From d4728d8dea35c4a562966d5c0ba985990254c542 Mon Sep 17 00:00:00 2001 From: Ulrich Müller Date: Sat, 23 Feb 2008 17:36:08 +0000 Subject: Add patchset for openmotif-2.2.3 --- patchsets/motif/2.2.3/01_all_mwm-configdir.patch | 39 + .../motif/2.2.3/02_all_CAN-2004-0687-0688.patch | 421 +++++ .../motif/2.2.3/03_all_CAN-2004-0914-newer.patch | 1834 ++++++++++++++++++++ .../motif/2.2.3/04_all_CAN-2004-0914_sec8.patch | 14 + .../motif/2.2.3/05_all_char_not_supported.patch | 31 + patchsets/motif/2.2.3/06_all_pixel_length.patch | 11 + patchsets/motif/2.2.3/07_all_popup_timeout.patch | 12 + .../motif/2.2.3/08_all_XmResizeHashTable.patch | 11 + patchsets/motif/2.2.3/09_all_utf8.patch | 77 + patchsets/motif/2.2.3/10_all_no_demos.patch | 101 ++ patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch | 38 + patchsets/motif/2.2.3/12_all_uil.patch | 350 ++++ patchsets/motif/2.2.3/13_all_automake.patch | 10 + 13 files changed, 2949 insertions(+) create mode 100644 patchsets/motif/2.2.3/01_all_mwm-configdir.patch create mode 100644 patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch create mode 100644 patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch create mode 100644 patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch create mode 100644 patchsets/motif/2.2.3/05_all_char_not_supported.patch create mode 100644 patchsets/motif/2.2.3/06_all_pixel_length.patch create mode 100644 patchsets/motif/2.2.3/07_all_popup_timeout.patch create mode 100644 patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch create mode 100644 patchsets/motif/2.2.3/09_all_utf8.patch create mode 100644 patchsets/motif/2.2.3/10_all_no_demos.patch create mode 100644 patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch create mode 100644 patchsets/motif/2.2.3/12_all_uil.patch create mode 100644 patchsets/motif/2.2.3/13_all_automake.patch diff --git a/patchsets/motif/2.2.3/01_all_mwm-configdir.patch b/patchsets/motif/2.2.3/01_all_mwm-configdir.patch new file mode 100644 index 0000000..c83f34a --- /dev/null +++ b/patchsets/motif/2.2.3/01_all_mwm-configdir.patch @@ -0,0 +1,39 @@ +diff -urN openMotif-2.2.2.orig/clients/mwm/WmResParse.c openMotif-2.2.2/clients/mwm/WmResParse.c +--- openMotif-2.2.2.orig/clients/mwm/WmResParse.c 2002-01-10 21:55:37.000000000 +0100 ++++ openMotif-2.2.2/clients/mwm/WmResParse.c 2003-06-04 22:20:22.000000000 +0200 +@@ -2411,7 +2411,7 @@ + if (MwmBehavior) + { + strcpy(cfileName, LIBDIR); +- strncat(cfileName, "/", MAXWMPATH-strlen(cfileName)); ++ strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName)); + strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName)); + strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); + } +@@ -2427,7 +2427,7 @@ + * Try /$LANG/system.mwmrc within the install tree + */ + strcpy(cfileName, LIBDIR); +- strncat(cfileName, "/", MAXWMPATH-strlen(cfileName)); ++ strncat(cfileName, "/mwm/", MAXWMPATH-strlen(cfileName)); + strncat(cfileName, LANG, MAXWMPATH-strlen(cfileName)); + strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); + #endif /* WSM */ +@@ -2449,7 +2449,7 @@ + if (MwmBehavior) + { + strcpy(cfileName, LIBDIR); +- strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); ++ strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); + #ifdef PANELIST + fileP = fopen (cfileName, "r"); + #else /* PANELIST */ +@@ -2473,7 +2473,7 @@ + * Try /system.mwmrc within the install tree + */ + strcpy(cfileName, LIBDIR); +- strncat(cfileName, SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); ++ strncat(cfileName, "/mwm" SLASH_MWMRC, MAXWMPATH - strlen(cfileName)); + + if (LANG != NULL) + { diff --git a/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch b/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch new file mode 100644 index 0000000..6c8b0e0 --- /dev/null +++ b/patchsets/motif/2.2.3/02_all_CAN-2004-0687-0688.patch @@ -0,0 +1,421 @@ +--- openMotif-2.2.3/lib/Xm/Xpmhashtab.c.CAN-2004-0687-0688 2004-09-30 11:52:40.176933831 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmhashtab.c 2004-09-30 11:53:47.288717782 +0200 +@@ -141,7 +141,7 @@ + xpmHashTable *table; + { + xpmHashAtom *atomTable = table->atomTable; +- int size = table->size; ++ unsigned int size = table->size; + xpmHashAtom *t, *p; + int i; + int oldSize = size; +@@ -150,6 +150,8 @@ + HASH_TABLE_GROWS + table->size = size; + table->limit = size / 3; ++ if (size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +@@ -210,6 +212,8 @@ + table->size = INITIAL_HASH_SIZE; + table->limit = table->size / 3; + table->used = 0; ++ if (table->size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0687-0688 2004-09-30 11:36:04.545969020 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-09-30 11:37:14.583312219 +0200 +@@ -244,6 +244,8 @@ + unsigned int x, y, h; + + h = height - 1; ++ if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) ++ return (XpmNoMemory); + p = buf = (char *) XpmMalloc(width * cpp + 3); + if (!buf) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/Xpmdata.c.CAN-2004-0687-0688 2004-09-30 11:51:30.712472999 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmdata.c 2004-09-30 11:52:26.665789239 +0200 +@@ -376,7 +376,7 @@ + { + if (!mdata->type) + *cmt = NULL; +- else if (mdata->CommentLength) { ++ else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { + *cmt = (char *) XpmMalloc(mdata->CommentLength + 1); + strncpy(*cmt, mdata->Comment, mdata->CommentLength); + (*cmt)[mdata->CommentLength] = '\0'; +--- openMotif-2.2.3/lib/Xm/XpmI.h.CAN-2004-0687-0688 2004-09-30 11:38:09.358760225 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmI.h 2004-09-30 11:39:58.498714150 +0200 +@@ -179,6 +179,18 @@ + boundCheckingCalloc((long)(nelem),(long) (elsize)) + #endif + ++#if defined(SCO) || defined(__USLC__) ++#include /* For SIZE_MAX */ ++#endif ++#include ++#ifndef SIZE_MAX ++# ifdef ULONG_MAX ++# define SIZE_MAX ULONG_MAX ++# else ++# define SIZE_MAX UINT_MAX ++# endif ++#endif ++ + #define XPMMAXCMTLEN BUFSIZ + typedef struct { + unsigned int type; +@@ -276,9 +288,9 @@ + } *xpmHashAtom; + + typedef struct { +- int size; +- int limit; +- int used; ++ unsigned int size; ++ unsigned int limit; ++ unsigned int used; + xpmHashAtom *atomTable; + } xpmHashTable; + +--- openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c.CAN-2004-0687-0688 2004-09-30 11:35:18.058379165 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmCrDatFrI.c 2004-09-30 11:35:43.951808698 +0200 +@@ -134,6 +134,8 @@ + */ + header_nlines = 1 + image->ncolors; + header_size = sizeof(char *) * header_nlines; ++ if (header_size >= SIZE_MAX / sizeof(char *)) ++ return (XpmNoMemory); + header = (char **) XpmCalloc(header_size, sizeof(char *)); + if (!header) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/Xpmscan.c.CAN-2004-0687-0688 2004-09-30 12:05:34.424607695 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmscan.c 2004-09-30 12:08:16.963282178 +0200 +@@ -98,7 +98,8 @@ + LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, + XpmAttributes *attributes)); + +-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, ++LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, ++ unsigned int ncolors, + Pixel *pixels, unsigned int mask, + unsigned int cpp, XpmAttributes *attributes)); + +@@ -225,11 +226,17 @@ + else + cpp = 0; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ RETURN(XpmNoMemory); + pmap.pixelindex = + (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); + if (!pmap.pixelindex) + RETURN(XpmNoMemory); + ++ if (pmap.size >= SIZE_MAX / sizeof(Pixel)) ++ RETURN(XpmNoMemory); ++ + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); + if (!pmap.pixels) + RETURN(XpmNoMemory); +@@ -285,6 +292,8 @@ + * color + */ + ++ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ RETURN(XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); + if (!colorTable) + RETURN(XpmNoMemory); +@@ -332,6 +341,8 @@ + + /* first get a character string */ + a = 0; ++ if (cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) + return (XpmNoMemory); + *s++ = printable[c = a % MAXPRINTABLE]; +@@ -379,7 +390,7 @@ + ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) + Display *display; + XpmColor *colors; +- int ncolors; ++ unsigned int ncolors; + Pixel *pixels; + unsigned int mask; + unsigned int cpp; +@@ -423,6 +434,8 @@ + } + + /* first get character strings and rgb values */ ++ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); + if (!xcolors) + return (XpmNoMemory); +--- openMotif-2.2.3/lib/Xm/XpmAttrib.c.CAN-2004-0687-0688 2004-09-30 