]> git.pld-linux.org Git - packages/X11.git/blame - xorg-681-CAN-2004-0914.patch
projects / packages / X11.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- outdated
[packages/X11.git] / xorg-681-CAN-2004-0914.patch
CommitLineData
b61cd2a2
JB		 1Index: extras/Xpm/lib/Attrib.c
2===================================================================
3RCS file: /cvs/XF4/xc/extras/Xpm/lib/Attrib.c,v
4retrieving revision 1.2
5diff -u -r1.2 Attrib.c
6--- extras/Xpm/lib/Attrib.c 1 Sep 2004 21:01:32 -0000 1.2
7+++ extras/Xpm/lib/Attrib.c 14 Nov 2004 13:45:02 -0000
8@@ -32,13 +32,15 @@
9 * Developed by Arnaud Le Hors *
10 \*****************************************************************************/
11
12+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
13+
14 #include "XpmI.h"
15
16 /* 3.2 backward compatibility code */
17 LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
18 XpmColor ***oldct));
19
20-LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
21+LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors));
22
23 /*
24 * Create a colortable compatible with the old style colortable
25@@ -50,9 +52,9 @@
26 XpmColor ***oldct;
27 {
28 XpmColor **colorTable, **color;
29- int a;
30+ unsigned int a;
31
32- if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
33+ if (ncolors >= UINT_MAX / sizeof(XpmColor *))
34 return XpmNoMemory;
35
36 colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
37@@ -69,9 +71,9 @@
38 static void
39 FreeOldColorTable(colorTable, ncolors)
40 XpmColor **colorTable;
41- int ncolors;
42+ unsigned int ncolors;
43 {
44- int a, b;
45+ unsigned int a, b;
46 XpmColor **color;
47 char **sptr;
48
49@@ -122,7 +124,7 @@
50 XpmExtension *ext;
51 char **sptr;
52
53- if (extensions) {
54+ if (extensions && nextensions > 0) {
55 for (i = 0, ext = extensions; i < nextensions; i++, ext++) {
56 if (ext->name)
57 XpmFree(ext->name);
58Index: extras/Xpm/lib/CrBufFrI.c
59===================================================================
60RCS file: /cvs/XF4/xc/extras/Xpm/lib/CrBufFrI.c,v
61retrieving revision 1.2
62diff -u -r1.2 CrBufFrI.c
63--- extras/Xpm/lib/CrBufFrI.c 2 Nov 2004 23:26:39 -0000 1.2
64+++ extras/Xpm/lib/CrBufFrI.c 14 Nov 2004 13:45:02 -0000
65@@ -31,6 +31,9 @@
66 * *
67 * Developed by Arnaud Le Hors *
68 \*****************************************************************************/
69+
70+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
71+
72 /* $XFree86$ */
73
74 #include "XpmI.h"
75@@ -39,15 +42,17 @@
76 unsigned int *used_size, XpmColor *colors,
77 unsigned int ncolors, unsigned int cpp));
78
79-LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size,
80+LFUNC(WritePixels, void, (char *dataptr, unsigned int data_size,
81+ unsigned int *used_size,
82 unsigned int width, unsigned int height,
83 unsigned int cpp, unsigned int *pixels,
84 XpmColor *colors));
85
86-LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size,
87+LFUNC(WriteExtensions, void, (char *dataptr, unsigned int data_size,
88+ unsigned int *used_size,
89 XpmExtension *ext, unsigned int num));
90
91-LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num));
92+LFUNC(ExtensionsSize, unsigned int, (XpmExtension *ext, unsigned int num));
93 LFUNC(CommentsSize, int, (XpmInfo *info));
94
95 int
96@@ -90,10 +95,11 @@
97
98 #undef RETURN
99 #define RETURN(status) \
100+do \
101 { \
102 ErrorStatus = status; \
103 goto error; \
104-}
105+}while(0)
106
107 int
108 XpmCreateBufferFromXpmImage(buffer_return, image, info)
109@@ -107,7 +113,7 @@
110 unsigned int cmts, extensions, ext_size = 0;
111 unsigned int l, cmt_size = 0;
112 char *ptr = NULL, *p;
113- unsigned int ptr_size, used_size;
114+ unsigned int ptr_size, used_size, tmp;
115
116 *buffer_return = NULL;
117
118@@ -129,7 +135,13 @@
119 #ifdef VOID_SPRINTF
120 used_size = strlen(buf);
121 #endif
122- ptr_size = used_size + ext_size + cmt_size + 1;
123+ ptr_size = used_size + ext_size + cmt_size + 1; /* ptr_size can't be 0 */
124+ if(ptr_size <= used_size ||
125+ ptr_size <= ext_size ||
126+ ptr_size <= cmt_size)
127+ {
128+ return XpmNoMemory;
129+ }
130 ptr = (char *) XpmMalloc(ptr_size);
131 if (!ptr)
132 return XpmNoMemory;
133@@ -140,7 +152,7 @@
134 #ifndef VOID_SPRINTF
135 used_size +=
136 #endif
137- sprintf(ptr + used_size, "/*%s*/\n", info->hints_cmt);
138+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->hints_cmt);
139 #ifdef VOID_SPRINTF
140 used_size += strlen(info->hints_cmt) + 5;
141 #endif
142@@ -158,7 +170,7 @@
143 #ifndef VOID_SPRINTF
144 l +=
145 #endif
146- sprintf(buf + l, " %d %d", info->x_hotspot, info->y_hotspot);
147+ snprintf(buf + l, sizeof(buf)-l, " %d %d", info->x_hotspot, info->y_hotspot);
148 #ifdef VOID_SPRINTF
149 l = strlen(buf);
150 #endif
151@@ -180,6 +192,8 @@
152 l = strlen(buf);
153 #endif
154 ptr_size += l;
155+ if(ptr_size <= l)
156+ RETURN(XpmNoMemory);
157 p = (char *) XpmRealloc(ptr, ptr_size);
158 if (!p)
159 RETURN(XpmNoMemory);
160@@ -192,7 +206,7 @@
161 #ifndef VOID_SPRINTF
162 used_size +=
163 #endif
164- sprintf(ptr + used_size, "/*%s*/\n", info->colors_cmt);
165+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->colors_cmt);
166 #ifdef VOID_SPRINTF
167 used_size += strlen(info->colors_cmt) + 5;
168 #endif
169@@ -208,7 +222,12 @@
170 * 4 = 1 (for '"') + 3 (for '",\n')
171 * 1 = - 2 (because the last line does not end with ',\n') + 3 (for '};\n')
172 */
173- ptr_size += image->height * (image->width * image->cpp + 4) + 1;
174+ if(image->width > UINT_MAX / image->cpp ||
175+ (tmp = image->width * image->cpp + 4) <= 4 ||
176+ image->height > UINT_MAX / tmp ||
177+ (tmp = image->height * tmp + 1) <= 1 ||
178+ (ptr_size += tmp) <= tmp)
179+ RETURN(XpmNoMemory);
180
181 p = (char *) XpmRealloc(ptr, ptr_size);
182 if (!p)
183@@ -220,17 +239,17 @@
184 #ifndef VOID_SPRINTF
185 used_size +=
186 #endif
187- sprintf(ptr + used_size, "/*%s*/\n", info->pixels_cmt);
188+ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->pixels_cmt);
189 #ifdef VOID_SPRINTF
190 used_size += strlen(info->pixels_cmt) + 5;
191 #endif
192 }
193- WritePixels(ptr + used_size, &used_size, image->width, image->height,
194+ WritePixels(ptr + used_size, ptr_size - used_size, &used_size, image->width, image->height,
195 image->cpp, image->data, image->colorTable);
196
197 /* print extensions */
198 if (extensions)
199- WriteExtensions(ptr + used_size, &used_size,
200+ WriteExtensions(ptr + used_size, ptr_size-used_size, &used_size,
201 info->extensions, info->nextensions);
202
203 /* close the array */
204@@ -247,6 +266,7 @@
205 return (ErrorStatus);
206 }
207
208+
209 static int
210 WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp)
211 char **dataptr;
212@@ -256,7 +276,7 @@
213 unsigned int ncolors;
214 unsigned int cpp;
215 {
216- char buf[BUFSIZ];
217+ char buf[BUFSIZ] = {0};
218 unsigned int a, key, l;
219 char *s, *s2;
220 char **defaults;
221@@ -266,6 +286,8 @@
222
223 defaults = (char **) colors;
224 s = buf + 1;
225+ if(cpp > (sizeof(buf) - (s-buf)))
226+ return(XpmNoMemory);
