1 diff -urN netpbm-9.25.orig/COPYRIGHT.PATENT netpbm-9.25/COPYRIGHT.PATENT
2 --- netpbm-9.25.orig/COPYRIGHT.PATENT 2001-11-12 20:16:00.000000000 +0100
3 +++ netpbm-9.25/COPYRIGHT.PATENT 2004-05-12 11:53:57.823565720 +0200
5 The copyrights on individual components of this package are detailed
6 at appropriate places within the package.
8 +These security fixes for netpbm are (c) Copyright 2002 Red Hat Inc.
9 +Red Hat has not fixed those items with patent claims or commercial
10 +use restrictions. These changes include NO WARRANTY and are provided
11 +under the Open Software License v.1 (see file OPENLICENSE).
16 diff -urN netpbm-9.25.orig/OPENLICENSE netpbm-9.25/OPENLICENSE
17 --- netpbm-9.25.orig/OPENLICENSE 1970-01-01 01:00:00.000000000 +0100
18 +++ netpbm-9.25/OPENLICENSE 2004-05-12 11:53:57.831564504 +0200
20 + The Open Software License
23 +This Open Software License (the "License") applies to any original work of
24 +authorship (the "Original Work") whose owner (the "Licensor") has placed the
25 +following notice immediately following the copyright notice for the Original
28 +Licensed under the Open Software License version 1.1
30 +1) Grant of Copyright License. Licensor hereby grants You a world-wide,
31 +royalty-free, non-exclusive, perpetual, non-sublicenseable license to do the
34 +a) to reproduce the Original Work in copies;
36 +b) to prepare derivative works ("Derivative Works") based upon the Original
39 +c) to distribute copies of the Original Work and Derivative Works to the
40 +public, with the proviso that copies of Original Work or Derivative Works that
41 +You distribute shall be licensed under the Open Software License;
43 +d) to perform the Original Work publicly; and
45 +e) to display the Original Work publicly.
47 +2) Grant of Patent License. Licensor hereby grants You a world-wide,
48 +royalty-free, non-exclusive, perpetual, non-sublicenseable license, under
49 +patent claims owned or controlled by the Licensor that are embodied in the
50 +Original Work as furnished by the Licensor ("Licensed Claims") to make, use,
51 +sell and offer for sale the Original Work. Licensor hereby grants You a
52 +world-wide, royalty-free, non-exclusive, perpetual, non-sublicenseable license
53 +under the Licensed Claims to make, use, sell and offer for sale Derivative Works.
55 +3) Grant of Source Code License. The term "Source Code" means the preferred
56 +form of the Original Work for making modifications to it and all available
57 +documentation describing how to modify the Original Work. Licensor hereby
58 +agrees to provide a machine-readable copy of the Source Code of the Original
59 +Work along with each copy of the Original Work that Licensor distributes.
60 +Licensor reserves the right to satisfy this obligation by placing a
61 +machine-readable copy of the Source Code in an information repository reasonably
62 +calculated to permit inexpensive and convenient access by You for as long as
63 + Licensor continues to distribute the Original Work, and by publishing the
64 +address of that information repository in a notice immediately following the
65 +copyright notice that applies to the Original Work.
68 +4) Exclusions From License Grant. Nothing in this License shall be deemed to
69 +grant any rights to trademarks, copyrights, patents, trade secrets or any
70 +other intellectual property of Licensor except as expressly stated herein. No
71 +patent license is granted to make, use, sell or offer to sell embodiments of
72 +any patent claims other than the Licensed Claims defined in Section 2. No
73 +right is granted to the trademarks of Licensor even if such marks are included
74 +in the Original Work. Nothing in this License shall be interpreted to prohibit
75 +Licensor from licensing under different terms from this License any Original
76 +Work that Licensor otherwise would have a right to license.
78 +5) External Deployment. The term "External Deployment" means the use or
79 +distribution of the Original Work or Derivative Works in any way such that the
80 +Original Work or Derivative Works may be used by anyone other than You,
81 +whether the Original Work or Derivative Works are distributed to those persons
82 +or made available as an application intended for use over a computer network.
83 +As an express condition for the grants of license hereunder, You agree that
84 +any External Deployment by You of a Derivative Work shall be deemed a
85 +distribution and shall be licensed to all under the terms of this License, as
86 +prescribed in section 1(c) herein.
88 +6) Attribution Rights. You must retain, in the Source Code of any Derivative
89 +Works that You create, all copyright, patent or trademark notices from the
90 +Source Code of the Original Work, as well as any notices of licensing and any
91 +descriptive text identified therein as an "Attribution Notice." You must cause
92 +the Source Code for any Derivative Works that You create to carry a prominent
93 +Attribution Notice reasonably calculated to inform recipients that You have
94 +modified the Original Work.
96 +7) Warranty and Disclaimer of Warranty. Licensor warrants that the copyright
97 +in and to the Original Work is owned by the Licensor or that the Original Work
98 +is distributed by Licensor under a valid current license from the copyright
99 +owner. Except as expressly stated in the immediately proceeding sentence, the
100 +Original Work is provided under this License on an "AS IS" BASIS and WITHOUT
101 +WARRANTY, either express or implied, including, without limitation, the
102 +warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A PARTICULAR
103 +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU.
104 +This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No
105 +license to Original Work is granted hereunder except under this disclaimer.
107 +8) Limitation of Liability. Under no circumstances and under no legal theory,
108 +whether in tort (including negligence), contract, or otherwise, shall the
109 +Licensor be liable to any person for any direct, indirect, special, incidental,
110 +or consequential damages of any character arising as a result of this License
111 +or the use of the Original Work including, without limitation, damages for
112 +loss of goodwill, work stoppage, computer failure or malfunction, or any and
113 +all other commercial damages or losses. This limitation of liability shall not
114 +apply to liability for death or personal injury resulting from Licensor's
115 +negligence to the extent applicable law prohibits such limitation. Some
116 +jurisdictions do not allow the exclusion or limitation of incidental or
117 +consequential damages, so this exclusion and limitation may not apply to You.
120 +9) Acceptance and Termination. If You distribute copies of the Original Work
121 +or a Derivative Work, You must make a reasonable effort under the circumstances
122 +to obtain the express and volitional assent of recipients to the terms of this
123 +License. Nothing else but this License (or another written agreement between
124 +Licensor and You) grants You permission to create Derivative Works based upon
125 +the Original Work or to exercise any of the rights granted in Sections 1 herein,
126 +and any attempt to do so except under the terms of this License (or another
127 +written agreement between Licensor and You) is expressly prohibited by U.S.
128 +copyright law, the equivalent laws of other countries, and by international
129 +treaty. Therefore, by exercising any of the rights granted to You in Sections
130 +1 herein, You indicate Your acceptance of this License and all of its terms and
131 +conditions. This License shall terminate immediately and you may no longer
132 +exercise any of the rights granted to You by this License upon Your failure to
133 +honor the proviso in Section 1(c) herein.
135 +10) Mutual Termination for Patent Action. This License shall terminate
136 +automatically and You may no longer exercise any of the rights granted to You
137 +by this License if You file a lawsuit in any court alleging that any OSI
138 +Certified open source software that is licensed under any license containing
139 +this "Mutual Termination for Patent Action" clause infringes any patent claims
140 +that are essential to use that software.
142 +11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this
143 +License may be brought only in the courts of a jurisdiction wherein the Licensor
144 +resides or in which Licensor conducts its primary business, and under the laws
145 +of that jurisdiction excluding its conflict-of-law provisions. The application
146 +of the United Nations Convention on Contracts for the International Sale of
147 +Goods is expressly excluded. Any use of the Original Work outside the scope of
148 +this License or after its termination shall be subject to the requirements and
149 +penalties of the U.S. Copyright Act, 17 U.S.C. å¤ 101 et seq., the equivalent
150 +laws of other countries, and international treaty. This section shall survive
151 +the termination of this License.
153 +12) Attorneys Fees. In any action to enforce the terms of this License or
154 +seeking damages relating thereto, the prevailing party shall be entitled to
155 +recover its costs and expenses, including, without limitation, reasonable
156 +attorneys' fees and costs incurred in connection with such action, including
157 +any appeal of such action. This section shall survive the termination of this
160 +13) Miscellaneous. This License represents the complete agreement concerning
161 +the subject matter hereof. If any provision of this License is held to be
162 +unenforceable, such provision shall be reformed only to the extent necessary
163 +to make it enforceable.
165 +14) Definition of "You" in This License. "You" throughout this License,
166 +whether in upper or lower case, means an individual or a legal entity exercising
167 +rights under, and complying with all of the terms of, this License. For legal
168 +entities, "You" includes any entity that controls, is controlled by, or is under
169 +common control with you. For purposes of this definition, "control" means (i)
170 +the power, direct or indirect, to cause the direction or management of such
171 +entity, whether by contract or otherwise, or (ii) ownership of fifty percent
172 +(50%) or more of the outstanding shares, or (iii) beneficial ownership of such
175 +15) Right to Use. You may use the Original Work in all ways not otherwise
176 +restricted or conditioned by this License or by law, and Licensor promises not
177 +to interfere with or be responsible for such uses by You.
179 +This license is Copyright (C) 2002 Lawrence E. Rosen. All rights reserved.
180 +Permission is hereby granted to copy and distribute this license without
181 +modification. This license may not be modified without the express written
182 +permission of its copyright owner.
183 diff -urN netpbm-9.25.orig/pbm/atktopbm.c netpbm-9.25/pbm/atktopbm.c
184 --- netpbm-9.25.orig/pbm/atktopbm.c 2000-03-19 05:33:36.000000000 +0100
185 +++ netpbm-9.25/pbm/atktopbm.c 2004-05-12 11:52:28.426156192 +0200
189 rowlen = (width + 7) / 8;
190 - *destaddr = (unsigned char *) malloc (sizeof(unsigned char) * height *
192 + *destaddr = (unsigned char *) malloc3 (sizeof(unsigned char), height, rowlen);
193 for (row = 0; row < height; row++)
196 diff -urN netpbm-9.25.orig/pbm/icontopbm.c netpbm-9.25/pbm/icontopbm.c
197 --- netpbm-9.25.orig/pbm/icontopbm.c 1993-10-04 10:10:28.000000000 +0100
198 +++ netpbm-9.25/pbm/icontopbm.c 2004-05-12 11:52:28.428155888 +0200
207 static void ReadIconFile ARGS(( FILE* file, int* width, int* height, short** data ));
210 pm_error( "invalid height: %d", *height );
212 + if ( *width > INT_MAX - 16 || *width < 0)
213 + pm_error( "invalid width: %d", *width);
215 + overflow2(*width + 16, *height);
217 data_length = BitmapSize( *width, *height );
218 *data = (short*) malloc( data_length );
220 diff -urN netpbm-9.25.orig/pbm/libpbm1.c netpbm-9.25/pbm/libpbm1.c
221 --- netpbm-9.25.orig/pbm/libpbm1.c 2002-01-03 21:09:23.000000000 +0100
222 +++ netpbm-9.25/pbm/libpbm1.c 2004-05-12 11:52:28.426156192 +0200
224 const int format, const int cols, const int rows,
225 enum pm_check_code * const retval_p) {
227 + if (rows < 0 || cols < 0)
228 + pm_error("invalid image");
229 if (check_type != PM_CHECK_BASIC) {
230 if (retval_p) *retval_p = PM_CHECK_UNKNOWN_TYPE;
231 } else if (format != RPBM_FORMAT) {
232 if (retval_p) *retval_p = PM_CHECK_UNCHECKABLE;
234 + /* signed to unsigned so wont wrap */
235 const unsigned int bytes_per_row = (cols+7)/8;
236 const unsigned int need_raster_size = rows * bytes_per_row;
238 + overflow2(bytes_per_row, rows);
240 pm_check(file, check_type, need_raster_size, retval_p);
242 diff -urN netpbm-9.25.orig/pbm/libpbm5.c netpbm-9.25/pbm/libpbm5.c
243 --- netpbm-9.25.orig/pbm/libpbm5.c 2000-05-06 08:30:12.000000000 +0200
244 +++ netpbm-9.25/pbm/libpbm5.c 2004-05-12 11:52:28.424156496 +0200
245 @@ -767,15 +767,18 @@
249 - glyph = (struct glyph*) malloc( sizeof(struct glyph) * 95 );
250 + glyph = (struct glyph*) malloc2( sizeof(struct glyph), 95 );
251 if ( glyph == (struct glyph*) 0 )
252 pm_error( "out of memory allocating glyphs" );
254 - bmap = (char*) malloc( fn->maxwidth * fn->maxheight * 95 );
255 + bmap = (char*) malloc3( fn->maxwidth, fn->maxheight, 95 );
256 if ( bmap == (char*) 0)
257 pm_error( "out of memory allocating glyph data" );
259 /* Now fill in the 0,0 coords. */
260 + overflow2(char_height, 2);
261 + overflow2(char_width, 2);
263 row = char_height * 2;
264 col = char_width * 2;
265 for ( ch = 0; ch < 95; ++ch )
266 @@ -1022,7 +1025,7 @@
267 glyph->x = atoi(arg[3]);
268 glyph->y = atoi(arg[4]);
270 - if (!(glyph->bmap = (char*)malloc(glyph->width * glyph->height)))
271 + if (!(glyph->bmap = (char*)malloc2(glyph->width, glyph->height)))
272 pm_error("no memory for font glyph byte map");
274 if (readline(fp, line, arg) < 0) { fclose(fp); return 0; }
275 diff -urN netpbm-9.25.orig/pbm/libpbmvms.c netpbm-9.25/pbm/libpbmvms.c
276 --- netpbm-9.25.orig/pbm/libpbmvms.c 2000-05-26 20:34:55.000000000 +0200
277 +++ netpbm-9.25/pbm/libpbmvms.c 2004-05-12 11:52:28.448152848 +0200
279 +#warning "NOT AUDITED"
281 /***************************************************************************
282 This file contains library routines needed to build Netpbm for VMS.
283 However, as of 2000.05.26, when these were split out of libpbm1.c
284 diff -urN netpbm-9.25.orig/pbm/libpm.c netpbm-9.25/pbm/libpm.c
285 --- netpbm-9.25.orig/pbm/libpm.c 2002-02-24 23:37:29.000000000 +0100
286 +++ netpbm-9.25/pbm/libpm.c 2004-05-12 11:52:28.449152696 +0200
288 **************************************************************************/
296 pm_allocrow(int const cols, int const size) {
297 register char* itrow;
299 - itrow = (char*) malloc( cols * size );
300 + itrow = (char*) malloc2( cols , size );
301 if ( itrow == (char*) 0 )
302 pm_error( "out of memory allocating a row" );
304 @@ -108,10 +109,10 @@
308 - its = (char**) malloc( rows * sizeof(char*) );
309 + its = (char**) malloc2( rows, sizeof(char*) );
310 if ( its == (char**) 0 )
311 pm_error( "out of memory allocating an array" );
312 - its[0] = (char*) malloc( rows * cols * size );
313 + its[0] = (char*) malloc3( rows, cols, size );
314 if ( its[0] == (char*) 0 )
315 pm_error( "out of memory allocating an array" );
316 for ( i = 1; i < rows; ++i )
317 @@ -129,10 +130,12 @@
318 pm_allocarray(int const cols, int const rows, int const size) {
321 - its = (char**) malloc( (rows + 1) * sizeof(char*) );
323 + overflow_add(rows, 1);
324 + its = (char**) malloc2( (rows + 1), sizeof(char*) );
325 if ( its == (char**) 0 )
326 pm_error( "out of memory allocating an array" );
327 - its[rows] = its[0] = (char*) malloc( rows * cols * size );
328 + its[rows] = its[0] = (char*) malloc3( rows. cols, size );
329 if ( its[0] != (char*) 0 )
330 for ( i = 1; i < rows; ++i )
331 its[i] = &(its[0][i * cols * size]);
340 +void overflow2(int a, int b)
343 + pm_error("object too large");
346 + if(a > INT_MAX / b)
347 + pm_error("object too large");
350 +void overflow3(int a, int b, int c)
356 +void overflow_add(int a, int b)
358 + if( a > INT_MAX - b)
359 + pm_error("object too large");
362 +void *malloc2(int a, int b)
366 + pm_error("Zero byte allocation");
367 + return malloc(a*b);
370 +void *malloc3(int a, int b, int c)
372 + overflow3(a, b, c);
374 + pm_error("Zero byte allocation");
375 + return malloc(a*b*c);
378 +void *realloc2(void * a, int b, int c)
382 + pm_error("Zero byte allocation");
383 + return realloc(a, b*c);
386 diff -urN netpbm-9.25.orig/pbm/mdatopbm.c netpbm-9.25/pbm/mdatopbm.c
387 --- netpbm-9.25.orig/pbm/mdatopbm.c 2000-05-06 11:28:53.000000000 +0200
388 +++ netpbm-9.25/pbm/mdatopbm.c 2004-05-12 11:52:28.442153760 +0200
390 pm_readlittleshort(infile, &yy); nInRows = yy;
391 pm_readlittleshort(infile, &yy); nInCols = yy;
393 + overflow2(nOutCols, 8);
394 nOutCols = 8*nInCols;
396 - if (bScale) nOutRows *= 2;
399 + overflow2(nOutRows, 2);
403 data = pbm_allocarray(nOutCols, nOutRows);
404 mdrow = malloc(nInCols);
405 diff -urN netpbm-9.25.orig/pbm/mgrtopbm.c netpbm-9.25/pbm/mgrtopbm.c
406 --- netpbm-9.25.orig/pbm/mgrtopbm.c 2000-03-03 02:02:09.000000000 +0100
407 +++ netpbm-9.25/pbm/mgrtopbm.c 2004-05-12 11:52:28.432155280 +0200
409 head.magic[0], head.magic[1] );
410 pad = -1; /* should never reach here */
413 + if(head.h_wide < ' ' || head.l_wide < ' ')
414 + pm_error("bad width/height chars in MGR file");
416 + overflow_add(*colsP, pad);
418 *colsP = ( ( (int) head.h_wide - ' ' ) << 6 ) + ( (int) head.l_wide - ' ' );
419 *rowsP = ( ( (int) head.h_high - ' ' ) << 6 ) + ( (int) head.l_high - ' ' );
420 *padrightP = ( ( *colsP + pad - 1 ) / pad ) * pad - *colsP;
421 diff -urN netpbm-9.25.orig/pbm/pbmlife.c netpbm-9.25/pbm/pbmlife.c
422 --- netpbm-9.25.orig/pbm/pbmlife.c 1993-10-04 10:10:37.000000000 +0100
423 +++ netpbm-9.25/pbm/pbmlife.c 2004-05-12 11:52:28.435154824 +0200
428 - if ( row < rows - 1 )
430 pbm_readpbmrow( ifp, nextrow, cols, format );
432 for ( col = 0; col < cols; ++col )
433 diff -urN netpbm-9.25.orig/pbm/pbmpage.c netpbm-9.25/pbm/pbmpage.c
434 --- netpbm-9.25.orig/pbm/pbmpage.c 2002-03-13 04:08:09.000000000 +0100
435 +++ netpbm-9.25/pbm/pbmpage.c 2004-05-12 11:52:28.443153608 +0200
443 /* Support both US and A4. */
445 /* We round the allocated row space up to a multiple of 8 so the ugly
446 fast code below can work.
