diff options
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch | 421 | ||||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch.bz2 | bin | 3274 -> 0 bytes | |||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914-newer.patch.bz2 | bin | 12300 -> 0 bytes | |||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914.patch.bz2 | bin | 11702 -> 0 bytes | |||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch | 421 | ||||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch.bz2 | bin | 3362 -> 0 bytes | |||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914-newer.patch.bz2 | bin | 11986 -> 0 bytes | |||
-rw-r--r-- | x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914.patch.bz2 | bin | 11770 -> 0 bytes |
8 files changed, 842 insertions, 0 deletions
diff --git a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch b/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch new file mode 100644 index 000000000000..effb24834126 --- /dev/null +++ b/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch @@ -0,0 +1,421 @@ +--- motif/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2000-04-28 17:05:22.000000000 +0200 ++++ motif/lib/Xm/Xpmhashtab.c 2004-10-05 13:37:32.477639974 +0200 +@@ -136,7 +136,7 @@ + xpmHashTable *table; + { + xpmHashAtom *atomTable = table->atomTable; +- int size = table->size; ++ unsigned int size = table->size; + xpmHashAtom *t, *p; + int i; + int oldSize = size; +@@ -145,6 +145,8 @@ + HASH_TABLE_GROWS + table->size = size; + table->limit = size / 3; ++ if (size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +@@ -205,6 +207,8 @@ + table->size = INITIAL_HASH_SIZE; + table->limit = table->size / 3; + table->used = 0; ++ if (table->size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +--- motif/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2000-04-28 17:05:22.000000000 +0200 ++++ motif/lib/Xm/XpmWrFFrI.c 2004-10-05 13:37:32.479639699 +0200 +@@ -239,6 +239,8 @@ + unsigned int x, y, h; + + h = height - 1; ++ if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) ++ return (XpmNoMemory); + p = buf = (char *) XpmMalloc(width * cpp + 3); + if (!buf) + return (XpmNoMemory); +--- motif/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2000-04-28 17:05:21.000000000 +0200 ++++ motif/lib/Xm/Xpmdata.c 2004-10-05 13:37:32.481639425 +0200 +@@ -371,7 +371,7 @@ + { + if (!mdata->type) + *cmt = NULL; +- else if (mdata->CommentLength) { ++ else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { + *cmt = (char *) XpmMalloc(mdata->CommentLength + 1); + strncpy(*cmt, mdata->Comment, mdata->CommentLength); + (*cmt)[mdata->CommentLength] = '\0'; +--- motif/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-10-05 13:37:32.253670716 +0200 ++++ motif/lib/Xm/XpmI.h 2004-10-05 13:37:32.483639150 +0200 +@@ -179,6 +179,18 @@ + boundCheckingCalloc((long)(nelem),(long) (elsize)) + #endif + ++#if defined(SCO) || defined(__USLC__) ++#include <stdint.h> /* For SIZE_MAX */ ++#endif ++#include <limits.h> ++#ifndef SIZE_MAX ++# ifdef ULONG_MAX ++# define SIZE_MAX ULONG_MAX ++# else ++# define SIZE_MAX UINT_MAX ++# endif ++#endif ++ + #define XPMMAXCMTLEN BUFSIZ + typedef struct { + unsigned int type; +@@ -276,9 +288,9 @@ + } *xpmHashAtom; + + typedef struct { +- int size; +- int limit; +- int used; ++ unsigned int size; ++ unsigned int limit; ++ unsigned int used; + xpmHashAtom *atomTable; + } xpmHashTable; + +--- motif/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2000-04-28 17:05:22.000000000 +0200 ++++ motif/lib/Xm/XpmCrDatFrI.c 2004-10-05 13:37:32.485638876 +0200 +@@ -129,6 +129,8 @@ + */ + header_nlines = 1 + image->ncolors; + header_size = sizeof(char *) * header_nlines; ++ if (header_size >= SIZE_MAX / sizeof(char *)) ++ return (XpmNoMemory); + header = (char **) XpmCalloc(header_size, sizeof(char *)); + if (!header) + return (XpmNoMemory); +--- motif/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2000-04-28 17:05:21.000000000 +0200 ++++ motif/lib/Xm/Xpmscan.c 2004-10-05 13:37:32.487638601 +0200 +@@ -93,7 +93,8 @@ + LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, + XpmAttributes *attributes)); + +-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, ++LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, ++ unsigned int ncolors, + Pixel *pixels, unsigned int mask, + unsigned int cpp, XpmAttributes *attributes)); + +@@ -220,11 +221,17 @@ + else + cpp = 0; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ RETURN(XpmNoMemory); + pmap.pixelindex = + (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); + if (!pmap.pixelindex) + RETURN(XpmNoMemory); + ++ if (pmap.size >= SIZE_MAX / sizeof(Pixel)) ++ RETURN(XpmNoMemory); ++ + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); + if (!pmap.pixels) + RETURN(XpmNoMemory); +@@ -280,6 +287,8 @@ + * color + */ + ++ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ RETURN(XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); + if (!colorTable) + RETURN(XpmNoMemory); +@@ -327,6 +336,8 @@ + + /* first get a character string */ + a = 0; ++ if (cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) + return (XpmNoMemory); + *s++ = printable[c = a % MAXPRINTABLE]; +@@ -374,7 +385,7 @@ + ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) + Display *display; + XpmColor *colors; +- int ncolors; ++ unsigned int ncolors; + Pixel *pixels; + unsigned int mask; + unsigned int cpp; +@@ -418,6 +429,8 @@ + } + + /* first get character strings and rgb values */ ++ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); + if (!xcolors) + return (XpmNoMemory); +--- motif/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2000-04-28 17:05:22.000000000 +0200 ++++ motif/lib/Xm/XpmAttrib.c 2004-10-05 13:37:32.489638327 +0200 +@@ -36,8 +36,8 @@ + #include "XpmI.h" + + /* 3.2 backward compatibility code */ +-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, +- XpmColor ***oldct)); ++LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, ++ XpmColor ***oldct)); + + LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); + +@@ -47,12 +47,15 @@ + static int + CreateOldColorTable(ct, ncolors, oldct) + XpmColor *ct; +- int ncolors; ++ unsigned int ncolors; + XpmColor ***oldct; + { + XpmColor **colorTable, **color; + int a; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) ++ return XpmNoMemory; ++ + colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); + if (!colorTable) { + *oldct = NULL; +--- motif/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2000-04-28 17:05:21.000000000 +0200 ++++ motif/lib/Xm/Xpmcreate.c 2004-10-05 13:37:32.493637778 +0200 +@@ -799,6 +799,9 @@ + + ErrorStatus = XpmSuccess; + ++ if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return (XpmNoMemory); ++ + /* malloc pixels index tables */ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors); + if (!image_pixels) +@@ -942,6 +945,8 @@ + return (XpmNoMemory); + + #ifndef FOR_MSW ++ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) ++ return XpmNoMemory; + /* now that bytes_per_line must have been set properly alloc data */ + (*image_return)->data = + (char *) XpmMalloc((*image_return)->bytes_per_line * height); +@@ -1987,6 +1992,9 @@ + xpmGetCmt(data, &colors_cmt); + + /* malloc pixels index tables */ ++ if (ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return XpmNoMemory; ++ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); + if (!image_pixels) + RETURN(XpmNoMemory); +@@ -2200,6 +2208,9 @@ + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -2298,6 +2309,9 @@ + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; +--- motif/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2000-04-28 17:05:21.000000000 +0200 ++++ motif/lib/Xm/Xpmparse.c 2004-10-05 13:37:32.495637503 +0200 +@@ -41,6 +41,25 @@ + + #include "XpmI.h" + #include <ctype.h> ++#include <string.h> ++ ++#ifdef HAS_STRLCAT ++# define STRLCAT(dst, src, dstsize) { \ ++ if (strlcat(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlcpy(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++#else ++# define STRLCAT(dst, src, dstsize) { \ ++ if ((strlen(dst) + strlen(src)) < (dstsize)) \ ++ strcat(dst, src); \ ++ else return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlen(src) < (dstsize)) \ ++ strcpy(dst, src); \ ++ else return (XpmFileInvalid); } ++#endif + + LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, + unsigned int height, unsigned int ncolors, +@@ -209,7 +228,7 @@ + unsigned int *extensions; + { + unsigned int l; +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + + if (!data->format) { /* XPM 2 or 3 */ + +@@ -318,10 +337,10 @@ + XpmColor **colorTablePtr; + xpmHashTable *hashtable; + { +- unsigned int key, l, a, b; ++ unsigned int key, l, a, b, len; + unsigned int curkey; /* current color key */ + unsigned int lastwaskey; /* key read */ +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + char curbuf[BUFSIZ]; /* current buffer */ + char **sptr, *s; + XpmColor *color; +@@ -329,6 +348,8 @@ + char **defaults; + int ErrorStatus; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ return (XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); + if (!colorTable) + return (XpmNoMemory); +@@ -340,6 +361,10 @@ + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -377,13 +402,14 @@ + } + if (!lastwaskey && key < NKEYS) { /* open new key */ + if (curkey) { /* flush string */ +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } + defaults[curkey] = s; +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + curkey = key + 1; /* set new key */ + *curbuf = '\0'; /* reset curbuf */ +@@ -394,9 +420,9 @@ + return (XpmFileInvalid); + } + if (!lastwaskey) +- strcat(curbuf, " "); /* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf);/* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */ + lastwaskey = 0; + } + } +@@ -404,12 +430,13 @@ + xpmFreeColorTable(colorTable, ncolors); + return (XpmFileInvalid); + } +- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = defaults[curkey] = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + } else { /* XPM 1 */ + /* get to the beginning of the first string */ +@@ -422,6 +449,10 @@ + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -450,16 +481,17 @@ + *curbuf = '\0'; /* init curbuf */ + while (l = xpmNextWord(data, buf, BUFSIZ)) { + if (*curbuf != '\0') +- strcat(curbuf, " ");/* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf); /* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */ + } +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + color->c_color = s; + *curbuf = '\0'; /* reset curbuf */ + if (a < ncolors - 1) +@@ -484,6 +516,9 @@ + unsigned int *iptr, *iptr2; + unsigned int a, x, y; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ return XpmNoMemory; + #ifndef FOR_MSW + iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); + #else +@@ -507,6 +542,9 @@ + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -584,6 +622,9 @@ + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; diff --git a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch.bz2 b/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch.bz2 Binary files differdeleted file mode 100644 index 74b5f57de2b6..000000000000 --- a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0687-0688.patch.bz2 +++ /dev/null diff --git a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914-newer.patch.bz2 b/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914-newer.patch.bz2 Binary files differdeleted file mode 100644 index 5fcca2427f93..000000000000 --- a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914-newer.patch.bz2 +++ /dev/null diff --git a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914.patch.bz2 b/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914.patch.bz2 Binary files differdeleted file mode 100644 index 7a41cf2ca6b0..000000000000 --- a/x11-libs/openmotif/files/openmotif-2.1.30-CAN-2004-0914.patch.bz2 +++ /dev/null diff --git a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch b/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch new file mode 100644 index 000000000000..6c8b0e0c2d63 --- /dev/null +++ b/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch @@ -0,0 +1,421 @@ +--- openMotif-2.2.3/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2004-09-30 11:52:40.176933831 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmhashtab.c 2004-09-30 11:53:47.288717782 +0200 +@@ -141,7 +141,7 @@ + xpmHashTable *table; + { + xpmHashAtom *atomTable = table->atomTable; +- int size = table->size; ++ unsigned int size = table->size; + xpmHashAtom *t, *p; + int i; + int oldSize = size; +@@ -150,6 +150,8 @@ + HASH_TABLE_GROWS + table->size = size; + table->limit = size / 3; ++ if (size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +@@ -210,6 +212,8 @@ + table->size = INITIAL_HASH_SIZE; + table->limit = table->size / 3; + table->used = 0; ++ if (table->size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2004-09-30 11:36:04.545969020 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-09-30 11:37:14.583312219 +0200 +@@ -244,6 +244,8 @@ + unsigned int x, y, h; + + h = height - 1; ++ if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) ++ return (XpmNoMemory); + p = buf = (char *) XpmMalloc(width * cpp + 3); + if (!buf) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2004-09-30 11:51:30.712472999 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmdata.c 2004-09-30 11:52:26.665789239 +0200 +@@ -376,7 +376,7 @@ + { + if (!mdata->type) + *cmt = NULL; +- else if (mdata->CommentLength) { ++ else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { + *cmt = (char *) XpmMalloc(mdata->CommentLength + 1); + strncpy(*cmt, mdata->Comment, mdata->CommentLength); + (*cmt)[mdata->CommentLength] = '\0'; +--- openMotif-2.2.3/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-09-30 11:38:09.358760225 