aboutsummaryrefslogtreecommitdiffstats
path: root/graphics
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2005-01-21 23:20:34 +0800
committernectar <nectar@FreeBSD.org>2005-01-21 23:20:34 +0800
commit81de51dc29a1a92594a0d7ef82b3a7019ef8b93a (patch)
treec8497321f6e5d9e837d7e4af11ab2750f04dd77e /graphics
parent3db838f85601e9b18671e625ae40f5c978fe2987 (diff)
downloadfreebsd-ports-gnome-81de51dc29a1a92594a0d7ef82b3a7019ef8b93a.tar.gz
freebsd-ports-gnome-81de51dc29a1a92594a0d7ef82b3a7019ef8b93a.tar.zst
freebsd-ports-gnome-81de51dc29a1a92594a0d7ef82b3a7019ef8b93a.zip
Correct serious bugs in imlib2's xpm loader.
Obtained from: enlightenment CVS Security: http://vuxml.freebsd.org/2001103a-6bbd-11d9-851d-000a95bc6fae.html
Diffstat (limited to 'graphics')
-rw-r--r--graphics/imlib2/Makefile2
-rw-r--r--graphics/imlib2/files/patch-security-190
2 files changed, 91 insertions, 1 deletions
diff --git a/graphics/imlib2/Makefile b/graphics/imlib2/Makefile
index 4b455aee63e3..75fe904daf83 100644
--- a/graphics/imlib2/Makefile
+++ b/graphics/imlib2/Makefile
@@ -7,7 +7,7 @@
PORTNAME= imlib2
PORTVERSION= 1.1.2
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= enlightenment
diff --git a/graphics/imlib2/files/patch-security-1 b/graphics/imlib2/files/patch-security-1
new file mode 100644
index 000000000000..520160f14fed
--- /dev/null
+++ b/graphics/imlib2/files/patch-security-1
@@ -0,0 +1,90 @@
+===================================================================
+RCS file: /cvsroot/enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -r1.2 -r1.3
+--- enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c 2004/12/14 03:50:46 1.2
++++ loaders/loader_xpm.c 2005/01/04 03:34:03 1.3
+@@ -192,37 +192,37 @@
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if ((ncolors > 32766) || (ncolors < 1))
+ {
+ fprintf(stderr,
+- "IMLIB ERROR: XPM files with colors > 32766 not supported\n");
++ "IMLIB ERROR: XPM files with colors > 32766 or < 1 not supported\n");
+ free(line);
+ fclose(f);
+ xpm_parse_done();
+ return 0;
+ }
+- if (cpp > 5)
++ if ((cpp > 5) || (cpp < 1))
+ {
+ fprintf(stderr,
+- "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
++ "IMLIB ERROR: XPM files with characters per pixel > 5 or < 1not supported\n");
+ free(line);
+ fclose(f);
+ xpm_parse_done();
+ return 0;
+ }
+- if (w > 32767)
++ if ((w > 32767) || (w < 1))
+ {
+ fprintf(stderr,
+- "IMLIB ERROR: Image width > 32767 pixels for file\n");
++ "IMLIB ERROR: Image width > 32767 or < 1 pixels for file\n");
+ free(line);
+ fclose(f);
+ xpm_parse_done();
+ return 0;
+ }
+- if (h > 32767)
++ if ((h > 32767) || (h < 1))
+ {
+ fprintf(stderr,
+- "IMLIB ERROR: Image height > 32767 pixels for file\n");
++ "IMLIB ERROR: Image height > 32767 or < 1 pixels for file\n");
+ free(line);
+ fclose(f);
+ xpm_parse_done();
+@@ -284,9 +284,14 @@
+ if (k >= len)
+ {
+ if (col[0])
+- strcat(col, " ");
++ {
++ if (strlen(col) < ( sizeof(col) - 2))
++ strcat(col, " ");
++ else
++ done = 1;
++ }
+ if (strlen(col) + strlen(s) <
+- sizeof(col))
++ (sizeof(col) - 1))
+ strcat(col, s);
+ }
+ if (col[0])
+@@ -322,9 +327,16 @@
+ }
+ else
+ {
+- if (col[0])
+- strcat(col, " ");
+- strcat(col, s);
++ if (col[0])
++ {
++ if (strlen(col) < ( sizeof(col) - 2))
++ strcat(col, " ");
++ else
++ done = 1;
++ }
++ if (strlen(col) + strlen(s) <
++ (sizeof(col) - 1))
++ strcat(col, s);
+ }
+ }
+ }