMMENT
- change MAINTAINER's email
- update patches
- reformat dependencies/WANTLIB
- don't use hardcoded patches in man and info pages

based on a diff from Julian Leyh <julian at vgai dot de> (MAINTAINER)
2007-07-17 12:45:49 +00:00

151 lines
5.1 KiB
Plaintext

$OpenBSD: patch-src_main_c,v 1.3 2007/07/17 12:45:49 ajacoutot Exp $
--- src/main.c.orig Tue Sep 16 15:49:01 2003
+++ src/main.c Tue Jul 17 14:26:29 2007
@@ -3007,25 +3007,25 @@ if(l<=4) return(0);
* natively, and uses ImageMagick's `convert' for others.
* But we have our own GIF/PNG/mrf readers.
*/
-if((!strcasecmp(filename+l-4,".gif")) ||
- (!strcasecmp(filename+l-4,".jpg")) ||
- (!strcasecmp(filename+l-5,".jpeg")) ||
- (!strcasecmp(filename+l-4,".png")) ||
- (!strcasecmp(filename+l-4,".mrf")) ||
- (!strcasecmp(filename+l-4,".xbm")) ||
- (!strcasecmp(filename+l-5,".icon")) || /* presumably an XBM */
- (!strcasecmp(filename+l-4,".xpm")) ||
- (!strcasecmp(filename+l-4,".pbm")) ||
- (!strcasecmp(filename+l-4,".pgm")) ||
- (!strcasecmp(filename+l-4,".ppm")) ||
- (!strcasecmp(filename+l-4,".bmp")) ||
- (!strcasecmp(filename+l-4,".tga")) ||
- (!strcasecmp(filename+l-4,".pcx")) ||
- (!strcasecmp(filename+l-4,".tif")) ||
- (!strcasecmp(filename+l-5,".tiff")) ||
- (!strcasecmp(filename+l-4,".prf")) ||
- (!strcasecmp(filename+l-4,".tim")) ||
- (!strcasecmp(filename+l-4,".xwd")))
+if((!strncasecmp(filename+l-4,".gif",5)) ||
+ (!strncasecmp(filename+l-4,".jpg",5)) ||
+ (!strncasecmp(filename+l-5,".jpeg",6)) ||
+ (!strncasecmp(filename+l-4,".png",5)) ||
+ (!strncasecmp(filename+l-4,".mrf",5)) ||
+ (!strncasecmp(filename+l-4,".xbm",5)) ||
+ (!strncasecmp(filename+l-5,".icon",6)) || /* presumably an XBM */
+ (!strncasecmp(filename+l-4,".xpm",5)) ||
+ (!strncasecmp(filename+l-4,".pbm",5)) ||
+ (!strncasecmp(filename+l-4,".pgm",5)) ||
+ (!strncasecmp(filename+l-4,".ppm",5)) ||
+ (!strncasecmp(filename+l-4,".bmp",5)) ||
+ (!strncasecmp(filename+l-4,".tga",5)) ||
+ (!strncasecmp(filename+l-4,".pcx",5)) ||
+ (!strncasecmp(filename+l-4,".tif",5)) ||
+ (!strncasecmp(filename+l-5,".tiff",6)) ||
+ (!strncasecmp(filename+l-4,".prf",5)) ||
+ (!strncasecmp(filename+l-4,".tim",5)) ||
+ (!strncasecmp(filename+l-4,".xwd",5)))
return(1);
else
return(0);
@@ -3090,8 +3090,8 @@ for(f=0;f<IDLE_XVPIC_NUM_PER_CALL;f++)
{
/* construct filename for file's (possible) thumbnail */
gtk_clist_get_text(GTK_CLIST(clist),*entryp,SELECTOR_NAME_COL,&ptr);
- strcpy(buf,".xvpics/");
- strncat(buf,ptr,sizeof(buf)-8-2); /* above string is 8 chars long */
+ strlcpy(buf,".xvpics/",sizeof(buf));
+ strlcat(buf,ptr,sizeof(buf));