227 strncpy(s, *defaults++, cpp);
228 s += cpp;
229
230@@ -274,14 +296,24 @@
231 #ifndef VOID_SPRINTF
232 s +=
233 #endif
234- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2);
235+ /* assume C99 compliance */
236+ snprintf(s, sizeof(buf) - (s-buf), "\t%s %s", xpmColorKeys[key - 1], s2);
237 #ifdef VOID_SPRINTF
238 s += strlen(s);
239 #endif
240+ /* now let's check if s points out-of-bounds */
241+ if((s-buf) > sizeof(buf))
242+ return(XpmNoMemory);
243 }
244 }
245+ if(sizeof(buf) - (s-buf) < 4)
246+ return(XpmNoMemory);
247 strcpy(s, "\",\n");
248 l = s + 3 - buf;
249+ if( *data_size >= UINT_MAX-l ||
250+ *data_size + l <= *used_size ||
251+ (*data_size + l - *used_size) <= sizeof(buf))
252+ return(XpmNoMemory);
253 s = (char *) XpmRealloc(*dataptr, *data_size + l);
254 if (!s)
255 return (XpmNoMemory);
256@@ -294,8 +326,9 @@
257 }
258
259 static void
260-WritePixels(dataptr, used_size, width, height, cpp, pixels, colors)
261+WritePixels(dataptr, data_size, used_size, width, height, cpp, pixels, colors)
262 char *dataptr;
263+ unsigned int data_size;
264 unsigned int *used_size;
265 unsigned int width;
266 unsigned int height;
267@@ -306,27 +339,36 @@
268 char *s = dataptr;
269 unsigned int x, y, h;
270
271+ if(height <= 1)
272+ return;
273+
274 h = height - 1;
275 for (y = 0; y < h; y++) {
276 *s++ = '"';
277 for (x = 0; x < width; x++, pixels++) {
278- strncpy(s, colors[*pixels].string, cpp);
279+ if(cpp >= (data_size - (s-dataptr)))
280+ return;
281+ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */
282 s += cpp;
283 }
284+ if((data_size - (s-dataptr)) < 4)
285+ return;
286 strcpy(s, "\",\n");
287 s += 3;
288 }
289 /* duplicate some code to avoid a test in the loop */
290 *s++ = '"';
291 for (x = 0; x < width; x++, pixels++) {
292- strncpy(s, colors[*pixels].string, cpp);
293+ if(cpp >= (data_size - (s-dataptr)))
294+ return;
295+ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */
296 s += cpp;
297 }
298 *s++ = '"';
299 *used_size += s - dataptr;
300 }
301
302-static int
303+static unsigned int
304 ExtensionsSize(ext, num)
305 XpmExtension *ext;
306 unsigned int num;
307@@ -335,21 +377,26 @@
308 char **line;
309
310 size = 0;
311+ if(num == 0)
312+ return(0); /* ok? */
313 for (x = 0; x < num; x++, ext++) {
314 /* 11 = 10 (for ',\n"XPMEXT ') + 1 (for '"') */
315 size += strlen(ext->name) + 11;
316- a = ext->nlines;
317+ a = ext->nlines; /* how can we trust ext->nlines to be not out-of-bounds? */
318 for (y = 0, line = ext->lines; y < a; y++, line++)
319 /* 4 = 3 (for ',\n"') + 1 (for '"') */
320 size += strlen(*line) + 4;
321 }
322 /* 13 is for ',\n"XPMENDEXT"' */
323+ if(size > UINT_MAX - 13) /* unlikely */
324+ return(0);
325 return size + 13;
326 }
327
328 static void
329-WriteExtensions(dataptr, used_size, ext, num)
330+WriteExtensions(dataptr, data_size, used_size, ext, num)
331 char *dataptr;
332+ unsigned int data_size;
333 unsigned int *used_size;
334 XpmExtension *ext;
335 unsigned int num;
336@@ -362,7 +409,7 @@
337 #ifndef VOID_SPRINTF
338 s +=
339 #endif
340- sprintf(s, ",\n\"XPMEXT %s\"", ext->name);
341+ snprintf(s, data_size - (s-dataptr), ",\n\"XPMEXT %s\"", ext->name);
342 #ifdef VOID_SPRINTF
343 s += strlen(ext->name) + 11;
344 #endif
345@@ -371,13 +418,13 @@
346 #ifndef VOID_SPRINTF
347 s +=
348 #endif
349- sprintf(s, ",\n\"%s\"", *line);
350+ snprintf(s, data_size - (s-dataptr), ",\n\"%s\"", *line);
351 #ifdef VOID_SPRINTF
352 s += strlen(*line) + 4;
353 #endif
354 }
355 }
356- strcpy(s, ",\n\"XPMENDEXT\"");
357+ strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1);
358 *used_size += s - dataptr + 13;
359 }
360
361@@ -388,6 +435,7 @@
362 int size = 0;
363
364 /* 5 = 2 (for "/_*") + 3 (for "*_/\n") */
365+ /* wrap possible but *very* unlikely */
366 if (info->hints_cmt)
367 size += 5 + strlen(info->hints_cmt);
368
369Index: extras/Xpm/lib/CrDatFrI.c
370===================================================================
371RCS file: /cvs/XF4/xc/extras/Xpm/lib/CrDatFrI.c,v
372retrieving revision 1.3
373diff -u -r1.3 CrDatFrI.c
374--- extras/Xpm/lib/CrDatFrI.c 2 Nov 2004 23:26:39 -0000 1.3
375+++ extras/Xpm/lib/CrDatFrI.c 14 Nov 2004 13:45:02 -0000
376@@ -33,13 +33,16 @@
377 \*****************************************************************************/
378 /* $XFree86$ */
379
380+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
381+
382 #include "XpmI.h"
383
384 LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size,
385 XpmColor *colors, unsigned int ncolors,
386 unsigned int cpp));
387
388-LFUNC(CreatePixels, void, (char **dataptr, unsigned int width,
389+LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size,
390+ unsigned int width,
391 unsigned int height, unsigned int cpp,
392 unsigned int *pixels, XpmColor *colors));
393
394@@ -47,7 +50,8 @@
395 unsigned int *ext_size,
396 unsigned int *ext_nlines));
397
398-LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset,
399+LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size,
400+ unsigned int offset,
401 XpmExtension *ext, unsigned int num,
402 unsigned int ext_nlines));
403
404@@ -88,10 +92,11 @@
405
406 #undef RETURN
407 #define RETURN(status) \
408+do \
409 { \
410 ErrorStatus = status; \
411 goto exit; \
412-}
413+} while(0)
414
415 int
416 XpmCreateDataFromXpmImage(data_return, image, info)
417@@ -122,11 +127,17 @@
418 * alloc a temporary array of char pointer for the header section which
419 * is the hints line + the color table lines
420 */
421- header_nlines = 1 + image->ncolors;
422+ header_nlines = 1 + image->ncolors; /* this may wrap and/or become 0 */
423+
424+ /* 2nd check superfluous if we do not need header_nlines any further */
425+ if(header_nlines <= image->ncolors ||
426+ header_nlines >= UINT_MAX / sizeof(char *))
427+ return(XpmNoMemory);
428+
429 header_size = sizeof(char *) * header_nlines;
430- if (header_size >= SIZE_MAX / sizeof(char *))
431+ if (header_size >= UINT_MAX / sizeof(char *))
432 return (XpmNoMemory);
433- header = (char **) XpmCalloc(header_size, sizeof(char *));
434+ header = (char **) XpmCalloc(header_size, sizeof(char *)); /* can we trust image->ncolors */
435 if (!header)
436 return (XpmNoMemory);
437
438@@ -170,8 +181,22 @@
439
440 /* now we know the size needed, alloc the data and copy the header lines */
441 offset = image->width * image->cpp + 1;
442- data_size = header_size + (image->height + ext_nlines) * sizeof(char *)
443- + image->height * offset + ext_size;
444+
445+ if(offset <= image->width || offset <= image->cpp)
446+ RETURN(XpmNoMemory);
447+
448+ if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *))
449+ RETURN(XpmNoMemory);
450+ data_size = (image->height + ext_nlines) * sizeof(char *);
451+
452+ if (image->height > UINT_MAX / offset ||
453+ image->height * offset > UINT_MAX - data_size)
454+ RETURN(XpmNoMemory);
455+ data_size += image->height * offset;
456+
457+ if( (header_size + ext_size) >= (UINT_MAX - data_size) )
458+ RETURN(XpmNoMemory);
459+ data_size += header_size + ext_size;
460
461 data = (char **) XpmMalloc(data_size);