449 + overflow_add(Width, 7);
451 pbmrow = pbm_allocrow(((Width+7)/8)*8);
454 diff -urN netpbm-9.25.orig/pbm/pbmpscale.c netpbm-9.25/pbm/pbmpscale.c
455 --- netpbm-9.25.orig/pbm/pbmpscale.c 2000-03-03 02:14:24.000000000 +0100
456 +++ netpbm-9.25/pbm/pbmpscale.c 2004-05-12 11:52:28.427156040 +0200
458 inrow[0] = inrow[1] = inrow[2] = NULL;
459 pbm_readpbminit(ifd, &columns, &rows, &format) ;
461 + overflow2(columns, scale);
462 outrow = pbm_allocrow(columns*scale) ;
463 - flags = (unsigned char *)malloc(sizeof(unsigned char)*columns) ;
464 + flags = (unsigned char *)malloc2(sizeof(unsigned char), columns) ;
465 if (flags == NULL) pm_perror("out of memory") ;
467 pbm_writepbminit(stdout, columns*scale, rows*scale, 0) ;
468 diff -urN netpbm-9.25.orig/pbm/pbmreduce.c netpbm-9.25/pbm/pbmreduce.c
469 --- netpbm-9.25.orig/pbm/pbmreduce.c 2000-04-26 21:24:02.000000000 +0200
470 +++ netpbm-9.25/pbm/pbmreduce.c 2004-05-12 11:52:28.435154824 +0200
473 if ( halftone == QT_FS ) {
474 /* Initialize Floyd-Steinberg. */
475 - thiserr = (long*) malloc( ( newcols + 2 ) * sizeof(long) );
476 - nexterr = (long*) malloc( ( newcols + 2 ) * sizeof(long) );
477 + overflow_add(newcols, 2);
478 + thiserr = (long*) malloc2( ( newcols + 2 ), sizeof(long) );
479 + nexterr = (long*) malloc2( ( newcols + 2 ), sizeof(long) );
480 if ( thiserr == 0 || nexterr == 0 )
481 pm_error( "out of memory" );
483 diff -urN netpbm-9.25.orig/pbm/pbmtext.c netpbm-9.25/pbm/pbmtext.c
484 --- netpbm-9.25.orig/pbm/pbmtext.c 2001-03-20 03:44:49.000000000 +0100
485 +++ netpbm-9.25/pbm/pbmtext.c 2004-05-12 11:52:28.428155888 +0200
488 for (i = 1; i < argc; i++) {
490 + overflow_add(totaltextsize, 1);
492 cmdline_p->text = realloc(cmdline_p->text, totaltextsize);
493 if (cmdline_p->text == NULL)
494 pm_error("out of memory");
495 strcat(cmdline_p->text, " ");
497 + overflow_add(totaltextsize, strlen(argv[i]));
498 totaltextsize += strlen(argv[i]);
499 cmdline_p->text = realloc(cmdline_p->text, totaltextsize);
500 if (cmdline_p->text == NULL)
501 @@ -328,11 +330,12 @@
504 maxlines = 50; /* initial value */
505 - *input_textP = (char**) malloc(maxlines * sizeof(char*));
506 + *input_textP = (char**) malloc2(maxlines, sizeof(char*));
507 if (*input_textP == NULL)
508 pm_error("out of memory");
511 + overflow_add(strlen(cmdline_text), 1);
512 (*input_textP)[0] = malloc(strlen(cmdline_text)+1);
513 if ((*input_textP)[0] == NULL)
514 pm_error("Out of memory.");
516 while (fgets(buf, sizeof(buf), stdin) != NULL) {
517 fix_control_chars(buf, fn);
518 if (*linesP >= maxlines) {
519 + overflow2(maxlines, 2);
521 + overflow2(maxlines, sizeof(char *));
522 *input_textP = (char**) realloc((char*) *input_textP,
523 maxlines * sizeof(char*));
524 if(*input_textP == NULL)
526 hmargin = fn->maxwidth;
528 vmargin = fn->maxheight;
529 + overflow2(2, fn->maxwidth);
530 hmargin = 2 * fn->maxwidth;
533 @@ -441,10 +447,15 @@
537 + overflow2(2, vmargin);
538 + overflow2(lines, fn->maxheight);
539 + overflow_add(vmargin * 2, lines * fn->maxheight);
540 rows = 2 * vmargin + lines * fn->maxheight;
542 compute_image_width(lp, lines, fn, cmdline.space, &maxwidth, &maxleftb);
544 + overflow2(2, hmargin);
545 + overflow_add(2*hmargin, maxwidth);
546 cols = 2 * hmargin + maxwidth;
547 bits = pbm_allocarray(cols, rows);
549 diff -urN netpbm-9.25.orig/pbm/pbmto10x.c netpbm-9.25/pbm/pbmto10x.c
550 --- netpbm-9.25.orig/pbm/pbmto10x.c 1995-08-13 05:36:40.000000000 +0200
551 +++ netpbm-9.25/pbm/pbmto10x.c 2004-05-12 11:52:28.436154672 +0200
564 stripe = malloc(cols);
566 + pm_error("out of memory");
567 for (i = 0; i < LOW_RES_ROWS; ++i)
568 bitrows[i] = pbm_allocrow(cols);
569 printf("\033A\010"); /* '\n' = 8/72 */
573 stripe = malloc(cols);
575 + pm_error("out of memory");
576 for (i = 0; i < HIGH_RES_ROWS; ++i)
577 bitrows[i] = pbm_allocrow(cols);
578 printf("\0333\001"); /* \n = 1/144" */
579 diff -urN netpbm-9.25.orig/pbm/pbmtoascii.c netpbm-9.25/pbm/pbmtoascii.c
580 --- netpbm-9.25.orig/pbm/pbmtoascii.c 2000-03-25 23:23:05.000000000 +0100
581 +++ netpbm-9.25/pbm/pbmtoascii.c 2004-05-12 11:52:28.437154520 +0200
585 pbm_readpbminit( ifp, &cols, &rows, &format );
586 + overflow_add(cols, gridx);
587 ccols = ( cols + gridx - 1 ) / gridx;
588 bitrow = pbm_allocrow( cols );
589 sig = (int*) pm_allocrow( ccols, sizeof(int) );
590 + overflow_add(ccols, 1);
591 line = (char*) pm_allocrow( ccols + 1, sizeof(char) );
593 for ( row = 0; row < rows; row += gridy )
594 diff -urN netpbm-9.25.orig/pbm/pbmtoatk.c netpbm-9.25/pbm/pbmtoatk.c
595 --- netpbm-9.25.orig/pbm/pbmtoatk.c 2000-06-09 09:05:24.000000000 +0200
596 +++ netpbm-9.25/pbm/pbmtoatk.c 2004-05-12 11:52:28.437154520 +0200
598 bitrow = pbm_allocrow( cols );
600 /* Compute padding to round cols up to the nearest multiple of 16. */
601 + overflow_add(cols, 15);
602 padright = ( ( cols + 15 ) / 16 ) * 16 - cols;
604 printf ("\\begindata{raster,%d}\n", 1);
605 diff -urN netpbm-9.25.orig/pbm/pbmtocmuwm.c netpbm-9.25/pbm/pbmtocmuwm.c
606 --- netpbm-9.25.orig/pbm/pbmtocmuwm.c 1993-10-04 10:10:46.000000000 +0100
607 +++ netpbm-9.25/pbm/pbmtocmuwm.c 2004-05-12 11:52:28.438154368 +0200
609 bitrow = pbm_allocrow( cols );
611 /* Round cols up to the nearest multiple of 8. */
612 + overflow_add(cols, 7);
613 padright = ( ( cols + 7 ) / 8 ) * 8 - cols;
615 putinit( rows, cols );
616 diff -urN netpbm-9.25.orig/pbm/pbmtogem.c netpbm-9.25/pbm/pbmtogem.c
617 --- netpbm-9.25.orig/pbm/pbmtogem.c 2000-06-09 09:07:05.000000000 +0200
618 +++ netpbm-9.25/pbm/pbmtogem.c 2004-05-12 11:52:28.432155280 +0200
623 + overflow_add(cols, 7);
624 outmax = (cols + 7) / 8;
625 outrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char));
626 lastrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char));
627 diff -urN netpbm-9.25.orig/pbm/pbmtogo.c netpbm-9.25/pbm/pbmtogo.c
628 --- netpbm-9.25.orig/pbm/pbmtogo.c 2000-06-09 09:07:04.000000000 +0200
629 +++ netpbm-9.25/pbm/pbmtogo.c 2004-05-12 11:52:28.439154216 +0200
631 bitrow = pbm_allocrow(cols);
633 /* Round cols up to the nearest multiple of 8. */
634 + overflow_add(cols, 7);
635 rucols = ( cols + 7 ) / 8;
636 bytesperrow = rucols; /* GraphOn uses bytes */
638 diff -urN netpbm-9.25.orig/pbm/pbmtoicon.c netpbm-9.25/pbm/pbmtoicon.c
639 --- netpbm-9.25.orig/pbm/pbmtoicon.c 1993-10-04 10:10:50.000000000 +0100
640 +++ netpbm-9.25/pbm/pbmtoicon.c 2004-05-12 11:52:28.439154216 +0200
642 bitrow = pbm_allocrow( cols );
644 /* Round cols up to the nearest multiple of 16. */
645 + overflow_add(cols, 15);
646 pad = ( ( cols + 15 ) / 16 ) * 16 - cols;
648 padright = pad - padleft;
649 diff -urN netpbm-9.25.orig/pbm/pbmtolj.c netpbm-9.25/pbm/pbmtolj.c
650 --- netpbm-9.25.orig/pbm/pbmtolj.c 2002-02-22 05:32:44.000000000 +0100
651 +++ netpbm-9.25/pbm/pbmtolj.c 2004-05-12 11:52:28.441153912 +0200
659 static int floating = 0; /* suppress the ``ESC & l 0 E'' ? */
661 pbm_readpbminit( ifp, &cols, &rows, &format );
662 bitrow = pbm_allocrow( cols );
664 + overflow_add(cols, 8);
665 rowBufferSize = (cols + 7) / 8;
666 + overflow_add(rowBufferSize, 128);
667 + overflow_add(rowBufferSize, rowBufferSize+128);
668 + overflow_add(rowBufferSize+10, rowBufferSize/8);
669 packBufferSize = rowBufferSize + (rowBufferSize + 127) / 128 + 1;
670 deltaBufferSize = rowBufferSize + rowBufferSize / 8 + 10;
672 diff -urN netpbm-9.25.orig/pbm/pbmtomacp.c netpbm-9.25/pbm/pbmtomacp.c
673 --- netpbm-9.25.orig/pbm/pbmtomacp.c 2000-03-03 03:27:33.000000000 +0100
674 +++ netpbm-9.25/pbm/pbmtomacp.c 2004-05-12 11:52:28.440154064 +0200
679 + overflow_add(left, MAX_COLS - 1);
681 { if( right - left >= MAX_COLS )
682 right = left + MAX_COLS - 1;
687 + overflow_add(top, MAX_LINES - 1);
690 { if( bottom - top >= MAX_LINES )
691 bottom = top + MAX_LINES - 1;
692 diff -urN netpbm-9.25.orig/pbm/pbmtomda.c netpbm-9.25/pbm/pbmtomda.c
693 --- netpbm-9.25.orig/pbm/pbmtomda.c 2000-05-06 11:28:11.000000000 +0200
694 +++ netpbm-9.25/pbm/pbmtomda.c 2004-05-12 11:52:28.441153912 +0200
697 if (bScale) nOutRows = nInRows / 2;
698 else nOutRows = nInRows;
700 + overflow_add(nOutRows, 3);
701 nOutRows = ((nOutRows + 3) / 4) * 4;
702 /* MDA wants rows a multiple of 4 */
703 nOutCols = nInCols / 8;
704 diff -urN netpbm-9.25.orig/pbm/pbmtomgr.c netpbm-9.25/pbm/pbmtomgr.c
705 --- netpbm-9.25.orig/pbm/pbmtomgr.c 1993-10-04 10:10:50.000000000 +0100
706 +++ netpbm-9.25/pbm/pbmtomgr.c 2004-05-12 11:52:28.440154064 +0200
708 bitrow = pbm_allocrow( cols );
710 /* Round cols up to the nearest multiple of 8. */
711 + overflow_add(cols, 7);
712 padright = ( ( cols + 7 ) / 8 ) * 8 - cols;
714 putinit( rows, cols );
715 diff -urN netpbm-9.25.orig/pbm/pbmtoppa/pbm.c netpbm-9.25/pbm/pbmtoppa/pbm.c
716 --- netpbm-9.25.orig/pbm/pbmtoppa/pbm.c 2000-06-01 19:20:30.000000000 +0200
717 +++ netpbm-9.25/pbm/pbmtoppa/pbm.c 2004-05-12 11:52:28.444153456 +0200
722 + overflow_add(pbm->width, 7);
723 tmp=(pbm->width+7)/8;
724 tmp2=fread(data,1,tmp,pbm->fptr);
730 - pbm->revdata = malloc ((pbm->width+7)/8);
731 + overflow_add(pbm->width, 7);
732 + pbm->revdata = malloc((pbm->width+7)/8);
733 memcpy (pbm->revdata, data, (pbm->width+7)/8);
736 diff -urN netpbm-9.25.orig/pbm/pbmtoppa/pbmtoppa.c netpbm-9.25/pbm/pbmtoppa/pbmtoppa.c
737 --- netpbm-9.25.orig/pbm/pbmtoppa/pbmtoppa.c 2002-03-13 04:20:11.000000000 +0100
738 +++ netpbm-9.25/pbm/pbmtoppa/pbmtoppa.c 2004-05-12 11:52:28.443153608 +0200
743 + overflow_add(Width, 7);
747 diff -urN netpbm-9.25.orig/pbm/pbmtox10bm.c netpbm-9.25/pbm/pbmtox10bm.c
748 --- netpbm-9.25.orig/pbm/pbmtox10bm.c 2000-06-09 09:07:01.000000000 +0200
749 +++ netpbm-9.25/pbm/pbmtox10bm.c 2004-05-12 11:52:28.438154368 +0200
751 bitrow = pbm_allocrow( cols );
753 /* Compute padding to round cols up to the nearest multiple of 16. */
754 + overflow_add(cols, 15);
755 padright = ( ( cols + 15 ) / 16 ) * 16 - cols;
757 printf( "#define %s_width %d\n", name, cols );
758 diff -urN netpbm-9.25.orig/pbm/pbmtoxbm.c netpbm-9.25/pbm/pbmtoxbm.c
759 --- netpbm-9.25.orig/pbm/pbmtoxbm.c 2000-03-19 03:45:05.000000000 +0100
760 +++ netpbm-9.25/pbm/pbmtoxbm.c 2004-05-12 11:52:28.438154368 +0200
762 bitrow = pbm_allocrow( cols );
764 /* Compute padding to round cols up to the nearest multiple of 8. */
766 + overflow_add(cols, 8);
767 padright = ( ( cols + 7 ) / 8 ) * 8 - cols;
769 printf( "#define %s_width %d\n", name, cols );
770 diff -urN netpbm-9.25.orig/pbm/pbmtoybm.c netpbm-9.25/pbm/pbmtoybm.c
771 --- netpbm-9.25.orig/pbm/pbmtoybm.c 1993-10-04 10:10:43.000000000 +0100
772 +++ netpbm-9.25/pbm/pbmtoybm.c 2004-05-12 11:52:28.436154672 +0200
774 bitrow = pbm_allocrow( cols );
776 /* Compute padding to round cols up to the nearest multiple of 16. */
777 + overflow_add(cols, 16);
778 padright = ( ( cols + 15 ) / 16 ) * 16 - cols;
780 putinit( cols, rows );
781 diff -urN netpbm-9.25.orig/pbm/pbmtozinc.c netpbm-9.25/pbm/pbmtozinc.c
782 --- netpbm-9.25.orig/pbm/pbmtozinc.c 2000-06-09 09:07:21.000000000 +0200
783 +++ netpbm-9.25/pbm/pbmtozinc.c 2004-05-12 11:52:28.436154672 +0200
785 bitrow = pbm_allocrow( cols );
787 /* Compute padding to round cols up to the nearest multiple of 16. */
788 + overflow_add(cols, 16);
789 padright = ( ( cols + 15 ) / 16 ) * 16 - cols;
791 printf( "USHORT %s[] = {\n",name);
792 diff -urN netpbm-9.25.orig/pbm/pm.h netpbm-9.25/pbm/pm.h
793 --- netpbm-9.25.orig/pbm/pm.h 2002-01-03 21:35:23.000000000 +0100
794 +++ netpbm-9.25/pbm/pm.h 2004-05-12 11:52:28.450152544 +0200
796 enum pm_check_code * const retval_p);
799 +void *malloc2(int, int);
800 +void *malloc3(int, int, int);
801 +void overflow2(int, int);
802 +void overflow3(int, int, int);
803 +void overflow_add(int, int);
805 /* By making this <> instead of "", we avoid making shhopt.h a dependency
806 of every program in the package when we do make dep.
808 diff -urN netpbm-9.25.orig/pbm/pm.h.orig netpbm-9.25/pbm/pm.h.orig
809 --- netpbm-9.25.orig/pbm/pm.h.orig 1970-01-01 01:00:00.000000000 +0100
810 +++ netpbm-9.25/pbm/pm.h.orig 2002-01-03 21:35:23.000000000 +0100
812 +/* pm.h - interface to format-independent part of libpbm.
814 +** Copyright (C) 1988, 1989, 1991 by Jef Poskanzer.
816 +** Permission to use, copy, modify, and distribute this software and its
817 +** documentation for any purpose and without fee is hereby granted, provided
818 +** that the above copyright notice appear in all copies and that both that
819 +** copyright notice and this permission notice appear in supporting
820 +** documentation. This software is provided "as is" without express or
821 +** implied warranty.
827 +#include "pm_config.h"
829 +#include <sys/types.h>
833 +#include <sys/stat.h>
839 +/* NOTE: do not use "bool" as a type in an external interface. It could
840 + have different definitions on either side of the interface. Even if both
841 + sides include this interface header file, the conditional compilation
842 + here means one side may use the typedef below and the other side may
843 + use some other definition. For an external interface, be safe and just
850 +/* C++ has a "bool" type built in. */
854 +#elif defined(__DECC)
855 +/* Tru64 defines TRUE in standard header files, but not bool. 2001.09.21 */
860 +#define max(a,b) ((a) > (b) ? (a) : (b))
862 +#define min(a,b) ((a) < (b) ? (a) : (b))
864 +#define abs(a) ((a) >= 0 ? (a) : -(a))
866 +#define odd(n) ((n) & 1)
869 +/* Definitions to make Netpbm programs work with either ANSI C or C
872 + This is obsolete, as all compilers recognize the ANSI syntax now.
874 + We are slowly removing all the ARGS invocations from the programs
875 + (and replacing them with explicit ANSI syntax), but we have a lot
876 + of programs where we have removed ARGS from the definition but not
877 + the prototype, and we have discovered that the Sun compiler
878 + considers the resulting mismatch between definition and prototype
879 + to be an error. So we make ARGS create the ANSI syntax
880 + unconditionally to avoid having to fix all those mismatches. */
884 +#define ARGS(alist) alist
886 +#define ARGS(alist) ()
890 +#define ARGS(alist) alist
894 +pm_init(const char * const progname, unsigned int const flags);
897 +pm_proginit(int* const argcP, char* argv[]);
900 +pm_setMessage(int const newState, int * const oldStateP);
903 +pm_nextimage(FILE * const file, int * const eofP);
905 +/* Variable-sized arrays definitions. */
908 +pm_allocarray (int const cols, int const rows, int const size );
911 +pm_allocrow (int const cols, int const size);
914 +pm_freearray (char** const its, int const rows);
917 +pm_freerow(char* const itrow);
920 +/* Obsolete -- use shhopt instead */
922 +pm_keymatch (char* const str, char* const keyword, int const minchars);
926 +pm_maxvaltobits (int const maxval);
929 +pm_bitstomaxval (int const bits);
932 +pm_lcm (const unsigned int x,
933 + const unsigned int y,
934 + const unsigned int z,
935 + const unsigned int limit);
937 +/* GNU_PRINTF_ATTR lets the GNU compiler check pm_message() and pm_error()
938 + calls to be sure the arguments match the format string, thus preventing
939 + runtime segmentation faults and incorrect messages.
942 +#define GNU_PRINTF_ATTR __attribute__ ((format (printf, 1,2)))
944 +#define GNU_PRINTF_ATTR
947 +void GNU_PRINTF_ATTR
948 +pm_message (const char format[], ...);
950 +void GNU_PRINTF_ATTR
951 +pm_error (const char reason[], ...);
953 +/* Obsolete - use helpful error message instead */
955 +pm_perror (const char reason[]);
957 +/* Obsolete - use shhopt and man page instead */
959 +pm_usage (const char usage[]);
962 +pm_openr (const char* const name);
965 +pm_openw (const char* const name);
968 +pm_openr_seekable(const char name[]);
971 +pm_close (FILE* const f);
974 +pm_closer (FILE* const f);
977 +pm_closew (FILE* const f);
982 +pm_readbigshort ( FILE* const in, short* const sP );
985 +pm_writebigshort ( FILE* const out, short const s );
988 +pm_readbiglong ( FILE* const in, long* const lP );
991 +pm_writebiglong ( FILE* const out, long const l );
994 +pm_readlittleshort ( FILE* const in, short* const sP );
997 +pm_writelittleshort ( FILE* const out, short const s );
1000 +pm_readlittlelong ( FILE* const in, long* const lP );
1003 +pm_writelittlelong ( FILE* const out, long const l );
1006 +pm_read_unknown_size(FILE* const file, long* const buf);
1009 +pm_tell(FILE * const fileP);
1012 +pm_seek(FILE * const fileP, unsigned long filepos);
1014 +enum pm_check_code {
1016 + PM_CHECK_UNKNOWN_TYPE,
1017 + PM_CHECK_TOO_LONG,
1018 + PM_CHECK_UNCHECKABLE,
1019 + PM_CHECK_TOO_SHORT
1022 +enum pm_check_type {
1027 +pm_check(FILE * const file, const enum pm_check_type check_type,
1028 + const unsigned int need_raster_size,
1029 + enum pm_check_code * const retval_p);
1032 +/* By making this <> instead of "", we avoid making shhopt.h a dependency
1033 + of every program in the package when we do make dep.