datptr=gtk_clist_get_row_data(GTK_CLIST(clist),*entryp);
@@ -3433,10 +3433,10 @@ void set_title(int include_dir)
{
static char buf[1024];
-strcpy(buf,"xzgv");
+strlcpy(buf,"xzgv",sizeof(buf));
if(include_dir)
{
- strcat(buf,": ");
+ strlcat(buf,": ",sizeof(buf));
getcwd(buf+strlen(buf),sizeof(buf)-strlen(buf)-2);
}
@@ -3574,6 +3574,7 @@ static char *prefix=".xvpics/";
char *ptr,*tn;
int row;
int was_reading=0;
+int siz;
row=GTK_CLIST(clist)->focus_row;
gtk_clist_get_text(GTK_CLIST(clist),row,SELECTOR_NAME_COL,&ptr);
@@ -3590,9 +3591,10 @@ cb_back_to_clist();
/* construct thumbnail filename early, as we're about to delete
* the row containing the filename itself.
*/
-tn=malloc(strlen(prefix)+strlen(ptr)+1);
+siz=strlen(prefix)+strlen(ptr)+1;
+tn=malloc(siz);
if(tn)
- strcpy(tn,prefix),strcat(tn,ptr);
+ strlcpy(tn,prefix,siz),strlcat(tn,ptr,siz);
/* remove the row in the clist. We need to stop/restart thumbnail read
* if it's running, as unexpectedly losing a row midway through could
@@ -3634,6 +3636,7 @@ static char *prefix="Really delete `",*suffix="'?";
struct clist_data_tag *datptr;
char *ptr,*msg;
int row;
+int siz;
row=GTK_CLIST(clist)->focus_row;
if(row<0 || row>=numrows) return;
@@ -3644,12 +3647,13 @@ if(!ptr) return;
datptr=gtk_clist_get_row_data(GTK_CLIST(clist),row);
if(!datptr || datptr->isdir) return;
-msg=malloc(strlen(ptr)+strlen(prefix)+strlen(suffix)+1);
+siz=strlen(ptr)+strlen(prefix)+strlen(suffix)+1;
+msg=malloc(siz);
if(!msg) return;
-strcpy(msg,prefix);
-strcat(msg,ptr);
-strcat(msg,suffix);
+strlcpy(msg,prefix,siz);
+strlcat(msg,ptr,siz);
+strlcat(msg,suffix,siz);
/* ok, check if they're sure. If so, the above callback routine
* will be called.
@@ -3667,6 +3671,7 @@ void reinit_dir(int do_pastpos,int try_to_save_cursor_
{
int row;
char *ptr,*oldname=NULL;
+int siz;
if(do_pastpos && try_to_save_cursor_pos)
fprintf(stderr,"xzgv: both args to reinit_dir() set, bug alert :-)\n"),
@@ -3676,10 +3681,11 @@ if(try_to_save_cursor_pos)
{
gtk_clist_get_text(GTK_CLIST(clist),GTK_CLIST(clist)->focus_row,
SELECTOR_NAME_COL,&ptr);
- if(!ptr || (oldname=malloc(strlen(ptr)+1))==NULL)
+ siz=strlen(ptr)+1;
+ if(!ptr || (oldname=malloc(siz))==NULL)
try_to_save_cursor_pos=0;
else
- strcpy(oldname,ptr);
+ strlcpy(oldname,ptr,siz);
}
blast_clist();
@@ -4587,7 +4593,7 @@ int f,siz=logo_w*logo_h*3,c;
unsigned char *ptr=logo_data;
/* invert it */
-for(f=0;f<siz;f++) *ptr++=255-*ptr;
+for(f=0;f<siz;f++,ptr++) *ptr=255-*ptr;
/* ok, now kludge it :-) - the black right/bottom edge turns to white,
* which is too bright. Make that the same as the grey line above/left of it.