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmI.h 2004-09-30 11:39:58.498714150 +0200 +@@ -179,6 +179,18 @@ + boundCheckingCalloc((long)(nelem),(long) (elsize)) + #endif + ++#if defined(SCO) || defined(__USLC__) ++#include <stdint.h> /* For SIZE_MAX */ ++#endif ++#include <limits.h> ++#ifndef SIZE_MAX ++# ifdef ULONG_MAX ++# define SIZE_MAX ULONG_MAX ++# else ++# define SIZE_MAX UINT_MAX ++# endif ++#endif ++ + #define XPMMAXCMTLEN BUFSIZ + typedef struct { + unsigned int type; +@@ -276,9 +288,9 @@ + } *xpmHashAtom; + + typedef struct { +- int size; +- int limit; +- int used; ++ unsigned int size; ++ unsigned int limit; ++ unsigned int used; + xpmHashAtom *atomTable; + } xpmHashTable; + +--- openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2004-09-30 11:35:18.058379165 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c 2004-09-30 11:35:43.951808698 +0200 +@@ -134,6 +134,8 @@ + */ + header_nlines = 1 + image->ncolors; + header_size = sizeof(char *) * header_nlines; ++ if (header_size >= SIZE_MAX / sizeof(char *)) ++ return (XpmNoMemory); + header = (char **) XpmCalloc(header_size, sizeof(char *)); + if (!header) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2004-09-30 12:05:34.424607695 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmscan.c 2004-09-30 12:08:16.963282178 +0200 +@@ -98,7 +98,8 @@ + LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, + XpmAttributes *attributes)); + +-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, ++LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, ++ unsigned int ncolors, + Pixel *pixels, unsigned int mask, + unsigned int cpp, XpmAttributes *attributes)); + +@@ -225,11 +226,17 @@ + else + cpp = 0; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ RETURN(XpmNoMemory); + pmap.pixelindex = + (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); + if (!pmap.pixelindex) + RETURN(XpmNoMemory); + ++ if (pmap.size >= SIZE_MAX / sizeof(Pixel)) ++ RETURN(XpmNoMemory); ++ + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); + if (!pmap.pixels) + RETURN(XpmNoMemory); +@@ -285,6 +292,8 @@ + * color + */ + ++ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ RETURN(XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); + if (!colorTable) + RETURN(XpmNoMemory); +@@ -332,6 +341,8 @@ + + /* first get a character string */ + a = 0; ++ if (cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) + return (XpmNoMemory); + *s++ = printable[c = a % MAXPRINTABLE]; +@@ -379,7 +390,7 @@ + ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) + Display *display; + XpmColor *colors; +- int ncolors; ++ unsigned int ncolors; + Pixel *pixels; + unsigned int mask; + unsigned int cpp; +@@ -423,6 +434,8 @@ + } + + /* first get character strings and rgb values */ ++ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); + if (!xcolors) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2004-09-30 11:33:10.216008908 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmAttrib.c 2004-09-30 11:33:41.187737616 +0200 +@@ -41,8 +41,8 @@ + #include "XpmI.h" + + /* 3.2 backward compatibility code */ +-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, +- XpmColor ***oldct)); ++LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, ++ XpmColor ***oldct)); + + LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); + +@@ -52,12 +52,15 @@ + static int + CreateOldColorTable(ct, ncolors, oldct) + XpmColor *ct; +- int ncolors; ++ unsigned int ncolors; + XpmColor ***oldct; + { + XpmColor **colorTable, **color; + int a; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) ++ return XpmNoMemory; ++ + colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); + if (!colorTable) { + *oldct = NULL; +--- openMotif-2.2.3/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2004-09-30 11:40:22.122457590 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmcreate.c 2004-09-30 12:49:44.411019183 +0200 +@@ -804,6 +804,9 @@ + + ErrorStatus = XpmSuccess; + ++ if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return (XpmNoMemory); ++ + /* malloc pixels index tables */ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors); + if (!image_pixels) +@@ -947,6 +950,8 @@ + return (XpmNoMemory); + + #ifndef FOR_MSW ++ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) ++ return XpmNoMemory; + /* now that bytes_per_line must have been set properly alloc data */ + (*image_return)->data = + (char *) XpmMalloc((*image_return)->bytes_per_line * height); +@@ -1992,6 +1997,9 @@ + xpmGetCmt(data, &colors_cmt); + + /* malloc pixels index tables */ ++ if (ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return