1035 +#include <shhopt.h>
1037 +/* Use pm_optParseOptions instead of optParseOptions in order to use the
1038 + shared Netpbm libraries
1041 +pm_optParseOptions(int * const argc, char *argv[],
1042 + optStruct opt[], int const allowNegNum);
1044 +pm_optParseOptions2(int * const argc, char *argv[],
1045 + const optStruct2 opt, const unsigned long flags);
1047 +pm_optParseOptions3(int * const argc_p, char *argv[], const optStruct3 opt,
1048 + const unsigned int optStructSize, const unsigned long flags);
1051 +pm_arg0toprogname(const char arg0[]);
1055 diff -urN netpbm-9.25.orig/pbm/thinkjettopbm.l netpbm-9.25/pbm/thinkjettopbm.l
1056 --- netpbm-9.25.orig/pbm/thinkjettopbm.l 2002-03-13 04:06:09.000000000 +0100
1057 +++ netpbm-9.25/pbm/thinkjettopbm.l 2004-05-12 11:52:28.450152544 +0200
1059 <RASTERMODE>\033\*b{DIG}+W {
1061 if (rowCount >= rowCapacity) {
1062 + overflow_add(rowCapacity, 100);
1064 + overflow2(rowCapacity, sizeof *rows);
1065 rows = realloc (rows, rowCapacity * sizeof *rows);
1067 pm_error ("Out of memory.");
1070 * Quite simple since ThinkJet bit arrangement matches PBM
1073 + overflow2(maxRowLength, 8);
1074 pbm_writepbminit(stdout, maxRowLength*8, rowCount, 0);
1076 packed_bitrow = malloc(maxRowLength);
1077 diff -urN netpbm-9.25.orig/pbm/ybmtopbm.c netpbm-9.25/pbm/ybmtopbm.c
1078 --- netpbm-9.25.orig/pbm/ybmtopbm.c 1993-10-04 10:10:35.000000000 +0100
1079 +++ netpbm-9.25/pbm/ybmtopbm.c 2004-05-12 11:52:28.433155128 +0200
1081 pm_error( "EOF / read error" );
1084 + overflow_add(*colsP, 15);
1085 *padrightP = ( ( *colsP + 15 ) / 16 ) * 16 - *colsP;
1088 diff -urN netpbm-9.25.orig/pgm/lispmtopgm.c netpbm-9.25/pgm/lispmtopgm.c
1089 --- netpbm-9.25.orig/pgm/lispmtopgm.c 2002-01-04 18:11:11.000000000 +0100
1090 +++ netpbm-9.25/pgm/lispmtopgm.c 2004-05-12 11:52:28.454151936 +0200
1092 pm_error( "depth (%d bits) is too large", depth);
1094 pgm_writepgminit( stdout, cols, rows, (gray) maxval, 0 );
1095 + overflow_add(cols, 7);
1096 grayrow = pgm_allocrow( ( cols + 7 ) / 8 * 8 );
1098 for ( row = 0; row < rows; ++row )
1101 *depthP = 1; /* very old file */
1103 + overflow_add(colsP, 31);
1105 *padrightP = ( ( *colsP + 31 ) / 32 ) * 32 - *colsP;
1107 if ( *colsP != (cols_32 - *padrightP) ) {
1108 diff -urN netpbm-9.25.orig/pgm/pbmtopgm.c netpbm-9.25/pgm/pbmtopgm.c
1109 --- netpbm-9.25.orig/pgm/pbmtopgm.c 1993-10-06 14:24:38.000000000 +0100
1110 +++ netpbm-9.25/pgm/pbmtopgm.c 2004-05-12 11:52:28.454151936 +0200
1112 pm_error("sample size greater than bitmap size");
1114 outrow = pgm_allocrow(cols) ;
1115 + overflow2(width, height);
1116 maxval = width*height;
1117 pgm_writepgminit(stdout, cols, rows, maxval, 0) ;
1119 diff -urN netpbm-9.25.orig/pgm/pgmcrater.c netpbm-9.25/pgm/pgmcrater.c
1120 --- netpbm-9.25.orig/pgm/pgmcrater.c 2001-06-26 05:18:48.000000000 +0200
1121 +++ netpbm-9.25/pgm/pgmcrater.c 2004-05-12 11:52:28.457151480 +0200
1123 /* Acquire the elevation array and initialise it to mean
1124 surface elevation. */
1126 - aux = (unsigned short *) malloc(SCRX * SCRY * sizeof(short));
1127 + aux = (unsigned short *) malloc3(SCRX, SCRY, sizeof(short));
1128 if (aux == (unsigned short *) 0) {
1129 pm_error("out of memory allocating elevation array");
1134 i = max((slopemax - slopemin) + 1, 1);
1135 - slopemap = (unsigned char *) malloc(i * sizeof(unsigned char));
1136 + slopemap = (unsigned char *) malloc2(i, sizeof(unsigned char));
1137 if (slopemap == (unsigned char *) 0) {
1138 pm_error("out of memory allocating slope map");
1140 diff -urN netpbm-9.25.orig/pgm/pgmhist.c netpbm-9.25/pgm/pgmhist.c
1141 --- netpbm-9.25.orig/pgm/pgmhist.c 1993-10-04 10:11:17.000000000 +0100
1142 +++ netpbm-9.25/pgm/pgmhist.c 2004-05-12 11:52:28.457151480 +0200
1144 grayrow = pgm_allocrow( cols );
1146 /* Build histogram. */
1147 - hist = (int *) malloc( ( maxval + 1 ) * sizeof(int) );
1148 - rcount = (int *) malloc( ( maxval + 1 ) * sizeof(int) );
1149 + overflow_add(maxval, 1);
1150 + hist = (int *) malloc2( ( maxval + 1 ), sizeof(int) );
1151 + rcount = (int *) malloc2( ( maxval + 1 ), sizeof(int) );
1152 if ( hist == (int *) 0 || rcount == (int *) 0 )
1153 pm_error( "out of memory" );
1154 for ( i = 0; i <= maxval; i++ )
1155 diff -urN netpbm-9.25.orig/pgm/pgmkernel.c netpbm-9.25/pgm/pgmkernel.c
1156 --- netpbm-9.25.orig/pgm/pgmkernel.c 2000-03-03 04:20:34.000000000 +0100
1157 +++ netpbm-9.25/pgm/pgmkernel.c 2004-05-12 11:52:28.459151176 +0200
1159 kycenter = (fysize - 1) / 2.0;
1160 ixsize = fxsize + 0.999;
1161 iysize = fysize + 0.999;
1162 - fkernel = (double *) malloc ((unsigned)(ixsize*iysize*sizeof(double)));
1163 + fkernel = (double *) malloc3 (ixsize, iysize, sizeof(double));
1164 for (i = 0; i < iysize; i++)
1165 for (j = 0; j < ixsize; j++) {
1166 fkernel[i*ixsize+j] = 1.0 / (1.0 + w * sqrt((double)
1167 diff -urN netpbm-9.25.orig/pgm/pgmtexture.c netpbm-9.25/pgm/pgmtexture.c
1168 --- netpbm-9.25.orig/pgm/pgmtexture.c 2001-03-30 19:01:00.000000000 +0200
1169 +++ netpbm-9.25/pgm/pgmtexture.c 2004-05-12 11:52:28.458151328 +0200
1170 @@ -722,8 +722,10 @@
1171 float *vector (int nl, int nh)
1175 - v = (float *) malloc ((unsigned) (nh - nl + 1) * sizeof (float));
1176 + overflow_add(nh, 1);
1178 + pm_error("assert: h < l");
1179 + v = (float *) malloc2 ((nh - nl + 1), sizeof (float));
1181 fprintf (stderr, "memory allocation failure"), exit (1);
1183 @@ -738,15 +740,21 @@
1186 /* allocate pointers to rows */
1187 - m = (float **) malloc ((unsigned) (nrh - nrl + 1) * sizeof (float *));
1188 + overflow_add(nrh, 1);
1190 + pm_error("assert: nrh < nrl");
1191 + m = (float **) malloc2(nrh - nrl + 1, sizeof (float *));
1193 fprintf (stderr, "memory allocation failure"), exit (1);
1197 + pm_error("assert: nch < ncl");
1198 + overflow_add(nch, 1);
1199 /* allocate rows and set pointers to them */
1200 for (i = nrl; i <= nrh; i++)
1202 - m[i] = (float *) malloc ((unsigned) (nch - ncl + 1) * sizeof (float));
1203 + m[i] = (float *) malloc2(nch - ncl + 1, sizeof (float));
1205 fprintf (stderr, "memory allocation failure"), exit (2);
1207 diff -urN netpbm-9.25.orig/pgm/pgmtopbm.c netpbm-9.25/pgm/pgmtopbm.c
1208 --- netpbm-9.25.orig/pgm/pgmtopbm.c 2001-09-03 20:11:42.000000000 +0200
1209 +++ netpbm-9.25/pgm/pgmtopbm.c 2004-05-12 11:52:28.453152088 +0200
1213 /* Initialize Floyd-Steinberg error vectors. */
1214 + overflow_add(cols, 2);
1215 thiserr = (long*) pm_allocrow( cols + 2, sizeof(long) );
1216 nexterr = (long*) pm_allocrow( cols + 2, sizeof(long) );
1217 srand( (int) ( time( 0 ) ^ getpid( ) ) );
1218 diff -urN netpbm-9.25.orig/pgm/psidtopgm.c netpbm-9.25/pgm/psidtopgm.c
1219 --- netpbm-9.25.orig/pgm/psidtopgm.c 2002-01-04 18:11:10.000000000 +0100
1220 +++ netpbm-9.25/pgm/psidtopgm.c 2004-05-12 11:52:28.458151328 +0200
1222 "bits/sample (%d) is too large.", bitspersample );
1224 pgm_writepgminit( stdout, cols, rows, (gray) maxval, 0 );
1225 + overflow_add(cols, 7);
1226 grayrow = pgm_allocrow( ( cols + 7 ) / 8 * 8 );
1227 for ( row = 0; row < rows; ++row)
1229 diff -urN netpbm-9.25.orig/pnm/anytopnm netpbm-9.25/pnm/anytopnm
1230 --- netpbm-9.25.orig/pnm/anytopnm 2000-07-26 03:54:08.000000000 +0200
1231 +++ netpbm-9.25/pnm/anytopnm 2004-05-12 11:52:28.497145400 +0200
1237 +tmpdir=$(mktemp -d -t anytopnm.XXXXXXXXXX) || exit 1 #219019
1239 # Take out all spaces
1240 # Find the filename extension for last-ditch efforts later
1243 # Sanitize the filename by making our own temporary files as safely as
1245 -file="/tmp/atn.stdin.$$"
1247 +# file="/tmp/atn.stdin.$$"
1249 +file="$tmpdir/atn.stdin"
1250 if [ $# -eq 0 -o "$1" = "-" ] ; then
1254 cat < "$1" > "$file"
1257 -tmpfiles="$tmpfiles $file"
1261 filetype=`file "$file" | cut -d: -f2-`
1267 - newfile="/tmp/atn.decode.$$"
1268 +# newfile="/tmp/atn.decode.$$"
1269 + newfile="$tmpdir/atn.decode"
1271 (echo begin 600 $newfile; tail +2 < "$file") | uudecode
1272 tmpfiles="$tmpfiles $newfile"
1277 -if [ "$tmpfiles" ] ; then
1279 +if [ "$tmpdir" ] ; then
1283 diff -urN netpbm-9.25.orig/pnm/gemtopnm.c netpbm-9.25/pnm/gemtopnm.c
1284 --- netpbm-9.25.orig/pnm/gemtopnm.c 2000-04-30 14:42:15.000000000 +0200
1285 +++ netpbm-9.25/pnm/gemtopnm.c 2004-05-12 11:52:28.469149656 +0200
1288 pnm_writepnminit( stdout, cols, rows, MAXVAL, type, 0 );
1290 + overflow_add(cols, padright);
1292 /* allocate input row data structure */
1294 diff -urN netpbm-9.25.orig/pnm/jpegtopnm.c netpbm-9.25/pnm/jpegtopnm.c
1295 --- netpbm-9.25.orig/pnm/jpegtopnm.c 2002-03-13 04:53:22.000000000 +0100
1296 +++ netpbm-9.25/pnm/jpegtopnm.c 2004-05-12 11:52:28.485147224 +0200
1298 unsigned int option_def_index;
1300 int argc_parse; /* argc, except we modify it as we parse */
1301 - char ** const argv_parse = malloc(argc*sizeof(char *));
1302 + char ** const argv_parse = malloc2(argc, sizeof(char *));
1303 /* argv, except we modify it as we parse */
1305 option_def_index = 0; /* incremented by OPTENTRY */
1307 /* Calculate output image dimensions so we can allocate space */
1308 jpeg_calc_output_dimensions(&cinfo);
1310 + overflow2(cinfo.output_width, cinfo.output_components);
1312 jpegbuffer = ((*cinfo.mem->alloc_sarray)
1313 ((j_common_ptr) &cinfo, JPOOL_IMAGE,
1314 cinfo.output_width * cinfo.output_components, (JDIMENSION) 1)
1315 diff -urN netpbm-9.25.orig/pnm/libpam.c netpbm-9.25/pnm/libpam.c
1316 --- netpbm-9.25.orig/pnm/libpam.c 2002-03-06 04:39:37.000000000 +0100
1317 +++ netpbm-9.25/pnm/libpam.c 2004-05-12 11:53:57.752576512 +0200
1319 themselves. Each tuple consists of 'depth' samples.
1322 - tuplerow = malloc(pamP->width * (sizeof(tuple *) + bytes_per_tuple));
1323 + overflow_add(sizeof(tuple *), bytes_per_tuple);
1324 + tuplerow = malloc2(pamP->width, sizeof(tuple *) + bytes_per_tuple);
1325 if (tuplerow == NULL)
1326 pm_error("Out of memory allocating space for a tuple row of\n"
1327 "%d tuples by %d samples per tuple by %d bytes per sample.",
1329 by allocating one large chunk.
1332 - tuplearray = malloc(pamP->height * sizeof(tuple*));
1333 + tuplearray = malloc2(pamP->height, sizeof(tuple*));
1334 if (tuplearray == NULL)
1335 pm_error("Out of memory allocating the row pointer section of "
1336 "a %u row array", pamP->height);
1337 diff -urN netpbm-9.25.orig/pnm/libpnm4.c netpbm-9.25/pnm/libpnm4.c
1338 --- netpbm-9.25.orig/pnm/libpnm4.c 1993-10-04 10:11:33.000000000 +0100
1339 +++ netpbm-9.25/pnm/libpnm4.c 2004-05-12 11:52:28.464150416 +0200
1341 ** not to be the case. In reality, all of Sun's code rounds up to
1342 ** a short, not a long.
1345 + overflow_add(depth,15);
1346 + overflow2(w, depth+15);
1347 + overflow2(w * depth + 15, 2);
1349 m->md_linebytes = ( w * depth + 15 ) / 16 * 2;
1353 - m->md_image = (unsigned char*) malloc( m->md_linebytes * h );
1354 + m->md_image = (unsigned char*) malloc2( m->md_linebytes, h );
1355 if ( m->md_image == NULL )
1358 @@ -104,12 +109,15 @@
1361 /* Ignore hP->ras_length. */
1362 + overflow2(p->pr_size.y, p->pr_data->md_linebytes);
1363 h.ras_length = p->pr_size.y * p->pr_data->md_linebytes;
1366 case RT_BYTE_ENCODED:
1367 + overflow2(p->pr_size.y, p->pr_data->md_linebytes);
1368 size = p->pr_size.y * p->pr_data->md_linebytes;
1369 bp = p->pr_data->md_image;
1370 + overflow2(size, 3);
1371 beimage = (unsigned char*) malloc( size * 3 / 2 ); /* worst case */
1372 if ( beimage == NULL )
1377 h.ras_maplength = colormap->length * 3;
1378 + overflow2(colormap->length, 3);
1384 /* Ignore hP->ras_length. */
1385 i = p->pr_size.y * p->pr_data->md_linebytes;
1386 + overflow2(p->pr_size.y, p->pr_data->md_linebytes);
1387 if ( fread( p->pr_data->md_image, 1, i, in ) != i )
1390 diff -urN netpbm-9.25.orig/pnm/pamcut.c netpbm-9.25/pnm/pamcut.c
1391 --- netpbm-9.25.orig/pnm/pamcut.c 2001-11-12 06:11:27.000000000 +0100
1392 +++ netpbm-9.25/pnm/pamcut.c 2004-05-12 11:53:57.753576360 +0200
1394 outpam.width = rightcol-leftcol+1;
1395 outpam.height = bottomrow-toprow+1;
1397 + overflow_add(rightcol, 1);
1398 + overflow_add(toprow, 1);
1399 pnm_writepaminit(&outpam);
1401 outputRow = pnm_allocpamrow(&outpam);
1402 diff -urN netpbm-9.25.orig/pnm/pamoil.c netpbm-9.25/pnm/pamoil.c
1403 --- netpbm-9.25.orig/pnm/pamoil.c 2001-06-29 08:13:03.000000000 +0200
1404 +++ netpbm-9.25/pnm/pamoil.c 2004-05-12 11:53:57.758575600 +0200
1406 tuples = pnm_readpam(ifp, &inpam, sizeof(inpam));
1409 - hist = malloc((inpam.maxval + 1) * sizeof(sample));
1410 + overflow_add(inpam.maxval, 1);
1411 + hist = malloc2((inpam.maxval + 1), sizeof(sample));
1413 outpam = inpam; outpam.file = stdout;
1415 diff -urN netpbm-9.25.orig/pnm/pngtopnm.c netpbm-9.25/pnm/pngtopnm.c
1416 --- netpbm-9.25.orig/pnm/pngtopnm.c 2002-01-04 18:22:43.000000000 +0100
1417 +++ netpbm-9.25/pnm/pngtopnm.c 2004-05-12 11:52:28.460151024 +0200
1418 @@ -371,18 +371,30 @@
1421 if (info_ptr->bit_depth == 16)
1423 + overflow2(2, info_ptr->width);
1424 linesize = 2 * info_ptr->width;
1427 linesize = info_ptr->width;
1429 if (info_ptr->color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
1432 + overflow2(2, linesize);
1435 if (info_ptr->color_type == PNG_COLOR_TYPE_RGB)
1437 + overflow2(3, linesize);
1441 if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
1443 + overflow2(4, linesize);
1447 for (y = 0 ; y < info_ptr->height ; y++) {
1448 png_image[y] = malloc (linesize);
1449 diff -urN netpbm-9.25.orig/pnm/pnmcat.c netpbm-9.25/pnm/pnmcat.c
1450 --- netpbm-9.25.orig/pnm/pnmcat.c 1993-10-04 10:11:35.000000000 +0100
1451 +++ netpbm-9.25/pnm/pnmcat.c 2004-05-12 11:52:28.464150416 +0200
1453 nfiles = argc - argn;
1456 - ifp = (FILE**) malloc( nfiles * sizeof(FILE*) );
1457 - xelrow = (xel**) malloc( nfiles * sizeof(xel*) );
1458 - background = (xel*) malloc( nfiles * sizeof(xel) );
1459 - maxval = (xelval*) malloc( nfiles * sizeof(xelval) );
1460 - rows = (int*) malloc( nfiles * sizeof(int) );
1461 - cols = (int*) malloc( nfiles * sizeof(int) );
1462 - format = (int*) malloc( nfiles * sizeof(int) );
1463 + ifp = (FILE**) malloc2( nfiles, sizeof(FILE*) );
1464 + xelrow = (xel**) malloc2( nfiles, sizeof(xel*) );
1465 + background = (xel*) malloc2( nfiles, sizeof(xel) );
1466 + maxval = (xelval*) malloc2( nfiles, sizeof(xelval) );
1467 + rows = (int*) malloc2( nfiles, sizeof(int) );
1468 + cols = (int*) malloc2( nfiles, sizeof(int) );
1469 + format = (int*) malloc2( nfiles, sizeof(int) );
1470 if ( ifp == (FILE**) 0 || xelrow == (xel**) 0 || background == (xel*) 0 ||
1471 maxval == (xelval*) 0 || rows == (int*) 0 || cols == (int*) 0 ||
1472 format == (int*) 0 )
1473 diff -urN netpbm-9.25.orig/pnm/pnmcrop.c netpbm-9.25/pnm/pnmcrop.c
1474 --- netpbm-9.25.orig/pnm/pnmcrop.c 2001-05-20 09:24:08.000000000 +0200
1475 +++ netpbm-9.25/pnm/pnmcrop.c 2004-05-12 11:52:28.463150568 +0200
1478 xelrow = pnm_allocrow(cols);
1480 + overflow_add(right, 1);
1481 + overflow_add(bottom, 1);
1482 newcols = right - left + 1;
1483 newrows = bottom - top + 1;
1484 pnm_writepnminit(stdout, newcols, newrows, maxval, format, 0);
1485 diff -urN netpbm-9.25.orig/pnm/pnmcut.c netpbm-9.25/pnm/pnmcut.c
1486 --- netpbm-9.25.orig/pnm/pnmcut.c 2001-11-05 05:23:49.000000000 +0100
1487 +++ netpbm-9.25/pnm/pnmcut.c 2004-05-12 11:52:28.467149960 +0200
1489 toprow, leftcol, bottomrow, rightcol);
1492 + overflow_add(rightcol, 1);
1493 output_cols = rightcol-leftcol+1;
1494 output_row = pnm_allocrow(output_cols);
1496 diff -urN netpbm-9.25.orig/pnm/pnmenlarge.c netpbm-9.25/pnm/pnmenlarge.c
1497 --- netpbm-9.25.orig/pnm/pnmenlarge.c 1993-10-04 10:11:39.000000000 +0100
1498 +++ netpbm-9.25/pnm/pnmenlarge.c 2004-05-12 11:52:28.468149808 +0200
1501 pnm_readpnminit( ifp, &cols, &rows, &maxval, &format );
1502 xelrow = pnm_allocrow( cols );
1504 + overflow2(cols, n);
1505 + overflow2(rows, n);
1506 pnm_writepnminit( stdout, cols * n, rows * n, maxval, format, 0 );
1507 newxelrow = pnm_allocrow( cols * n );
1509 diff -urN netpbm-9.25.orig/pnm/pnmflip.c netpbm-9.25/pnm/pnmflip.c
1510 --- netpbm-9.25.orig/pnm/pnmflip.c 2001-09-07 17:49:30.000000000 +0200
1511 +++ netpbm-9.25/pnm/pnmflip.c 2004-05-12 11:52:28.470149504 +0200
1512 @@ -289,6 +289,13 @@
1514 pnm_readpnminit( ifp, &cols, &rows, &maxval, &format );
1516 + overflow2(abs(xform.a), cols);
1517 + overflow2(abs(xform.b), cols);
1518 + overflow2(abs(xform.c), rows);
1519 + overflow2(abs(xform.d), rows);