462 if (!data)
463@@ -179,8 +204,10 @@
464
465 data_nlines = header_nlines + image->height + ext_nlines;
466 *data = (char *) (data + data_nlines);
467+
468+ /* can header have less elements then n suggests? */
469 n = image->ncolors;
470- for (l = 0, sptr = data, sptr2 = header; l <= n; l++, sptr++, sptr2++) {
471+ for (l = 0, sptr = data, sptr2 = header; l <= n && sptr && sptr2; l++, sptr++, sptr2++) {
472 strcpy(*sptr, *sptr2);
473 *(sptr + 1) = *sptr + strlen(*sptr2) + 1;
474 }
475@@ -189,12 +216,13 @@
476 data[header_nlines] = (char *) data + header_size
477 + (image->height + ext_nlines) * sizeof(char *);
478
479- CreatePixels(data + header_nlines, image->width, image->height,
480+ CreatePixels(data + header_nlines, data_size-header_nlines, image->width, image->height,
481 image->cpp, image->data, image->colorTable);
482
483 /* print extensions */
484 if (extensions)
485- CreateExtensions(data + header_nlines + image->height - 1, offset,
486+ CreateExtensions(data + header_nlines + image->height - 1,
487+ data_size - header_nlines - image->height + 1, offset,
488 info->extensions, info->nextensions,
489 ext_nlines);
490
491@@ -225,23 +253,34 @@
492 char *s, *s2;
493 char **defaults;
494
495+ /* can ncolors be trusted here? */
496 for (a = 0; a < ncolors; a++, colors++, dataptr++) {
497
498 defaults = (char **) colors;
499+ if(sizeof(buf) <= cpp)
500+ return(XpmNoMemory);
501 strncpy(buf, *defaults++, cpp);
502 s = buf + cpp;
503
504+ if(sizeof(buf) <= (s-buf))
505+ return XpmNoMemory;
506+
507 for (key = 1; key <= NKEYS; key++, defaults++) {
508 if ((s2 = *defaults)) {
509 #ifndef VOID_SPRINTF
510 s +=
511 #endif
512- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2);
513+ /* assume C99 compliance */
514+ snprintf(s, sizeof(buf)-(s-buf), "\t%s %s", xpmColorKeys[key - 1], s2);
515 #ifdef VOID_SPRINTF
516 s += strlen(s);
517 #endif
518+ /* does s point out-of-bounds? */
519+ if(sizeof(buf) < (s-buf))
520+ return XpmNoMemory;
521 }
522 }
523+ /* what about using strdup()? */
524 l = s - buf + 1;
525 s = (char *) XpmMalloc(l);
526 if (!s)
527@@ -253,8 +292,9 @@
528 }
529
530 static void
531-CreatePixels(dataptr, width, height, cpp, pixels, colors)
532+CreatePixels(dataptr, data_size, width, height, cpp, pixels, colors)
533 char **dataptr;
534+ unsigned int data_size;
535 unsigned int width;
536 unsigned int height;
537 unsigned int cpp;
538@@ -264,21 +304,38 @@
539 char *s;
540 unsigned int x, y, h, offset;
541
542+ if(height <= 1)
543+ return;
544+
545 h = height - 1;
546+
547 offset = width * cpp + 1;
548+
549+ if(offset <= width || offset <= cpp)
550+ return;
551+
552+ /* why trust h? */
553 for (y = 0; y < h; y++, dataptr++) {
554 s = *dataptr;
555+ /* why trust width? */
556 for (x = 0; x < width; x++, pixels++) {
557- strncpy(s, colors[*pixels].string, cpp);
558+ if(cpp > (data_size - (s - *dataptr)))
559+ return;
560+ strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */
561 s += cpp;
562 }
563 *s = '\0';
564+ if(offset > data_size)
565+ return;
566 *(dataptr + 1) = *dataptr + offset;
567 }
568 /* duplicate some code to avoid a test in the loop */
569 s = *dataptr;
570+ /* why trust width? */
571 for (x = 0; x < width; x++, pixels++) {
572- strncpy(s, colors[*pixels].string, cpp);
573+ if(cpp > data_size - (s - *dataptr))
574+ return;
575+ strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */
576 s += cpp;
577 }
578 *s = '\0';
579@@ -311,8 +368,9 @@
580 }
581
582 static void
583-CreateExtensions(dataptr, offset, ext, num, ext_nlines)
584+CreateExtensions(dataptr, data_size, offset, ext, num, ext_nlines)
585 char **dataptr;
586+ unsigned int data_size;
587 unsigned int offset;
588 XpmExtension *ext;
589 unsigned int num;
590@@ -325,12 +383,12 @@
591 dataptr++;
592 a = 0;
593 for (x = 0; x < num; x++, ext++) {
594- sprintf(*dataptr, "XPMEXT %s", ext->name);
595+ snprintf(*dataptr, data_size, "XPMEXT %s", ext->name);
596 a++;
597 if (a < ext_nlines)
598 *(dataptr + 1) = *dataptr + strlen(ext->name) + 8;
599 dataptr++;
600- b = ext->nlines;
601+ b = ext->nlines; /* can we trust these values? */
602 for (y = 0, line = ext->lines; y < b; y++, line++) {
603 strcpy(*dataptr, *line);
604 a++;
605Index: extras/Xpm/lib/Imakefile
606===================================================================
607RCS file: /cvs/XF4/xc/extras/Xpm/lib/Imakefile,v
608retrieving revision 1.1.1.1
609diff -u -r1.1.1.1 Imakefile
610--- extras/Xpm/lib/Imakefile 15 Feb 2001 07:59:10 -0000 1.1.1.1
611+++ extras/Xpm/lib/Imakefile 14 Nov 2004 13:45:02 -0000
612@@ -104,13 +104,15 @@
613 CrBufFrI.c CrDatFrP.c CrPFrBuf.c RdFToI.c WrFFrI.c \
614 CrBufFrP.c CrIFrBuf.c CrPFrDat.c RdFToP.c WrFFrP.c \
615 CrDatFrI.c CrIFrDat.c RdFToDat.c WrFFrDat.c \
616- Attrib.c CrIFrP.c CrPFrI.c Image.c Info.c RdFToBuf.c WrFFrBuf.c
617+ Attrib.c CrIFrP.c CrPFrI.c Image.c Info.c RdFToBuf.c WrFFrBuf.c \
618+ s_popen.c
619
620 OBJS = data.o create.o misc.o rgb.o scan.o parse.o hashtab.o \
621 CrBufFrI.o CrDatFrP.o CrPFrBuf.o RdFToI.o WrFFrI.o \
622 CrBufFrP.o CrIFrBuf.o CrPFrDat.o RdFToP.o WrFFrP.o \
623 CrDatFrI.o CrIFrDat.o RdFToDat.o WrFFrDat.o \
624- Attrib.o CrIFrP.o CrPFrI.o Image.o Info.o RdFToBuf.o WrFFrBuf.o
625+ Attrib.o CrIFrP.o CrPFrI.o Image.o Info.o RdFToBuf.o WrFFrBuf.o \
626+ s_popen.o
627
628 INCLUDES = -I.
629 LINTLIBS = $(LINTXTOLL) $(LINTXLIB)
630Index: extras/Xpm/lib/RdFToBuf.c
631===================================================================
632RCS file: /cvs/XF4/xc/extras/Xpm/lib/RdFToBuf.c,v
633retrieving revision 1.1.1.1
634diff -u -r1.1.1.1 RdFToBuf.c
635--- extras/Xpm/lib/RdFToBuf.c 15 Feb 2001 07:59:10 -0000 1.1.1.1
636+++ extras/Xpm/lib/RdFToBuf.c 14 Nov 2004 13:45:02 -0000
637@@ -37,6 +37,8 @@
638 * HeDu (hedu@cul-ipn.uni-kiel.de) 4/94
639 */
640
641+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
642+
643 #include "XpmI.h"
644 #include <sys/stat.h>
645 #if !defined(FOR_MSW) && !defined(WIN32)
646@@ -58,7 +60,8 @@
647 char *filename;
648 char **buffer_return;
649 {
650- int fd, fcheck, len;
651+ int fd, fcheck;
652+ off_t len;
653 char *ptr;
654 struct stat stats;
655 FILE *fp;
656@@ -82,7 +85,7 @@
657 close(fd);
658 return XpmOpenFailed;
659 }
660- len = (int) stats.st_size;
661+ len = stats.st_size;
662 ptr = (char *) XpmMalloc(len + 1);
663 if (!ptr) {
664 fclose(fp);
665Index: extras/Xpm/lib/RdFToI.c
666===================================================================
667RCS file: /cvs/XF4/xc/extras/Xpm/lib/RdFToI.c,v
668retrieving revision 1.2
669diff -u -r1.2 RdFToI.c
670--- extras/Xpm/lib/RdFToI.c 2 Nov 2004 23:26:39 -0000 1.2
671+++ extras/Xpm/lib/RdFToI.c 14 Nov 2004 13:45:02 -0000
672@@ -33,6 +33,8 @@
673 \*****************************************************************************/
674 /* $XFree86$ */
675
676+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
677+
678 #include "XpmI.h"
679 #include <sys/stat.h>
680 #if !defined(NO_ZPIPE) && defined(WIN32)
681@@ -123,6 +125,12 @@
682 /*
683 * open the given file to be read as an xpmData which is returned.
