summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamuli Suominen <drac@gentoo.org>2007-02-05 19:27:27 +0000
committerSamuli Suominen <drac@gentoo.org>2007-02-05 19:27:27 +0000
commitc4ad462f10d443eab0dd5860908061df7ef6ef82 (patch)
treead36cbf1bb6216d59b7cc300a61b87ea01355dc3 /media-libs/imlib/files/imlib-security.patch
parentStable on ppc wrt bug #162039. (diff)
downloadgentoo-2-c4ad462f10d443eab0dd5860908061df7ef6ef82.tar.gz
gentoo-2-c4ad462f10d443eab0dd5860908061df7ef6ef82.tar.bz2
gentoo-2-c4ad462f10d443eab0dd5860908061df7ef6ef82.zip
Fix fix for 3425, sed call was outdated. Remove USE static. Fix autotools handling. Fix documentation installation. Clean up. Will be unmasked soon, running some tests.
Diffstat (limited to 'media-libs/imlib/files/imlib-security.patch')
-rw-r--r--media-libs/imlib/files/imlib-security.patch510
1 files changed, 510 insertions, 0 deletions
diff --git a/media-libs/imlib/files/imlib-security.patch b/media-libs/imlib/files/imlib-security.patch
new file mode 100644
index 000000000000..c820270d47e1
--- /dev/null
+++ b/media-libs/imlib/files/imlib-security.patch
@@ -0,0 +1,510 @@
+diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c
+--- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002
++++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004
+@@ -4,6 +4,8 @@
+ #include "Imlib_private.h"
+ #include <setjmp.h>
+
++#define G_MAXINT ((int) 0x7fffffff)
++
+ /* Split the ID - damages input */
+
+ static char *
+@@ -41,13 +43,17 @@
+
+ /*
+ * Make sure we don't wrap on our memory allocations
++ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp
++ * + 3 is safety margin
+ */
+
+ void * _imlib_malloc_image(unsigned int w, unsigned int h)
+ {
+- if( w > 32767 || h > 32767)
+- return NULL;
+- return malloc(w * h * 3);
++ if (w <= 0 || w > 32767 ||
++ h <= 0 || h > 32767 ||
++ h >= (G_MAXINT/4 - 1) / w)
++ return NULL;
++ return malloc(w * h * 3 + 3);
+ }
+
+ #ifdef HAVE_LIBJPEG
+@@ -360,7 +366,9 @@
+ npix = ww * hh;
+ *w = (int)ww;
+ *h = (int)hh;
+- if(ww > 32767 || hh > 32767)
++ if (ww <= 0 || ww > 32767 ||
++ hh <= 0 || hh > 32767 ||
++ hh >= (G_MAXINT/sizeof(uint32)) / ww)
+ {
+ TIFFClose(tif);
+ return NULL;
+@@ -463,7 +471,7 @@
+ }
+ *w = gif->Image.Width;
+ *h = gif->Image.Height;
+- if (*h > 32767 || *w > 32767)
++ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
+ {
+ return NULL;
+ }
+@@ -965,7 +973,12 @@
+ comment = 0;
+ quote = 0;
+ context = 0;
++ memset(lookup, 0, sizeof(lookup));
++
+ line = malloc(lsz);
++ if (!line)
++ return NULL;
++
+ while (!done)
+ {
+ pc = c;
+@@ -994,25 +1007,25 @@
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (*w > 32767)
++ if (*w <= 0 || *w > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ free(line);
+ return NULL;
+ }
+- if (*h > 32767)
++ if (*h <= 0 || *h > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ free(line);
+@@ -1045,11 +1058,13 @@
+ {
+ int slen;
+ int hascolor, iscolor;
++ int space;
+
+ iscolor = 0;
+ hascolor = 0;
+ tok[0] = 0;
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ s[0] = 0;
+ len = strlen(line);
+ strncpy(cmap[j].str, line, cpp);
+@@ -1072,10 +1087,10 @@
+ {
+ if (k >= len)
+ {
+- if (col[0])
+- strcat(col, " ");
+- if (strlen(col) + strlen(s) < sizeof(col))
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ if (col[0])
+ {
+@@ -1105,14 +1120,17 @@
+ }
+ }
+ }
+- strcpy(tok, s);
++ if (slen < sizeof(tok));
++ strcpy(tok, s);
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ }
+ else
+ {
+- if (col[0])
+- strcat(col, " ");
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -=1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ }
+ }
+@@ -1341,12 +1359,12 @@
+ sscanf(s, "%i %i", w, h);
+ a = *w;
+ b = *h;
+- if (a > 32767)
++ if (a <= 0 || a > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (b > 32767)
++ if (b <= 0 || b > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ return NULL;
+diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c
+--- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002
++++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004
+@@ -1496,36 +1496,56 @@
+ context = 0;
+ ptr = NULL;
+ end = NULL;
++ memset(lookup, 0, sizeof(lookup));
+
+ while (!done)
+ {
+ line = data[count++];
++ if (!line)
++ break;
++ line = strdup(line);
++ if (!line)
++ break;
++ len = strlen(line);
++ for (i = 0; i < len; ++i)
++ {
++ c = line[i];
++ if (c < 32)
++ line[i] = 32;
++ else if (c > 127)
++ line[i] = 127;
++ }
++
+ if (context == 0)
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (w > 32767)
++ if (w <= 0 || w > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (h > 32767)
++ if (h <= 0 || h > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+ cmap = malloc(sizeof(struct _cmap) * ncolors);
+@@ -1533,6 +1553,7 @@