1520 + overflow_add(abs( xform.a ) * cols, abs( xform.c ) * rows);
1521 + overflow_add(abs( xform.b ) * cols, abs( xform.d ) * rows);
1523 newcols = abs( xform.a ) * cols + abs( xform.c ) * rows;
1524 newrows = abs( xform.b ) * cols + abs( xform.d ) * rows;
1526 diff -urN netpbm-9.25.orig/pnm/pnmgamma.c netpbm-9.25/pnm/pnmgamma.c
1527 --- netpbm-9.25.orig/pnm/pnmgamma.c 2002-03-13 04:53:23.000000000 +0100
1528 +++ netpbm-9.25/pnm/pnmgamma.c 2004-05-12 11:52:28.472149200 +0200
1529 @@ -271,9 +271,11 @@
1530 xelval **rtableP, xelval **gtableP, xelval **btableP) {
1532 /* Allocate space for the tables. */
1533 - *rtableP = (xelval*) malloc( (maxval+1) * sizeof(xelval) );
1534 - *gtableP = (xelval*) malloc( (maxval+1) * sizeof(xelval) );
1535 - *btableP = (xelval*) malloc( (maxval+1) * sizeof(xelval) );
1537 + overflow_add(maxval, 1);
1538 + *rtableP = (xelval*) malloc2( (maxval+1) , sizeof(xelval) );
1539 + *gtableP = (xelval*) malloc2( (maxval+1) , sizeof(xelval) );
1540 + *btableP = (xelval*) malloc2( (maxval+1) , sizeof(xelval) );
1541 if (*rtableP == NULL || *gtableP == NULL || *btableP == NULL)
1542 pm_error( "out of memory" );
1544 diff -urN netpbm-9.25.orig/pnm/pnmhisteq.c netpbm-9.25/pnm/pnmhisteq.c
1545 --- netpbm-9.25.orig/pnm/pnmhisteq.c 2000-06-09 09:51:45.000000000 +0200
1546 +++ netpbm-9.25/pnm/pnmhisteq.c 2004-05-12 11:52:28.493146008 +0200
1548 user has specified an input map file, read it in at
1551 + overflow_add(maxval, 1);
1552 lumahist = (long *) pm_allocrow(maxval + 1, sizeof(long));
1553 memset((char *) lumahist, 0, (maxval + 1) * sizeof(long));
1555 diff -urN netpbm-9.25.orig/pnm/pnmindex netpbm-9.25/pnm/pnmindex
1556 --- netpbm-9.25.orig/pnm/pnmindex 2001-08-30 04:21:14.000000000 +0200
1557 +++ netpbm-9.25/pnm/pnmindex 2004-05-12 11:52:28.497145400 +0200
1561 #tmpfile=`tempfile -p pi -m 600`
1562 -tmpfile=$TMPDIR/pi.tmp.$$
1564 +#tmpfile=$TMPDIR/pi.tmp.$$
1566 +tmpfile=$(mktemp -t pi.XXXXXXXX) || exit 1 #219019
1570 diff -urN netpbm-9.25.orig/pnm/pnmmargin netpbm-9.25/pnm/pnmmargin
1571 --- netpbm-9.25.orig/pnm/pnmmargin 1993-10-04 10:11:44.000000000 +0100
1572 +++ netpbm-9.25/pnm/pnmmargin 2004-05-12 11:52:28.498145248 +0200
1574 # documentation. This software is provided "as is" without express or
1581 -rm -f $tmp1 $tmp2 $tmp3 $tmp4
1586 +#rm -f $tmp1 $tmp2 $tmp3 $tmp4
1587 +tmpdir=$(mktemp -d -t ppmmargin.XXXXXXX) || exit 1 #219019
1596 pnmcat -tb $tmp3 $tmp4 $tmp3
1599 -rm -f $tmp1 $tmp2 $tmp3 $tmp4
1601 diff -urN netpbm-9.25.orig/pnm/pnmmontage.c netpbm-9.25/pnm/pnmmontage.c
1602 --- netpbm-9.25.orig/pnm/pnmmontage.c 2001-01-01 20:59:04.000000000 +0100
1603 +++ netpbm-9.25/pnm/pnmmontage.c 2004-05-12 11:53:57.755576056 +0200
1608 - imgs = (struct pam*)malloc(nfiles * sizeof(struct pam));
1609 - coords = (coord *)malloc(nfiles * sizeof(coord));
1610 - names = (char **)malloc(nfiles * sizeof(char *));
1611 + imgs = (struct pam*)malloc2(nfiles, sizeof(struct pam));
1612 + coords = (coord *)malloc2(nfiles, sizeof(coord));
1613 + names = (char **)malloc2(nfiles, sizeof(char *));
1614 if (!imgs || !coords || !names)
1615 pm_error("out of memory");
1617 diff -urN netpbm-9.25.orig/pnm/pnmpaste.c netpbm-9.25/pnm/pnmpaste.c
1618 --- netpbm-9.25.orig/pnm/pnmpaste.c 1993-10-04 10:11:53.000000000 +0100
1619 +++ netpbm-9.25/pnm/pnmpaste.c 2004-05-12 11:52:28.486147072 +0200
1620 @@ -100,11 +100,16 @@
1621 "y is too large -- the second anymap has only %d rows",
1624 + overflow_add(x, cols2);
1625 + overflow_add(y, rows2);
1631 + overflow_add(x, cols1);
1632 + overflow_add(y, rows1);
1634 if ( x + cols1 > cols2 )
1635 pm_error( "x + width is too large by %d pixels", x + cols1 - cols2 );
1636 if ( y + rows1 > rows2 )
1637 diff -urN netpbm-9.25.orig/pnm/pnmrotate.c netpbm-9.25/pnm/pnmrotate.c
1638 --- netpbm-9.25.orig/pnm/pnmrotate.c 2001-06-25 05:34:52.000000000 +0200
1639 +++ netpbm-9.25/pnm/pnmrotate.c 2004-05-12 11:52:28.487146920 +0200
1644 +#include <limits.h>
1647 #define M_PI 3.14159265358979323846
1652 + overflow2(rows, xshearfac);
1653 + overflow_add(cols, 1);
1654 + overflow_add(rows * xshearfac, cols);
1656 tempcols = rows * xshearfac + cols + 0.999999;
1657 yshearjunk = ( tempcols - cols ) * yshearfac;
1658 newrows = tempcols * yshearfac + rows + 0.999999;
1659 x2shearjunk = ( newrows - rows - yshearjunk ) * xshearfac;
1660 newrows -= 2 * yshearjunk;
1662 + if(newrows * xshearfac + tempcols + 0.999999 - 2 * x2shearjunk > INT_MAX)
1663 + pm_error("image too large");
1664 newcols = newrows * xshearfac + tempcols + 0.999999 - 2 * x2shearjunk;
1666 bgxel = pnm_backgroundxelrow( xelrow, cols, newmaxval, format );
1667 diff -urN netpbm-9.25.orig/pnm/pnmscalefixed.c netpbm-9.25/pnm/pnmscalefixed.c
1668 --- netpbm-9.25.orig/pnm/pnmscalefixed.c 2002-01-04 18:22:44.000000000 +0100
1669 +++ netpbm-9.25/pnm/pnmscalefixed.c 2004-05-12 11:53:57.756575904 +0200
1671 const int rows, const int cols,
1672 int * newrowsP, int * newcolsP) {
1674 + overflow2(rows, cols);
1676 if (cmdline.pixels) {
1677 if (rows * cols <= cmdline.pixels) {
1681 if (*newcolsP < 1) *newcolsP = 1;
1682 if (*newrowsP < 1) *newrowsP = 1;
1684 + overflow2(*newcolsP, *newrowsP);
1689 unfilled. We can address that by stretching, whereas the other
1690 case would require throwing away some of the input.
1693 + overflow2(newcols, SCALE);
1694 + overflow2(newrows, SCALE);
1695 sxscale = SCALE * newcols / cols;
1696 syscale = SCALE * newrows / rows;
1698 diff -urN netpbm-9.25.orig/pnm/pnmshear.c netpbm-9.25/pnm/pnmshear.c
1699 --- netpbm-9.25.orig/pnm/pnmshear.c 2001-06-26 06:43:02.000000000 +0200
1700 +++ netpbm-9.25/pnm/pnmshear.c 2004-05-12 11:52:28.487146920 +0200
1705 +#include <limits.h>
1708 #define M_PI 3.14159265358979323846
1709 @@ -194,6 +195,11 @@
1710 if ( shearfac < 0.0 )
1711 shearfac = -shearfac;
1713 + if(rows * shearfac >= INT_MAX-1)
1714 + pm_error("image too large");
1716 + overflow_add(rows * shearfac, cols+1);
1718 newcols = rows * shearfac + cols + 0.999999;
1720 pnm_writepnminit( stdout, newcols, rows, newmaxval, newformat, 0 );
1721 diff -urN netpbm-9.25.orig/pnm/pnmsplit.c netpbm-9.25/pnm/pnmsplit.c
1722 --- netpbm-9.25.orig/pnm/pnmsplit.c 2001-09-07 17:49:44.000000000 +0200
1723 +++ netpbm-9.25/pnm/pnmsplit.c 2004-05-12 11:52:28.496145552 +0200
1725 *(strstr(before_sub, "%d")) = '\0';
1726 after_sub = strstr(output_file_pattern, "%d") + 2;
1728 + overflow_add(strlen(output_file_pattern), 9);
1729 size = strlen(output_file_pattern) - 2 + 10 + 1;
1730 *output_name_p = malloc(size);
1732 diff -urN netpbm-9.25.orig/pnm/pnmtoddif.c netpbm-9.25/pnm/pnmtoddif.c
1733 --- netpbm-9.25.orig/pnm/pnmtoddif.c 2000-05-06 08:30:12.000000000 +0200
1734 +++ netpbm-9.25/pnm/pnmtoddif.c 2004-05-12 11:52:28.493146008 +0200
1736 switch (PNM_FORMAT_TYPE(format)) {
1738 ip.bits_per_pixel = 1;
1739 + overflow_add(cols, 7);
1740 ip.bytes_per_line = (cols + 7) / 8;
1747 + overflow2(cols, 3);
1748 ip.bytes_per_line = 3 * cols;
1749 ip.bits_per_pixel = 24;
1751 diff -urN netpbm-9.25.orig/pnm/pnmtojpeg.c netpbm-9.25/pnm/pnmtojpeg.c
1752 --- netpbm-9.25.orig/pnm/pnmtojpeg.c 2001-09-20 19:57:40.000000000 +0200
1753 +++ netpbm-9.25/pnm/pnmtojpeg.c 2004-05-12 11:53:57.759575448 +0200
1755 unsigned int option_def_index;
1757 int argc_parse; /* argc, except we modify it as we parse */
1758 - char ** const argv_parse = malloc(argc*sizeof(char *));
1759 + char ** const argv_parse = malloc2(argc,sizeof(char *));
1760 /* argv, except we modify it as we parse */
1762 option_def_index = 0; /* incremented by OPTENTRY */
1764 const long half_maxval = maxval / 2;
1767 + overflow_add(maxval, 1);
1768 + overflow2(maxval+1, sizeof(JSAMPLE));
1769 *rescale_p = (JSAMPLE *)
1770 (cinfo.mem->alloc_small) ((j_common_ptr) &cinfo, JPOOL_IMAGE,
1771 (size_t) (((long) maxval + 1L) *
1775 /* Allocate the libpnm output and compressor input buffers */
1776 + overflow2(cinfo_p->image_width, cinfo_p->input_components);
1777 buffer = (*cinfo_p->mem->alloc_sarray)
1778 ((j_common_ptr) cinfo_p, JPOOL_IMAGE,
1779 (unsigned int) cinfo_p->image_width * cinfo_p->input_components,
1781 * want JPOOL_PERMANENT.
1783 const unsigned int scan_info_size = nscans * sizeof(jpeg_scan_info);
1784 - jpeg_scan_info *scan_info =
1785 + jpeg_scan_info *scan_info;
1786 + overflow2(nscans, sizeof(jpeg_scan_info));
1789 (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
1791 diff -urN netpbm-9.25.orig/pnm/pnmtopalm/palmcolormap.c netpbm-9.25/pnm/pnmtopalm/palmcolormap.c
1792 --- netpbm-9.25.orig/pnm/pnmtopalm/palmcolormap.c 2001-12-30 20:19:14.000000000 +0100
1793 +++ netpbm-9.25/pnm/pnmtopalm/palmcolormap.c 2004-05-12 11:53:57.756575904 +0200
1797 colormap = malloc(sizeof(Colormap_s));
1798 - colormap->color_entries = malloc(sizeof(Color_s) * ncolors);
1799 + colormap->color_entries = malloc2(sizeof(Color_s), ncolors);
1800 colormap->nentries = ncolors;
1801 colormap->ncolors = ncolors;
1803 diff -urN netpbm-9.25.orig/pnm/pnmtopalm/palmtopnm.c netpbm-9.25/pnm/pnmtopalm/palmtopnm.c
1804 --- netpbm-9.25.orig/pnm/pnmtopalm/palmtopnm.c 2001-12-30 19:54:24.000000000 +0100
1805 +++ netpbm-9.25/pnm/pnmtopalm/palmtopnm.c 2004-05-12 11:53:57.757575752 +0200
1810 - map = (xelval *) malloc(sizeof(xelval) * ncolors);
1811 + map = (xelval *) malloc2(sizeof(xelval), ncolors);
1812 for (i = 0; i < ncolors; i++)
1814 map[i] = maxval - (i * (maxval - minval)) / (ncolors - 1);
1816 graymap = figure_graymap(ncolors, 0, maxval);
1819 - seen = (unsigned int *) malloc(sizeof(unsigned int) * ncolors);
1820 + seen = (unsigned int *) malloc2(sizeof(unsigned int), ncolors);
1822 pm_error("Can't allocate %d bytes for keeping track of "
1823 "which pixels were seen.",
1824 diff -urN netpbm-9.25.orig/pnm/pnmtopng.c netpbm-9.25/pnm/pnmtopng.c
1825 --- netpbm-9.25.orig/pnm/pnmtopng.c 2001-12-17 23:05:22.000000000 +0100
1826 +++ netpbm-9.25/pnm/pnmtopng.c 2004-05-12 11:52:28.495145704 +0200
1827 @@ -211,14 +211,17 @@
1831 - /* GRR: need to check for malloc failure here */
1832 - info_ptr->text = (png_text *)malloc (MAXCOMMENTS * sizeof (png_text));
1833 + info_ptr->text = (png_text *)malloc2 (MAXCOMMENTS, sizeof (png_text));
1834 + if(info_ptr->text == NULL)
1835 + pm_error("out of memory");
1838 while ((c = getc (tfp)) != EOF) {
1839 if (c != '\n' && c != EOF) {
1840 + overflow_add(textpos, 1);
1841 textline[textpos++] = c;
1843 + overflow_add(textpos, 1);
1844 textline[textpos++] = '\0';
1845 if ((textline[0] != ' ') && (textline[0] != '\t')) {
1846 /* the following is a not that accurate check on Author or Title */
1851 + overflow_add(info_ptr->text[j].text_length, textpos);
1852 cp = malloc (info_ptr->text[j].text_length + textpos);
1853 strcpy (cp, info_ptr->text[j].text);
1855 @@ -901,12 +905,21 @@
1858 if (pnm_type == PPM_TYPE)
1860 + overflow2(depth, 4);
1861 fulldepth = 4 * depth;
1865 + overflow2(depth, 2);
1866 fulldepth = 2 * depth;
1869 if (pnm_type == PPM_TYPE)
1871 + overflow2(depth, 3);
1872 fulldepth = 3 * depth;
1877 @@ -1229,7 +1242,7 @@
1878 png_set_packing (png_ptr);
1880 /* max: 3 color channels, one alpha channel, 16-bit */
1881 - if ((line = (png_byte *) malloc (cols*8)) == NULL)
1882 + if ((line = (png_byte *) malloc2(cols, 8)) == NULL)
1884 png_destroy_write_struct (&png_ptr, &info_ptr);
1886 diff -urN netpbm-9.25.orig/pnm/pnmtops.c netpbm-9.25/pnm/pnmtops.c
1887 --- netpbm-9.25.orig/pnm/pnmtops.c 2002-01-09 16:32:19.000000000 +0100
1888 +++ netpbm-9.25/pnm/pnmtops.c 2004-05-12 11:52:28.488146768 +0200
1889 @@ -136,15 +136,24 @@
1890 cmdlineP->center = !nocenter;
1891 cmdlineP->canturn = !noturn;
1893 + overflow2(width, 72);
1894 + overflow2(height, 72);
1896 cmdlineP->width = width * 72;
1897 cmdlineP->height = height * 72;
1899 if (imagewidth_spec)
1901 + overflow2(imagewidth, 72);
1902 cmdlineP->imagewidth = imagewidth * 72;
1905 cmdlineP->imagewidth = 0;
1906 if (imageheight_spec)
1908 + overflow2(imageheight, 72);
1909 cmdlineP->imageheight = imageheight * 72;
1912 cmdlineP->imageheight = 0;
1914 diff -urN netpbm-9.25.orig/pnm/pnmtorast.c netpbm-9.25/pnm/pnmtorast.c
1915 --- netpbm-9.25.orig/pnm/pnmtorast.c 1993-10-04 10:11:58.000000000 +0100
1916 +++ netpbm-9.25/pnm/pnmtorast.c 2004-05-12 11:52:28.489146616 +0200
1917 @@ -299,11 +299,11 @@
1918 pr_colormapP->type = RMT_EQUAL_RGB;
1919 pr_colormapP->length = MAXCOLORS;
1920 pr_colormapP->map[0] =
1921 - (unsigned char*) malloc( MAXCOLORS * sizeof(unsigned char) );
1922 + (unsigned char*) malloc2( MAXCOLORS, sizeof(unsigned char) );
1923 pr_colormapP->map[1] =
1924 - (unsigned char*) malloc( MAXCOLORS * sizeof(unsigned char) );
1925 + (unsigned char*) malloc2( MAXCOLORS, sizeof(unsigned char) );
1926 pr_colormapP->map[2] =
1927 - (unsigned char*) malloc( MAXCOLORS * sizeof(unsigned char) );
1928 + (unsigned char*) malloc2( MAXCOLORS, sizeof(unsigned char) );
1929 if ( pr_colormapP->map[0] == 0 || pr_colormapP->map[1] == 0 ||
1930 pr_colormapP->map[2] == 0 )
1931 pm_error( "out of memory" );
1932 diff -urN netpbm-9.25.orig/pnm/pnmtorle.c netpbm-9.25/pnm/pnmtorle.c
1933 --- netpbm-9.25.orig/pnm/pnmtorle.c 2002-03-13 04:50:50.000000000 +0100
1934 +++ netpbm-9.25/pnm/pnmtorle.c 2004-05-12 11:52:28.496145552 +0200
1936 * If you modify this software, you should include a notice giving the
1937 * name of the person performing the modification, the date of modification,
1938 * and the reason for such modification.
1940 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
1943 * pnmtorle - A program which will convert pbmplus (ppm or pgm) images
1946 /*xelrow = pnm_allowcrow(width);*/
1947 xelrow = (xel*) pm_allocrow( width, sizeof(xel) );
1948 - scanlines = (rle_pixel ***)malloc( height * sizeof(rle_pixel **) );
1949 + scanlines = (rle_pixel ***)malloc2( height, sizeof(rle_pixel **) );
1950 RLE_CHECK_ALLOC( hdr.cmd, scanlines, "scanline pointers" );
1952 for ( scan = 0; scan < height; scan++ )
1953 diff -urN netpbm-9.25.orig/pnm/pnmtosgi.c netpbm-9.25/pnm/pnmtosgi.c
1954 --- netpbm-9.25.orig/pnm/pnmtosgi.c 2001-06-03 10:35:32.000000000 +0200
1955 +++ netpbm-9.25/pnm/pnmtosgi.c 2004-05-12 11:52:28.469149656 +0200
1957 static ScanElem *compress ARGS((ScanElem *temp, int row, int rows, int cols, int chan_no, long *table, int bpc));
1958 static int rle_compress ARGS((ScanElem *inbuf, int cols));
1959 static void * xmalloc ARGS((int bytes));
1960 -#define MALLOC(n, type) (type *)xmalloc((n) * sizeof(type))
1961 +static void * xmalloc2 ARGS((int x, int y));
1962 +#define MALLOC(n, type) (type *)xmalloc2((n), sizeof(type))
1964 #define WORSTCOMPR(x) (2*(x) + 2)
1966 @@ -224,6 +225,22 @@
1971 +xmalloc2(int x, int y)
1979 + mem = malloc2(x, y);
1981 + pm_error("out of memory allocating %d bytes", x * y);
1987 put_big_short(short s)
1992 if( storage != STORAGE_VERBATIM ) {
1993 + overflow2(channels, rows);
1994 table = MALLOC(channels * rows, long);
1995 rletemp = MALLOC(WORSTCOMPR(cols), ScanElem);
2000 tabrow = chan_no * rows + row;
2001 + overflow2(chan_no, rows);
2002 + overflow_add(chan_no* rows, row);
2003 len = rle_compress(temp, cols); /* writes result into rletemp */
2004 channel[chan_no][row].length = len;
2005 channel[chan_no][row].data = p = MALLOC(len, ScanElem);
2006 diff -urN netpbm-9.25.orig/pnm/pstopnm.c netpbm-9.25/pnm/pstopnm.c
2007 --- netpbm-9.25.orig/pnm/pstopnm.c 2001-09-07 17:49:59.000000000 +0200
2008 +++ netpbm-9.25/pnm/pstopnm.c 2004-05-12 11:53:57.751576664 +0200
2011 char *filespec_plus_ps;
2013 + overflow_add(strlen(orig_filespec), 4);
2014 filespec_plus_ps = malloc(strlen(orig_filespec) + 4);
2015 strcpy(filespec_plus_ps, orig_filespec);
2016 strcat(filespec_plus_ps, ".ps");
2019 char *retval; /* malloc'ed */
2021 + overflow_add(strlen(cmdline.input_filespec), 10);
2022 retval = malloc(strlen(cmdline.input_filespec) + 10);
2024 if (cmdline.goto_stdout)
2025 diff -urN netpbm-9.25.orig/pnm/rletopnm.c netpbm-9.25/pnm/rletopnm.c
2026 --- netpbm-9.25.orig/pnm/rletopnm.c 2002-03-13 04:50:54.000000000 +0100
2027 +++ netpbm-9.25/pnm/rletopnm.c 2004-05-12 11:52:28.498145248 +0200
2029 * If you modify this software, you should include a notice giving the
2030 * name of the person performing the modification, the date of modification,
2031 * and the reason for such modification.
