diff options
author | Samuli Suominen <drac@gentoo.org> | 2007-02-05 19:27:27 +0000 |
---|---|---|
committer | Samuli Suominen <drac@gentoo.org> | 2007-02-05 19:27:27 +0000 |
commit | c4ad462f10d443eab0dd5860908061df7ef6ef82 (patch) | |
tree | ad36cbf1bb6216d59b7cc300a61b87ea01355dc3 /media-libs/imlib/files/imlib-security.patch | |
parent | Stable on ppc wrt bug #162039. (diff) | |
download | gentoo-2-c4ad462f10d443eab0dd5860908061df7ef6ef82.tar.gz gentoo-2-c4ad462f10d443eab0dd5860908061df7ef6ef82.tar.bz2 gentoo-2-c4ad462f10d443eab0dd5860908061df7ef6ef82.zip |
Fix fix for 3425, sed call was outdated. Remove USE static. Fix autotools handling. Fix documentation installation. Clean up. Will be unmasked soon, running some tests.
Diffstat (limited to 'media-libs/imlib/files/imlib-security.patch')
-rw-r--r-- | media-libs/imlib/files/imlib-security.patch | 510 |
1 files changed, 510 insertions, 0 deletions
diff --git a/media-libs/imlib/files/imlib-security.patch b/media-libs/imlib/files/imlib-security.patch new file mode 100644 index 000000000000..c820270d47e1 --- /dev/null +++ b/media-libs/imlib/files/imlib-security.patch @@ -0,0 +1,510 @@ +diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c +--- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002 ++++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004 +@@ -4,6 +4,8 @@ + #include "Imlib_private.h" + #include <setjmp.h> + ++#define G_MAXINT ((int) 0x7fffffff) ++ + /* Split the ID - damages input */ + + static char * +@@ -41,13 +43,17 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void * _imlib_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) +- return NULL; +- return malloc(w * h * 3); ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) ++ return NULL; ++ return malloc(w * h * 3 + 3); + } + + #ifdef HAVE_LIBJPEG +@@ -360,7 +366,9 @@ + npix = ww * hh; + *w = (int)ww; + *h = (int)hh; +- if(ww > 32767 || hh > 32767) ++ if (ww <= 0 || ww > 32767 || ++ hh <= 0 || hh > 32767 || ++ hh >= (G_MAXINT/sizeof(uint32)) / ww) + { + TIFFClose(tif); + return NULL; +@@ -463,7 +471,7 @@ + } + *w = gif->Image.Width; + *h = gif->Image.Height; +- if (*h > 32767 || *w > 32767) ++ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) + { + return NULL; + } +@@ -965,7 +973,12 @@ + comment = 0; + quote = 0; + context = 0; ++ memset(lookup, 0, sizeof(lookup)); ++ + line = malloc(lsz); ++ if (!line) ++ return NULL; ++ + while (!done) + { + pc = c; +@@ -994,25 +1007,25 @@ + { + /* Header */ + sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n"); + free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n"); + free(line); + return NULL; + } +- if (*w > 32767) ++ if (*w <= 0 || *w > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + free(line); + return NULL; + } +- if (*h > 32767) ++ if (*h <= 0 || *h > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + free(line); +@@ -1045,11 +1058,13 @@ + { + int slen; + int hascolor, iscolor; ++ int space; + + iscolor = 0; + hascolor = 0; + tok[0] = 0; + col[0] = 0; ++ space = sizeof(col) - 1; + s[0] = 0; + len = strlen(line); + strncpy(cmap[j].str, line, cpp); +@@ -1072,10 +1087,10 @@ + { + if (k >= len) + { +- if (col[0]) +- strcat(col, " "); +- if (strlen(col) + strlen(s) < sizeof(col)) +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + if (col[0]) + { +@@ -1105,14 +1120,17 @@ + } + } + } +- strcpy(tok, s); ++ if (slen < sizeof(tok)); ++ strcpy(tok, s); + col[0] = 0; ++ space = sizeof(col) - 1; + } + else + { +- if (col[0]) +- strcat(col, " "); +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -=1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + } + } +@@ -1341,12 +1359,12 @@ + sscanf(s, "%i %i", w, h); + a = *w; + b = *h; +- if (a > 32767) ++ if (a <= 0 || a > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (b > 32767) ++ if (b <= 0 || b > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + return NULL; +diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c +--- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002 ++++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004 +@@ -1496,36 +1496,56 @@ + context = 0; + ptr = NULL; + end = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + while (!done) + { + line = data[count++]; ++ if (!line) ++ break; ++ line = strdup(line); ++ if (!line) ++ break; ++ len = strlen(line); ++ for (i = 0; i < len; ++i) ++ { ++ c = line[i]; ++ if (c < 32) ++ line[i] = 32; ++ else if (c > 127) ++ line[i] = 127; ++ } ++ + if (context == 0) + { + /* Header */ + sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (w > 32767) ++ if (w <= 0 || w > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } +- if (h > 32767) ++ if (h <= 0 || h > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } + cmap = malloc(sizeof(struct _cmap) * ncolors); +@@ -1533,6 +1553,7 @@ + if (!cmap) + { + free(im); ++ free(line); + return NULL; + } + im->rgb_width = w; +@@ -1542,6 +1563,7 @@ + { + free(cmap); + free(im); ++ free(line); + return NULL; + } + im->alpha_data = NULL; +@@ -1817,6 +1839,7 @@ + } + if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) + done = 1; ++ free(line); + } + if (!transp) + { +diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c +--- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004 +@@ -55,7 +55,7 @@ + } + *w = gif->Image.Width; + *h = gif->Image.Height; +- if(*h > 32767 || *w > 32767) ++ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) + { + return NULL; + } +diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c +--- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004 +@@ -53,12 +53,12 @@ + sscanf(s, "%i %i", w, h); + a = *w; + b = *h; +- if (a > 32767) ++ if (a <= 0 || a > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (b > 32767) ++ if (b <= 0 || b > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); + return NULL; +diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c +--- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004 +@@ -36,7 +36,9 @@ + npix = ww * hh; + *w = (int)ww; + *h = (int)hh; +- if(ww > 32767 || hh > 32767) ++ if (ww <= 0 || ww > 32767 || ++ hh <= 0 || hh > 32767 || ++ hh >= (G_MAXINT/sizeof(uint32)) / ww) + { + TIFFClose(tif); + return NULL; +diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c +--- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004 +@@ -40,8 +40,12 @@ + context = 0; + i = j = 0; + cmap = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + line = malloc(lsz); ++ if (!line) ++ return NULL; ++ + while (!done) + { + pc = c; +@@ -70,25 +74,25 @@ + { + /* Header */ + sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n"); + free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n"); + free(line); + return NULL; + } +- if (*w > 32767) ++ if (*w <= 0 || *w > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); + free(line); + return NULL; + } +- if (*h > 32767) ++ if (*h <= 0 || *h > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); + free(line); +@@ -120,11 +124,13 @@ + { + int slen; + int hascolor, iscolor; ++ int space; + + hascolor = 0; + iscolor = 0; + tok[0] = 0; + col[0] = 0; ++ space = sizeof(col) - 1; + s[0] = 0; + len = strlen(line); + strncpy(cmap[j].str, line, cpp); +@@ -147,10 +153,10 @@ + { + if (k >= len) + { +- if (col[0]) +- strcat(col, " "); +- if (strlen(col) + strlen(s) < sizeof(col)) +- strcat(col, s); ++ if (col[0] && space > 0) ++ strncat(col, " ", space), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + if (col[0]) + { +@@ -180,14 +186,17 @@ + } + } + } +- strcpy(tok, s); ++ if (slen < sizeof(tok)) ++ strcpy(tok, s); + col[0] = 0; ++ space = sizeof(col) - 1; + } + else + { +- if (col[0]) +- strcat(col, " "); +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + } + } +diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c +--- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004 +@@ -1355,11 +1355,16 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void *_gdk_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) + return NULL; +- return malloc(w * h * 3); ++ return malloc(w * h * 3 + 3); + } ++ +diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c +--- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004 +@@ -1236,36 +1236,56 @@ + context = 0; + ptr = NULL; + end = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + while (!done) + { + line = data[count++]; ++ if (!line) ++ break; ++ line = strdup(line); ++ if (!line) ++ break; ++ len = strlen(line); ++ for (i = 0; i < len; ++i) ++ { ++ c = line[i]; ++ if (c < 32) ++ line[i] = 32; ++ else if (c > 127) ++ line[i] = 127; ++ } ++ + if (context == 0) + { + /* Header */ + sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (w > 32767) ++ if (w <= 0 || w > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } +- if (h > 32767) ++ if (h <= 0 || h > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } + cmap = malloc(sizeof(struct _cmap) * ncolors); +@@ -1273,6 +1293,7 @@ + if (!cmap) + { + free(im); ++ free(line); + return NULL; + } + im->rgb_width = w; +@@ -1282,6 +1303,7 @@ + { + free(cmap); + free(im); ++ free(line); + return NULL; + } + im->alpha_data = NULL; +@@ -1355,7 +1377,7 @@ + strcpy(col + colptr, " "); + colptr++; + } +- if (colptr + ls <= sizeof(col)) ++ if (colptr + ls < sizeof(col)) + { + strcpy(col + colptr, s); + colptr += ls; +@@ -1558,6 +1580,7 @@ + } + if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) + done = 1; ++ free(line); + } + if (!transp) + { |