11:33:10.216008908 +0200 ++++ openMotif-2.2.3/lib/Xm/XpmAttrib.c 2004-09-30 11:33:41.187737616 +0200 +@@ -41,8 +41,8 @@ + #include "XpmI.h" + + /* 3.2 backward compatibility code */ +-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, +- XpmColor ***oldct)); ++LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, ++ XpmColor ***oldct)); + + LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); + +@@ -52,12 +52,15 @@ + static int + CreateOldColorTable(ct, ncolors, oldct) + XpmColor *ct; +- int ncolors; ++ unsigned int ncolors; + XpmColor ***oldct; + { + XpmColor **colorTable, **color; + int a; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) ++ return XpmNoMemory; ++ + colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); + if (!colorTable) { + *oldct = NULL; +--- openMotif-2.2.3/lib/Xm/Xpmcreate.c.CAN-2004-0687-0688 2004-09-30 11:40:22.122457590 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmcreate.c 2004-09-30 12:49:44.411019183 +0200 +@@ -804,6 +804,9 @@ + + ErrorStatus = XpmSuccess; + ++ if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return (XpmNoMemory); ++ + /* malloc pixels index tables */ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors); + if (!image_pixels) +@@ -947,6 +950,8 @@ + return (XpmNoMemory); + + #ifndef FOR_MSW ++ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) ++ return XpmNoMemory; + /* now that bytes_per_line must have been set properly alloc data */ + (*image_return)->data = + (char *) XpmMalloc((*image_return)->bytes_per_line * height); +@@ -1992,6 +1997,9 @@ + xpmGetCmt(data, &colors_cmt); + + /* malloc pixels index tables */ ++ if (ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return XpmNoMemory; ++ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); + if (!image_pixels) + RETURN(XpmNoMemory); +@@ -2207,6 +2215,9 @@ + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -2305,6 +2316,9 @@ + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; +--- openMotif-2.2.3/lib/Xm/Xpmparse.c.CAN-2004-0687-0688 2004-09-30 11:54:01.219804716 +0200 ++++ openMotif-2.2.3/lib/Xm/Xpmparse.c 2004-09-30 12:47:15.676480282 +0200 +@@ -46,6 +46,25 @@ + + #include "XpmI.h" + #include ++#include ++ ++#ifdef HAS_STRLCAT ++# define STRLCAT(dst, src, dstsize) { \ ++ if (strlcat(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlcpy(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++#else ++# define STRLCAT(dst, src, dstsize) { \ ++ if ((strlen(dst) + strlen(src)) < (dstsize)) \ ++ strcat(dst, src); \ ++ else return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlen(src) < (dstsize)) \ ++ strcpy(dst, src); \ ++ else return (XpmFileInvalid); } ++#endif + + LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, + unsigned int height, unsigned int ncolors, +@@ -215,7 +234,7 @@ + unsigned int *extensions; + { + unsigned int l; +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + + if (!data->format) { /* XPM 2 or 3 */ + +@@ -324,10 +343,10 @@ + XpmColor **colorTablePtr; + xpmHashTable *hashtable; + { +- unsigned int key, l, a, b; ++ unsigned int key, l, a, b, len; + unsigned int curkey; /* current color key */ + unsigned int lastwaskey; /* key read */ +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + char curbuf[BUFSIZ]; /* current buffer */ + char **sptr, *s; + XpmColor *color; +@@ -335,6 +354,8 @@ + char **defaults; + int ErrorStatus; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ return (XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); + if (!colorTable) + return (XpmNoMemory); +@@ -346,6 +367,10 @@ + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -383,13 +408,14 @@ + } + if (!lastwaskey && key < NKEYS) { /* open new key */ + if (curkey) { /* flush string */ +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } + defaults[curkey] = s; +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + curkey = key + 1; /* set new key */ + *curbuf = '\0'; /* reset curbuf */ +@@ -400,9 +426,9 @@ + return (XpmFileInvalid); + } + if (!lastwaskey) +- strcat(curbuf, " "); /* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf);/* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */ + lastwaskey = 0; + } + } +@@ -410,12 +436,13 @@ + xpmFreeColorTable(colorTable, ncolors); + return (XpmFileInvalid); + } +- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = defaults[curkey] = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + } else { /* XPM 1 */ + /* get to the beginning of the first string */ +@@ -428,6 +455,10 @@ + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -456,16 +487,17 @@ + *curbuf = '\0'; /* init curbuf */ + while ((l = xpmNextWord(data, buf, BUFSIZ))) { + if (*curbuf != '\0') +- strcat(curbuf, " ");/* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf); /* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */ + } +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + color->c_color = s; + *curbuf = '\0'; /* reset curbuf */ + if (a < ncolors - 1) +@@ -490,6 +522,9 @@ + unsigned int *iptr, *iptr2; + unsigned int a, x, y; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ return XpmNoMemory; + #ifndef FOR_MSW + iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); + #else +@@ -513,6 +548,9 @@ + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -590,6 +628,9 @@ + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; diff --git a/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch b/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch new file mode 100644 index 0000000..cedf5d4 --- /dev/null +++ b/patchsets/motif/2.2.3/03_all_CAN-2004-0914-newer.patch @@ -0,0 +1,1834 @@ +diff -Nur lib/Xm/Imakefile lib/Xm/Imakefile +--- lib/Xm/Imakefile 2002-01-15 18:30:40.000000000 +0100 ++++ lib/Xm/Imakefile 2005-02-14 14:24:12.000000000 +0100 +@@ -211,7 +211,8 @@ + XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \ + XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \ + XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \ +- XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c ++ XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \ ++ Xpms_popen.c + + #if UseLocalRegex + REGEX_SRCS = regexp.c +@@ -274,7 +275,8 @@ + XpmCrBufFrP.o XpmCrPFrBuf.o XpmRdFToDat.o XpmWrFFrP.o Xpmrgb.o \ + XpmCrDatFrI.o XpmCrPFrDat.o XpmRdFToI.o Xpmcreate.o Xpmscan.o \ + XpmCrDatFrP.o XpmCrPFrI.o XpmRdFToP.o Xpmdata.o \ +- XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o ++ XpmCrIFrBuf.o XpmImage.o XpmWrFFrBuf.o Xpmhashtab.o \ ++ Xpms_popen.o + + #if UseLocalRegex + REGEX_OBJS = regexp.o +--- lib/Xm/Makefile.am 2004-11-17 19:03:26.962797006 +0100 ++++ lib/Xm/Makefile.am 2004-11-17 19:03:49.421724642 +0100 +@@ -241,7 +241,8 @@ + XpmCrBufFrP.c XpmCrPFrBuf.c XpmRdFToDat.c XpmWrFFrP.c Xpmrgb.c \ + XpmCrDatFrI.c XpmCrPFrDat.c XpmRdFToI.c Xpmcreate.c Xpmscan.c \ + XpmCrDatFrP.c XpmCrPFrI.c XpmRdFToP.c Xpmdata.c \ +- XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c ++ XpmCrIFrBuf.c XpmImage.c XpmWrFFrBuf.c Xpmhashtab.c \ ++ Xpms_popen.c + + NEW_WID_SRCS = IconH.c Container.c IconG.c \ + Notebook.c ComboBox.c GrabShell.c SpinB.c \ +--- /dev/null 1970-01-01 01:00:00.000000000 +0100 ++++ lib/Xm/Xpms_popen.c 2005-02-14 14:24:12.942319466 +0100 +@@ -0,0 +1,182 @@ ++/* ++ * Copyright (C) 2004 The X.Org fundation ++ * ++ * Permission is hereby granted, free of charge, to any person ++ * obtaining a copy of this software and associated documentation ++ * files (the "Software"), to deal in the Software without ++ * restriction, including without limitation the rights to use, copy, ++ * modify, merge, publish, distribute, sublicense, and/or sell copies ++ * of the Software, and to permit persons to whom the Software is fur- ++ * nished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ++ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF ++ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ * ++ * Except as contained in this notice, the name of the X.Org fundation ++ * shall not be used in advertising or otherwise to promote the sale, ++ * use or other dealings in this Software without prior written ++ * authorization from the X.Org fundation. ++ */ ++ ++/* ++** This is a secure but NOT 100% compatible replacement for popen() ++** Note: - don't use pclose() use fclose() for closing the returned ++** filedesc.!!! ++** ++** Known Bugs: - unable to use i/o-redirection like > or < ++** Author: - Thomas Biege ++** Credits: - Andreas Pfaller for fixing a SEGV when ++** calling strtok() ++*/ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "XpmI.h" ++ ++#define __SEC_POPEN_TOKEN " " ++ ++FILE *Xpms_popen(char *cmd, const char *type) ++{ ++ pid_t pid; ++ int pfd[2]; ++ int rpipe = 0, wpipe = 0, i; ++ char **argv; ++ char *ptr; ++ char *cmdcpy; ++ ++ ++ if(cmd == NULL || cmd == "") ++ return(NULL); ++ ++ if(type[0] != 'r' && type[0] != 'w') ++ return(NULL); ++ ++ if ((cmdcpy = strdup(cmd)) == NULL) ++ return(NULL); ++ ++ argv = NULL; ++ if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL) ++ { ++ free(cmdcpy); ++ return(NULL); ++ } ++ ++ for(i = 0;; i++) ++ { ++ if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL) ++ { ++ free(cmdcpy); ++ return(NULL); ++ } ++ ++ if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL) ++ { ++ free(cmdcpy); ++ return(NULL); ++ } ++ ++ strcpy(argv[i], ptr); ++ ++ if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL) ++ { ++ if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL) ++ { ++ free(cmdcpy); ++ return(NULL); ++ } ++ argv[i+1] = NULL; ++ break; ++ } ++ } ++ ++ ++ if(type[0] == 'r') ++ rpipe = 1; ++ else ++ wpipe = 1; ++ ++ if (pipe(pfd) < 0) ++ { ++ free(cmdcpy); ++ return(NULL); ++ } ++ ++ if((pid = fork()) < 0) ++ { ++ close(pfd[0]); ++ close(pfd[1]); ++ free(cmdcpy); ++ return(NULL); ++ } ++ ++ if(pid == 0) /* child */ ++ { ++ if((pid = fork()) < 0) ++ { ++ close(pfd[0]); ++ close(pfd[1]); ++ free(cmdcpy); ++ return(NULL); ++ } ++ if(pid > 0) ++ { ++ exit(0); /* child nr. 1 exits */ ++ } ++ ++ /* child nr. 2 */ ++ if(rpipe) ++ { ++ close(pfd[0]); /* close reading end, we don't need it */ ++ dup2(STDOUT_FILENO, STDERR_FILENO); ++ if (pfd[1] != STDOUT_FILENO) ++ dup2(pfd[1], STDOUT_FILENO); /* redirect stdout to writing end of pipe */ ++ } ++ else ++ { ++ close(pfd[1]); /* close writing end, we don't need it */ ++ if (pfd[0] != STDIN_FILENO) ++ dup2(pfd[0], STDIN_FILENO); /* redirect stdin to reading end of pipe */ ++ } ++ ++ if(strchr(argv[0], '/') == NULL) ++ execvp(argv[0], argv); /* search in $PATH */ ++ else ++ execv(argv[0], argv); ++ ++ close(pfd[0]); ++ close(pfd[1]); ++ free(cmdcpy); ++ return(NULL); /* exec failed.. ooops! */ ++ } ++ else /* parent */ ++ { ++ waitpid(pid, NULL, 0); /* wait for child nr. 1 */ ++ ++ if(rpipe) ++ { ++ close(pfd[1]); ++ free(cmdcpy); ++ return(fdopen(pfd[0], "r")); ++ } ++ else ++ { ++ close(pfd[0]); ++ free(cmdcpy); ++ return(fdopen(pfd[1], "w")); ++ } ++ ++ } ++} ++ +diff -Nur lib/Xm/XpmAttrib.c lib/Xm/XpmAttrib.c +--- lib/Xm/XpmAttrib.c 2005-02-14 15:20:49.346039704 +0100 ++++ lib/Xm/XpmAttrib.c 2005-02-14 14:26:42.742624081 +0100 +@@ -44,7 +44,7 @@ + LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, + XpmColor ***oldct)); + +-LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); ++LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors)); + + /* + * Create a colortable compatible with the old style colortable +@@ -56,9 +56,9 @@ + XpmColor ***oldct; + { + XpmColor **colorTable, **color; +- int a; ++ unsigned int a; + +- if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) ++ if (ncolors >= UINT_MAX / sizeof(XpmColor *)) + return XpmNoMemory; + + colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); +@@ -75,9 +75,9 @@ + static void + FreeOldColorTable(colorTable, ncolors) + XpmColor **colorTable; +- int ncolors; ++ unsigned int ncolors; + { +- int a, b; ++ unsigned int a, b; + XpmColor **color; + char **sptr; + +@@ -128,7 +128,7 @@ + XpmExtension *ext; + char **sptr; + +- if (extensions) { ++ if (extensions && nextensions > 0) { + for (i = 0, ext = extensions; i < nextensions; i++, ext++) { + if (ext->name) + XpmFree(ext->name); +diff -Nur lib/Xm/XpmCrBufFrI.c lib/Xm/XpmCrBufFrI.c +--- lib/Xm/XpmCrBufFrI.c 2003-08-15 11:08:59.000000000 +0200 ++++ lib/Xm/XpmCrBufFrI.c 2005-02-14 14:28:44.975393496 +0100 +@@ -41,21 +41,26 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ ++ + #include "XpmI.h" + + LFUNC(WriteColors, int, (char **dataptr, unsigned int *data_size, + unsigned int *used_size, XpmColor *colors, + unsigned int ncolors, unsigned int cpp)); + +-LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size, ++LFUNC(WritePixels, void, (char *dataptr, unsigned int data_size, ++ unsigned int *used_size, + unsigned int width, unsigned int height, + unsigned int cpp, unsigned int *pixels, + XpmColor *colors)); + +-LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size, ++LFUNC(WriteExtensions, void, (char *dataptr, unsigned int data_size, ++ unsigned int *used_size, + XpmExtension *ext, unsigned int num)); + +-LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num)); ++LFUNC(ExtensionsSize, unsigned int, (XpmExtension *ext, unsigned int num)); + LFUNC(CommentsSize, int, (XpmInfo *info)); + + int +@@ -98,11 +103,12 @@ + + #undef RETURN + #define RETURN(status) \ ++do \ + { \ + if (ptr) \ + XpmFree(ptr); \ + return(status); \ +-} ++} while(0) + + int + XpmCreateBufferFromXpmImage(buffer_return, image, info) +@@ -116,7 +122,7 @@ + unsigned int cmts, extensions, ext_size = 0; + unsigned int l, cmt_size = 0; + char *ptr = NULL, *p; +- unsigned int ptr_size, used_size; ++ unsigned int ptr_size, used_size, tmp; + + *buffer_return = NULL; + +@@ -138,7 +144,13 @@ + #ifdef VOID_SPRINTF + used_size = strlen(buf); + #endif +- ptr_size = used_size + ext_size + cmt_size + 1; ++ ptr_size = used_size + ext_size + cmt_size + 1; /* ptr_size can't be 0 */ ++ if(ptr_size <= used_size || ++ ptr_size <= ext_size || ++ ptr_size <= cmt_size) ++ { ++ return XpmNoMemory; ++ } + ptr = (char *) XpmMalloc(ptr_size); + if (!ptr) + return XpmNoMemory; +@@ -149,7 +161,7 @@ + #ifndef VOID_SPRINTF + used_size += + #endif +- sprintf(ptr + used_size, "/*%s*/\n", info->hints_cmt); ++ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->hints_cmt); + #ifdef VOID_SPRINTF + used_size += strlen(info->hints_cmt) + 5; + #endif +@@ -167,7 +179,7 @@ + #ifndef VOID_SPRINTF + l += + #endif +- sprintf(buf + l, " %d %d", info->x_hotspot, info->y_hotspot); ++ snprintf(buf + l, sizeof(buf)-l, " %d %d", info->x_hotspot, info->y_hotspot); + #ifdef VOID_SPRINTF + l = strlen(buf); + #endif +@@ -189,6 +201,8 @@ + l = strlen(buf); + #endif + ptr_size += l; ++ if(ptr_size <= l) ++ RETURN(XpmNoMemory); + p = (char *) XpmRealloc(ptr, ptr_size); + if (!p) + RETURN(XpmNoMemory); +@@ -201,7 +215,7 @@ + #ifndef VOID_SPRINTF + used_size += + #endif +- sprintf(ptr + used_size, "/*%s*/\n", info->colors_cmt); ++ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->colors_cmt); + #ifdef VOID_SPRINTF + used_size += strlen(info->colors_cmt) + 5; + #endif +@@ -217,7 +231,12 @@ + * 4 = 1 (for '"') + 3 (for '",\n') + * 1 = - 2 (because the last line does not end with ',\n') + 3 (for '};\n') + */ +- ptr_size += image->height * (image->width * image->cpp + 4) + 1; ++ if(image->width > UINT_MAX / image->cpp || ++ (tmp = image->width * image->cpp + 4) <= 4 || ++ image->height > UINT_MAX / tmp || ++ (tmp = image->height * tmp + 1) <= 1 || ++ (ptr_size += tmp) <= tmp) ++ RETURN(XpmNoMemory); + + p = (char *) XpmRealloc(ptr, ptr_size); + if (!p) +@@ -229,17 +248,17 @@ + #ifndef VOID_SPRINTF + used_size += + #endif +- sprintf(ptr + used_size, "/*%s*/\n", info->pixels_cmt); ++ snprintf(ptr + used_size, ptr_size-used_size, "/*%s*/\n", info->pixels_cmt); + #ifdef VOID_SPRINTF + used_size += strlen(info->pixels_cmt) + 5; + #endif + } +- WritePixels(ptr + used_size, &used_size, image->width, image->height, ++ WritePixels(ptr + used_size, ptr_size - used_size, &used_size, image->width, image->height, + image->cpp, image->data, image->colorTable); + + /* print extensions */ + if (extensions) +- WriteExtensions(ptr + used_size, &used_size, ++ WriteExtensions(ptr + used_size, ptr_size-used_size, &used_size, + info->extensions, info->nextensions); + + /* close the array */ +@@ -250,6 +269,7 @@ + return (XpmSuccess); + } + ++ + static int + WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp) + char **dataptr; +@@ -259,7 +279,7 @@ + unsigned int ncolors; + unsigned int cpp; + { +- char buf[BUFSIZ]; ++ char buf[BUFSIZ] = {0}; + unsigned int a, key, l; + char *s, *s2; + char **defaults; +@@ -269,22 +289,34 @@ + + defaults = (char **) colors; + s = buf + 1; +- strncpy(s, *defaults++, cpp); +- s += cpp; +- +- for (key = 1; key <= NKEYS; key++, defaults++) { +- if ((s2 = *defaults)) { +-#ifndef VOID_SPRINTF +- s += +-#endif +- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2); +-#ifdef VOID_SPRINTF +- s += strlen(s); +-#endif +- } +- } +- strcpy(s, "\",\n"); +- l = s + 3 - buf; ++ if(cpp > (sizeof(buf) - (s-buf))) ++ return(XpmNoMemory); ++ strncpy(s, *defaults++, cpp); ++ s += cpp; ++ ++ for (key = 1; key <= NKEYS; key++, defaults++) { ++ if ((s2 = *defaults)) { ++#ifndef VOID_SPRINTF ++ s += ++#endif ++ /* assume C99 compliance */ ++ snprintf(s, sizeof(buf) - (s-buf), "\t%s %s", xpmColorKeys[key - 1], s2); ++#ifdef VOID_SPRINTF ++ s += strlen(s); ++#endif ++ /* now let's check if s points out-of-bounds */ ++ if((s-buf) > sizeof(buf)) ++ return(XpmNoMemory); ++ } ++ } ++ if(sizeof(buf) - (s-buf) < 4) ++ return(XpmNoMemory); ++ strcpy(s, "\",\n"); ++ l = s + 3 - buf; ++ if( *data_size >= UINT_MAX-l || ++ *data_size + l <= *used_size || ++ (*data_size + l - *used_size) <= sizeof(buf)) ++ return(XpmNoMemory); + s = (char *) XpmRealloc(*dataptr, *data_size + l); + if (!s) + return (XpmNoMemory); +@@ -297,8 +329,9 @@ + } + + static void +-WritePixels(dataptr, used_size, width, height, cpp, pixels, colors) ++WritePixels(dataptr, data_size, used_size, width, height, cpp, pixels, colors) + char *dataptr; ++ unsigned int data_size; + unsigned int *used_size; + unsigned int width; + unsigned int height; +@@ -309,27 +342,36 @@ + char *s = dataptr; + unsigned int x, y, h; + ++ if(height <= 1) ++ return; ++ + h = height - 1; + for (y = 0; y < h; y++) { + *s++ = '"'; + for (x = 0; x < width; x++, pixels++) { +- strncpy(s, colors[*pixels].string, cpp); ++ if(cpp >= (data_size - (s-dataptr))) ++ return; ++ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? :-\ */ + s += cpp; + } ++ if((data_size - (s-dataptr)) < 4) ++ return; + strcpy(s, "\",\n"); + s += 3; + } + /* duplicate some code to avoid a test in the loop */ + *s++ = '"'; + for (x = 0; x < width; x++, pixels++) { +- strncpy(s, colors[*pixels].string, cpp); ++ if(cpp >= (data_size - (s-dataptr))) ++ return; ++ strncpy(s, colors[*pixels].string, cpp); /* how can we trust *pixels? */ + s += cpp; + } + *s++ = '"'; + *used_size += s - dataptr; + } + +-static int ++static unsigned int + ExtensionsSize(ext, num) + XpmExtension *ext; + unsigned int num; +@@ -338,21 +380,26 @@ + char **line; + + size = 0; ++ if(num == 0) ++ return(0); /* ok? */ + for (x = 0; x < num; x++, ext++) { + /* 11 = 10 (for ',\n"XPMEXT ') + 1 (for '"') */ + size += strlen(ext->name) + 11; +- a = ext->nlines; ++ a = ext->nlines; /* how can we trust ext->nlines to be not out-of-bounds? */ + for (y = 0, line = ext->lines; y < a; y++, line++) + /* 4 = 3 (for ',\n"') + 1 (for '"') */ + size += strlen(*line) + 4; + } + /* 13 is for ',\n"XPMENDEXT"' */ ++ if(size > UINT_MAX - 13) /* unlikely */ ++ return(0); + return size + 13; + } + + static void +-WriteExtensions(dataptr, used_size, ext, num) ++WriteExtensions(dataptr, data_size, used_size, ext, num) + char *dataptr; ++ unsigned int data_size; + unsigned int *used_size; + XpmExtension *ext; + unsigned int num; +@@ -363,24 +410,24 @@ + + for (x = 0; x < num; x++, ext++) { + #ifndef VOID_SPRINTF +- s += 11 + ++ s += + #endif +- sprintf(s, ",\n\"XPMEXT %s\"", ext->name); ++ snprintf(s, data_size - (s-dataptr), ",\n\"XPMEXT %s\"", ext->name); + #ifdef VOID_SPRINTF + s += strlen(ext->name) + 11; + #endif + a = ext->nlines; + for (y = 0, line = ext->lines; y < a; y++, line++) { + #ifndef VOID_SPRINTF +- s += 4 + ++ s += + #endif +- sprintf(s, ",\n\"%s\"", *line); ++ snprintf(s, data_size - (s-dataptr), ",\n\"%s\"", *line); + #ifdef VOID_SPRINTF + s += strlen(*line) + 4; + #endif + } + } +- strcpy(s, ",\n\"XPMENDEXT\""); ++ strncpy(s, ",\n\"XPMENDEXT\"", data_size - (s-dataptr)-1); + *used_size += s - dataptr + 13; + } + +@@ -391,6 +438,7 @@ + int size = 0; + + /* 5 = 2 (for "/_*") + 3 (for "*_/\n") */ ++ /* wrap possible but *very* unlikely */ + if (info->hints_cmt) + size += 5 + strlen(info->hints_cmt); + +diff -Nur lib/Xm/XpmCrDatFrI.c lib/Xm/XpmCrDatFrI.c +--- lib/Xm/XpmCrDatFrI.c 2005-02-14 15:20:49.344040101 +0100 ++++ lib/Xm/XpmCrDatFrI.c 2005-02-14 14:32:22.610251056 +0100 +@@ -38,13 +38,16 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + + LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size, + XpmColor *colors, unsigned int ncolors, + unsigned int cpp)); + +-LFUNC(CreatePixels, void, (char **dataptr, unsigned int width, ++LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size, ++ unsigned int width, + unsigned int height, unsigned int cpp, + unsigned int *pixels, XpmColor *colors)); + +@@ -52,7 +55,8 @@ + unsigned int *ext_size, + unsigned int *ext_nlines)); + +-LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset, ++LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size, ++ unsigned int offset, + XpmExtension *ext, unsigned int num, + unsigned int ext_nlines)); + +@@ -93,6 +97,7 @@ + + #undef RETURN + #define RETURN(status) \ ++do \ + { \ + if (header) { \ + for (l = 0; l < header_nlines; l++) \ +@@ -101,7 +106,7 @@ + XpmFree(header); \ + } \ + return(status); \ +-} ++} while(0) + + int + XpmCreateDataFromXpmImage(data_return, image, info) +@@ -133,10 +138,15 @@ + * is the hints line + the color table lines + */ + header_nlines = 1 + image->ncolors; ++ ++ if(header_nlines <= image->ncolors || ++ header_nlines >= UINT_MAX / sizeof(char *)) ++ return(XpmNoMemory); ++ + header_size = sizeof(char *) * header_nlines; +- if (header_size >= SIZE_MAX / sizeof(char *)) ++ if (header_size >= UINT_MAX / sizeof(char *)) + return (XpmNoMemory); +- header = (char **) XpmCalloc(header_size, sizeof(char *)); ++ header = (char **) XpmCalloc(header_size, sizeof(char *)); + if (!header) + return (XpmNoMemory); + +@@ -180,8 +190,22 @@ + + /* now we know the size needed, alloc the data and copy the header lines */ + offset = image->width * image->cpp + 1; +- data_size = header_size + (image->height + ext_nlines) * sizeof(char *) +- + image->height * offset + ext_size; ++ ++ if(offset <= image->width || offset <= image->cpp) ++ RETURN(XpmNoMemory); ++ ++ if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *)) ++ RETURN(XpmNoMemory); ++ data_size = (image->height + ext_nlines) * sizeof(char *); ++ ++ if (image->height > UINT_MAX / offset || ++ image->height * offset > UINT_MAX - data_size) ++ RETURN(XpmNoMemory); ++ data_size += image->height * offset; ++ ++ if( (header_size + ext_size) >= (UINT_MAX - data_size) ) ++ RETURN(XpmNoMemory); ++ data_size += header_size + ext_size; + + data = (char **) XpmMalloc(data_size); + if (!data) +@@ -189,8 +213,10 @@ + + data_nlines = header_nlines + image->height + ext_nlines; + *data = (char *) (data + data_nlines); ++ ++ /* can header have less elements then n suggests? */ + n = image->ncolors; +- for (l = 0, sptr = data, sptr2 = header; l <= n; l++, sptr++, sptr2++) { ++ for (l = 0, sptr = data, sptr2 = header; l <= n && sptr && sptr2; l++, sptr++, sptr2++) { + strcpy(*sptr, *sptr2); + *(sptr + 1) = *sptr + strlen(*sptr2) + 1; + } +@@ -199,12 +225,13 @@ + data[header_nlines] = (char *) data + header_size + + (image->height + ext_nlines) * sizeof(char *); + +- CreatePixels(data + header_nlines, image->width, image->height, ++ CreatePixels(data + header_nlines, data_size-header_nlines, image->width, image->height, + image->cpp, image->data, image->colorTable); + + /* print extensions */ + if (extensions) +- CreateExtensions(data + header_nlines + image->height - 1, offset, ++ CreateExtensions(data + header_nlines + image->height - 1, ++ data_size - header_nlines - image->height + 1, offset, + info->extensions, info->nextensions, + ext_nlines); + +@@ -229,18 +256,27 @@ + for (a = 0; a < ncolors; a++, colors++, dataptr++) { + + defaults = (char **) colors; ++ if(sizeof(buf) <= cpp) ++ return(XpmNoMemory); + strncpy(buf, *defaults++, cpp); + s = buf + cpp; + ++ if(sizeof(buf) <= (s-buf)) ++ return XpmNoMemory; ++ + for (key = 1; key <= NKEYS; key++, defaults++) { + if ((s2 = *defaults)) { + #ifndef VOID_SPRINTF + s += + #endif +- sprintf(s, "\t%s %s", xpmColorKeys[key - 1], s2); ++ /* assume C99 compliance */ ++ snprintf(s, sizeof(buf)-(s-buf), "\t%s %s", xpmColorKeys[key - 1], s2); + #ifdef VOID_SPRINTF +- s += strlen(s); ++ s += strlen(s); + #endif ++ /* does s point out-of-bounds? */ ++ if(sizeof(buf) < (s-buf)) ++ return XpmNoMemory; + } + } + l = s - buf + 1; +@@ -254,8 +290,9 @@ + } + + static void +-CreatePixels(dataptr, width, height, cpp, pixels, colors) ++CreatePixels(dataptr, data_size, width, height, cpp, pixels, colors) + char **dataptr; ++ unsigned int data_size; + unsigned int width; + unsigned int height; + unsigned int cpp; +@@ -265,21 +302,38 @@ + char *s; + unsigned int x, y, h, offset; + ++ if(height <= 1) ++ return; ++ + h = height - 1; ++ + offset = width * cpp + 1; ++ ++ if(offset <= width || offset <= cpp) ++ return; ++ ++ /* why trust