2033 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
2036 * rletopnm - A conversion program to convert from Utah's "rle" image format
2038 pixelrow = ppm_allocrow(width);
2039 alpharow = pgm_allocrow(width);
2041 - scanlines = (rle_pixel ***)malloc( height * sizeof(rle_pixel **) );
2042 + scanlines = (rle_pixel ***)malloc2( height, sizeof(rle_pixel **) );
2043 RLE_CHECK_ALLOC( hdr.cmd, scanlines, "scanline pointers" );
2045 for ( scan = 0; scan < height; scan++ )
2047 pixelrow = pgm_allocrow(width);
2048 alpharow = pgm_allocrow(width);
2050 - scanlines = (rle_pixel ***)malloc( height * sizeof(rle_pixel **) );
2051 + scanlines = (rle_pixel ***)malloc2( height, sizeof(rle_pixel **) );
2052 RLE_CHECK_ALLOC( hdr.cmd, scanlines, "scanline pointers" );
2054 for ( scan = 0; scan < height; scan++ )
2055 diff -urN netpbm-9.25.orig/pnm/sgitopnm.c netpbm-9.25/pnm/sgitopnm.c
2056 --- netpbm-9.25.orig/pnm/sgitopnm.c 2002-01-04 18:29:11.000000000 +0100
2057 +++ netpbm-9.25/pnm/sgitopnm.c 2004-05-12 11:52:28.474148896 +0200
2059 static short get_big_short ARGS((FILE *f));
2060 static short get_byte_as_short ARGS((FILE *f));
2061 static void readerr ARGS((FILE *f));
2062 -static void * xmalloc ARGS((int bytes));
2063 -#define MALLOC(n, type) (type *)xmalloc((n) * sizeof(type))
2064 +static void * xmalloc2 ARGS((int x, int y));
2065 +#define MALLOC(n, type) (type *)xmalloc2((n), sizeof(type))
2066 static char * compression_name ARGS((char compr));
2067 static void read_bytes ARGS((FILE *ifp, int n, char *buf));
2068 static Header * read_header ARGS((FILE *ifp, int channel));
2069 @@ -252,12 +252,18 @@
2072 maxchannel = (head->zsize < 3) ? head->zsize : 3;
2073 + overflow2(head->ysize, maxchannel);
2074 image = MALLOC(head->ysize * maxchannel, ScanLine);
2076 maxchannel = ochan + 1;
2077 image = MALLOC(head->ysize, ScanLine);
2079 - if( table ) temp = MALLOC(WORSTCOMPR(head->xsize), ScanElem);
2082 + overflow2(head->xsize, 2);
2083 + overflow_add(head->xsize*2, 2);
2084 + temp = MALLOC(WORSTCOMPR(head->xsize), ScanElem);
2087 for( channel = 0; channel < maxchannel; channel++ ) {
2089 @@ -447,17 +453,19 @@
2106 - mem = malloc(bytes);
2107 + mem = malloc2(x, y);
2109 - pm_error("out of memory allocating %d bytes", bytes);
2110 + pm_error("out of memory allocating %d bytes", x * y);
2114 diff -urN netpbm-9.25.orig/pnm/sirtopnm.c netpbm-9.25/pnm/sirtopnm.c
2115 --- netpbm-9.25.orig/pnm/sirtopnm.c 2002-01-04 18:22:45.000000000 +0100
2116 +++ netpbm-9.25/pnm/sirtopnm.c 2004-05-12 11:52:28.460151024 +0200
2121 + overflow3(cols, rows, 3);
2122 picsize = cols * rows * 3;
2123 planesize = cols * rows;
2124 if ( !( sirarray = (unsigned char*) malloc( picsize ) ) )
2125 diff -urN netpbm-9.25.orig/pnm/tifftopnm.c netpbm-9.25/pnm/tifftopnm.c
2126 --- netpbm-9.25.orig/pnm/tifftopnm.c 2002-03-03 18:24:54.000000000 +0100
2127 +++ netpbm-9.25/pnm/tifftopnm.c 2004-05-12 11:52:28.490146464 +0200
2129 if (scanbuf == NULL)
2130 pm_error("can't allocate memory for scanline buffer");
2132 - samplebuf = (unsigned short *) malloc(cols * sizeof(unsigned short) * spp);
2133 + samplebuf = (unsigned short *) malloc3(cols , sizeof(unsigned short) , spp);
2134 if (samplebuf == NULL)
2135 pm_error ("can't allocate memory for row buffer");
2137 diff -urN netpbm-9.25.orig/pnm/xwdtopnm.c netpbm-9.25/pnm/xwdtopnm.c
2138 --- netpbm-9.25.orig/pnm/xwdtopnm.c 2002-01-17 00:15:55.000000000 +0100
2139 +++ netpbm-9.25/pnm/xwdtopnm.c 2004-05-12 11:52:28.491146312 +0200
2141 if ( h10P->window_ncolors != 0 )
2143 /* Read X10 colormap. */
2144 - x10colors = (X10Color*) malloc(
2145 - h10P->window_ncolors * sizeof(X10Color) );
2146 + x10colors = (X10Color*) malloc2(
2147 + h10P->window_ncolors, sizeof(X10Color) );
2148 if ( x10colors == 0 )
2149 pm_error( "out of memory" );
2150 for ( i = 0; i < h10P->window_ncolors; ++i )
2152 *colorsP = pnm_allocrow( 2 );
2153 PNM_ASSIGN1( (*colorsP)[0], 0 );
2154 PNM_ASSIGN1( (*colorsP)[1], *maxvalP );
2155 + overflow_add(h10P->pixmap_width, 15);
2156 + if(h10P->pixmap_width < 0)
2157 + pm_error("assert: negative width");
2159 ( ( h10P->pixmap_width + 15 ) / 16 ) * 16 - h10P->pixmap_width;
2160 *bits_per_itemP = 16;
2161 @@ -224,9 +227,13 @@
2162 *formatP = PGM_TYPE;
2163 *visualclassP = StaticGray;
2164 *maxvalP = ( 1 << h10P->display_planes ) - 1;
2165 + overflow_add(*maxvalP, 1);
2166 *colorsP = pnm_allocrow( *maxvalP + 1 );
2167 for ( i = 0; i <= *maxvalP; ++i )
2168 PNM_ASSIGN1( (*colorsP)[i], i );
2169 + overflow_add(h10P->pixmap_width, 15);
2170 + if(h10P->pixmap_width < 0)
2171 + pm_error("assert: negative width");
2173 ( ( h10P->pixmap_width + 15 ) / 16 ) * 16 - h10P->pixmap_width;
2174 *bits_per_itemP = 16;
2176 if ( h11P->ncolors > 0 )
2178 /* Read X11 colormap. */
2179 - x11colors = (X11XColor*) malloc(
2180 - h11P->ncolors * sizeof(X11XColor) );
2181 + x11colors = (X11XColor*) malloc2(
2182 + h11P->ncolors, sizeof(X11XColor) );
2183 if ( x11colors == 0 )
2184 pm_error( "out of memory" );
2185 if ( fread( x11colors, sizeof(X11XColor), h11P->ncolors, file ) !=
2188 *formatP = PGM_TYPE;
2189 *maxvalP = ( 1 << h11P->bits_per_pixel ) - 1;
2190 + overflow_add(*maxvalP, 1);
2191 *colorsP = pnm_allocrow( *maxvalP + 1 );
2192 for ( i = 0; i <= *maxvalP; ++i )
2193 PNM_ASSIGN1( (*colorsP)[i], i );
2196 *colsP = h11P->pixmap_width;
2197 *rowsP = h11P->pixmap_height;
2198 + overflow2(h11P->bytes_per_line, 8);
2200 h11P->bytes_per_line * 8 / h11P->bits_per_pixel -
2202 diff -urN netpbm-9.25.orig/ppm/411toppm.c netpbm-9.25/ppm/411toppm.c
2203 --- netpbm-9.25.orig/ppm/411toppm.c 2001-05-16 18:26:22.000000000 +0200
2204 +++ netpbm-9.25/ppm/411toppm.c 2004-05-12 11:53:57.806568304 +0200
2205 @@ -147,17 +147,18 @@
2206 uint8 *** const orig_cbP) {
2209 - *orig_yP = (uint8 **) malloc(sizeof(uint8 *) * height);
2210 + *orig_yP = (uint8 **) malloc2(sizeof(uint8 *), height);
2211 for (y = 0; y < height; y++) {
2212 - (*orig_yP)[y] = (uint8 *) malloc(sizeof(uint8) * width);
2213 + (*orig_yP)[y] = (uint8 *) malloc2(sizeof(uint8), width);
2216 - *orig_crP = (uint8 **) malloc(sizeof(uint8 *) * height);
2217 + overflow2(width, sizeof(uint8 *));
2218 + *orig_crP = (uint8 **) malloc2(sizeof(uint8 *), height);
2219 for (y = 0; y < height; y++) {
2220 (*orig_crP)[y] = (uint8 *) malloc(sizeof(uint8) * width / 4);
2223 - *orig_cbP = (uint8 **) malloc(sizeof(uint8 *) * height);
2224 + *orig_cbP = (uint8 **) malloc2(sizeof(uint8 *), height);
2225 for (y = 0; y < height; y++) {
2226 (*orig_cbP)[y] = (uint8 *) malloc(sizeof(uint8) * width / 4);
2228 @@ -177,19 +178,20 @@
2230 /* first, allocate tons of memory */
2232 - Y = (int **) malloc(sizeof(int *) * height);
2233 + Y = (int **) malloc2(sizeof(int *), height);
2234 for (y = 0; y < height; y++) {
2235 - Y[y] = (int *) malloc(sizeof(int) * width);
2236 + Y[y] = (int *) malloc2(sizeof(int), width);
2239 - U = (int **) malloc(sizeof(int *) * height);
2240 + U = (int **) malloc2(sizeof(int *) , height);
2241 + overflow2(sizeof(int), width);
2242 for (y = 0; y < height; y++) {
2243 U[y] = (int *) malloc(sizeof(int) * width / 4);
2246 - V = (int **) malloc(sizeof(int *) * height);
2247 + V = (int **) malloc2(sizeof(int *), height);
2248 for (y = 0; y < height; y++) {
2249 - V[y] = (int *) malloc(sizeof(int) * width / 4);
2250 + V[y] = (int *) malloc2(sizeof(int), width / 4);
2253 for ( y = 0; y < height; y ++ ) {
2254 diff -urN netpbm-9.25.orig/ppm/ilbmtoppm.c netpbm-9.25/ppm/ilbmtoppm.c
2255 --- netpbm-9.25.orig/ppm/ilbmtoppm.c 2002-01-04 16:26:40.000000000 +0100
2256 +++ netpbm-9.25/ppm/ilbmtoppm.c 2004-05-12 11:53:57.761575144 +0200
2258 static ColorMap * alloc_cmap ARGS((void));
2259 static void check_cmap ARGS((BitMapHeader *bmhd, ColorMap *cmap));
2260 static void * xmalloc ARGS((int bytes));
2261 -#define MALLOC(n, type) (type *)xmalloc((n) * sizeof(type))
2262 +static void * xmalloc2 ARGS((int x, int y));
2263 +#define MALLOC(n, type) (type *)xmalloc2((n), sizeof(type))
2265 #define FACTOR_4BIT 17 /* scale factor maxval 15 -> maxval 255 */
2270 if( typeid == ID_ILBM ) {
2271 + overflow_add(bmhd->w, 15);
2272 ilbmrow = MALLOC(RowBytes(bmhd->w), unsigned char);
2273 viewportmodes |= fakeviewport; /* -isham/-isehb */
2276 if( redmaxval != maxval || greenmaxval != maxval || bluemaxval != maxval )
2277 pm_message("scaling colors to %d bits", pm_maxvaltobits(maxval));
2279 + overflow_add(redmaxval, 1);
2280 + overflow_add(greenmaxval, 1);
2281 + overflow_add(bluemaxval, 1);
2282 redtable = MALLOC(redmaxval +1, pixval);
2283 greentable = MALLOC(greenmaxval+1, pixval);
2284 bluetable = MALLOC(bluemaxval +1, pixval);
2285 @@ -1281,6 +1286,7 @@
2289 + overflow_add(cols, 15);
2290 bytes = RowBytes(cols);
2291 for( plane = 0; plane < nPlanes; plane++ ) {
2293 @@ -1321,6 +1327,7 @@
2296 case mskHasMask: /* mask plane */
2297 + overflow_add(cols, 15);
2298 read_ilbm_plane(ifp, chunksizeP, RowBytes(cols), bmhd->compression);
2301 @@ -1394,6 +1401,23 @@
2316 + mem = malloc2(x,y);
2318 + pm_error("out of memory allocating %d bytes", x * y);
2325 @@ -1582,6 +1606,9 @@
2326 cmap->mp_change[i] = NULL;
2327 if( PCHG.StartLine < 0 ) {
2329 + if(PCHG.MaxReg < PCHG.MinReg)
2330 + pm_error("assert: MinReg > MaxReg");
2331 + overflow_add(PCHG.MaxReg-PCHG.MinReg, 2);
2332 nch = PCHG.MaxReg - PCHG.MinReg +1;
2333 cmap->mp_init = MALLOC(nch + 1, PaletteChange);
2334 for( i = 0; i < nch; i++ )
2335 @@ -1712,7 +1739,9 @@
2336 ChangeCount32 = *data++;
2339 + overflow_add(ChangeCount16, ChangeCount32);
2340 changes = ChangeCount16 + ChangeCount32;
2341 + overflow_add(changes, 1);
2342 cmap->mp_change[row] = MALLOC(changes + 1, PaletteChange);
2343 for( i = 0; i < changes; i++ ) {
2344 if( totalchanges >= PCHG->TotalChanges ) goto fail;
2345 @@ -1798,6 +1827,7 @@
2346 if( datasize < 2 ) goto fail;
2347 changes = BIG_WORD(data); data += 2; datasize -= 2;
2349 + overflow_add(changes, 1);
2350 cmap->mp_change[row] = MALLOC(changes + 1, PaletteChange);
2351 for( i = 0; i < changes; i++ ) {
2352 if( totalchanges >= PCHG->TotalChanges ) goto fail;
2353 diff -urN netpbm-9.25.orig/ppm/imgtoppm.c netpbm-9.25/ppm/imgtoppm.c
2354 --- netpbm-9.25.orig/ppm/imgtoppm.c 2002-01-04 16:24:57.000000000 +0100
2355 +++ netpbm-9.25/ppm/imgtoppm.c 2004-05-12 11:53:57.762574992 +0200
2357 len = atoi((char*) buf );
2358 if ( fread( buf, len, 1, ifp ) != 1 )
2359 pm_error( "bad colormap buf" );
2360 + overflow2(cmaplen, 3);
2361 if ( cmaplen * 3 != len )
2365 pm_error( "bad pixel data header" );
2367 len = atoi((char*) buf );
2368 + overflow2(cols, rows);
2369 if ( len != cols * rows )
2371 "pixel data length (%d) does not match image size (%d)",
2372 diff -urN netpbm-9.25.orig/ppm/libppm5.c netpbm-9.25/ppm/libppm5.c
2373 --- netpbm-9.25.orig/ppm/libppm5.c 2000-03-23 05:27:06.000000000 +0100
2374 +++ netpbm-9.25/ppm/libppm5.c 2004-05-12 11:53:57.769573928 +0200
2377 pm_error( "out of memory allocating a fillhandle" );
2379 - fh->coords = (coord*) malloc( SOME * sizeof(coord) );
2380 + fh->coords = (coord*) malloc2( SOME , sizeof(coord) );
2381 if ( fh->coords == 0 )
2382 pm_error( "out of memory allocating a fillhandle" );
2384 @@ -481,9 +481,10 @@
2385 /* Ok, these are new; check if there's room for two more coords. */
2386 if ( fh->n + 1 >= fh->size )
2388 + overflow_add(fh->size, SOME);
2390 - fh->coords = (coord*) realloc(
2391 - (char*) fh->coords, fh->size * sizeof(coord) );
2392 + fh->coords = (coord*) realloc2(
2393 + (char*) fh->coords, fh->size, sizeof(coord) );
2394 if ( fh->coords == 0 )
2395 pm_error( "out of memory enlarging a fillhandle" );
2397 diff -urN netpbm-9.25.orig/ppm/pcxtoppm.c netpbm-9.25/ppm/pcxtoppm.c
2398 --- netpbm-9.25.orig/ppm/pcxtoppm.c 2002-02-10 19:39:26.000000000 +0100
2399 +++ netpbm-9.25/ppm/pcxtoppm.c 2004-05-12 11:53:57.795569976 +0200
2402 * clear the pixel buffer
2405 + overflow2(bytesperline, 8);
2406 npixels = (bytesperline * 8) / bitsperpixel;
2408 while (--npixels >= 0)
2409 diff -urN netpbm-9.25.orig/ppm/picttoppm.c netpbm-9.25/ppm/picttoppm.c
2410 --- netpbm-9.25.orig/ppm/picttoppm.c 2002-01-04 16:26:12.000000000 +0100
2411 +++ netpbm-9.25/ppm/picttoppm.c 2004-05-12 11:53:57.772573472 +0200
2413 +#error "Unfixable. Don't ship me"
2416 * picttoppm.c -- convert a MacIntosh PICT file to PPM format.
2418 diff -urN netpbm-9.25.orig/ppm/pjtoppm.c netpbm-9.25/ppm/pjtoppm.c
2419 --- netpbm-9.25.orig/ppm/pjtoppm.c 2000-03-03 06:32:09.000000000 +0100
2420 +++ netpbm-9.25/ppm/pjtoppm.c 2004-05-12 11:53:57.774573168 +0200
2421 @@ -127,17 +127,21 @@
2422 case 'W': /* send last plane */
2423 if (rows == -1 || r >= rows || image == NULL) {
2424 if (rows == -1 || r >= rows)
2426 + overflow_add(rows, 100);
2429 if (image == NULL) {
2430 image = (unsigned char **)
2431 - malloc(rows * planes * sizeof(unsigned char *));
2432 - imlen = (int *) malloc(rows * planes * sizeof(int));
2433 + malloc3(rows , planes , sizeof(unsigned char *));
2434 + imlen = (int *) malloc3(rows , planes, sizeof(int));
2437 + overflow2(rows,planes);
2438 image = (unsigned char **)
2439 - realloc(image, rows * planes *
2440 + realloc2(image, rows * planes,
2441 sizeof(unsigned char *));
2442 - imlen = (int *) realloc(imlen, rows * planes *
2443 + imlen = (int *) realloc2(imlen, rows * planes,
2448 cols = cols > val ? cols : val;
2449 imlen[r * planes + p] = val;
2450 image[r * planes + p] = (unsigned char *)
2451 - malloc(val * sizeof(unsigned char));
2452 + malloc2(val , sizeof(unsigned char));
2453 if (image[r * planes + p] == NULL)
2454 pm_error("out of memory");
2455 if (fread(image[r * planes + p], 1, val, fp) != val)
2457 if (image[r * planes] == NULL)
2459 for (p = 0; p < planes; p++) {
2460 - buf = (unsigned char *) malloc(newcols *
2461 + buf = (unsigned char *) malloc2(newcols ,
2462 sizeof(unsigned char *));
2464 pm_error("out of memory");
2465 @@ -213,7 +217,10 @@
2466 for (cmd = image[p + r * planes][c],
2467 val = image[p + r * planes][c+1];
2468 cmd >= 0 && i < newcols; cmd--, i++)
2471 + overflow_add(i, 1);
2473 cols = cols > i ? cols : i;
2474 free(image[p + r * planes]);
2477 image[p + r * planes] = (unsigned char *) realloc(buf, i);
2480 + overflow2(cols, 8);
2484 diff -urN netpbm-9.25.orig/ppm/ppmdist.c netpbm-9.25/ppm/ppmdist.c
2485 --- netpbm-9.25.orig/ppm/ppmdist.c 2000-03-03 06:41:40.000000000 +0100
2486 +++ netpbm-9.25/ppm/ppmdist.c 2004-05-12 11:53:57.788571040 +0200
2489 /* copy the colors into another structure for sorting */
2490 colorToGrayMap = (struct colorToGrayEntry *)
2491 - malloc(sizeof(struct colorToGrayEntry) * colors);
2492 + malloc2(sizeof(struct colorToGrayEntry), colors);
2493 for (color = 0; color < colors; color++) {
2494 colorToGrayMap[color].color = hist[color].color;
2495 colorToGrayMap[color].frequency = hist[color].value;
2496 diff -urN netpbm-9.25.orig/ppm/ppmdither.c netpbm-9.25/ppm/ppmdither.c
2497 --- netpbm-9.25.orig/ppm/ppmdither.c 2002-02-22 05:56:35.000000000 +0100
2498 +++ netpbm-9.25/ppm/ppmdither.c 2004-05-12 11:53:57.774573168 +0200
2500 const unsigned int dith_mat_sz =
2501 (dith_dim * sizeof(int *)) + /* pointers */
2502 (dith_dim * dith_dim * sizeof(int)); /* data */
2504 + overflow2(dith_dim, sizeof(int *));
2505 + overflow3(dith_dim, dith_dim, sizeof(int));
2506 + overflow_add(dith_dim * sizeof(int *), dith_dim * dith_dim * sizeof(int));
2507 dith_mat = (unsigned int **) malloc(dith_mat_sz);
2509 if (dith_mat == NULL)
2512 pm_error("too few shades for blue, minimum of 2");
2514 - *ptab_p = malloc(dith_nr * dith_ng * dith_nb * sizeof(pixel));
2515 + overflow2(dith_nr, dith_ng);
2516 + *ptab_p = malloc3(dith_nr * dith_ng, dith_nb, sizeof(pixel));
2518 if (*ptab_p == NULL)
2519 pm_error("Unable to allocate space for the color lookup table "
2520 "(%d by %d by %d pixels).", dith_nr, dith_ng, dith_nb);
2521 diff -urN netpbm-9.25.orig/ppm/ppmquantall netpbm-9.25/ppm/ppmquantall
2522 --- netpbm-9.25.orig/ppm/ppmquantall 2001-04-16 09:49:37.000000000 +0200
2523 +++ netpbm-9.25/ppm/ppmquantall 2004-05-12 11:53:57.822565872 +0200
2527 #all=`tempfile -p pqa.all -m 600`
2528 +#all=.tmp.pqa.all.$$
2530 +all=$(mktemp -t pqa.all.XXXXXXXXXX) || exit 1 #219019
2532 +pnmcat -topbottom -jleft -white ${files[@]} | ppmquant $newcolors > $all
2533 +if [ $? != 0 ]; then
2540 +while [ $i -lt $nfiles ]; do
2541 + pnmcut -left 0 -top $y -width ${widths[$i]} -height ${heights[$i]} $all \
2542 + > ${files[$i]}$ext
2543 + if [ $? != 0 ]; then
2546 + y=$(($y + ${heights[$i]}))
2553 +# ppmquantall - run ppmquant on a bunch of files all at once, so they share
2554 +# a common colormap
2556 +# WARNING: overwrites the source files with the results!!!