684 */
685+#ifndef NO_ZPIPE
686+ FILE *s_popen(char *cmd, const char *type);
687+#else
688+# define s_popen popen
689+#endif
690+
691 static int
692 OpenReadFile(filename, mdata)
693 char *filename;
694@@ -141,17 +149,21 @@
695 mdata->type = XPMFILE;
696 } else {
697 #ifndef NO_ZPIPE
698- int len = strlen(filename);
699+ size_t len = strlen(filename);
700+
701+ if(len == 0 ||
702+ filename[len-1] == '/')
703+ return(XpmOpenFailed);
704 if ((len > 2) && !strcmp(".Z", filename + (len - 2))) {
705 mdata->type = XPMPIPE;
706- sprintf(buf, "uncompress -c \"%s\"", filename);
707- if (!(mdata->stream.file = popen(buf, "r")))
708+ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename);
709+ if (!(mdata->stream.file = s_popen(buf, "r")))
710 return (XpmOpenFailed);
711
712 } else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) {
713 mdata->type = XPMPIPE;
714- sprintf(buf, "gunzip -qc \"%s\"", filename);
715- if (!(mdata->stream.file = popen(buf, "r")))
716+ snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename);
717+ if (!(mdata->stream.file = s_popen(buf, "r")))
718 return (XpmOpenFailed);
719
720 } else {
721@@ -159,19 +171,19 @@
722 if (!(compressfile = (char *) XpmMalloc(len + 4)))
723 return (XpmNoMemory);
724
725- sprintf(compressfile, "%s.Z", filename);
726+ snprintf(compressfile, len+4, "%s.Z", filename);
727 if (!stat(compressfile, &status)) {
728- sprintf(buf, "uncompress -c \"%s\"", compressfile);
729- if (!(mdata->stream.file = popen(buf, "r"))) {
730+ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile);
731+ if (!(mdata->stream.file = s_popen(buf, "r"))) {
732 XpmFree(compressfile);
733 return (XpmOpenFailed);
734 }
735 mdata->type = XPMPIPE;
736 } else {
737- sprintf(compressfile, "%s.gz", filename);
738+ snprintf(compressfile, len+4, "%s.gz", filename);
739 if (!stat(compressfile, &status)) {
740- sprintf(buf, "gunzip -c \"%s\"", compressfile);
741- if (!(mdata->stream.file = popen(buf, "r"))) {
742+ snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile);
743+ if (!(mdata->stream.file = s_popen(buf, "r"))) {
744 XpmFree(compressfile);
745 return (XpmOpenFailed);
746 }
747@@ -217,7 +229,7 @@
748 break;
749 #ifndef NO_ZPIPE
750 case XPMPIPE:
751- pclose(mdata->stream.file);
752+ fclose(mdata->stream.file);
753 break;
754 #endif
755 }
756Index: extras/Xpm/lib/WrFFrBuf.c
757===================================================================
758RCS file: /cvs/XF4/xc/extras/Xpm/lib/WrFFrBuf.c,v
759retrieving revision 1.1.1.1
760diff -u -r1.1.1.1 WrFFrBuf.c
761--- extras/Xpm/lib/WrFFrBuf.c 15 Feb 2001 07:59:10 -0000 1.1.1.1
762+++ extras/Xpm/lib/WrFFrBuf.c 14 Nov 2004 13:45:02 -0000
763@@ -32,6 +32,8 @@
764 * Developed by Arnaud Le Hors *
765 \*****************************************************************************/
766
767+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
768+
769 #include "XpmI.h"
770
771 int
772@@ -49,7 +51,7 @@
773 fcheck = fwrite(buffer, len, 1, fp);
774 fclose(fp);
775 if (fcheck != 1)
776- return XpmOpenFailed;
777+ return XpmOpenFailed; /* maybe use a better return value */
778
779 return XpmSuccess;
780 }
781Index: extras/Xpm/lib/WrFFrI.c
782===================================================================
783RCS file: /cvs/XF4/xc/extras/Xpm/lib/WrFFrI.c,v
784retrieving revision 1.3
785diff -u -r1.3 WrFFrI.c
786--- extras/Xpm/lib/WrFFrI.c 2 Nov 2004 23:26:39 -0000 1.3
787+++ extras/Xpm/lib/WrFFrI.c 14 Nov 2004 13:45:02 -0000
788@@ -38,6 +38,8 @@
789 * Lorens Younes (d93-hyo@nada.kth.se) 4/96
790 */
791
792+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
793+
794 #include "XpmI.h"
795 #if !defined(NO_ZPIPE) && defined(WIN32)
796 # define popen _popen
797@@ -98,7 +100,7 @@
798 XpmInfo *info;
799 {
800 xpmData mdata;
801- char *name, *dot, *s, new_name[BUFSIZ];
802+ char *name, *dot, *s, new_name[BUFSIZ] = {0};
803 int ErrorStatus;
804
805 /* open file to write */
806@@ -121,7 +123,8 @@
807 #endif
808 /* let's try to make a valid C syntax name */
809 if (index(name, '.')) {
810- strcpy(new_name, name);
811+ strncpy(new_name, name, sizeof(new_name));
812+ new_name[sizeof(new_name)-1] = 0;
813 /* change '.' to '_' */
814 name = s = new_name;
815 while ((dot = index(s, '.'))) {
816@@ -131,7 +134,8 @@
817 }
818 if (index(name, '-')) {
819 if (name != new_name) {
820- strcpy(new_name, name);
821+ strncpy(new_name, name, sizeof(new_name));
822+ new_name[sizeof(new_name)-1] = 0;
823 name = new_name;
824 }
825 /* change '-' to '_' */
826@@ -248,7 +252,7 @@
827 unsigned int x, y, h;
828
829 h = height - 1;
830- if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
831+ if (cpp != 0 && width >= (UINT_MAX - 3)/cpp)
832 return XpmNoMemory;
833 p = buf = (char *) XpmMalloc(width * cpp + 3);
834 if (!buf)
835@@ -300,6 +304,11 @@
836 /*
837 * open the given file to be written as an xpmData which is returned
838 */
839+#ifndef NO_ZPIPE
840+ FILE *s_popen(char *cmd, const char *type);
841+#else
842+# define s_popen popen
843+#endif
844 static int
845 OpenWriteFile(filename, mdata)
846 char *filename;
847@@ -315,16 +324,23 @@
848 mdata->type = XPMFILE;
849 } else {
850 #ifndef NO_ZPIPE
851- int len = strlen(filename);
852+ size_t len = strlen(filename);
853+
854+ if(len == 0 ||
855+ filename[0] == '/' ||
856+ strstr(filename, "../") != NULL ||
857+ filename[len-1] == '/')
858+ return(XpmOpenFailed);
859+
860 if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
861- sprintf(buf, "compress > \"%s\"", filename);
862- if (!(mdata->stream.file = popen(buf, "w")))
863+ snprintf(buf, sizeof(buf), "compress > \"%s\"", filename);
864+ if (!(mdata->stream.file = s_popen(buf, "w")))
865 return (XpmOpenFailed);
866
867 mdata->type = XPMPIPE;
868 } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
869- sprintf(buf, "gzip -q > \"%s\"", filename);
870- if (!(mdata->stream.file = popen(buf, "w")))
871+ snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename);
872+ if (!(mdata->stream.file = s_popen(buf, "w")))
873 return (XpmOpenFailed);
874
875 mdata->type = XPMPIPE;
876@@ -355,7 +371,7 @@
877 break;
878 #ifndef NO_ZPIPE
879 case XPMPIPE:
880- pclose(mdata->stream.file);
881+ fclose(mdata->stream.file);
882 break;
883 #endif
884 }
885Index: extras/Xpm/lib/XpmI.h
886===================================================================
887RCS file: /cvs/XF4/xc/extras/Xpm/lib/XpmI.h,v
888retrieving revision 1.8
889diff -u -r1.8 XpmI.h
890--- extras/Xpm/lib/XpmI.h 2 Nov 2004 23:26:39 -0000 1.8
891+++ extras/Xpm/lib/XpmI.h 14 Nov 2004 13:45:03 -0000
892@@ -49,8 +49,10 @@
893 * lets try to solve include files
894 */
895
896+#include <sys/types.h>
897 #include <stdio.h>
898 #include <stdlib.h>
899+#include <limits.h>
900 /* stdio.h doesn't declare popen on a Sequent DYNIX OS */
901 #ifdef sequent
902 extern FILE *popen();
903Index: extras/Xpm/lib/create.c
904===================================================================
905RCS file: /cvs/XF4/xc/extras/Xpm/lib/create.c,v
906retrieving revision 1.5
907diff -u -r1.5 create.c
908--- extras/Xpm/lib/create.c 2 Nov 2004 23:26:39 -0000 1.5
909+++ extras/Xpm/lib/create.c 14 Nov 2004 13:45:05 -0000
910@@ -45,6 +45,8 @@
911 * Lorens Younes (d93-hyo@nada.kth.se) 4/96
912 */
913
914+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
915+
916 #include "XpmI.h"
917 #include <ctype.h>
918