h? */ + for (y = 0; y < h; y++, dataptr++) { + s = *dataptr; ++ /* why trust width? */ + for (x = 0; x < width; x++, pixels++) { +- strncpy(s, colors[*pixels].string, cpp); ++ if(cpp > (data_size - (s - *dataptr))) ++ return; ++ strncpy(s, colors[*pixels].string, cpp); /* why trust pixel? */ + s += cpp; + } + *s = '\0'; ++ if(offset > data_size) ++ return; + *(dataptr + 1) = *dataptr + offset; + } + /* duplicate some code to avoid a test in the loop */ + s = *dataptr; ++ /* why trust width? */ + for (x = 0; x < width; x++, pixels++) { +- strncpy(s, colors[*pixels].string, cpp); ++ if(cpp > data_size - (s - *dataptr)) ++ return; ++ strncpy(s, colors[*pixels].string, cpp); /* why should we trust *pixel? */ + s += cpp; + } + *s = '\0'; +@@ -312,8 +366,9 @@ + } + + static void +-CreateExtensions(dataptr, offset, ext, num, ext_nlines) ++CreateExtensions(dataptr, data_size, offset, ext, num, ext_nlines) + char **dataptr; ++ unsigned int data_size; + unsigned int offset; + XpmExtension *ext; + unsigned int num; +@@ -326,12 +381,12 @@ + dataptr++; + a = 0; + for (x = 0; x < num; x++, ext++) { +- sprintf(*dataptr, "XPMEXT %s", ext->name); ++ snprintf(*dataptr, data_size, "XPMEXT %s", ext->name); + a++; + if (a < ext_nlines) + *(dataptr + 1) = *dataptr + strlen(ext->name) + 8; + dataptr++; +- b = ext->nlines; ++ b = ext->nlines; /* can we trust these values? */ + for (y = 0, line = ext->lines; y < b; y++, line++) { + strcpy(*dataptr, *line); + a++; +diff -Nur lib/Xm/Xpmcreate.c lib/Xm/Xpmcreate.c +--- lib/Xm/Xpmcreate.c 2005-02-14 15:20:49.348039308 +0100 ++++ lib/Xm/Xpmcreate.c 2005-02-14 14:36:37.104801803 +0100 +@@ -44,6 +44,8 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + #include + +@@ -565,7 +567,7 @@ + */ + } else { + #endif +- int i; ++ unsigned int i; + + ncols = visual->map_entries; + cols = (XColor *) XpmCalloc(ncols, sizeof(XColor)); +@@ -723,6 +725,7 @@ + /* function call in case of error, frees only locally allocated variables */ + #undef RETURN + #define RETURN(status) \ ++do \ + { \ + if (ximage) XDestroyImage(ximage); \ + if (shapeimage) XDestroyImage(shapeimage); \ +@@ -733,7 +736,7 @@ + if (alloc_pixels) XpmFree(alloc_pixels); \ + if (used_pixels) XpmFree(used_pixels); \ + return (status); \ +-} ++} while(0) + + int + XpmCreateImageFromXpmImage(display, image, +@@ -804,7 +807,7 @@ + + ErrorStatus = XpmSuccess; + +- if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) ++ if (image->ncolors >= UINT_MAX / sizeof(Pixel)) + return (XpmNoMemory); + + /* malloc pixels index tables */ +@@ -950,9 +953,13 @@ + return (XpmNoMemory); + + #ifndef FOR_MSW +- if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) +- return XpmNoMemory; ++ if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) { ++ XDestroyImage(*image_return); ++ return XpmNoMemory; ++ } + /* now that bytes_per_line must have been set properly alloc data */ ++ if((*image_return)->bytes_per_line == 0 || height == 0) ++ return XpmNoMemory; + (*image_return)->data = + (char *) XpmMalloc((*image_return)->bytes_per_line * height); + +@@ -980,7 +987,7 @@ + LFUNC(_putbits, void, (register char *src, int dstoffset, + register int numbits, register char *dst)); + +-LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register int nb)); ++LFUNC(_XReverse_Bytes, int, (register unsigned char *bpt, register unsigned int nb)); + + static unsigned char Const _reverse_byte[0x100] = { + 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, +@@ -1020,12 +1027,12 @@ + static int + _XReverse_Bytes(bpt, nb) + register unsigned char *bpt; +- register int nb; ++ register unsigned int nb; + { + do { + *bpt = _reverse_byte[*bpt]; + bpt++; +- } while (--nb > 0); ++ } while (--nb > 0); /* is nb user-controled? */ + return 0; + } + +@@ -1164,7 +1171,7 @@ + register char *src; + register char *dst; + register unsigned int *iptr; +- register int x, y, i; ++ register unsigned int x, y, i; + register char *data; + Pixel pixel, px; + int nbytes, depth, ibu, ibpp; +@@ -1174,8 +1181,8 @@ + depth = image->depth; + if (depth == 1) { + ibu = image->bitmap_unit; +- for (y = 0; y < height; y++) +- for (x = 0; x < width; x++, iptr++) { ++ for (y = 0; y < height; y++) /* how can we trust height */ ++ for (x = 0; x < width; x++, iptr++) { /* how can we trust width */ + pixel = pixels[*iptr]; + for (i = 0, px = pixel; i < sizeof(unsigned long); + i++, px >>= 8) +@@ -1250,12 +1257,12 @@ + { + unsigned char *data; + unsigned int *iptr; +- int y; ++ unsigned int y; + Pixel pixel; + + #ifdef WITHOUT_SPEEDUPS + +- int x; ++ unsigned int x; + unsigned char *addr; + + data = (unsigned char *) image->data; +@@ -1292,7 +1299,7 @@ + + #else /* WITHOUT_SPEEDUPS */ + +- int bpl = image->bytes_per_line; ++ unsigned int bpl = image->bytes_per_line; + unsigned char *data_ptr, *max_data; + + data = (unsigned char *) image->data; +@@ -1360,11 +1367,11 @@ + { + unsigned char *data; + unsigned int *iptr; +- int y; ++ unsigned int y; + + #ifdef WITHOUT_SPEEDUPS + +- int x; ++ unsigned int x; + unsigned char *addr; + + data = (unsigned char *) image->data; +@@ -1388,7 +1395,7 @@ + + Pixel pixel; + +- int bpl = image->bytes_per_line; ++ unsigned int bpl = image->bytes_per_line; + unsigned char *data_ptr, *max_data; + + data = (unsigned char *) image->data; +@@ -1441,11 +1448,11 @@ + { + char *data; + unsigned int *iptr; +- int y; ++ unsigned int y; + + #ifdef WITHOUT_SPEEDUPS + +- int x; ++ unsigned int x; + + data = image->data; + iptr = pixelindex; +@@ -1455,7 +1462,7 @@ + + #else /* WITHOUT_SPEEDUPS */ + +- int bpl = image->bytes_per_line; ++ unsigned int bpl = image->bytes_per_line; + char *data_ptr, *max_data; + + data = image->data; +@@ -1490,12 +1497,12 @@ + PutImagePixels(image, width, height, pixelindex, pixels); + else { + unsigned int *iptr; +- int y; ++ unsigned int y; + char *data; + + #ifdef WITHOUT_SPEEDUPS + +- int x; ++ unsigned int x; + + data = image->data; + iptr = pixelindex; +@@ -1673,6 +1680,9 @@ + Pixel px; + int nbytes; + ++ if(x < 0 || y < 0) ++ return 0; ++ + for (i=0, px=pixel; i>=8) + ((unsigned char *)&pixel)[i] = px; + src = &ximage->data[XYINDEX(x, y, ximage)]; +@@ -1704,7 +1714,10 @@ + register int i; + register char *data; + Pixel px; +- int nbytes, ibpp; ++ unsigned int nbytes, ibpp; ++ ++ if(x < 0 || y < 0) ++ return 0; + + ibpp = ximage->bits_per_pixel; + if (ximage->depth == 4) +@@ -1737,6 +1750,9 @@ + { + unsigned char *addr; + ++ if(x < 0 || y < 0) ++ return 0; ++ + addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; + *((unsigned long *)addr) = pixel; + return 1; +@@ -1751,6 +1767,9 @@ + { + unsigned char *addr; + ++ if(x < 0 || y < 0) ++ return 0; ++ + addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; + addr[0] = pixel >> 24; + addr[1] = pixel >> 16; +@@ -1768,6 +1787,9 @@ + { + unsigned char *addr; + ++ if(x < 0 || y < 0) ++ return 0; ++ + addr = &((unsigned char *)ximage->data) [ZINDEX32(x, y, ximage)]; + addr[3] = pixel >> 24; + addr[2] = pixel >> 16; +@@ -1785,6 +1807,9 @@ + { + unsigned char *addr; + ++ if(x < 0 || y < 0) ++ return 0; ++ + addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)]; + addr[0] = pixel >> 8; + addr[1] = pixel; +@@ -1800,6 +1825,9 @@ + { + unsigned char *addr; + ++ if(x < 0 || y < 0) ++ return 0; ++ + addr = &((unsigned char *)ximage->data) [ZINDEX16(x, y, ximage)]; + addr[1] = pixel >> 8; + addr[0] = pixel; +@@ -1813,6 +1841,9 @@ + int y; + unsigned long pixel; + { ++ if(x < 0 || y < 0) ++ return 0; ++ + ximage->data[ZINDEX8(x, y, ximage)] = pixel; + return 1; + } +@@ -1824,6 +1855,9 @@ + int y; + unsigned long pixel; + { ++ if(x < 0 || y < 0) ++ return 0; ++ + if (pixel & 1) + ximage->data[ZINDEX1(x, y, ximage)] |= 0x80 >> (x & 7); + else +@@ -1838,6 +1872,9 @@ + int y; + unsigned long pixel; + { ++ if(x < 0 || y < 0) ++ return 0; ++ + if (pixel & 1) + ximage->data[ZINDEX1(x, y, ximage)] |= 1 << (x & 7); + else +@@ -1850,6 +1887,7 @@ + /* function call in case of error, frees only locally allocated variables */ + #undef RETURN + #define RETURN(status) \ ++do \ + { \ + if (USE_HASHTABLE) xpmHashTableFree(&hashtable); \ + if (colorTable) xpmFreeColorTable(colorTable, ncolors); \ +@@ -1865,7 +1903,7 @@ + if (alloc_pixels) XpmFree(alloc_pixels); \ + if (used_pixels) XpmFree(used_pixels); \ + return(status); \ +-} ++} while(0) + + /* + * This function parses an Xpm file or data and directly create an XImage +@@ -1997,7 +2035,7 @@ + xpmGetCmt(data, &colors_cmt); + + /* malloc pixels index tables */ +- if (ncolors >= SIZE_MAX / sizeof(Pixel)) ++ if (ncolors >= UINT_MAX / sizeof(Pixel)) + return XpmNoMemory; + + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); +@@ -2109,7 +2147,7 @@ + * free the hastable + */ + if (ErrorStatus != XpmSuccess) +- RETURN(ErrorStatus) ++ RETURN(ErrorStatus); + else if (USE_HASHTABLE) + xpmHashTableFree(&hashtable); + +@@ -2258,11 +2296,11 @@ + + /* array of pointers malloced by need */ + unsigned short *cidx[256]; +- int char1; ++ unsigned int char1; + + bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */ + for (a = 0; a < ncolors; a++) { +- char1 = colorTable[a].string[0]; ++ char1 = (unsigned char) colorTable[a].string[0]; + if (cidx[char1] == NULL) { /* get new memory */ + cidx[char1] = (unsigned short *) + XpmCalloc(256, sizeof(unsigned short)); +@@ -2280,7 +2318,7 @@ + int cc1 = xpmGetC(data); + if (cc1 > 0 && cc1 < 256) { + int cc2 = xpmGetC(data); +- if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) { ++ if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) { + #ifndef FOR_MSW + XPutPixel(image, x, y, + image_pixels[cidx[cc1][cc2] - 1]); +diff -Nur lib/Xm/Xpmdata.c lib/Xm/Xpmdata.c +--- lib/Xm/Xpmdata.c 2005-02-14 15:20:49.343040299 +0100 ++++ lib/Xm/Xpmdata.c 2005-02-14 14:38:22.161975990 +0100 +@@ -33,6 +33,8 @@ + * Developed by Arnaud Le Hors * + \*****************************************************************************/ + ++/* October 2004, source code review by Thomas Biege */ ++ + /* Official version number */ + static char *RCS_Version = "$XpmVersion: 3.4i $"; + +@@ -279,7 +281,7 @@ + } + ungetc(c, file); + } +- return (n); ++ return (n); /* this returns bytes read + 1 */ + } + + /* +@@ -376,8 +378,9 @@ + { + if (!mdata->type) + *cmt = NULL; +- else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) { +- *cmt = (char *) XpmMalloc(mdata->CommentLength + 1); ++ else if (mdata->CommentLength != 0 && mdata->CommentLength < UINT_MAX - 1) { ++ if( (*cmt = (char *) XpmMalloc(mdata->CommentLength + 1)) == NULL) ++ return XpmNoMemory; + strncpy(*cmt, mdata->Comment, mdata->CommentLength); + (*cmt)[mdata->CommentLength] = '\0'; + mdata->CommentLength = 0; +@@ -405,7 +408,7 @@ + xpmParseHeader(mdata) + xpmData *mdata; + { +- char buf[BUFSIZ]; ++ char buf[BUFSIZ+1] = {0}; + int l, n = 0; + + if (mdata->type) { +diff -Nur lib/Xm/Xpmhashtab.c lib/Xm/Xpmhashtab.c +--- lib/Xm/Xpmhashtab.c 2005-02-14 15:20:49.342040497 +0100 ++++ lib/Xm/Xpmhashtab.c 2005-02-14 14:39:44.386676330 +0100 +@@ -144,13 +144,13 @@ + unsigned int size = table->size; + xpmHashAtom *t, *p; + int i; +- int oldSize = size; ++ unsigned int oldSize = size; + + t = atomTable; + HASH_TABLE_GROWS + table->size = size; + table->limit = size / 3; +- if (size >= SIZE_MAX / sizeof(*atomTable)) ++ if (size >= UINT_MAX / sizeof(*atomTable)) + return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); + if (!atomTable) +@@ -212,7 +212,7 @@ + table->size = INITIAL_HASH_SIZE; + table->limit = table->size / 3; + table->used = 0; +- if (table->size >= SIZE_MAX / sizeof(*atomTable)) ++ if (table->size >= UINT_MAX / sizeof(*atomTable)) + return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); + if (!atomTable) +--- lib/Xm/XpmI.h 2005-02-14 15:20:49.344040101 +0100 ++++ lib/Xm/XpmI.h 2005-02-14 14:24:12.903327195 +0100 +@@ -108,8 +109,10 @@ + * lets try to solve include files + */ + ++#include + #include + #include ++#include + /* stdio.h doesn't declare popen on a Sequent DYNIX OS */ + #ifdef sequent + extern FILE *popen(); +diff -Nur lib/Xm/Xpmmisc.c lib/Xm/Xpmmisc.c +--- lib/Xm/Xpmmisc.c 2002-01-10 21:57:09.000000000 +0100 ++++ lib/Xm/Xpmmisc.c 2005-02-14 14:24:12.907326402 +0100 +@@ -52,7 +52,7 @@ + char *s1; + { + char *s2; +- int l = strlen(s1) + 1; ++ size_t l = strlen(s1) + 1; + + if (s2 = (char *) XpmMalloc(l)) + strcpy(s2, s1); +diff -Nur lib/Xm/Xpmparse.c lib/Xm/Xpmparse.c +--- lib/Xm/Xpmparse.c 2005-02-14 15:20:49.349039110 +0100 ++++ lib/Xm/Xpmparse.c 2005-02-14 14:46:55.361242890 +0100 +@@ -49,21 +49,21 @@ + #include + + #ifdef HAS_STRLCAT +-# define STRLCAT(dst, src, dstsize) { \ ++# define STRLCAT(dst, src, dstsize) do { \ + if (strlcat(dst, src, dstsize) >= (dstsize)) \ +- return (XpmFileInvalid); } +-# define STRLCPY(dst, src, dstsize) { \ ++ return (XpmFileInvalid); } while(0) ++# define STRLCPY(dst, src, dstsize) do { \ + if (strlcpy(dst, src, dstsize) >= (dstsize)) \ +- return (XpmFileInvalid); } ++ return (XpmFileInvalid); } while(0) + #else +-# define STRLCAT(dst, src, dstsize) { \ ++# define STRLCAT(dst, src, dstsize) do { \ + if ((strlen(dst) + strlen(src)) < (dstsize)) \ + strcat(dst, src); \ +- else return (XpmFileInvalid); } +-# define STRLCPY(dst, src, dstsize) { \ ++ else return (XpmFileInvalid); } while(0) ++# define STRLCPY(dst, src, dstsize) do { \ + if (strlen(src) < (dstsize)) \ + strcpy(dst, src); \ +- else return (XpmFileInvalid); } ++ else return (XpmFileInvalid); } while(0) + #endif + + LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, +@@ -83,6 +83,7 @@ + /* function call in case of error, frees only locally allocated variables */ + #undef RETURN + #define RETURN(status) \ ++do \ + { \ + if (colorTable) xpmFreeColorTable(colorTable, ncolors); \ + if (pixelindex) XpmFree(pixelindex); \ +@@ -90,7 +91,7 @@ + if (colors_cmt) XpmFree(colors_cmt); \ + if (pixels_cmt) XpmFree(pixels_cmt); \ + return(status); \ +-} ++} while(0) + + /* + * This function parses an Xpm file or data and store the found informations +@@ -354,7 +355,7 @@ + char **defaults; + int ErrorStatus; + +- if (ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ if (ncolors >= UINT_MAX / sizeof(XpmColor)) + return (XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); + if (!colorTable) +@@ -367,7 +368,7 @@ + /* + * read pixel value + */ +- if (cpp >= SIZE_MAX - 1) { ++ if (cpp >= UINT_MAX - 1) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +@@ -436,7 +437,7 @@ + xpmFreeColorTable(colorTable, ncolors); + return (XpmFileInvalid); + } +- len = strlen(curbuf) + 1; ++ len = strlen(curbuf) + 1; /* integer overflow just theoretically possible */ + s = defaults[curkey] = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); +@@ -455,7 +456,7 @@ + /* + * read pixel value + */ +- if (cpp >= SIZE_MAX - 1) { ++ if (cpp >= UINT_MAX - 1) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +@@ -500,7 +501,7 @@ + memcpy(s, curbuf, len); + color->c_color = s; + *curbuf = '\0'; /* reset curbuf */ +- if (a < ncolors - 1) ++ if (a < ncolors - 1) /* can we trust ncolors -> leave data's bounds */ + xpmNextString(data); /* get to the next string */ + } + } +@@ -519,11 +520,11 @@ + xpmHashTable *hashtable; + unsigned int **pixels; + { +- unsigned int *iptr, *iptr2; ++ unsigned int *iptr, *iptr2 = NULL; + unsigned int a, x, y; + +- if ((height > 0 && width >= SIZE_MAX / height) || +- width * height >= SIZE_MAX / sizeof(unsigned int)) ++ if ((height > 0 && width >= UINT_MAX / height) || ++ width * height >= UINT_MAX / sizeof(unsigned int)) + return XpmNoMemory; + #ifndef FOR_MSW + iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); +@@ -548,8 +549,10 @@ + { + unsigned short colidx[256]; + +- if (ncolors > 256) ++ if (ncolors > 256) { + return (XpmFileInvalid); ++ XpmFree(iptr2); /* found by Egbert Eich */ ++ } + + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) +@@ -576,16 +579,20 @@ + { + + /* free all allocated pointers at all exits */ +-#define FREE_CIDX {int f; for (f = 0; f < 256; f++) \ +-if (cidx[f]) XpmFree(cidx[f]);} ++#define FREE_CIDX \ ++do \ ++{ \ ++ int f; for (f = 0; f < 256; f++) \ ++ if (cidx[f]) XpmFree(cidx[f]); \ ++} while(0) + + /* array of pointers malloced by need */ + unsigned short *cidx[256]; +- int char1; ++ unsigned int char1; + + bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */ + for (a = 0; a < ncolors; a++) { +- char1 = colorTable[a].string[0]; ++ char1 = (unsigned char) colorTable[a].string[0]; + if (cidx[char1] == NULL) { /* get new memory */ + cidx[char1] = (unsigned short *) + XpmCalloc(256, sizeof(unsigned short)); +@@ -604,7 +611,7 @@ + int cc1 = xpmGetC(data); + if (cc1 > 0 && cc1 < 256) { + int cc2 = xpmGetC(data); +- if (cc2 > 0 && cc2 < 256 && cidx[cc1][cc2] != 0) ++ if (cc2 > 0 && cc2 < 256 && cidx[cc1] && cidx[cc1][cc2] != 0) + *iptr = cidx[cc1][cc2] - 1; + else { + FREE_CIDX; +@@ -628,8 +635,10 @@ + char *s; + char buf[BUFSIZ]; + +- if (cpp >= sizeof(buf)) ++ if (cpp >= sizeof(buf)) { + return (XpmFileInvalid); ++ XpmFree(iptr2); /* found by Egbert Eich */ ++ } + + buf[cpp] = '\0'; + if (USE_HASHTABLE) { +@@ -639,7 +648,7 @@ + xpmNextString(data); + for (x = 0; x < width; x++, iptr++) { + for (a = 0, s = buf; a < cpp; a++, s++) +- *s = xpmGetC(data); ++ *s = xpmGetC(data); /* int assigned to char, not a problem here */ + slot = xpmHashSlot(hashtable, buf); + if (!