2558 +# Verbose explanation: Let's say you've got a dozen pixmaps that you want
2559 +# to display on the screen all at the same time. Your screen can only
2560 +# display 256 different colors, but the pixmaps have a total of a thousand
2561 +# or so different colors. For a single pixmap you solve this problem with
2562 +# ppmquant; this script solves it for multiple pixmaps. All it does is
2563 +# concatenate them together into one big pixmap, run ppmquant on that, and
2564 +# then split it up into little pixmaps again.
2568 + echo "usage: $0 [-ext extension] <newcolours> <ppmfile> ..."
2578 + if [ $# -lt 2 ]; then
2593 +if [ $# -lt 2 ]; then
2602 +# Extract the width and height of each of the images.
2603 +# Here, we make the assumption that the width and height are on the
2604 +# second line, even though the PPM format doesn't require that.
2605 +# To be robust, we need to use Pnmfile to get that information, or
2606 +# Put this program in C and use ppm_readppminit().
2611 +for i in ${files[@]}; do
2612 + widths=(${widths[*]} `egrep -v '^#' $i | head -2 | tail -1 | \
2614 + heights=(${heights[*]} `egrep -v '^#' $i | head -2 | tail -1 | \
2618 +#all=`tempfile -p pqa.all -m 600`
2622 diff -urN netpbm-9.25.orig/ppm/ppmquantall.csh netpbm-9.25/ppm/ppmquantall.csh
2623 --- netpbm-9.25.orig/ppm/ppmquantall.csh 2000-07-28 04:29:36.000000000 +0200
2624 +++ netpbm-9.25/ppm/ppmquantall.csh 2004-05-12 11:53:57.816566784 +0200
2626 set heights=( $heights `head -2 $i | tail -1 | sed 's/.* //'` )
2629 -set all=/tmp/pqa.all.$$
2630 +set all=.tmp.pqa.all.$$
2632 pnmcat -topbottom -jleft -white $files | ppmquant -quiet $newcolors > $all
2633 if ( $status != 0 ) exit $status
2634 diff -urN netpbm-9.25.orig/ppm/ppmqvga.c netpbm-9.25/ppm/ppmqvga.c
2635 --- netpbm-9.25.orig/ppm/ppmqvga.c 2001-06-11 01:33:18.000000000 +0200
2636 +++ netpbm-9.25/ppm/ppmqvga.c 2004-05-12 11:53:57.763574840 +0200
2638 ppm_writeppminit( stdout, cols, rows, maxval, 0 );
2641 + overflow_add(cols, 2);
2642 + overflow2(cols+2, sizeof(fs_err_array));
2643 fs_err_lines = (fs_err_array *) calloc((cols + 2), sizeof(fs_err_array));
2645 if (fs_err_lines == NULL) {
2646 diff -urN netpbm-9.25.orig/ppm/ppmshadow netpbm-9.25/ppm/ppmshadow
2647 --- netpbm-9.25.orig/ppm/ppmshadow 2000-03-24 19:37:26.000000000 +0100
2648 +++ netpbm-9.25/ppm/ppmshadow 2004-05-12 11:53:57.801569064 +0200
2653 - $fname = "/tmp/_PPMshadow$$"; # Temporary filepath prefix
2654 +# $fname = ".tmp._PPMshadow$$"; # Temporary filepath prefix
2655 + chomp($fname = `mktemp -d -t PPMshadow.XXXXXX`);
2657 + die "Can't create tmpdir";
2660 # Process command line options
2663 if ((!(defined $ifile)) || ($ifile eq '-')) {
2664 # Input default to standard input
2666 - $ifile = "$fname-0.ppm";
2667 - system("cat >$fname-0.ppm");
2668 + $ifile = "$fname/0.ppm";
2669 + system("cat >$fname/0.ppm");
2672 # Determine the size of the source image
2673 @@ -112,15 +116,15 @@
2675 # Create a blank background bitmap the size of the source bitmap
2677 - system("pnmcut 0 0 1 1 $ifile | pnmscale -xsize $xsize -ysize $ysize >$fname-5.ppm");
2678 + system("pnmcut 0 0 1 1 $ifile | pnmscale -xsize $xsize -ysize $ysize >$fname/5.ppm");
2680 # Create positive mask file from input image
2682 - system("pnmarith -difference $ifile $fname-5.ppm | pnminvert | ppmtopgm | pgmtopbm -thresh -value 1.0 >$fname-1.ppm");
2683 + system("pnmarith -difference $ifile $fname/5.ppm | pnminvert | ppmtopgm | pgmtopbm -thresh -value 1.0 >$fname/1.ppm");
2685 # Create convolution kernel file to generate shadow
2687 - open(OF, ">$fname-2.ppm");
2688 + open(OF, ">$fname/2.ppm");
2689 $ckern = $convolve <= 11 ? $convolve : 11;
2690 printf(OF "P2\n$ckern $ckern\n%d\n", $ckern * $ckern * 2);
2691 $a = ($ckern * $ckern) + 1;
2692 @@ -136,60 +140,61 @@
2693 # Convolve the input colour image with the kernel
2694 # to create a translucent shadow image.
2696 - system("pnmconvol $fname-2.ppm $ifile >$fname-10.ppm");
2697 - system("rm $fname-2.ppm") if $purge;
2698 + system("pnmconvol $fname/2.ppm $ifile >$fname/10.ppm");
2699 +# system("rm $fname-2.ppm") if $purge;
2700 while ($ckern < $convolve) {
2701 - system("pnmsmooth $fname-10.ppm >$fname-10a.ppm");
2702 - system("mv $fname-10a.ppm $fname-10.ppm");
2703 + system("pnmsmooth $fname/10.ppm >$fname/10a.ppm");
2704 + system("mv $fname/10a.ppm $fname/10.ppm");
2709 # Convolve the positive mask with the kernel to create shadow
2711 - system("pnmconvol $fname-2.ppm $fname-1.ppm >$fname-3.ppm");
2712 - system("rm $fname-2.ppm") if $purge;
2713 + system("pnmconvol $fname/2.ppm $fname/1.ppm >$fname/3.ppm");
2714 +# system("rm $fname-2.ppm") if $purge;
2715 while ($ckern < $convolve) {
2716 - system("pnmsmooth $fname-3.ppm >$fname-3a.ppm");
2717 - system("mv $fname-3a.ppm $fname-3.ppm");
2718 + system("pnmsmooth $fname/3.ppm >$fname/3a.ppm");
2719 + system("mv $fname/3a.ppm $fname/3.ppm");
2723 # Multiply the shadow by the background colour
2725 - system("pnmarith -multiply $fname-3.ppm $fname-5.ppm >$fname-10.ppm");
2726 - system("rm $fname-3.ppm") if $purge;
2727 + system("pnmarith -multiply $fname/3.ppm $fname/5.ppm >$fname/10.ppm");
2728 + system("rm $fname/3.ppm") if $purge;
2731 # Cut an offset rectangle from the shadow image
2733 $i = $xsize - $xoffset;
2734 $j = $ysize - $yoffset;
2735 - system("pnmcut 0 0 $i $j $fname-10.ppm >$fname-4.ppm");
2736 - system("rm $fname-10.ppm") if $purge;
2737 + system("pnmcut 0 0 $i $j $fname/10.ppm >$fname/4.ppm");
2738 +# system("rm $fname-10.ppm") if $purge;
2740 # Create offset shadow image
2742 - system("pnmpaste -replace $fname-4.ppm $xoffset $yoffset $fname-5.ppm >$fname-6.ppm");
2743 - system("rm $fname-4.ppm $fname-5.ppm") if $purge;
2744 + system("pnmpaste -replace $fname/4.ppm $xoffset $yoffset $fname/5.ppm >$fname/6.ppm");
2745 +# system("rm $fname-4.ppm $fname-5.ppm") if $purge;
2747 # Create inverse mask
2749 - system("pnminvert $fname-1.ppm >$fname-7.ppm");
2750 + system("pnminvert $fname/1.ppm >$fname/7.ppm");
2752 # Multiply original image by inverse mask
2754 - system("pnmarith -multiply $ifile $fname-7.ppm >$fname-8.ppm");
2755 - system("rm $fname-7.ppm") if $purge;
2756 - system("rm $fname-0.ppm") if ($purge && $stdin);
2757 + system("pnmarith -multiply $ifile $fname/7.ppm >$fname/8.ppm");
2758 +# system("rm $fname-7.ppm") if $purge;
2759 +# system("rm $fname-0.ppm") if ($purge && $stdin);
2761 # Multiply shadow by mask
2763 - system("pnmarith -multiply $fname-6.ppm $fname-1.ppm >$fname-9.ppm");
2764 - system("rm $fname-6.ppm $fname-1.ppm") if $purge;
2765 + system("pnmarith -multiply $fname/6.ppm $fname/1.ppm >$fname/9.ppm");
2766 +# system("rm $fname-6.ppm $fname-1.ppm") if $purge;
2768 # Add masked image and shadow to obtain result, which this
2769 # last call on pnmarith sends to standard output.
2771 - system("pnmarith -add $fname-8.ppm $fname-9.ppm");
2772 - system("rm $fname-8.ppm $fname-9.ppm") if $purge;
2773 + system("pnmarith -add $fname/8.ppm $fname/9.ppm");
2774 +# system("rm $fname-8.ppm $fname-9.ppm") if $purge;
2775 + system("rm -rf $fname/") if $purge;
2776 diff -urN netpbm-9.25.orig/ppm/ppmtoeyuv.c netpbm-9.25/ppm/ppmtoeyuv.c
2777 --- netpbm-9.25.orig/ppm/ppmtoeyuv.c 2001-09-07 17:48:09.000000000 +0200
2778 +++ netpbm-9.25/ppm/ppmtoeyuv.c 2004-05-12 11:53:57.801569064 +0200
2779 @@ -112,14 +112,15 @@
2783 - mult299 = (float *) malloc(sizeof(float) * (maxval+1));
2784 - mult587 = (float *) malloc(sizeof(float) * (maxval+1));
2785 - mult114 = (float *) malloc(sizeof(float) * (maxval+1));
2786 - mult16874 = (float *) malloc(sizeof(float) * (maxval+1));
2787 - mult33126 = (float *) malloc(sizeof(float) * (maxval+1));
2788 - mult5 = (float *) malloc(sizeof(float) * (maxval+1));
2789 - mult41869 = (float *) malloc(sizeof(float) * (maxval+1));
2790 - mult08131 = (float *) malloc(sizeof(float) * (maxval+1));
2791 + overflow_add(maxval, 1);
2792 + mult299 = (float *) malloc2(sizeof(float), (maxval+1));
2793 + mult587 = (float *) malloc2(sizeof(float), (maxval+1));
2794 + mult114 = (float *) malloc2(sizeof(float), (maxval+1));
2795 + mult16874 = (float *) malloc2(sizeof(float), (maxval+1));
2796 + mult33126 = (float *) malloc2(sizeof(float), (maxval+1));
2797 + mult5 = (float *) malloc2(sizeof(float), (maxval+1));
2798 + mult41869 = (float *) malloc2(sizeof(float), (maxval+1));
2799 + mult08131 = (float *) malloc2(sizeof(float), (maxval+1));
2801 if (maxval == YUVMAXVAL) {
2803 @@ -265,10 +266,10 @@
2807 - *orig_yP = (uint8 **) malloc(sizeof(uint8 *) * height);
2808 + *orig_yP = (uint8 **) malloc2(sizeof(uint8 *) , height);
2810 for (y = 0; y < height; y++) {
2811 - orig_y[y] = (uint8 *) malloc(sizeof(uint8) * width);
2812 + orig_y[y] = (uint8 *) malloc2(sizeof(uint8) , width);
2815 *orig_crP = (uint8 **) malloc(sizeof(uint8 *) * height / 2);
2816 diff -urN netpbm-9.25.orig/ppm/ppmtoicr.c netpbm-9.25/ppm/ppmtoicr.c
2817 --- netpbm-9.25.orig/ppm/ppmtoicr.c 1993-10-04 10:12:38.000000000 +0100
2818 +++ netpbm-9.25/ppm/ppmtoicr.c 2004-05-12 11:53:57.783571800 +0200
2822 pm_message("sending run-length encoded picture data ..." );
2823 - testimage = (char*) malloc(rows*cols);
2824 + testimage = (char*) malloc2(rows, cols);
2826 for (i=0; i<rows; i++)
2827 for (j=0; j<cols; j++)
2828 diff -urN netpbm-9.25.orig/ppm/ppmtoilbm.c netpbm-9.25/ppm/ppmtoilbm.c
2829 --- netpbm-9.25.orig/ppm/ppmtoilbm.c 2002-01-04 16:24:55.000000000 +0100
2830 +++ netpbm-9.25/ppm/ppmtoilbm.c 2004-05-12 11:53:57.785571496 +0200
2832 static pixel * next_pixrow ARGS((FILE *fp, int row));
2833 static int * make_val_table ARGS((int oldmaxval, int newmaxval));
2834 static void * xmalloc ARGS((int bytes));
2835 -#define MALLOC(n, type) (type *)xmalloc((n) * sizeof(type))
2836 +static void * xmalloc2 ARGS((int x, int y));
2837 +#define MALLOC(n, type) (type *)xmalloc2((n) , sizeof(type))
2838 static void init_read ARGS((FILE *fp, int *colsP, int *rowsP, pixval *maxvalP, int *formatP, int readall));
2839 static void write_body_rows ARGS((void));
2840 static void write_camg ARGS((void));
2841 @@ -785,11 +786,16 @@
2843 if( mode != MODE_CMAP ) {
2845 + overflow_add(cols, 15);
2846 coded_rowbuf = MALLOC(RowBytes(cols), unsigned char);
2847 for( i = 0; i < RowBytes(cols); i++ )
2848 coded_rowbuf[i] = 0;
2851 + overflow2(cols,2);
2852 + overflow_add(cols *2, 2);
2853 compr_rowbuf = MALLOC(WORSTCOMPR(RowBytes(cols)), unsigned char);
2859 pm_message("initializing HAM colormap...");
2861 colors = 1<<(3*hbits);
2862 - hmap = malloc(colors * sizeof(hentry));
2863 + hmap = malloc2(colors, sizeof(hentry));
2865 pm_error("Unable to allocate memory for HAM colormap.");
2866 hmaxval = pm_bitstomaxval(hbits);
2867 @@ -1839,6 +1845,7 @@
2869 maskmethod = 0; /* no masking - RGB8 uses genlock bits */
2870 compmethod = 4; /* RGB8 files are always compressed */
2871 + overflow2(cols, 4);
2872 compr_row = MALLOC(cols * 4, unsigned char);
2874 if( maxval != 255 ) {
2875 @@ -1926,6 +1933,7 @@
2877 maskmethod = 0; /* no masking - RGBN uses genlock bits */
2878 compmethod = 4; /* RGBN files are always compressed */
2879 + overflow2(cols, 2);
2880 compr_row = MALLOC(cols * 2, unsigned char);
2882 if( maxval != 15 ) {
2883 @@ -2397,6 +2405,7 @@
2887 + overflow_add(oldmaxval, 1);
2888 table = MALLOC(oldmaxval + 1, int);
2889 for(i = 0; i <= oldmaxval; i++ )
2890 table[i] = (i * newmaxval + oldmaxval/2) / oldmaxval;
2891 @@ -2417,6 +2426,21 @@
2904 + mem = malloc2(x, y);
2906 + pm_error("out of memory allocating %d bytes", x * y);
2913 diff -urN netpbm-9.25.orig/ppm/ppmtolj.c netpbm-9.25/ppm/ppmtolj.c
2914 --- netpbm-9.25.orig/ppm/ppmtolj.c 2000-12-03 00:36:01.000000000 +0100
2915 +++ netpbm-9.25/ppm/ppmtolj.c 2004-05-12 11:53:57.805568456 +0200
2917 pixels = ppm_readppm( ifp, &cols, &rows, &maxval );
2920 + overflow2(cols,6);
2921 obuf = (unsigned char *) pm_allocrow(cols * 3, sizeof(unsigned char));
2922 cbuf = (unsigned char *) pm_allocrow(cols * 6, sizeof(unsigned char));
2923 if (mode == C_TRANS_MODE_DELTA)
2924 diff -urN netpbm-9.25.orig/ppm/ppmtomitsu.c netpbm-9.25/ppm/ppmtomitsu.c
2925 --- netpbm-9.25.orig/ppm/ppmtomitsu.c 2002-01-04 16:24:55.000000000 +0100
2926 +++ netpbm-9.25/ppm/ppmtomitsu.c 2004-05-12 11:53:57.773573320 +0200
2928 medias = MSize_User;
2931 + overflow2(medias.maxcols, 2);
2932 + overflow2(medias.maxrows, 2);
2933 medias.maxcols *= 2;
2934 medias.maxrows *= 2;
2936 diff -urN netpbm-9.25.orig/ppm/ppmtompeg/frame.c netpbm-9.25/ppm/ppmtompeg/frame.c
2937 --- netpbm-9.25.orig/ppm/ppmtompeg/frame.c 2001-03-31 09:32:30.000000000 +0200
2938 +++ netpbm-9.25/ppm/ppmtompeg/frame.c 2004-05-12 11:53:57.810567696 +0200
2939 @@ -140,15 +140,16 @@
2940 omfrw->orig_y = NULL;
2942 /* Allocate new frame memory */
2943 - omfrw->orig_y = (uint8 **) malloc(sizeof(uint8 *) * Fsize_y);
2944 + omfrw->orig_y = (uint8 **) malloc2(sizeof(uint8 *) , Fsize_y);
2945 ERRCHK(omfrw->orig_y, "malloc");
2946 for (y = 0; y < Fsize_y; y++) {
2947 - omfrw->orig_y[y] = (uint8 *) malloc(sizeof(uint8) * out_x);
2948 + omfrw->orig_y[y] = (uint8 *) malloc2(sizeof(uint8) , out_x);
2949 ERRCHK(omfrw->orig_y[y], "malloc");
2952 - omfrw->orig_cr = (uint8 **) malloc(sizeof(int8 *) * Fsize_y / 2);
2953 + omfrw->orig_cr = (uint8 **) malloc2(sizeof(int8 *) , Fsize_y / 2);
2954 ERRCHK(omfrw->orig_cr, "malloc");
2955 + overflow2(out_x, sizeof(int8));
2956 for (y = 0; y < Fsize_y / 2; y++) {
2957 omfrw->orig_cr[y] = (uint8 *) malloc(sizeof(int8) * out_x / 2);
2958 ERRCHK(omfrw->orig_cr[y], "malloc");
2959 @@ -208,15 +209,17 @@
2962 /* Allocate new frame memory */
2963 - omfrh->orig_y = (uint8 **) malloc(sizeof(uint8 *) * out_y);
2964 + omfrh->orig_y = (uint8 **) malloc2(sizeof(uint8 *), out_y);
2965 ERRCHK(omfrh->orig_y, "malloc");
2966 for (y = 0; y < out_y; y++) {
2967 - omfrh->orig_y[y] = (uint8 *) malloc(sizeof(uint8) * Fsize_x);
2968 + omfrh->orig_y[y] = (uint8 *) malloc2(sizeof(uint8) , Fsize_x);
2969 ERRCHK(omfrh->orig_y[y], "malloc");
2972 + overflow2(out_y, sizeof(int8 *));
2973 omfrh->orig_cr = (uint8 **) malloc(sizeof(int8 *) * out_y / 2);
2974 ERRCHK(omfrh->orig_cr, "malloc");
2975 + overflow2(sizeof(int8), Fsize_x);
2976 for (y = 0; y < out_y / 2; y++) {
2977 omfrh->orig_cr[y] = (uint8 *) malloc(sizeof(int8) * Fsize_x / 2);
2978 ERRCHK(omfrh->orig_cr[y], "malloc");
2979 @@ -532,11 +535,11 @@
2983 - frame->ppm_data = (uint8 **) malloc(sizeof(uint8 *) * Fsize_y);
2984 + frame->ppm_data = (uint8 **) malloc2(sizeof(uint8 *) , Fsize_y);
2985 ERRCHK(frame->ppm_data, "malloc");
2987 for ( y = 0; y < Fsize_y; y++ ) {
2988 - frame->ppm_data[y] = (uint8 *) malloc(3*sizeof(uint8) * Fsize_x);
2989 + frame->ppm_data[y] = (uint8 *) malloc3(3, sizeof(uint8), Fsize_x);
2990 ERRCHK(frame->ppm_data[y], "malloc");
2993 @@ -567,20 +570,20 @@
2994 dctx = Fsize_x / DCTSIZE;
2995 dcty = Fsize_y / DCTSIZE;
2997 - frame->y_blocks = (Block **) malloc(sizeof(Block *) * dcty);
2998 + frame->y_blocks = (Block **) malloc2(sizeof(Block *), dcty);
2999 ERRCHK(frame->y_blocks, "malloc");
3000 for (i = 0; i < dcty; i++) {
3001 - frame->y_blocks[i] = (Block *) malloc(sizeof(Block) * dctx);
3002 + frame->y_blocks[i] = (Block *) malloc2(sizeof(Block), dctx);
3003 ERRCHK(frame->y_blocks[i], "malloc");
3006 - frame->cr_blocks = (Block **) malloc(sizeof(Block *) * (dcty >> 1));
3007 - frame->cb_blocks = (Block **) malloc(sizeof(Block *) * (dcty >> 1));
3008 + frame->cr_blocks = (Block **) malloc2(sizeof(Block *) , (dcty >> 1));