919@@ -586,7 +588,7 @@
920 */
921 } else {
922 #endif
923- int i;
924+ unsigned int i;
925
926 #ifndef AMIGA
927 ncols = visual->map_entries;
928@@ -746,12 +748,14 @@
929
930
931 /* function call in case of error */
932+
933 #undef RETURN
934 #define RETURN(status) \
935+do \
936 { \
937 ErrorStatus = status; \
938 goto error; \
939-}
940+} while(0)
941
942 int
943 XpmCreateImageFromXpmImage(display, image,
944@@ -817,7 +821,7 @@
945
946 ErrorStatus = XpmSuccess;
947
948- if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
949+ if (image->ncolors >= UINT_MAX / sizeof(Pixel))
950 return (XpmNoMemory);
951
952 /* malloc pixels index tables */
953@@ -992,9 +996,13 @@
954 return (XpmNoMemory);
955
956 #if !defined(FOR_MSW) && !defined(AMIGA)
957- if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
958+ if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
959+ XDestroyImage(*image_return);
960 return XpmNoMemory;
961+ }
962 /* now that bytes_per_line must have been set properly alloc data */
963+ if((*image_return)->bytes_per_line == 0 || height == 0)
964+ return XpmNoMemory;
965 (*image_return)->data =
966 (char *) XpmMalloc((*image_return)->bytes_per_line * height);
967
968@@ -1023,7 +1031,7 @@
969 LFUNC(_putbits, void, (register char *src, int dstoffset,
970 register int numbits, register char *dst));
971
972-LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register int nb));
973+LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register unsigned int nb));
974
975 static unsigned char Const _reverse_byte[0x100] = {
976 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
977@@ -1063,12 +1071,12 @@
978 static int
979 _XReverse_Bytes(bpt, nb)
980 register unsigned char *bpt;
981- register int nb;
982+ register unsigned int nb;
983 {
984 do {
985 *bpt = _reverse_byte[*bpt];
986 bpt++;
987- } while (--nb > 0);
988+ } while (--nb > 0); /* is nb user-controled? */
989 return 0;
990 }
991
992@@ -1207,7 +1215,7 @@
993 register char *src;
994 register char *dst;
995 register unsigned int *iptr;
996- register int x, y, i;
997+ register unsigned int x, y, i;
998 register char *data;
999 Pixel pixel, px;
1000 int nbytes, depth, ibu, ibpp;
1001@@ -1217,8 +1225,8 @@
1002 depth = image->depth;
1003 if (depth == 1) {
1004 ibu = image->bitmap_unit;
1005- for (y = 0; y < height; y++)
1006- for (x = 0; x < width; x++, iptr++) {
1007+ for (y = 0; y < height; y++) /* how can we trust height */
1008+ for (x = 0; x < width; x++, iptr++) { /* how can we trust width */
1009 pixel = pixels[*iptr];
1010 for (i = 0, px = pixel; i < sizeof(unsigned long);
1011 i++, px >>= 8)
1012@@ -1293,12 +1301,12 @@
1013 {
1014 unsigned char *data;
1015 unsigned int *iptr;
1016- int y;
1017+ unsigned int y;
1018 Pixel pixel;
1019
1020 #ifdef WITHOUT_SPEEDUPS
1021
1022- int x;
1023+ unsigned int x;
1024 unsigned char *addr;
1025
1026 data = (unsigned char *) image->data;
1027@@ -1335,7 +1343,7 @@
1028
1029 #else /* WITHOUT_SPEEDUPS */
1030
1031- int bpl = image->bytes_per_line;
1032+ unsigned int bpl = image->bytes_per_line;
1033 unsigned char *data_ptr, *max_data;
1034
1035 data = (unsigned char *) image->data;
1036@@ -1403,11 +1411,11 @@
1037 {
1038 unsigned char *data;
1039 unsigned int *iptr;
1040- int y;
1041+ unsigned int y;
1042
1043 #ifdef WITHOUT_SPEEDUPS
1044
1045- int x;
1046+ unsigned int x;
1047 unsigned char *addr;
1048
1049 data = (unsigned char *) image->data;
1050@@ -1431,7 +1439,7 @@
1051
1052 Pixel pixel;
1053
1054- int bpl = image->bytes_per_line;
1055+ unsigned int bpl = image->bytes_per_line;
1056 unsigned char *data_ptr, *max_data;
1057
1058 data = (unsigned char *) image->data;
1059@@ -1484,11 +1492,11 @@
1060 {
1061 char *data;
1062 unsigned int *iptr;
1063- int y;
1064+ unsigned int y;
1065
1066 #ifdef WITHOUT_SPEEDUPS
1067
1068- int x;
1069+ unsigned int x;
1070
1071 data = image->data;
1072 iptr = pixelindex;
1073@@ -1498,7 +1506,7 @@
1074
1075 #else /* WITHOUT_SPEEDUPS */
1076
1077- int bpl = image->bytes_per_line;
1078+ unsigned int bpl = image->bytes_per_line;
1079 char *data_ptr, *max_data;
1080
1081 data = image->data;
1082@@ -1533,12 +1541,12 @@
1083 PutImagePixels(image, width, height, pixelindex, pixels);
1084 else {
1085 unsigned int *iptr;
1086- int y;
1087+ unsigned int y;
1088 char *data;
1089
1090 #ifdef WITHOUT_SPEEDUPS
1091
1092- int x;
1093+ unsigned int x;
1094
1095 data = image->data;
1096 iptr = pixelindex;
1097@@ -1761,6 +1769,9 @@
1098 Pixel px;
1099 int nbytes;
1100
1101+ if(x < 0 || y < 0)
1102+ return 0;
1103+
1104 for (i=0, px=pixel; i<sizeof(unsigned long); i++, px>>=8)
1105 ((unsigned char *)&pixel)[i] = px;
1106 src = &ximage->data[XYINDEX(x, y, ximage)];
1107@@ -1791,7 +1802,10 @@
1108 register char *dst;
1109 register int i;
1110 Pixel px;
1111- int nbytes, ibpp;
1112+ unsigned int nbytes, ibpp;
1113+
1114+ if(x < 0 || y < 0)
1115+ return 0;
1116
1117 ibpp = ximage->bits_per_pixel;
1118 if (ximage->depth == 4)
1119@@ -1825,6 +1839,9 @@
1120 {
1121 unsigned char *addr;
1122
1123+ if(x < 0 || y < 0)
1124+ return 0;
1125+
1126 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1127 *((unsigned long *)addr) = pixel;
1128 return 1;
1129@@ -1840,6 +1857,9 @@
1130 {
1131 unsigned char *addr;
1132
1133+ if(x < 0 || y < 0)
1134+ return 0;
1135+
1136 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1137 addr[0] = pixel >> 24;
1138 addr[1] = pixel >> 16;
1139@@ -1857,6 +1877,9 @@
1140 {
1141 unsigned char *addr;
1142
1143+ if(x < 0 || y < 0)
1144+ return 0;
1145+
1146 addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)];
1147 addr[3] = pixel >> 24;
1148 addr[2] = pixel >> 16;
1149@@ -1874,6 +1897,9 @@
1150 {
1151 unsigned char *addr;
1152
1153+ if(x < 0 || y < 0)
1154+ return 0;
1155+
1156 addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)];
1157 addr[0] = pixel >> 8;
1158 addr[1] = pixel;
1159@@ -1889,6 +1915,9 @@
1160 {
1161 unsigned char *addr;
1162
1163+ if(x < 0 || y < 0)
1164+ return 0;
1165+
1166 addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)];
1167 addr[1] = pixel >> 8;
1168 addr[0] = pixel;
1169@@ -1902,6 +1931,9 @@
1170 int y;
1171 unsigned long pixel;
1172 {
1173+ if(x < 0 || y < 0)
1174+ return 0;
1175+
1176 ximage->data[ZINDEX8(x, y, ximage)] = pixel;
1177 return 1;
1178 }
1179@@ -1913,6 +1945,9 @@
1180 int y;
1181 unsigned long pixel;
1182 {
1183+ if(x < 0 || y < 0)
1184+ return 0;
1185+
1186 if (pixel & 1)
1187 ximage->data[ZINDEX1(x, y, ximage)] |= 0x80 >> (x & 7);
1188 else
1189@@ -1927,6 +1962,9 @@
1190 int y;
1191 unsigned long pixel;
1192 {
1193+ if(x < 0 || y < 0)
1194+ return 0;
1195+
1196 if (pixel & 1)
1197 ximage->data[ZINDEX1(x, y, ximage)] |= 1 << (x & 7);
1198 else
1199@@ -2061,8 +2099,8 @@
1200 xpmGetCmt(data, &colors_cmt);
1201
1202 /* malloc pixels index tables */
1203- if (ncolors >= SIZE_MAX / sizeof(Pixel))
1204- return XpmNoMemory;
1205+ if (ncolors >= UINT_MAX / sizeof(Pixel))
1206+ RETURN(XpmNoMemory);
1207
1208 image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
1209 if (!image_pixels)
1210@@ -2174,7 +2212,7 @@
1211 * free the hastable
1212 */
1213 if (ErrorStatus != XpmSuccess)
1214- RETURN(ErrorStatus)
1215+ RETURN(ErrorStatus);
1216 else if (USE_HASHTABLE)
1217 xpmHashTableFree(&hashtable);
1218
1219@@ -2366,11 +2404,11 @@
1220
1221 /* array of pointers malloced by need */