XpmNoMemory; ++ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); + if (!image_pixels) + RETURN(XpmNoMemory); +@@ -2207,6 +2215,9 @@ + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -2305,6 +2316,9 @@ + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; +--- openMotif-2.2.3/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2004-09-30 11:54:01.219804716 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmparse.c 2004-09-30 12:47:15.676480282 +0200 +@@ -46,6 +46,25 @@ + + #include "XpmI.h" + #include <ctype.h> ++#include <string.h> ++ ++#ifdef HAS_STRLCAT ++# define STRLCAT(dst, src, dstsize) { \ ++ if (strlcat(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlcpy(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++#else ++# define STRLCAT(dst, src, dstsize) { \ ++ if ((strlen(dst) + strlen(src)) < (dstsize)) \ ++ strcat(dst, src); \ ++ else return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlen(src) < (dstsize)) \ ++ strcpy(dst, src); \ ++ else return (XpmFileInvalid); } ++#endif + + LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, + unsigned int height, unsigned int ncolors, +@@ -215,7 +234,7 @@ + unsigned int *extensions; + { + unsigned int l; +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + + if (!data->format) { /* XPM 2 or 3 */ + +@@ -324,10 +343,10 @@ + XpmColor **colorTablePtr; + xpmHashTable *hashtable; + { +- unsigned int key, l, a, b; ++ unsigned int key, l, a, b, len; + unsigned int curkey; /* current color key */ + unsigned int lastwaskey; /* key read */ +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + char curbuf[BUFSIZ]; /* current buffer */ + char **sptr, *s; + XpmColor *color; +@@ -335,6 +354,8 @@ + char **defaults; + int ErrorStatus; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ return (XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); + if (!colorTable) + return (XpmNoMemory); +@@ -346,6 +367,10 @@ + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -383,13 +408,14 @@ + } + if (!lastwaskey && key < NKEYS) { /* open new key */ + if (curkey) { /* flush string */ +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } + defaults[curkey] = s; +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + curkey = key + 1; /* set new key */ + *curbuf = '\0'; /* reset curbuf */ +@@ -400,9 +426,9 @@ + return (XpmFileInvalid); + } + if (!lastwaskey) +- strcat(curbuf, " "); /* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf);/* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */ + lastwaskey = 0; + } + } +@@ -410,12 +436,13 @@ + xpmFreeColorTable(colorTable, ncolors); + return (XpmFileInvalid); + } +- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = defaults[curkey] = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + } else { /* XPM 1 */ + /* get to the beginning of the first string */ +@@ -428,6 +455,10 @@ + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -456,16 +487,17 @@ + *curbuf = '\0'; /* init curbuf */ + while ((l = xpmNextWord(data, buf, BUFSIZ))) { + if (*curbuf != '\0') +- strcat(curbuf, " ");/* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf); /* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */ + } +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + color->c_color = s; + *curbuf = '\0'; /* reset curbuf */ + if (a < ncolors - 1) +@@ -490,6 +522,9 @@ + unsigned int *iptr, *iptr2; + unsigned int a, x, y; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ return XpmNoMemory; + #ifndef FOR_MSW + iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); + #else +@@ -513,6 +548,9 @@ + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -590,6 +628,9 @@ + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; diff --git a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch.bz2 b/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch.bz2 Binary files differdeleted file mode 100644 index b61d8e0d4f1e..000000000000 --- a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0687-0688.patch.bz2 +++ /dev/null diff --git a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914-newer.patch.bz2 b/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914-newer.patch.bz2 Binary files differdeleted file mode 100644 index f00beeaf390e..000000000000 --- a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914-newer.patch.bz2 +++ /dev/null diff --git a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914.patch.bz2 b/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914.patch.bz2 Binary files differdeleted file mode 100644 index e2871ffac5df..000000000000 --- a/x11-libs/openmotif/files/openmotif-2.2.3-CAN-2004-0914.patch.bz2 +++ /dev/null |