3009 + frame->cb_blocks = (Block **) malloc2(sizeof(Block *) , (dcty >> 1));
3010 ERRCHK(frame->cr_blocks, "malloc");
3011 ERRCHK(frame->cb_blocks, "malloc");
3012 for (i = 0; i < (dcty >> 1); i++) {
3013 - frame->cr_blocks[i] = (Block *) malloc(sizeof(Block) * (dctx >> 1));
3014 - frame->cb_blocks[i] = (Block *) malloc(sizeof(Block) * (dctx >> 1));
3015 + frame->cr_blocks[i] = (Block *) malloc2(sizeof(Block) , (dctx >> 1));
3016 + frame->cb_blocks[i] = (Block *) malloc2(sizeof(Block) , (dctx >> 1));
3017 ERRCHK(frame->cr_blocks[i], "malloc");
3018 ERRCHK(frame->cb_blocks[i], "malloc");
3020 @@ -612,10 +615,10 @@
3022 * first, allocate tons of memory
3024 - frame->orig_y = (uint8 **) malloc(sizeof(uint8 *) * Fsize_y);
3025 + frame->orig_y = (uint8 **) malloc2(sizeof(uint8 *), Fsize_y);
3026 ERRCHK(frame->orig_y, "malloc");
3027 for (y = 0; y < Fsize_y; y++) {
3028 - frame->orig_y[y] = (uint8 *) malloc(sizeof(uint8) * Fsize_x);
3029 + frame->orig_y[y] = (uint8 *) malloc2(sizeof(uint8), Fsize_x);
3030 ERRCHK(frame->orig_y[y], "malloc");
3033 @@ -663,22 +666,24 @@
3037 - frame->halfX = (uint8 **) malloc(Fsize_y*sizeof(uint8 *));
3038 + frame->halfX = (uint8 **) malloc2(Fsize_y, sizeof(uint8 *));
3039 ERRCHK(frame->halfX, "malloc");
3040 - frame->halfY = (uint8 **) malloc((Fsize_y-1)*sizeof(uint8 *));
3041 + if(Fsize_y == 0 || Fsize_x == 0)
3042 + pm_error("assert: zero size");
3043 + frame->halfY = (uint8 **) malloc2((Fsize_y-1), sizeof(uint8 *));
3044 ERRCHK(frame->halfY, "malloc");
3045 - frame->halfBoth = (uint8 **) malloc((Fsize_y-1)*sizeof(uint8 *));
3046 + frame->halfBoth = (uint8 **) malloc2((Fsize_y-1), sizeof(uint8 *));
3047 ERRCHK(frame->halfBoth, "malloc");
3048 for ( y = 0; y < Fsize_y; y++ ) {
3049 - frame->halfX[y] = (uint8 *) malloc((Fsize_x-1)*sizeof(uint8));
3050 + frame->halfX[y] = (uint8 *) malloc2((Fsize_x-1), sizeof(uint8));
3051 ERRCHK(frame->halfX[y], "malloc");
3053 for ( y = 0; y < Fsize_y-1; y++ ) {
3054 - frame->halfY[y] = (uint8 *) malloc(Fsize_x*sizeof(uint8));
3055 + frame->halfY[y] = (uint8 *) malloc2(Fsize_x, sizeof(uint8));
3056 ERRCHK(frame->halfY[y], "malloc");
3058 for ( y = 0; y < Fsize_y-1; y++ ) {
3059 - frame->halfBoth[y] = (uint8 *) malloc((Fsize_x-1)*sizeof(uint8));
3060 + frame->halfBoth[y] = (uint8 *) malloc2((Fsize_x-1), sizeof(uint8));
3061 ERRCHK(frame->halfBoth[y], "malloc");
3064 @@ -712,24 +717,24 @@
3065 it for some reason, so do it this way at least for now -- more
3068 - frame->decoded_y = (uint8 **) malloc(sizeof(uint8 *) * Fsize_y);
3069 + frame->decoded_y = (uint8 **) malloc2(sizeof(uint8 *), Fsize_y);
3070 ERRCHK(frame->decoded_y, "malloc");
3071 for (y = 0; y < Fsize_y; y++) {
3072 - frame->decoded_y[y] = (uint8 *) malloc(sizeof(uint8) * Fsize_x);
3073 + frame->decoded_y[y] = (uint8 *) malloc2(sizeof(uint8), Fsize_x);
3074 ERRCHK(frame->decoded_y[y], "malloc");
3077 - frame->decoded_cr = (uint8 **) malloc(sizeof(int8 *) * (Fsize_y >> 1));
3078 + frame->decoded_cr = (uint8 **) malloc2(sizeof(int8 *), (Fsize_y >> 1));
3079 ERRCHK(frame->decoded_cr, "malloc");
3080 for (y = 0; y < (Fsize_y >> 1); y++) {
3081 - frame->decoded_cr[y] = (uint8 *) malloc(sizeof(uint8) * (Fsize_x >> 1));
3082 + frame->decoded_cr[y] = (uint8 *) malloc2(sizeof(uint8), (Fsize_x >> 1));
3083 ERRCHK(frame->decoded_cr[y], "malloc");
3086 - frame->decoded_cb = (uint8 **) malloc(sizeof(int8 *) * (Fsize_y >> 1));
3087 + frame->decoded_cb = (uint8 **) malloc2(sizeof(int8 *), (Fsize_y >> 1));
3088 ERRCHK(frame->decoded_cb, "malloc");
3089 for (y = 0; y < (Fsize_y >> 1); y++) {
3090 - frame->decoded_cb[y] = (uint8 *) malloc(sizeof(uint8) * (Fsize_x >> 1));
3091 + frame->decoded_cb[y] = (uint8 *) malloc2(sizeof(uint8), (Fsize_x >> 1));
3092 ERRCHK(frame->decoded_cb[y], "malloc");
3095 diff -urN netpbm-9.25.orig/ppm/ppmtompeg/iframe.c netpbm-9.25/ppm/ppmtompeg/iframe.c
3096 --- netpbm-9.25.orig/ppm/ppmtompeg/iframe.c 1995-08-15 00:30:06.000000000 +0200
3097 +++ netpbm-9.25/ppm/ppmtompeg/iframe.c 2004-05-12 11:53:57.812567392 +0200
3099 int ysz = (Fsize_y>>3) * sizeof(int32 *);
3100 int xsz = (Fsize_x>>3);
3102 + overflow2(Fsize_y>>3, sizeof(int32 *));
3105 for (y=0; y<3; y++) {
3106 varDiff[y] = ratio[y] = total[y] = 0.0;
3108 fprintf(stderr, "Out of memory in BlockComputeSNR\n");
3111 + overflow2(xsz, 4);
3112 for (y = 0; y < ySize[0]>>3; y++) {
3113 SignalY[y] = (int32 *) calloc(xsz,4);
3114 SignalCr[y] = (int32 *) calloc(xsz,4);
3115 @@ -1030,27 +1033,27 @@
3116 dctx = Fsize_x / DCTSIZE;
3117 dcty = Fsize_y / DCTSIZE;
3119 - dct = (Block **) malloc(sizeof(Block *) * dcty);
3120 + dct = (Block **) malloc2(sizeof(Block *), dcty);
3121 ERRCHK(dct, "malloc");
3122 for (i = 0; i < dcty; i++) {
3123 - dct[i] = (Block *) malloc(sizeof(Block) * dctx);
3124 + dct[i] = (Block *) malloc2(sizeof(Block), dctx);
3125 ERRCHK(dct[i], "malloc");
3128 - dct_data = (dct_data_type **) malloc(sizeof(dct_data_type *) * dcty);
3129 + dct_data = (dct_data_type **) malloc2(sizeof(dct_data_type *), dcty);
3130 ERRCHK(dct_data, "malloc");
3131 for (i = 0; i < dcty; i++) {
3132 - dct_data[i] = (dct_data_type *) malloc(sizeof(dct_data_type) * dctx);
3133 + dct_data[i] = (dct_data_type *) malloc2(sizeof(dct_data_type),dctx);
3134 ERRCHK(dct[i], "malloc");
3137 - dctr = (Block **) malloc(sizeof(Block *) * (dcty >> 1));
3138 - dctb = (Block **) malloc(sizeof(Block *) * (dcty >> 1));
3139 + dctr = (Block **) malloc2(sizeof(Block *), (dcty >> 1));
3140 + dctb = (Block **) malloc2(sizeof(Block *), (dcty >> 1));
3141 ERRCHK(dctr, "malloc");
3142 ERRCHK(dctb, "malloc");
3143 for (i = 0; i < (dcty >> 1); i++) {
3144 - dctr[i] = (Block *) malloc(sizeof(Block) * (dctx >> 1));
3145 - dctb[i] = (Block *) malloc(sizeof(Block) * (dctx >> 1));
3146 + dctr[i] = (Block *) malloc2(sizeof(Block), (dctx >> 1));
3147 + dctb[i] = (Block *) malloc2(sizeof(Block), (dctx >> 1));
3148 ERRCHK(dctr[i], "malloc");
3149 ERRCHK(dctb[i], "malloc");
3151 diff -urN netpbm-9.25.orig/ppm/ppmtompeg/jpeg.c netpbm-9.25/ppm/ppmtompeg/jpeg.c
3152 --- netpbm-9.25.orig/ppm/ppmtompeg/jpeg.c 2001-08-31 22:48:06.000000000 +0200
3153 +++ netpbm-9.25/ppm/ppmtompeg/jpeg.c 2004-05-12 11:53:57.812567392 +0200
3158 - inoffsets = (int *)malloc(no_frames*sizeof(int));
3159 + inoffsets = (int *)malloc2(no_frames, sizeof(int));
3161 if (fread (&(width),sizeof(int),1,inFile) != 1)
3163 diff -urN netpbm-9.25.orig/ppm/ppmtompeg/parallel.c netpbm-9.25/ppm/ppmtompeg/parallel.c
3164 --- netpbm-9.25.orig/ppm/ppmtompeg/parallel.c 2001-08-31 22:48:30.000000000 +0200
3165 +++ netpbm-9.25/ppm/ppmtompeg/parallel.c 2004-05-12 11:53:57.814567088 +0200
3170 - bigBuffer = (unsigned char *) malloc(bigBufferSize*
3171 + bigBuffer = (unsigned char *) malloc2(bigBufferSize,
3172 sizeof(unsigned char));
3177 TransmitPortNum(parallelHostName, portNum, combinePortNum);
3179 - frameDone = (boolean *) malloc(numInputFiles*sizeof(boolean));
3180 + frameDone = (boolean *) malloc2(numInputFiles, sizeof(boolean));
3181 memset((char *)frameDone, 0, numInputFiles*sizeof(boolean));
3183 if ( (ofp = fopen(outputFileName, "wb")) == NULL ) {
3184 @@ -1269,6 +1269,8 @@
3186 /* should keep list of port numbers to notify when frames become ready */
3188 + overflow2(numInputFiles, sizeof(int));
3189 + overflow2(numInputFiles, sizeof(boolean));
3190 ready = (boolean *) calloc(numInputFiles, sizeof(boolean));
3191 waitMachine = (int *) calloc(numInputFiles, sizeof(int));
3192 waitPort = (int *) malloc(numMachines*sizeof(int));
3193 diff -urN netpbm-9.25.orig/ppm/ppmtompeg/psearch.c netpbm-9.25/ppm/ppmtompeg/psearch.c
3194 --- netpbm-9.25.orig/ppm/ppmtompeg/psearch.c 2001-09-26 17:11:53.000000000 +0200
3195 +++ netpbm-9.25/ppm/ppmtompeg/psearch.c 2004-05-12 11:53:57.815566936 +0200
3196 @@ -299,6 +299,13 @@
3197 ((searchRangeP>searchRangeB)?searchRangeP:searchRangeB)
3198 : ((searchRangeB>searchRangeB)?searchRangeB:searchRangeB);
3200 + overflow2(searchRangeP, 2);
3201 + overflow2(searchRangeB, 2);
3202 + overflow_add(searchRangeP*2, 3);
3203 + overflow_add(searchRangeB*2, 3);
3204 + overflow2(2*searchRangeB+3, sizeof(int));
3205 + overflow2(2*searchRangeP+3, sizeof(int));
3207 pmvHistogram = (int **) malloc((2*searchRangeP+3)*sizeof(int *));
3208 bbmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
3209 bfmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
3214 + overflow2(searchRangeP, 2);
3215 + overflow_add(searchRangeP*2, 3);
3216 + overflow2(searchRangeP*2+3, sizeof(int));
3217 columnTotals = (int *) calloc(2*searchRangeP+3, sizeof(int));
3219 #ifdef COMPLETE_DISPLAY
3222 fprintf(fpointer, "B-frame Backwards:\n");
3224 + overflow2(searchRangeB, 2);
3225 + overflow_add(searchRangeB*2, 3);
3226 + overflow2(searchRangeB*2+3, sizeof(int));
3227 columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
3229 #ifdef COMPLETE_DISPLAY
3232 fprintf(fpointer, "B-frame Forwards:\n");
3234 + overflow2(searchRangeB, 2);
3235 + overflow_add(searchRangeB*2, 3);
3236 + overflow2(searchRangeB*2+3, sizeof(int));
3237 columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
3239 #ifdef COMPLETE_DISPLAY
3240 diff -urN netpbm-9.25.orig/ppm/ppmtompeg/rgbtoycc.c netpbm-9.25/ppm/ppmtompeg/rgbtoycc.c
3241 --- netpbm-9.25.orig/ppm/ppmtompeg/rgbtoycc.c 2000-06-05 04:31:33.000000000 +0200
3242 +++ netpbm-9.25/ppm/ppmtompeg/rgbtoycc.c 2004-05-12 11:53:57.816566784 +0200
3245 table_maxval = maxval;
3247 + overflow_add(table_maxval, 1);
3248 + overflow2(table_maxval+1, sizeof(float));
3249 mult299 = malloc((table_maxval+1)*sizeof(float));
3250 mult587 = malloc((table_maxval+1)*sizeof(float));
3251 mult114 = malloc((table_maxval+1)*sizeof(float));
3252 diff -urN netpbm-9.25.orig/ppm/ppmtopcx.c netpbm-9.25/ppm/ppmtopcx.c
3253 --- netpbm-9.25.orig/ppm/ppmtopcx.c 2002-02-10 19:34:06.000000000 +0100
3254 +++ netpbm-9.25/ppm/ppmtopcx.c 2004-05-12 11:53:57.797569672 +0200
3259 + overflow2(BitsPerPixel, cols);
3260 + overflow_add(BitsPerPixel * cols, 7);
3261 BytesPerLine = ((cols * BitsPerPixel) + 7) / 8;
3262 rawrow = (unsigned char *)pm_allocrow(cols, sizeof(unsigned char));
3263 planesrow = (unsigned char *)
3264 diff -urN netpbm-9.25.orig/ppm/ppmtopict.c netpbm-9.25/ppm/ppmtopict.c
3265 --- netpbm-9.25.orig/ppm/ppmtopict.c 1993-10-04 10:12:45.000000000 +0100
3266 +++ netpbm-9.25/ppm/ppmtopict.c 2004-05-12 11:53:57.786571344 +0200
3268 putShort(stdout, 0); /* mode */
3270 /* Finally, write out the data. */
3271 + overflow_add(cols/MAX_COUNT, 1);
3272 + overflow_add(cols, cols/MAX_COUNT+1);
3273 packed = (char*) malloc((unsigned)(cols+cols/MAX_COUNT+1));
3275 for (row = 0; row < rows; row++)
3276 diff -urN netpbm-9.25.orig/ppm/ppmtopj.c netpbm-9.25/ppm/ppmtopj.c
3277 --- netpbm-9.25.orig/ppm/ppmtopj.c 2000-03-03 07:09:24.000000000 +0100
3278 +++ netpbm-9.25/ppm/ppmtopj.c 2004-05-12 11:53:57.787571192 +0200
3280 pixels = ppm_readppm( ifp, &cols, &rows, &maxval );
3283 + overflow2(cols,2);
3284 obuf = (unsigned char *) pm_allocrow(cols, sizeof(unsigned char));
3285 cbuf = (unsigned char *) pm_allocrow(cols * 2, sizeof(unsigned char));
3287 diff -urN netpbm-9.25.orig/ppm/ppmtouil.c netpbm-9.25/ppm/ppmtouil.c
3288 --- netpbm-9.25.orig/ppm/ppmtouil.c 2002-01-04 16:24:54.000000000 +0100
3289 +++ netpbm-9.25/ppm/ppmtouil.c 2004-05-12 11:53:57.787571192 +0200
3293 /* Allocate memory for printed number. Abort if error. */
3294 + overflow_add(digits, 1);
3295 str = (char*) malloc( digits + 1 );
3297 pm_error( "out of memory allocating number string" );
3302 + overflow_add(strlen(colorname), 1);
3303 cmap[i].rgbname = (char*) malloc( strlen( colorname ) + 1 );
3304 if ( cmap[i].rgbname == 0 )
3305 pm_error( "out of memory allocating color name" );
3306 diff -urN netpbm-9.25.orig/ppm/ppmtowinicon.c netpbm-9.25/ppm/ppmtowinicon.c
3307 --- netpbm-9.25.orig/ppm/ppmtowinicon.c 2002-01-28 04:42:08.000000000 +0100
3308 +++ netpbm-9.25/ppm/ppmtowinicon.c 2004-05-12 11:53:57.803568760 +0200
3313 +#include <string.h>
3314 +#include <stdlib.h>
3317 #include "ppmcmap.h"
3318 @@ -193,12 +195,12 @@
3322 - rowData = malloc ( rows * sizeof (char *));
3323 + rowData = malloc2 ( rows, sizeof (char *));
3324 icBitmap->xBytes = xBytes;
3325 icBitmap->data = rowData;
3326 icBitmap->size = xBytes * rows;
3327 for (y=0;y<rows;y++) {
3328 - u1 * row = malloc ( xBytes * sizeof (u1));
3329 + u1 * row = malloc2 ( xBytes , sizeof (u1));
3333 @@ -250,13 +252,15 @@
3337 - rowData = malloc ( rows * sizeof (char *));
3338 + rowData = malloc2 ( rows , sizeof (char *));
3339 icBitmap->xBytes = xBytes;
3340 icBitmap->data = rowData;
3341 + overflow2(xBytes, rows);
3342 icBitmap->size = xBytes * rows;
3343 + overflow2(xBytes, rows);
3345 for (y=0;y<rows;y++) {
3346 - u1 * row = malloc ( xBytes * sizeof (u1));
3347 + u1 * row = malloc2 ( xBytes, sizeof (u1));
3349 int nibble = 1; /* high nibble = 1, low nibble = 0; */
3351 @@ -304,13 +308,14 @@
3355 - rowData = malloc ( rows * sizeof (char *));
3356 + rowData = malloc2 ( rows, sizeof (char *));
3357 icBitmap->xBytes = xBytes;
3358 icBitmap->data = rowData;
3359 icBitmap->size = xBytes * rows;
3360 + overflow2(xBytes, rows);
3362 for (y=0;y<rows;y++) {
3363 - u1 * row = malloc ( xBytes * sizeof (u1));
3364 + u1 * row = malloc2 ( xBytes, sizeof (u1));
3365 memset (row, 0, xBytes);
3366 rowData[rows-y-1] = row;
3369 createCleanPalette(void) {
3370 IC_Palette palette = malloc ( sizeof (* palette) );
3372 - palette->colors = malloc (MAXCOLORS * sizeof(IC_Color *));
3373 + palette->colors = malloc(MAXCOLORS * sizeof(IC_Color *));
3374 for (x=0;x<MAXCOLORS;x++ ){
3375 palette->colors[x] = NULL;
3377 diff -urN netpbm-9.25.orig/ppm/ppmtoxpm.c netpbm-9.25/ppm/ppmtoxpm.c
3378 --- netpbm-9.25.orig/ppm/ppmtoxpm.c 2002-03-13 04:23:45.000000000 +0100
3379 +++ netpbm-9.25/ppm/ppmtoxpm.c 2004-05-12 11:53:57.764574688 +0200
3383 /* Allocate memory for ascii name. Abort if error. */
3384 + overflow_add(strlen(name), 1);
3385 if (!(rgbname = (char *) malloc(strlen(name) + 1)))
3386 pm_error("out of memory allocating rgb name");
3391 /* Allocate memory for printed number. Abort if error. */
3392 + overflow_add(digits, 1);
3393 if (!(str = (char *) malloc(digits + 1)))
3394 pm_error("out of memory");
3398 cixel_map * cmap; /* malloc'ed */
3400 - cmap = malloc(sizeof(cixel_map) * (ncolors+1));
3401 + overflow_add(ncolors,1);
3402 + cmap = malloc2(sizeof(cixel_map), (ncolors+1));
3404 pm_error("Out of memory allocating %d bytes for a color map.",
3405 sizeof(cixel_map) * (ncolors+1));
3407 if (r == rgbn[j].r && g == rgbn[j].g && b == rgbn[j].b) {
3409 /* Matched. Allocate string, copy mnemonic, and exit. */
3410 + overflow_add(strlen(rgbn[j].name), 1);
3411 if (!(str = (char *) malloc(strlen(rgbn[j].name) + 1)))
3412 pm_error("out of memory");
3413 strcpy(str, rgbn[j].name);
3414 diff -urN netpbm-9.25.orig/ppm/qrttoppm.c netpbm-9.25/ppm/qrttoppm.c
3415 --- netpbm-9.25.orig/ppm/qrttoppm.c 1993-10-04 10:12:56.000000000 +0100
3416 +++ netpbm-9.25/ppm/qrttoppm.c 2004-05-12 11:53:57.788571040 +0200
3419 ppm_writeppminit( stdout, cols, rows, maxval, 0 );
3420 pixelrow = ppm_allocrow( cols );
3421 - buf = (unsigned char *) malloc( 3 * cols );
3422 + buf = (unsigned char *) malloc2( 3 , cols );
3423 if ( buf == (unsigned char *) 0 )
3424 pm_error( "out of memory" );
3426 diff -urN netpbm-9.25.orig/ppm/sldtoppm.c netpbm-9.25/ppm/sldtoppm.c
3427 --- netpbm-9.25.orig/ppm/sldtoppm.c 2000-03-03 07:15:55.000000000 +0100