1222 unsigned short *cidx[256];
1223- int char1;
1224+ unsigned int char1;
1225
1226 bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
1227 for (a = 0; a < ncolors; a++) {
1228- char1 = colorTable[a].string[0];
1229+ char1 = (unsigned char) colorTable[a].string[0];
1230 if (cidx[char1] == NULL) { /* get new memory */
1231 cidx[char1] = (unsigned short *)
1232 XpmCalloc(256, sizeof(unsigned short));
1233Index: extras/Xpm/lib/data.c
1234===================================================================
1235RCS file: /cvs/XF4/xc/extras/Xpm/lib/data.c,v
1236retrieving revision 1.3
1237diff -u -r1.3 data.c
1238--- extras/Xpm/lib/data.c 2 Nov 2004 23:26:39 -0000 1.3
1239+++ extras/Xpm/lib/data.c 14 Nov 2004 13:45:05 -0000
1240@@ -33,6 +33,8 @@
1241 \*****************************************************************************/
1242 /* $XFree86: xc/extras/Xpm/lib/data.c,v 1.3 2001/10/28 03:32:10 tsi Exp $ */
1243
1244+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
1245+
1246 #ifndef CXPMPROG
1247 #if 0
1248 /* Official version number */
1249@@ -262,7 +264,7 @@
1250 }
1251 Ungetc(data, c, file);
1252 }
1253- return (n);
1254+ return (n); /* this returns bytes read + 1 */
1255 }
1256
1257 /*
1258@@ -375,8 +377,9 @@
1259 {
1260 if (!data->type)
1261 *cmt = NULL;
1262- else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) {
1263- *cmt = (char *) XpmMalloc(data->CommentLength + 1);
1264+ else if (data->CommentLength != 0 && data->CommentLength < UINT_MAX - 1) {
1265+ if( (*cmt = (char *) XpmMalloc(data->CommentLength + 1)) == NULL)
1266+ return XpmNoMemory;
1267 strncpy(*cmt, data->Comment, data->CommentLength);
1268 (*cmt)[data->CommentLength] = '\0';
1269 data->CommentLength = 0;
1270@@ -400,7 +403,7 @@
1271 xpmParseHeader(data)
1272 xpmData *data;
1273 {
1274- char buf[BUFSIZ];
1275+ char buf[BUFSIZ+1] = {0};
1276 int l, n = 0;
1277
1278 if (data->type) {
1279Index: extras/Xpm/lib/hashtab.c
1280===================================================================
1281RCS file: /cvs/XF4/xc/extras/Xpm/lib/hashtab.c,v
1282retrieving revision 1.2
1283diff -u -r1.2 hashtab.c
1284--- extras/Xpm/lib/hashtab.c 1 Sep 2004 21:01:33 -0000 1.2
1285+++ extras/Xpm/lib/hashtab.c 14 Nov 2004 13:45:05 -0000
1286@@ -138,13 +138,13 @@
1287 unsigned int size = table->size;
1288 xpmHashAtom *t, *p;
1289 int i;
1290- int oldSize = size;
1291+ unsigned int oldSize = size;
1292
1293 t = atomTable;
1294 HASH_TABLE_GROWS
1295 table->size = size;
1296 table->limit = size / 3;
1297- if (size >= SIZE_MAX / sizeof(*atomTable))
1298+ if (size >= UINT_MAX / sizeof(*atomTable))
1299 return (XpmNoMemory);
1300 atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
1301 if (!atomTable)
1302@@ -206,7 +206,7 @@
1303 table->size = INITIAL_HASH_SIZE;
1304 table->limit = table->size / 3;
1305 table->used = 0;
1306- if (table->size >= SIZE_MAX / sizeof(*atomTable))
1307+ if (table->size >= UINT_MAX / sizeof(*atomTable))
1308 return (XpmNoMemory);
1309 atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
1310 if (!atomTable)
1311Index: extras/Xpm/lib/misc.c
1312===================================================================
1313RCS file: /cvs/XF4/xc/extras/Xpm/lib/misc.c,v
1314retrieving revision 1.1.1.1
1315diff -u -r1.1.1.1 misc.c
1316--- extras/Xpm/lib/misc.c 15 Feb 2001 07:59:10 -0000 1.1.1.1
1317+++ extras/Xpm/lib/misc.c 14 Nov 2004 13:45:05 -0000
1318@@ -44,7 +44,7 @@
1319 char *s1;
1320 {
1321 char *s2;
1322- int l = strlen(s1) + 1;
1323+ size_t l = strlen(s1) + 1;
1324
1325 if (s2 = (char *) XpmMalloc(l))
1326 strcpy(s2, s1);
1327Index: extras/Xpm/lib/parse.c
1328===================================================================
1329RCS file: /cvs/XF4/xc/extras/Xpm/lib/parse.c,v
1330retrieving revision 1.3
1331diff -u -r1.3 parse.c
1332--- extras/Xpm/lib/parse.c 2 Nov 2004 23:26:39 -0000 1.3
1333+++ extras/Xpm/lib/parse.c 14 Nov 2004 13:45:05 -0000
1334@@ -41,26 +41,28 @@
1335 * HeDu (hedu@cul-ipn.uni-kiel.de) 4/94
1336 */
1337
1338+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
1339+
1340 #include "XpmI.h"
1341 #include <ctype.h>
1342 #include <string.h>
1343
1344 #ifdef HAS_STRLCAT
1345-# define STRLCAT(dst, src, dstsize) { \
1346+# define STRLCAT(dst, src, dstsize) do { \
1347 if (strlcat(dst, src, dstsize) >= (dstsize)) \
1348- return (XpmFileInvalid); }
1349-# define STRLCPY(dst, src, dstsize) { \
1350+ return (XpmFileInvalid); } while(0)
1351+# define STRLCPY(dst, src, dstsize) do { \
1352 if (strlcpy(dst, src, dstsize) >= (dstsize)) \
1353- return (XpmFileInvalid); }
1354+ return (XpmFileInvalid); } while(0)
1355 #else
1356-# define STRLCAT(dst, src, dstsize) { \
1357+# define STRLCAT(dst, src, dstsize) do { \
1358 if ((strlen(dst) + strlen(src)) < (dstsize)) \
1359 strcat(dst, src); \
1360- else return (XpmFileInvalid); }
1361-# define STRLCPY(dst, src, dstsize) { \
1362+ else return (XpmFileInvalid); } while(0)
1363+# define STRLCPY(dst, src, dstsize) do { \
1364 if (strlen(src) < (dstsize)) \
1365 strcpy(dst, src); \
1366- else return (XpmFileInvalid); }
1367+ else return (XpmFileInvalid); } while(0)
1368 #endif
1369
1370 LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
1371@@ -205,7 +207,7 @@
1372 char **defaults;
1373 int ErrorStatus;
1374
1375- if (ncolors >= SIZE_MAX / sizeof(XpmColor))
1376+ if (ncolors >= UINT_MAX / sizeof(XpmColor))
1377 return (XpmNoMemory);
1378 colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
1379 if (!colorTable)
1380@@ -218,7 +220,7 @@
1381 /*
1382 * read pixel value
1383 */
1384- if (cpp >= SIZE_MAX - 1) {
1385+ if (cpp >= UINT_MAX - 1) {
1386 xpmFreeColorTable(colorTable, ncolors);
1387 return (XpmNoMemory);
1388 }
1389@@ -277,9 +279,9 @@
1390 return (XpmFileInvalid);
1391 }
1392 if (!lastwaskey)
1393- STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
1394+ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
1395 buf[l] = '\0';
1396- STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
1397+ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */
1398 lastwaskey = 0;
1399 }
1400 }
1401@@ -287,7 +289,7 @@
1402 xpmFreeColorTable(colorTable, ncolors);
1403 return (XpmFileInvalid);
1404 }
1405- len = strlen(curbuf) + 1;
1406+ len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */
1407 s = defaults[curkey] = (char *) XpmMalloc(len);
1408 if (!s) {
1409 xpmFreeColorTable(colorTable, ncolors);
1410@@ -306,7 +308,7 @@
1411 /*
1412 * read pixel value
1413 */
1414- if (cpp >= SIZE_MAX - 1) {
1415+ if (cpp >= UINT_MAX - 1) {
1416 xpmFreeColorTable(colorTable, ncolors);
1417 return (XpmNoMemory);
1418 }
1419@@ -351,7 +353,7 @@
1420 memcpy(s, curbuf, len);
1421 color->c_color = s;
1422 *curbuf = '\0'; /* reset curbuf */
1423- if (a < ncolors - 1)
1424+ if (a < ncolors - 1) /* can we trust ncolors -> leave data's bounds */
1425 xpmNextString(data); /* get to the next string */
1426 }
1427 }
1428@@ -370,11 +372,11 @@
1429 xpmHashTable *hashtable;
1430 unsigned int **pixels;
1431 {
1432- unsigned int *iptr, *iptr2;
1433+ unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */
1434 unsigned int a, x, y;
1435
1436- if ((height > 0 && width >= SIZE_MAX / height) ||
1437- width * height >= SIZE_MAX / sizeof(unsigned int))
1438+ if ((height > 0 && width >= UINT_MAX / height) ||
1439+ width * height >= UINT_MAX / sizeof(unsigned int))