+ if (!cmap)
+ {
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->rgb_width = w;
+@@ -1542,6 +1563,7 @@
+ {
+ free(cmap);
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->alpha_data = NULL;
+@@ -1817,6 +1839,7 @@
+ }
+ if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
+ done = 1;
++ free(line);
+ }
+ if (!transp)
+ {
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c
+--- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004
+@@ -55,7 +55,7 @@
+ }
+ *w = gif->Image.Width;
+ *h = gif->Image.Height;
+- if(*h > 32767 || *w > 32767)
++ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
+ {
+ return NULL;
+ }
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c
+--- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004
+@@ -53,12 +53,12 @@
+ sscanf(s, "%i %i", w, h);
+ a = *w;
+ b = *h;
+- if (a > 32767)
++ if (a <= 0 || a > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (b > 32767)
++ if (b <= 0 || b > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
+ return NULL;
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c
+--- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004
+@@ -36,7 +36,9 @@
+ npix = ww * hh;
+ *w = (int)ww;
+ *h = (int)hh;
+- if(ww > 32767 || hh > 32767)
++ if (ww <= 0 || ww > 32767 ||
++ hh <= 0 || hh > 32767 ||
++ hh >= (G_MAXINT/sizeof(uint32)) / ww)
+ {
+ TIFFClose(tif);
+ return NULL;
+diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c
+--- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004
+@@ -40,8 +40,12 @@
+ context = 0;
+ i = j = 0;
+ cmap = NULL;
++ memset(lookup, 0, sizeof(lookup));
+
+ line = malloc(lsz);
++ if (!line)
++ return NULL;
++
+ while (!done)
+ {
+ pc = c;
+@@ -70,25 +74,25 @@
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (*w > 32767)
++ if (*w <= 0 || *w > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
+ free(line);
+ return NULL;
+ }
+- if (*h > 32767)
++ if (*h <= 0 || *h > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
+ free(line);
+@@ -120,11 +124,13 @@
+ {
+ int slen;
+ int hascolor, iscolor;
++ int space;
+
+ hascolor = 0;
+ iscolor = 0;
+ tok[0] = 0;
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ s[0] = 0;
+ len = strlen(line);
+ strncpy(cmap[j].str, line, cpp);
+@@ -147,10 +153,10 @@
+ {
+ if (k >= len)
+ {
+- if (col[0])
+- strcat(col, " ");
+- if (strlen(col) + strlen(s) < sizeof(col))
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strncat(col, " ", space), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ if (col[0])
+ {
+@@ -180,14 +186,17 @@
+ }
+ }
+ }
+- strcpy(tok, s);
++ if (slen < sizeof(tok))
++ strcpy(tok, s);
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ }
+ else
+ {
+- if (col[0])
+- strcat(col, " ");
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ }
+ }
+diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c
+--- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004
+@@ -1355,11 +1355,16 @@
+
+ /*
+ * Make sure we don't wrap on our memory allocations
++ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp
++ * + 3 is safety margin
+ */
+
+ void *_gdk_malloc_image(unsigned int w, unsigned int h)
+ {
+- if( w > 32767 || h > 32767)
++ if (w <= 0 || w > 32767 ||
++ h <= 0 || h > 32767 ||
++ h >= (G_MAXINT/4 - 1) / w)
+ return NULL;
+- return malloc(w * h * 3);
++ return malloc(w * h * 3 + 3);
+ }
++
+diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c
+--- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002
++++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004
+@@ -1236,36 +1236,56 @@
+ context = 0;
+ ptr = NULL;
+ end = NULL;
++ memset(lookup, 0, sizeof(lookup));
+
+ while (!done)
+ {
+ line = data[count++];
++ if (!line)
++ break;
++ line = strdup(line);
++ if (!line)
++ break;
++ len = strlen(line);
++ for (i = 0; i < len; ++i)
++ {
++ c = line[i];
++ if (c < 32)
++ line[i] = 32;
++ else if (c > 127)
++ line[i] = 127;
++ }
++
+ if (context == 0)
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (w > 32767)
++ if (w <= 0 || w > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+- if (h > 32767)
++ if (h <= 0 || h > 32767)
+ {
+ fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n");
+ free(im);
++ free(line);
+ return NULL;
+ }
+ cmap = malloc(sizeof(struct _cmap) * ncolors);
+@@ -1273,6 +1293,7 @@
+ if (!cmap)
+ {
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->rgb_width = w;
+@@ -1282,6 +1303,7 @@
+ {
+ free(cmap);
+ free(im);
++ free(line);
+ return NULL;
+ }
+ im->alpha_data = NULL;
+@@ -1355,7 +1377,7 @@
+ strcpy(col + colptr, " ");
+ colptr++;
+ }
+- if (colptr + ls <= sizeof(col))
++ if (colptr + ls < sizeof(col))
+ {
+ strcpy(col + colptr, s);
+ colptr += ls;
+@@ -1558,6 +1580,7 @@
+ }
+ if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
+ done = 1;
++ free(line);
+ }
+ if (!transp)
+ {