3428 +++ netpbm-9.25/ppm/sldtoppm.c 2004-05-12 11:53:57.789570888 +0200
3431 /* Allocate image buffer and clear it to black. */
3433 + overflow_add(ixdots,1);
3434 + overflow_add(iydots,1);
3435 pixels = ppm_allocarray(pixcols = ixdots + 1, pixrows = iydots + 1);
3436 PPM_ASSIGN(rgbcolour, 0, 0, 0);
3437 ppmd_filledrectangle(pixels, pixcols, pixrows, pixmaxval, 0, 0,
3438 diff -urN netpbm-9.25.orig/ppm/ximtoppm.c netpbm-9.25/ppm/ximtoppm.c
3439 --- netpbm-9.25.orig/ppm/ximtoppm.c 2000-06-09 09:33:33.000000000 +0200
3440 +++ netpbm-9.25/ppm/ximtoppm.c 2004-05-12 11:53:57.794570128 +0200
3442 header->bits_channel = atoi(a_head.bits_per_channel);
3443 header->alpha_flag = atoi(a_head.alpha_channel);
3444 if (strlen(a_head.author)) {
3445 + overflow_add(strlen(a_head.author),1);
3446 if (!(header->author = calloc((unsigned int)strlen(a_head.author)+1,
3448 pm_message("ReadXimHeader: can't calloc author string" );
3450 strncpy(header->author, a_head.author, strlen(a_head.author));
3452 if (strlen(a_head.date)) {
3453 + overflow_add(strlen(a_head.date),1);
3454 if (!(header->date =calloc((unsigned int)strlen(a_head.date)+1,1))){
3455 pm_message("ReadXimHeader: can't calloc date string" );
3458 strncpy(header->date, a_head.date, strlen(a_head.date));
3460 if (strlen(a_head.program)) {
3461 + overflow_add(strlen(a_head.program),1);
3462 if (!(header->program = calloc(
3463 (unsigned int)strlen(a_head.program) + 1, 1))) {
3464 pm_message("ReadXimHeader: can't calloc program string" );
3466 if (header->nchannels == 3 && header->bits_channel == 8)
3467 header->ncolors = 0;
3468 else if (header->nchannels == 1 && header->bits_channel == 8) {
3469 + overflow2(header->ncolors, sizeof(Color));
3470 header->colors = (Color *)calloc((unsigned int)header->ncolors,
3472 if (header->colors == NULL) {
3473 diff -urN netpbm-9.25.orig/ppm/xpmtoppm.c netpbm-9.25/ppm/xpmtoppm.c
3474 --- netpbm-9.25.orig/ppm/xpmtoppm.c 2002-01-04 16:34:39.000000000 +0100
3475 +++ netpbm-9.25/ppm/xpmtoppm.c 2004-05-12 11:53:57.799569368 +0200
3478 /* Over two chars per pixel, we fall back on linear search. */
3479 *colorsP = ppm_allocrow(*ncolorsP);
3480 - *ptabP = (int *) malloc(*ncolorsP * sizeof(int));
3481 + *ptabP = (int *) malloc2(*ncolorsP, sizeof(int));
3484 /* Read color table. */
3486 &ncolors, colorsP, &ptab);
3487 *transparentP = -1; /* No transparency in version 1 */
3489 + overflow2(*widthP, *heightP);
3490 totalpixels = *widthP * *heightP;
3491 - *dataP = (int *) malloc(totalpixels * sizeof(int));
3492 + *dataP = (int *) malloc2(totalpixels, sizeof(int));
3494 pm_error("Could not get %d bytes of memory for image", totalpixels);
3496 diff -urN netpbm-9.25.orig/ppm/yuvtoppm.c netpbm-9.25/ppm/yuvtoppm.c
3497 --- netpbm-9.25.orig/ppm/yuvtoppm.c 2000-07-27 01:35:16.000000000 +0200
3498 +++ netpbm-9.25/ppm/yuvtoppm.c 2004-05-12 11:53:57.794570128 +0200
3501 ppm_writeppminit(stdout, cols, rows, (pixval) 255, 0);
3502 pixrow = ppm_allocrow(cols);
3503 - yuvbuf = malloc(((cols+1)/2)*sizeof(struct yuv));
3504 + overflow_add(cols, 1);
3505 + yuvbuf = malloc2(((cols+1)/2), sizeof(struct yuv));
3507 for (row = 0; row < rows; ++row) {
3509 diff -urN netpbm-9.25.orig/urt/README netpbm-9.25/urt/README
3510 --- netpbm-9.25.orig/urt/README 2000-06-02 22:53:04.000000000 +0200
3511 +++ netpbm-9.25/urt/README 2004-05-12 11:53:57.830564656 +0200
3513 defines stdout as a variable, so that wouldn't compile. So I changed
3514 it to NULL and added a line to rle_hdr_init to set that field to
3515 'stdout' dynamically. 2000.06.02 BJH.
3517 +Redid the code to check for maths overflows and other crawly horrors.
3518 +Removed pipe through and compress support (unsafe)
3520 +Alan Cox <alan@redhat.com>
3521 diff -urN netpbm-9.25.orig/urt/Runput.c netpbm-9.25/urt/Runput.c
3522 --- netpbm-9.25.orig/urt/Runput.c 2002-03-13 05:24:43.000000000 +0100
3523 +++ netpbm-9.25/urt/Runput.c 2004-05-12 11:53:57.827565112 +0200
3526 * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
3527 * to have all "void" functions so declared.
3529 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3532 * Runput.c - General purpose Run Length Encoding.
3533 @@ -200,9 +202,11 @@
3534 if ( the_hdr->background != 0 )
3537 - register rle_pixel *background =
3538 - (rle_pixel *)malloc( (unsigned)(the_hdr->ncolors + 1) );
3539 + register rle_pixel *background;
3540 register int *bg_color;
3542 + overflow_add(the_hdr->ncolors,1);
3543 + background = (rle_pixel *)malloc( (unsigned)(the_hdr->ncolors + 1) );
3545 * If even number of bg color bytes, put out one more to get to
3548 /* Big-endian machines are harder */
3549 register int i, nmap = (1 << the_hdr->cmaplen) *
3551 - register char *h_cmap = (char *)malloc( nmap * 2 );
3552 + register char *h_cmap = (char *)malloc2( nmap, 2 );
3553 if ( h_cmap == NULL )
3556 diff -urN netpbm-9.25.orig/urt/rle.h netpbm-9.25/urt/rle.h
3557 --- netpbm-9.25.orig/urt/rle.h 2002-03-13 16:32:34.000000000 +0100
3558 +++ netpbm-9.25/urt/rle.h 2004-05-12 11:53:57.827565112 +0200
3560 * If you modify this software, you should include a notice giving the
3561 * name of the person performing the modification, the date of modification,
3562 * and the reason for such modification.
3564 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3565 + * Header declarations needed
3568 * rle.h - Global declarations for Utah Raster Toolkit RLE programs.
3569 @@ -169,6 +172,16 @@
3571 extern rle_hdr rle_dflt_hdr;
3574 + * Provided by pm library
3577 +extern void overflow_add(int, int);
3578 +extern void overflow2(int, int);
3579 +extern void overflow3(int, int, int);
3580 +extern void *malloc2(int, int);
3581 +extern void *malloc3(int, int, int);
3582 +extern void *realloc2(void *, int, int);
3584 /* Declare RLE library routines. */
3586 diff -urN netpbm-9.25.orig/urt/rle_addhist.c netpbm-9.25/urt/rle_addhist.c
3587 --- netpbm-9.25.orig/urt/rle_addhist.c 1992-04-30 16:07:45.000000000 +0200
3588 +++ netpbm-9.25/urt/rle_addhist.c 2004-05-12 11:53:57.829564808 +0200
3590 * If you modify this software, you should include a notice giving the
3591 * name of the person performing the modification, the date of modification,
3592 * and the reason for such modification.
3594 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3597 * rle_addhist.c - Add to the HISTORY comment in header
3601 for(i=0;argv[i];i++)
3603 + overflow_add(length, strlen(argv[i]));
3604 + overflow_add(length+1, strlen(argv[i]));
3605 length+= strlen(argv[i]) +1; /* length of each arg plus space. */
3609 timedate=ctime(&temp);
3610 length+= strlen(timedate); /* length of date and time in ASCII. */
3612 + overflow_add(strlen(padding), 4);
3613 + overflow_add(strlen(padding)+4, strlen(histoire));
3614 + overflow_add(length, strlen(padding)+4 + strlen(histoire));
3615 length+= strlen(padding) + 3 + strlen(histoire) + 1; /* length of padding, "on " and length of history name plus "="*/
3616 if(in_hdr) /* if we are interested in the old comments... */
3617 old=rle_getcom(histoire,in_hdr); /* get old comment. */
3619 - if((old) && (*old)) length+= strlen(old); /* add length if there. */
3620 + if((old) && (*old))
3622 + overflow_add(length, strlen(old));
3623 + length+= strlen(old); /* add length if there. */
3626 - length++; /*Cater for the null. */
3627 + overflow_add(length, 1);
3629 if((newc=(char *)malloc((unsigned int) length)) == NULL)return;
3632 (void)strcat(newc,padding); /* to line up multiple histories.*/
3634 (void)rle_putcom(newc,out_hdr);
3637 diff -urN netpbm-9.25.orig/urt/rle_getrow.c netpbm-9.25/urt/rle_getrow.c
3638 --- netpbm-9.25.orig/urt/rle_getrow.c 2002-03-13 05:24:04.000000000 +0100
3639 +++ netpbm-9.25/urt/rle_getrow.c 2004-05-12 11:53:57.825565416 +0200
3642 * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
3643 * to have all "void" functions so declared.
3645 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3648 * rle_getrow.c - Read an RLE file in.
3649 @@ -100,10 +102,8 @@
3651 if ( !(setup.h_flags & H_NO_BACKGROUND) && setup.h_ncolors > 0 )
3653 - the_hdr->bg_color = (int *)malloc(
3654 - (unsigned)(sizeof(int) * setup.h_ncolors) );
3655 - bg_color = (rle_pixel *)malloc(
3656 - (unsigned)(1 + (setup.h_ncolors / 2) * 2) );
3657 + the_hdr->bg_color = (int *)malloc2(sizeof(int), setup.h_ncolors);
3658 + bg_color = (rle_pixel *)malloc2(1 + (setup.h_ncolors / 2),2);
3659 RLE_CHECK_ALLOC( the_hdr->cmd, the_hdr->bg_color && bg_color,
3660 "background color" );
3661 fread( (char *)bg_color, 1, 1 + (setup.h_ncolors / 2) * 2, infile );
3664 register char *maptemp;
3666 - the_hdr->cmap = (rle_map *)malloc(
3667 - (unsigned)(sizeof(rle_map) * maplen) );
3668 - maptemp = (char *)malloc( 2 * maplen );
3669 + the_hdr->cmap = (rle_map *)malloc2(sizeof(rle_map), maplen);
3670 + maptemp = (char *)malloc2(2, maplen);
3671 if ( the_hdr->cmap == NULL || maptemp == NULL )
3677 VAXSHORT( comlen, infile ); /* get comment length */
3679 + overflow_add(comlen, 1);
3680 evenlen = (comlen + 1) & ~1; /* make it even */
3684 i++; /* extra for NULL pointer at end */
3685 /* Get space to put pointers to comments */
3687 - (CONST_DECL char **)malloc( (unsigned)(i * sizeof(char *)) );
3688 + (CONST_DECL char **)malloc2(i, sizeof(char *));
3689 if ( the_hdr->comments == NULL )
3692 diff -urN netpbm-9.25.orig/urt/rle_hdr.c netpbm-9.25/urt/rle_hdr.c
3693 --- netpbm-9.25.orig/urt/rle_hdr.c 2000-06-09 09:49:51.000000000 +0200
3694 +++ netpbm-9.25/urt/rle_hdr.c 2004-05-12 11:53:57.826565264 +0200
3696 * If you modify this software, you should include a notice giving the
3697 * name of the person performing the modification, the date of modification,
3698 * and the reason for such modification.
3700 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3703 * rle_hdr.c - Functions to manipulate rle_hdr structures.
3705 /* Fill in with copies of the strings. */
3706 if ( the_hdr->cmd != pgmname )
3708 - char *tmp = (char *)malloc( strlen( pgmname ) + 1 );
3711 + overflow_add(strlen(pgmname), 1);
3712 + tmp = malloc( strlen( pgmname ) + 1 );
3713 RLE_CHECK_ALLOC( pgmname, tmp, 0 );
3714 strcpy( tmp, pgmname );
3718 if ( the_hdr->file_name != fname )
3720 - char *tmp = (char *)malloc( strlen( fname ) + 1 );
3722 + overflow_add(strlen(fname), 1);
3723 + tmp = malloc( strlen( fname ) + 1 );
3724 RLE_CHECK_ALLOC( pgmname, tmp, 0 );
3725 strcpy( tmp, fname );
3726 the_hdr->file_name = tmp;
3728 if ( to_hdr->bg_color )
3730 int size = to_hdr->ncolors * sizeof(int);
3731 + overflow2(to_hdr->ncolors, sizeof(int));
3732 to_hdr->bg_color = (int *)malloc( size );
3733 RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->bg_color, "background color" );
3734 memcpy( to_hdr->bg_color, from_hdr->bg_color, size );
3738 int size = to_hdr->ncmap * (1 << to_hdr->cmaplen) * sizeof(rle_map);
3739 - to_hdr->cmap = (rle_map *)malloc( size );
3740 + to_hdr->cmap = (rle_map *)malloc3( to_hdr->ncmap, 1<<to_hdr->cmaplen, sizeof(rle_map));
3741 RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->cmap, "color map" );
3742 memcpy( to_hdr->cmap, from_hdr->cmap, size );
3744 @@ -171,11 +179,16 @@
3746 CONST_DECL char **cp;
3747 for ( cp=to_hdr->comments; *cp; cp++ )
3749 + overflow_add(size, 1);
3750 size++; /* Count the comments. */
3752 /* Check if there are really any comments. */
3755 + overflow_add(size, 1);
3756 size++; /* Copy the NULL pointer, too. */
3757 + overflow2(size, sizeof(char *));
3758 size *= sizeof(char *);
3759 to_hdr->comments = (CONST_DECL char **)malloc( size );
3760 RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->comments, "comments" );
3761 diff -urN netpbm-9.25.orig/urt/rle_open_f.c netpbm-9.25/urt/rle_open_f.c
3762 --- netpbm-9.25.orig/urt/rle_open_f.c 2002-03-13 16:35:54.000000000 +0100
3763 +++ netpbm-9.25/urt/rle_open_f.c 2004-05-12 11:53:57.824565568 +0200
3765 * University of Michigan
3767 * Copyright (c) 1990, University of Michigan
3769 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3770 + * Killed of crazy unsafe pipe/compress stuff
3776 cp = file_name + strlen( (char*) file_name ) - 2;
3778 - if ( *file_name == '|' )
3779 + if ( *file_name == '|' && 0 /* BOLLOCKS ARE WE DOING THIS ANY MORE */)
3781 int thepid; /* PID from my_popen */
3782 if ( (fp = my_popen( file_name + 1, mode, &thepid )) == NULL )
3783 @@ -150,9 +153,10 @@
3786 /* Compress case. */
3787 - else if ( cp > file_name && *cp == '.' && *(cp + 1) == 'Z' )
3788 + else if (/* SMOKING SOMETHING */ 0 && cp > file_name && *cp == '.' && *(cp + 1) == 'Z' )
3790 int thepid; /* PID from my_popen. */
3791 + overflow_add(20, strlen(file_name));
3792 combuf = (char *)malloc( 20 + strlen( file_name ) );
3793 if ( combuf == NULL )
3795 diff -urN netpbm-9.25.orig/urt/rle_putcom.c netpbm-9.25/urt/rle_putcom.c
3796 --- netpbm-9.25.orig/urt/rle_putcom.c 2000-05-19 01:12:22.000000000 +0200
3797 +++ netpbm-9.25/urt/rle_putcom.c 2004-05-12 11:53:57.830564656 +0200
3799 * If you modify this software, you should include a notice giving the
3800 * name of the person performing the modification, the date of modification,
3801 * and the reason for such modification.
3803 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3806 * rle_putcom.c - Add a picture comment to the header struct.
3809 if ( the_hdr->comments == NULL )
3811 - the_hdr->comments = (CONST_DECL char **)malloc( 2 * sizeof(char *) );
3812 + the_hdr->comments = (CONST_DECL char **)malloc2( 2, sizeof(char *) );
3813 the_hdr->comments[0] = value;
3814 the_hdr->comments[1] = NULL;
3818 for ( i = 2, cp = the_hdr->comments; *cp != NULL; i++, cp++ )
3820 + overflow_add(i, 1);
3821 if ( match( value, *cp ) != NULL )
3829 /* Can't realloc because somebody else might be pointing to this
3830 * comments block. Of course, if this were true, then the
3832 * could copy the pointers, too.
3834 old_comments = the_hdr->comments;
3835 - the_hdr->comments = (CONST_DECL char **)malloc(i * sizeof(char *) );
3836 + the_hdr->comments = (CONST_DECL char **)malloc2(i , sizeof(char *) );
3837 the_hdr->comments[--i] = NULL;
3838 the_hdr->comments[--i] = value;
3839 for ( i--; i >= 0; i-- )
3840 diff -urN netpbm-9.25.orig/urt/scanargs.c netpbm-9.25/urt/scanargs.c
3841 --- netpbm-9.25.orig/urt/scanargs.c 2002-03-13 05:28:13.000000000 +0100
3842 +++ netpbm-9.25/urt/scanargs.c 2004-05-12 11:53:57.828564960 +0200
3845 * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
3846 * to have all "void" functions so declared.
3848 + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>
3854 * Storage allocation macros
3856 -#define NEW( type, cnt ) (type *) malloc( (cnt) * sizeof( type ) )
3857 -#define RENEW( type, ptr, cnt ) (type *) realloc( ptr, (cnt) * sizeof( type ) )
3858 +#define NEW( type, cnt ) (type *) malloc2( (cnt) , sizeof( type ) )
3859 +#define RENEW( type, ptr, cnt ) (type *) realloc2( ptr, (cnt), sizeof( type ) )
3861 #if defined(c_plusplus) && !defined(USE_PROTOTYPES)
3862 #define USE_PROTOTYPES
3863 diff -urN netpbm-9.25.orig/ppm/Makefile netpbm-9.25/ppm/Makefile
3864 --- netpbm-9.25.orig/ppm/Makefile Wed Mar 13 03:09:21 2002
3865 +++ netpbm-9.25/ppm/Makefile Wed May 12 12:23:40 2004
3868 PORTBINARIES = 411toppm eyuvtoppm gouldtoppm ilbmtoppm imgtoppm \
3869 leaftoppm mtvtoppm neotoppm \
3870 - pcxtoppm pgmtoppm pi1toppm picttoppm \
3871 + pcxtoppm pgmtoppm pi1toppm \
3873 ppm3d ppmbrighten ppmchange ppmcolormask ppmcolors \
3874 ppmdim ppmdist ppmdither \