1440 return XpmNoMemory;
1441 #ifndef FOR_MSW
1442 iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
1443@@ -399,8 +401,10 @@
1444 {
1445 unsigned short colidx[256];
1446
1447- if (ncolors > 256)
1448+ if (ncolors > 256) {
1449+ XpmFree(iptr2); /* found by Egbert Eich */
1450 return (XpmFileInvalid);
1451+ }
1452
1453 bzero((char *)colidx, 256 * sizeof(short));
1454 for (a = 0; a < ncolors; a++)
1455@@ -427,16 +431,20 @@
1456 {
1457
1458 /* free all allocated pointers at all exits */
1459-#define FREE_CIDX {int f; for (f = 0; f < 256; f++) \
1460-if (cidx[f]) XpmFree(cidx[f]);}
1461+#define FREE_CIDX \
1462+do \
1463+{ \
1464+ int f; for (f = 0; f < 256; f++) \
1465+ if (cidx[f]) XpmFree(cidx[f]); \
1466+} while(0)
1467
1468 /* array of pointers malloced by need */
1469 unsigned short *cidx[256];
1470- int char1;
1471+ unsigned int char1;
1472
1473 bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
1474 for (a = 0; a < ncolors; a++) {
1475- char1 = colorTable[a].string[0];
1476+ char1 = (unsigned char) colorTable[a].string[0];
1477 if (cidx[char1] == NULL) { /* get new memory */
1478 cidx[char1] = (unsigned short *)
1479 XpmCalloc(256, sizeof(unsigned short));
1480@@ -480,8 +488,10 @@
1481 char *s;
1482 char buf[BUFSIZ];
1483
1484- if (cpp >= sizeof(buf))
1485+ if (cpp >= sizeof(buf)) {
1486+ XpmFree(iptr2); /* found by Egbert Eich */
1487 return (XpmFileInvalid);
1488+ }
1489
1490 buf[cpp] = '\0';
1491 if (USE_HASHTABLE) {
1492@@ -491,7 +501,7 @@
1493 xpmNextString(data);
1494 for (x = 0; x < width; x++, iptr++) {
1495 for (a = 0, s = buf; a < cpp; a++, s++)
1496- *s = xpmGetC(data);
1497+ *s = xpmGetC(data); /* int assigned to char, not a problem here */
1498 slot = xpmHashSlot(hashtable, buf);
1499 if (!*slot) { /* no color matches */
1500 XpmFree(iptr2);
1501@@ -505,7 +515,7 @@
1502 xpmNextString(data);
1503 for (x = 0; x < width; x++, iptr++) {
1504 for (a = 0, s = buf; a < cpp; a++, s++)
1505- *s = xpmGetC(data);
1506+ *s = xpmGetC(data); /* int assigned to char, not a problem here */
1507 for (a = 0; a < ncolors; a++)
1508 if (!strcmp(colorTable[a].string, buf))
1509 break;
1510@@ -560,7 +570,7 @@
1511 while (!notstart && notend) {
1512 /* there starts an extension */
1513 ext = (XpmExtension *)
1514- XpmRealloc(exts, (num + 1) * sizeof(XpmExtension));
1515+ XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); /* can the loop be forced to iterate often enough to make "(num + 1) * sizeof(XpmExtension)" wrapping? */
1516 if (!ext) {
1517 XpmFree(string);
1518 XpmFreeExtensions(exts, num);
1519@@ -597,7 +607,7 @@
1520 while ((notstart = strncmp("XPMEXT", string, 6))
1521 && (notend = strncmp("XPMENDEXT", string, 9))) {
1522 sp = (char **)
1523- XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *));
1524+ XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); /* can we iterate enough for a wrapping? */
1525 if (!sp) {
1526 XpmFree(string);
1527 ext->nlines = nlines;
1528@@ -637,9 +647,9 @@
1529 /* function call in case of error */
1530 #undef RETURN
1531 #define RETURN(status) \
1532-{ \
1533+do { \
1534 goto error; \
1535-}
1536+} while(0)
1537
1538 /*
1539 * This function parses an Xpm file or data and store the found informations
1540Index: extras/Xpm/lib/s_popen.c
1541===================================================================
1542RCS file: extras/Xpm/lib/s_popen.c
1543diff -N extras/Xpm/lib/s_popen.c
1544--- /dev/null 1 Jan 1970 00:00:00 -0000
1545+++ extras/Xpm/lib/s_popen.c 14 Nov 2004 13:45:05 -0000
1546@@ -0,0 +1,181 @@
1547+/*
1548+ * Copyright (C) 2004 The X.Org fundation
1549+ *
1550+ * Permission is hereby granted, free of charge, to any person
1551+ * obtaining a copy of this software and associated documentation
1552+ * files (the "Software"), to deal in the Software without
1553+ * restriction, including without limitation the rights to use, copy,
1554+ * modify, merge, publish, distribute, sublicense, and/or sell copies
1555+ * of the Software, and to permit persons to whom the Software is fur-
1556+ * nished to do so, subject to the following conditions:
1557+ *
1558+ * The above copyright notice and this permission notice shall be
1559+ * included in all copies or substantial portions of the Software.
1560+ *
1561+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
1562+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
1563+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
1564+ * NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR
1565+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
1566+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
1567+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1568+ *
1569+ * Except as contained in this notice, the name of the X.Org fundation
1570+ * shall not be used in advertising or otherwise to promote the sale,
1571+ * use or other dealings in this Software without prior written
1572+ * authorization from the X.Org fundation.
1573+ */
1574+
1575+/*
1576+** This is a secure but NOT 100% compatible replacement for popen()
1577+** Note: - don't use pclose() use fclose() for closing the returned
1578+** filedesc.!!!
1579+**
1580+** Known Bugs: - unable to use i/o-redirection like > or <
1581+** Author: - Thomas Biege <thomas@suse.de>
1582+** Credits: - Andreas Pfaller <a.pfaller@pop.gun.de> for fixing a SEGV when
1583+** calling strtok()
1584+*/
1585+
1586+#include <sys/types.h>
1587+#include <sys/wait.h>
1588+#include <stdio.h>
1589+#include <stdlib.h>
1590+#include <unistd.h>
1591+#include <string.h>
1592+
1593+#define __SEC_POPEN_TOKEN " "
1594+
1595+FILE *s_popen(char *cmd, const char *type)
1596+{
1597+ pid_t pid;
1598+ int pfd[2];
1599+ int rpipe = 0, wpipe = 0, i;
1600+ char **argv;
1601+ char *ptr;
1602+ char *cmdcpy;
1603+
1604+
1605+ if(cmd == NULL || cmd == "")
1606+ return(NULL);
1607+
1608+ if(type[0] != 'r' && type[0] != 'w')
1609+ return(NULL);
1610+
1611+ if ((cmdcpy = strdup(cmd)) == NULL)
1612+ return(NULL);
1613+
1614+ argv = NULL;
1615+ if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL)
1616+ {
1617+ free(cmdcpy);
1618+ return(NULL);
1619+ }
1620+
1621+ for(i = 0;; i++)
1622+ {
1623+ if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL)
1624+ {
1625+ free(cmdcpy);
1626+ return(NULL);
1627+ }
1628+
1629+ if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL)
1630+ {
1631+ free(cmdcpy);
1632+ return(NULL);
1633+ }
1634+
1635+ strcpy(argv[i], ptr);
1636+
1637+ if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL)
1638+ {
1639+ if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL)
1640+ {
1641+ free(cmdcpy);
1642+ return(NULL);
1643+ }
1644+ argv[i+1] = NULL;
1645+ break;
1646+ }
1647+ }
1648+
1649+
1650+ if(type[0] == 'r')
1651+ rpipe = 1;
1652+ else
1653+ wpipe = 1;
1654+
1655+ if (pipe(pfd) < 0)
1656+ {
1657+ free(cmdcpy);
1658+ return(NULL);
1659+ }
1660+
1661+ if((pid = fork()) < 0)
1662+ {
1663+ close(pfd[0]);
1664+ close(pfd[1]);
1665+ free(cmdcpy);
1666+ return(NULL);
1667+ }
1668+
1669+ if(pid == 0) /* child */
1670+ {
1671+ if((pid = fork()) < 0)
1672+ {
1673+ close(pfd[0]);
1674+ close(pfd[1]);
1675+ free(cmdcpy);
1676+ return(NULL);
1677+ }
1678+ if(pid > 0)
1679+ {
1680+ exit(0); /* child nr. 1 exits */
1681+ }
1682+
1683+ /* child nr. 2 */
1684+ if(rpipe)
1685+ {
1686+ close(pfd[0]); /* close reading end, we don't need it */
1687+ dup2(STDOUT_FILENO, STDERR_FILENO);
1688+ if (pfd[1] != STDOUT_FILENO)
1689+ dup2(pfd[1], STDOUT_FILENO); /* redirect stdout to writing end of pipe */
1690+ }
1691+ else
1692+ {
1693+ close(pfd[1]); /* close writing end, we don't need it */
1694+ if (pfd[0] != STDIN_FILENO)
1695+ dup2(pfd[0], STDIN_FILENO); /* redirect stdin to reading end of pipe */
1696+ }
1697+
1698+ if(strchr(argv[0], '/') == NULL)
1699+ execvp(argv[0], argv); /* search in $PATH */
1700+ else
1701+ execv(argv[0], argv);
1702+
1703+ close(pfd[0]);
1704+ close(pfd[1]);
1705+ free(cmdcpy);
1706+ return(NULL); /* exec failed.. ooops! */
1707+ }
1708+ else /* parent */
1709+ {
1710+ waitpid(pid, NULL, 0); /* wait for child nr. 1 */
1711+
1712+ if(rpipe)
1713+ {
1714+ close(pfd[1]);
1715+ free(cmdcpy);
1716+ return(fdopen(pfd[0], "r"));
1717+ }
1718+ else
1719+ {
1720+ close(pfd[0]);
1721+ free(cmdcpy);
1722+ return(fdopen(pfd[1], "w"));
1723+ }
1724+
1725+ }
1726+}
1727+
1728Index: extras/Xpm/lib/scan.c
1729===================================================================
1730RCS file: /cvs/XF4/xc/extras/Xpm/lib/scan.c,v
1731retrieving revision 1.3
1732diff -u -r1.3 scan.c
1733--- extras/Xpm/lib/scan.c 2 Nov 2004 23:26:39 -0000 1.3
1734+++ extras/Xpm/lib/scan.c 14 Nov 2004 13:45:05 -0000
1735@@ -43,6 +43,8 @@
1736 * Lorens Younes (d93-hyo@nada.kth.se) 4/96
1737 */
1738
1739+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
1740+
1741 #include "XpmI.h"
1742
1743 #define MAXPRINTABLE 92 /* number of printable ascii chars
1744@@ -172,10 +174,10 @@
1745 /* function call in case of error */
1746 #undef RETURN
1747 #define RETURN(status) \
1748-{ \
1749+do { \
1750 ErrorStatus = status; \
1751 goto error; \
1752-}
1753+} while(0)
1754
1755 /*
1756 * This function scans the given image and stores the found informations in
1757@@ -233,15 +235,15 @@
1758 else
1759 cpp = 0;
1760
1761- if ((height > 0 && width >= SIZE_MAX / height) ||
1762- width * height >= SIZE_MAX / sizeof(unsigned int))
1763+ if ((height > 0 && width >= UINT_MAX / height) ||
1764+ width * height >= UINT_MAX / sizeof(unsigned int))
1765 RETURN(XpmNoMemory);
1766 pmap.pixelindex =
1767 (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
1768 if (!pmap.pixelindex)
1769 RETURN(XpmNoMemory);
1770
1771- if (pmap.size >= SIZE_MAX / sizeof(Pixel))
1772+ if (pmap.size >= UINT_MAX / sizeof(Pixel))
1773 RETURN(XpmNoMemory);
1774
1775 pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
1776@@ -308,7 +310,7 @@
1777 * get rgb values and a string of char, and possibly a name for each
1778 * color
1779 */
1780- if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
1781+ if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor))
1782 RETURN(XpmNoMemory);
1783 colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
1784 if (!colorTable)
1785@@ -368,7 +370,7 @@
1786
1787 /* first get a character string */
1788 a = 0;
1789- if (cpp >= SIZE_MAX - 1)
1790+ if (cpp >= UINT_MAX - 1)
1791 return (XpmNoMemory);
1792 if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
1793 return (XpmNoMemory);
1794@@ -461,7 +463,7 @@
1795 }
1796
1797 /* first get character strings and rgb values */
1798- if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
1799+ if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1)
1800 return (XpmNoMemory);
1801 xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
1802 if (!xcolors)
1803@@ -619,7 +621,7 @@
1804 char *dst;
1805 unsigned int *iptr;
1806 char *data;
1807- int x, y, i;
1808+ unsigned int x, y, i;
1809 int bits, depth, ibu, ibpp, offset;
1810 unsigned long lbt;
1811 Pixel pixel, px;
1812@@ -721,7 +723,7 @@
1813 unsigned char *addr;
1814 unsigned char *data;
1815 unsigned int *iptr;
1816- int x, y;
1817+ unsigned int x, y;
1818 unsigned long lbt;
1819 Pixel pixel;
1820 int depth;
1821@@ -786,7 +788,7 @@
1822 unsigned char *addr;
1823 unsigned char *data;
1824 unsigned int *iptr;
1825- int x, y;
1826+ unsigned int x, y;
1827 unsigned long lbt;
1828 Pixel pixel;
1829 int depth;
1830@@ -831,7 +833,7 @@
1831 {
1832 unsigned int *iptr;
1833 unsigned char *data;
1834- int x, y;
1835+ unsigned int x, y;
1836 unsigned long lbt;
1837 Pixel pixel;
1838 int depth;
1839@@ -864,7 +866,7 @@
1840 storeFuncPtr storeFunc;
1841 {
1842 unsigned int *iptr;
1843- int x, y;
1844+ unsigned int x, y;
1845 char *data;
1846 Pixel pixel;
1847 int xoff, yoff, offset, bpl;
1848@@ -900,11 +902,11 @@
1849 # else /* AMIGA */
1850
1851 #define CLEAN_UP(status) \
1852-{\
1853+do {\
1854 if (pixels) XpmFree (pixels);\
1855 if (tmp_img) FreeXImage (tmp_img);\
1856 return (status);\
1857-}
1858+} while(0)
1859
1860 static int
1861 AGetImagePixels (
1862@@ -925,7 +927,7 @@
1863
1864 tmp_img = AllocXImage ((((width+15)>>4)<<4), 1, image->rp->BitMap->Depth);
1865 if (tmp_img == NULL)
1866- CLEAN_UP (XpmNoMemory)
1867+ CLEAN_UP (XpmNoMemory);
1868
1869 iptr = pmap->pixelindex;
1870 for (y = 0; y < height; ++y)
1871@@ -934,11 +936,11 @@
1872 for (x = 0; x < width; ++x, ++iptr)
1873 {
1874 if ((*storeFunc) (pixels[x], pmap, iptr))
1875- CLEAN_UP (XpmNoMemory)
1876+ CLEAN_UP (XpmNoMemory);
1877 }
1878 }
1879
1880- CLEAN_UP (XpmSuccess)
1881+ CLEAN_UP (XpmSuccess);
1882 }
1883
1884 #undef CLEAN_UP
1885Index: lib/Xpm/Imakefile
1886===================================================================
1887RCS file: /cvs/XF4/xc/lib/Xpm/Imakefile,v
1888retrieving revision 1.3
1889diff -u -r1.3 Imakefile
1890--- lib/Xpm/Imakefile 2 Nov 2004 23:47:45 -0000 1.3
1891+++ lib/Xpm/Imakefile 14 Nov 2004 13:45:05 -0000
1892@@ -46,12 +46,20 @@
1893 STRLCATDEF = -DHAS_STRLCAT
1894 #endif
1895
1896+#if HasSnprintf
1897+SNPRINTFDEF = -DHAS_SNPRINTF
1898+#else
1899+SNPRINTFDEF = -Dsnprintf=_XpmSnprintf
1900+SNPRINTFSRCS = snprintf.c
1901+SNPRINTFOBJS = snprintf.o
1902+#endif
1903+
1904 #if defined(Win32Architecture)
1905 ZPIPEDEF = -DNO_ZPIPE
1906 #endif
1907
1908 DEFINES = $(STRDUPDEF) $(STRCASECMPDEF) $(SPRINTFDEF) $(STRLCATDEF) \
1909- $(ZPIPEDEF) $(ZFILEDEF)
1910+ $(SNPRINTFDEF) $(ZPIPEDEF) $(ZFILEDEF)
1911
1912 HEADERS = xpm.h
1913
1914@@ -59,13 +67,15 @@
1915 CrBufFrI.c CrDatFrP.c CrPFrBuf.c RdFToI.c WrFFrI.c \
1916 CrBufFrP.c CrIFrBuf.c CrPFrDat.c RdFToP.c WrFFrP.c \
1917 CrDatFrI.c CrIFrDat.c RdFToDat.c WrFFrDat.c \
1918- Attrib.c CrIFrP.c CrPFrI.c Image.c Info.c RdFToBuf.c WrFFrBuf.c
1919+ Attrib.c CrIFrP.c CrPFrI.c Image.c Info.c RdFToBuf.c WrFFrBuf.c \
1920+ s_popen.c $(SNPRINTFSRCS)
1921
1922 OBJS = data.o create.o misc.o rgb.o scan.o parse.o hashtab.o \
1923 CrBufFrI.o CrDatFrP.o CrPFrBuf.o RdFToI.o WrFFrI.o \
1924 CrBufFrP.o CrIFrBuf.o CrPFrDat.o RdFToP.o WrFFrP.o \
1925 CrDatFrI.o CrIFrDat.o RdFToDat.o WrFFrDat.o \
1926- Attrib.o CrIFrP.o CrPFrI.o Image.o Info.o RdFToBuf.o WrFFrBuf.o
1927+ Attrib.o CrIFrP.o CrPFrI.o Image.o Info.o RdFToBuf.o WrFFrBuf.o \
1928+ s_popen.o $(SNPRINTFOBJS)
1929
1930 XPMDIR = $(TOP)/extras/Xpm
1931 XPMLIBDIR = $(TOP)/extras/Xpm/lib
1932@@ -104,5 +114,10 @@
1933 LinkSourceFile(RdFToBuf.c,$(XPMLIBDIR))
1934 LinkSourceFile(WrFFrBuf.c,$(XPMLIBDIR))
1935 LinkSourceFile(xpm.h,$(XPMLIBDIR))
1936+LinkSourceFile(s_popen.c,$(XPMLIBDIR))
1937+
1938+#if !HasSnprintf
1939+LinkSourceFile(snprintf.c,$(LIBSRC)/misc)
1940+#endif
1941
1942 DependTarget()
This page took 0.231452 seconds and 4 git commands to generate.