*slot) { /* no color matches */ + XpmFree(iptr2); +@@ -653,7 +662,7 @@ + xpmNextString(data); + for (x = 0; x < width; x++, iptr++) { + for (a = 0, s = buf; a < cpp; a++, s++) +- *s = xpmGetC(data); ++ *s = xpmGetC(data); /* int assigned to char, not a problem here */ + for (a = 0; a < ncolors; a++) + if (!strcmp(colorTable[a].string, buf)) + break; +@@ -708,7 +717,7 @@ + while (!notstart && notend) { + /* there starts an extension */ + ext = (XpmExtension *) +- XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); ++ XpmRealloc(exts, (num + 1) * sizeof(XpmExtension)); /* can the loop be forced to iterate often enough to make "(num + 1) * sizeof(XpmExtension)" wrapping? */ + if (!ext) { + XpmFree(string); + XpmFreeExtensions(exts, num); +@@ -745,7 +754,7 @@ + while ((notstart = strncmp("XPMEXT", string, 6)) + && (notend = strncmp("XPMENDEXT", string, 9))) { + sp = (char **) +- XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); ++ XpmRealloc(ext->lines, (nlines + 1) * sizeof(char *)); /* can we iterate enough for a wrapping? */ + if (!sp) { + XpmFree(string); + ext->nlines = nlines; +diff -Nur lib/Xm/XpmRdFToBuf.c lib/Xm/XpmRdFToBuf.c +--- lib/Xm/XpmRdFToBuf.c 2002-01-10 21:57:08.000000000 +0100 ++++ lib/Xm/XpmRdFToBuf.c 2005-02-14 14:24:12.904326997 +0100 +@@ -43,6 +43,8 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + #include + #if !defined(FOR_MSW) && !defined(WIN32) +@@ -64,7 +66,8 @@ + char *filename; + char **buffer_return; + { +- int fd, fcheck, len; ++ int fd, fcheck; ++ off_t len; + char *ptr; + struct stat stats; + FILE *fp; +@@ -88,7 +91,7 @@ + close(fd); + return XpmOpenFailed; + } +- len = (int) stats.st_size; ++ len = stats.st_size; + ptr = (char *) XpmMalloc(len + 1); + if (!ptr) { + fclose(fp); +diff -Nur lib/Xm/XpmRdFToI.c lib/Xm/XpmRdFToI.c +--- lib/Xm/XpmRdFToI.c 2002-01-10 21:57:08.000000000 +0100 ++++ lib/Xm/XpmRdFToI.c 2005-02-14 14:24:12.861335519 +0100 +@@ -38,6 +38,8 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + #include + #include +@@ -127,6 +129,12 @@ + /* + * open the given file to be read as an xpmData which is returned. + */ ++#ifndef NO_ZPIPE ++ FILE *Xpms_popen(char *cmd, const char *type); ++#else ++# define Xpms_popen popen ++#endif ++ + static int + OpenReadFile(filename, mdata) + char *filename; +@@ -144,17 +152,21 @@ + mdata->type = XPMFILE; + } else { + #ifndef NO_ZPIPE +- int len = strlen(filename); ++ size_t len = strlen(filename); ++ ++ if(len == 0 || ++ filename[len-1] == '/') ++ return(XpmOpenFailed); + if ((len > 2) && !strcmp(".Z", filename + (len - 2))) { + mdata->type = XPMPIPE; +- sprintf(buf, "uncompress -c \"%s\"", filename); +- if (!(mdata->stream.file = popen(buf, "r"))) ++ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename); ++ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) + return (XpmOpenFailed); + + } else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) { + mdata->type = XPMPIPE; +- sprintf(buf, "gunzip -qc \"%s\"", filename); +- if (!(mdata->stream.file = popen(buf, "r"))) ++ snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename); ++ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) + return (XpmOpenFailed); + + } else { +@@ -162,19 +174,19 @@ + if (!(compressfile = (char *) XpmMalloc(len + 4))) + return (XpmNoMemory); + +- sprintf(compressfile, "%s.Z", filename); ++ snprintf(compressfile, len+4, "%s.Z", filename); + if (!stat(compressfile, &status)) { +- sprintf(buf, "uncompress -c \"%s\"", compressfile); +- if (!(mdata->stream.file = popen(buf, "r"))) { ++ snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile); ++ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) { + XpmFree(compressfile); + return (XpmOpenFailed); + } + mdata->type = XPMPIPE; + } else { +- sprintf(compressfile, "%s.gz", filename); ++ snprintf(compressfile, len+4, "%s.gz", filename); + if (!stat(compressfile, &status)) { +- sprintf(buf, "gunzip -c \"%s\"", compressfile); +- if (!(mdata->stream.file = popen(buf, "r"))) { ++ snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile); ++ if (!(mdata->stream.file = Xpms_popen(buf, "r"))) { + XpmFree(compressfile); + return (XpmOpenFailed); + } +@@ -216,7 +228,7 @@ + break; + #ifndef NO_ZPIPE + case XPMPIPE: +- pclose(mdata->stream.file); ++ fclose(mdata->stream.file); + break; + #endif + } +diff -Nur lib/Xm/Xpmscan.c lib/Xm/Xpmscan.c +--- lib/Xm/Xpmscan.c 2005-02-14 15:20:49.345039902 +0100 ++++ lib/Xm/Xpmscan.c 2005-02-14 14:48:52.388044300 +0100 +@@ -43,12 +43,14 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + + #define MAXPRINTABLE 92 /* number of printable ascii chars + * minus \ and " for string compat + * and ? to avoid ANSI trigraphs. */ +- ++ /* " */ + static char *printable = + " .XoO+@#$%&*=-;:>,<1234567890qwertyuipasdfghjklzxcvbnmMNBVCZ\ + ASDFGHJKLPIUYTREWQ!~^/()_`'][{}|"; +@@ -163,12 +165,13 @@ + /* function call in case of error, frees only locally allocated variables */ + #undef RETURN + #define RETURN(status) \ ++do \ + { \ + if (pmap.pixelindex) XpmFree(pmap.pixelindex); \ + if (pmap.pixels) XpmFree(pmap.pixels); \ + if (colorTable) xpmFreeColorTable(colorTable, pmap.ncolors); \ + return(status); \ +-} ++} while(0) + + /* + * This function scans the given image and stores the found informations in +@@ -226,15 +229,15 @@ + else + cpp = 0; + +- if ((height > 0 && width >= SIZE_MAX / height) || +- width * height >= SIZE_MAX / sizeof(unsigned int)) ++ if ((height > 0 && width >= UINT_MAX / height) || ++ width * height >= UINT_MAX / sizeof(unsigned int)) + RETURN(XpmNoMemory); + pmap.pixelindex = + (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); + if (!pmap.pixelindex) + RETURN(XpmNoMemory); + +- if (pmap.size >= SIZE_MAX / sizeof(Pixel)) ++ if (pmap.size >= UINT_MAX / sizeof(Pixel)) + RETURN(XpmNoMemory); + + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); +@@ -292,7 +295,7 @@ + * color + */ + +- if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ if (pmap.ncolors >= UINT_MAX / sizeof(XpmColor)) + RETURN(XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); + if (!colorTable) +@@ -341,7 +344,7 @@ + + /* first get a character string */ + a = 0; +- if (cpp >= SIZE_MAX - 1) ++ if (cpp >= UINT_MAX - 1) + return (XpmNoMemory); + if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) + return (XpmNoMemory); +@@ -434,7 +437,7 @@ + } + + /* first get character strings and rgb values */ +- if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) ++ if (ncolors >= UINT_MAX / sizeof(XColor) || cpp >= UINT_MAX - 1) + return (XpmNoMemory); + xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); + if (!xcolors) +@@ -591,7 +594,7 @@ + char *dst; + unsigned int *iptr; + char *data; +- int x, y, i; ++ unsigned int x, y, i; + int bits, depth, ibu, ibpp, offset; + unsigned long lbt; + Pixel pixel, px; +@@ -693,7 +696,7 @@ + unsigned char *addr; + unsigned char *data; + unsigned int *iptr; +- int x, y; ++ unsigned int x, y; + unsigned long lbt; + Pixel pixel; + int depth; +@@ -758,7 +761,7 @@ + unsigned char *addr; + unsigned char *data; + unsigned int *iptr; +- int x, y; ++ unsigned int x, y; + unsigned long lbt; + Pixel pixel; + int depth; +@@ -803,7 +806,7 @@ + { + unsigned int *iptr; + unsigned char *data; +- int x, y; ++ unsigned int x, y; + unsigned long lbt; + Pixel pixel; + int depth; +@@ -836,7 +839,7 @@ + int (*storeFunc) (); + { + unsigned int *iptr; +- int x, y; ++ unsigned int x, y; + char *data; + Pixel pixel; + int xoff, yoff, offset, bpl; +diff -Nur lib/Xm/XpmWrFFrBuf.c lib/Xm/XpmWrFFrBuf.c +--- lib/Xm/XpmWrFFrBuf.c 2002-01-10 21:57:08.000000000 +0100 ++++ lib/Xm/XpmWrFFrBuf.c 2005-02-14 14:24:12.906326601 +0100 +@@ -38,6 +38,8 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + + int +@@ -55,7 +57,7 @@ + fcheck = fwrite(buffer, len, 1, fp); + fclose(fp); + if (fcheck != 1) +- return XpmOpenFailed; ++ return XpmOpenFailed; /* maybe use a better return value */ + + return XpmSuccess; + } +diff -Nur lib/Xm/XpmWrFFrI.c lib/Xm/XpmWrFFrI.c +--- lib/Xm/XpmWrFFrI.c 2005-02-14 15:20:49.343040299 +0100 ++++ lib/Xm/XpmWrFFrI.c 2005-02-14 14:50:25.766533589 +0100 +@@ -38,6 +38,8 @@ + #endif + + ++/* October 2004, source code review by Thomas Biege */ ++ + #include "XpmI.h" + #if !defined(NO_ZPIPE) && defined(WIN32) + # define popen _popen +@@ -98,7 +100,7 @@ + XpmInfo *info; + { + xpmData mdata; +- char *name, *dot, *s, new_name[BUFSIZ]; ++ char *name, *dot, *s, new_name[BUFSIZ] = {0}; + int ErrorStatus; + + /* open file to write */ +@@ -117,6 +119,8 @@ + #endif + /* let's try to make a valid C syntax name */ + if ((dot = index(name, '.'))) { ++ strncpy(new_name, name, sizeof(new_name)); ++ new_name[sizeof(new_name)-1] = 0; + strcpy(new_name, name); + /* change '.' to '_' */ + name = s = new_name; +@@ -127,7 +131,8 @@ + } + if ((dot = index(name, '-'))) { + if (name != new_name) { +- strcpy(new_name, name); ++ strncpy(new_name, name, sizeof(new_name)); ++ new_name[sizeof(new_name)-1] = 0; + name = new_name; + } + /* change '-' to '_' */ +@@ -244,7 +249,7 @@ + unsigned int x, y, h; + + h = height - 1; +- if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) ++ if (cpp != 0 && width >= (UINT_MAX - 3)/cpp) + return (XpmNoMemory); + p = buf = (char *) XpmMalloc(width * cpp + 3); + if (!buf) +@@ -296,6 +301,11 @@ + /* + * open the given file to be written as an xpmData which is returned + */ ++#ifndef NO_ZPIPE ++ FILE *Xpms_popen(char *cmd, const char *type); ++#else ++# define Xpms_popen popen ++#endif + static int + OpenWriteFile(filename, mdata) + char *filename; +@@ -311,16 +321,23 @@ + mdata->type = XPMFILE; + } else { + #ifndef NO_ZPIPE +- int len = strlen(filename); ++ size_t len = strlen(filename); ++ ++ if(len == 0 || ++ filename[0] == '/' || ++ strstr(filename, "../") != NULL || ++ filename[len-1] == '/') ++ return(XpmOpenFailed); ++ + if (len > 2 && !strcmp(".Z", filename + (len - 2))) { +- sprintf(buf, "compress > \"%s\"", filename); +- if (!(mdata->stream.file = popen(buf, "w"))) ++ snprintf(buf, sizeof(buf), "compress > \"%s\"", filename); ++ if (!(mdata->stream.file = Xpms_popen(buf, "w"))) + return (XpmOpenFailed); + + mdata->type = XPMPIPE; + } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { +- sprintf(buf, "gzip -q > \"%s\"", filename); +- if (!(mdata->stream.file = popen(buf, "w"))) ++ snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename); ++ if (!(mdata->stream.file = Xpms_popen(buf, "w"))) + return (XpmOpenFailed); + + mdata->type = XPMPIPE; +@@ -351,7 +368,7 @@ + break; + #ifndef NO_ZPIPE + case XPMPIPE: +- pclose(mdata->stream.file); ++ fclose(mdata->stream.file); + break; + #endif + } diff --git a/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch b/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch new file mode 100644 index 0000000..0bf4bcb --- /dev/null +++ b/patchsets/motif/2.2.3/04_all_CAN-2004-0914_sec8.patch @@ -0,0 +1,14 @@ +--- openMotif-2.2.3/lib/Xm/XpmWrFFrI.c.CAN-2004-0914_sec8 2004-11-29 15:04:10.105373839 +0100 ++++ openMotif-2.2.3/lib/Xm/XpmWrFFrI.c 2004-11-29 15:04:10.150367679 +0100 +@@ -322,10 +322,7 @@ + #ifndef NO_ZPIPE + size_t len = strlen(filename); + +- if(len == 0 || +- filename[0] == '/' || +- strstr(filename, "../") != NULL || +- filename[len-1] == '/') ++ if(len == 0) + return(XpmOpenFailed); + + if (len > 2 && !strcmp(".Z", filename + (len - 2))) { diff --git a/patchsets/motif/2.2.3/05_all_char_not_supported.patch b/patchsets/motif/2.2.3/05_all_char_not_supported.patch new file mode 100644 index 0000000..edd841b --- /dev/null +++ b/patchsets/motif/2.2.3/05_all_char_not_supported.patch @@ -0,0 +1,31 @@ +--- openMotif-2.2.3/lib/Xm/TextF.c.char_not_supported 2004-06-03 12:59:10.241822710 +0200 ++++ openMotif-2.2.3/lib/Xm/TextF.c 2004-06-03 13:02:18.987890852 +0200 +@@ -3723,20 +3723,17 @@ + cache_ptr = tmp = XmStackAlloc(buf_size, cache); + + tmp_str = (wchar_t *)str; +- ret_val = wctomb(tmp, *tmp_str); ++ // Fixed MZ BZ#1257: by Brad Despres + count = 0; +- while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) +- { +- count += 1; +- tmp += ret_val; +- buf_size -= ret_val; +- tmp_str++; +- ret_val = wctomb(tmp, *tmp_str); +- } +- ++ do { ++ ret_val = wctomb(tmp, *tmp_str); ++ count += 1; ++ tmp += ret_val; ++ buf_size -= ret_val; ++ tmp_str++; ++ } while ( (ret_val > 0)&& (buf_size >= MB_CUR_MAX) && (count < n) ) ; + if (ret_val == -1) /* bad character */ + return (False); +- + is_printable = XTextWidth(TextF_Font(tf), cache_ptr, tmp - cache_ptr); + XmStackFree(cache_ptr, cache); + return (is_printable); diff --git a/patchsets/motif/2.2.3/06_all_pixel_length.patch b/patchsets/motif/2.2.3/06_all_pixel_length.patch new file mode 100644 index 0000000..7aba08b --- /dev/null +++ b/patchsets/motif/2.2.3/06_all_pixel_length.patch @@ -0,0 +1,11 @@ +--- openMotif-2.2.3/lib/Xm/DataF.c.pixel_length 2004-06-03 15:11:52.932820812 +0200 ++++ openMotif-2.2.3/lib/Xm/DataF.c 2004-06-03 15:12:27.323091126 +0200 +@@ -8648,7 +8648,7 @@ + curr_str++; + i++; + } else { +- wchar_t tmp; ++ wchar_t tmp[XmTextF_max_char_size(tf)+1]; + int num_conv; + num_conv = mbtowc(&tmp, curr_str, XmTextF_max_char_size(tf)); + if (num_conv >= 0 && df_FindPixelLength(tf, (char*) &tmp, 1)) { diff --git a/patchsets/motif/2.2.3/07_all_popup_timeout.patch b/patchsets/motif/2.2.3/07_all_popup_timeout.patch new file mode 100644 index 0000000..f216abe --- /dev/null +++ b/patchsets/motif/2.2.3/07_all_popup_timeout.patch @@ -0,0 +1,12 @@ +--- openMotif-2.2.3/lib/Xm/MenuUtil.c.popup_timeout 2002-01-31 15:49:35.000000000 +0100 ++++ openMotif-2.2.3/lib/Xm/MenuUtil.c 2004-06-08 17:14:46.311285603 +0200 +@@ -156,6 +156,9 @@ + cursor, time)) == GrabSuccess) + break; + ++ if (status == GrabInvalidTime) ++ time = CurrentTime; ++ + XmeMicroSleep(1000); + } + if (status != GrabSuccess) diff --git a/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch b/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch new file mode 100644 index 0000000..5982f72 --- /dev/null +++ b/patchsets/motif/2.2.3/08_all_XmResizeHashTable.patch @@ -0,0 +1,11 @@ +--- lib/Xm/Hash.c ++++ lib/Xm/Hash.c +@@ -198,6 +198,8 @@ + } else { + table -> buckets[index] = current; + } ++ } else { ++ last = current; + } + current = next; + } diff --git a/patchsets/motif/2.2.3/09_all_utf8.patch b/patchsets/motif/2.2.3/09_all_utf8.patch new file mode 100644 index 0000000..bb7c7f8 --- /dev/null +++ b/patchsets/motif/2.2.3/09_all_utf8.patch @@ -0,0 +1,77 @@ +--- openMotif-2.2.3/tools/wml/UilSymCSet.h.utf8 2004-03-04 17:41:48.000000000 +0100 ++++ openMotif-2.2.3/tools/wml/UilSymCSet.h 2004-03-17 12:54:23.000000000 +0100 +@@ -32,6 +32,7 @@ + "JISX0201.1976-0", /* jis_katakana */ + "KSC5601.1987-0", /* ksc_hangul */ + "KSC5601.1987-1", /* ksc_hangul_gr */ ++ "UTF-8", /* utf-8 */ + }; + externaldef(uil_sym_glbl) char **charset_xmstring_names_table = + charset_xmstring_names_table_vec; +@@ -66,6 +67,7 @@ + XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */ + XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */ + XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */ ++ XmSTRING_DIRECTION_L_TO_R, /* utf-8 */ + }; + externaldef(uil_sym_glbl) unsigned char *charset_writing_direction_table = + charset_wrdirection_table_vec; +@@ -100,6 +102,7 @@ + XmSTRING_DIRECTION_L_TO_R, /* jis_katakana */ + XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul */ + XmSTRING_DIRECTION_L_TO_R, /* ksc_hangul_gr */ ++ XmSTRING_DIRECTION_L_TO_R, /* utf-8 */ + }; + externaldef(uil_sym_glbl) unsigned char *charset_parsing_direction_table = + charset_parsdirection_table_vec; +@@ -134,6 +137,7 @@ + sym_k_onebyte_charsize, /* jis_katakana */ + sym_k_twobyte_charsize, /* ksc_hangul */ + sym_k_twobyte_charsize, /* ksc_hangul_gr */ ++ sym_k_onebyte_charsize, /* utf-8 */ + }; + externaldef(uil_sym_glbl) unsigned char *charset_character_size_table = + charset_charsize_table_vec; +@@ -215,6 +219,7 @@ + "KSC_HANGUL_GL", /* ksc_hangul */ + "KSC_HANGUL_GR", /* ksc_hangul_gr */ + "KSC5601.1987-1", /* ksc_hangul_gr */ ++ "UTF-8", /* utf-8 */ + }; + externaldef(uil_sym_glbl) char **charset_lang_names_table = + charset_lang_names_table_vec; +@@ -295,10 +300,11 @@ + sym_k_ksc_hangul_charset, + sym_k_ksc_hangul_gr_charset, + sym_k_ksc_hangul_gr_charset, ++ sym_k_utf8_charset, + }; + externaldef(uil_sym_glbl) unsigned short int *charset_lang_codes_table = + charset_lang_codes_table_vec; + /* + * The number of entries in charset_lang_..._table tables + */ +-externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 72; ++externaldef(uil_sym_glbl) unsigned short int charset_lang_table_max = 73; +--- openMotif-2.2.3/tools/wml/UilSymGen.h.utf8 2004-03-04 17:41:48.000000000 +0100 ++++ openMotif-2.2.3/tools/wml/UilSymGen.h 2004-03-17 12:54:23.000000000 +0100 +@@ -1417,6 +1417,7 @@ + #define sym_k_jis_katakana_charset 21 + #define sym_k_ksc_hangul_charset 22 + #define sym_k_ksc_hangul_gr_charset 23 ++#define sym_k_utf8_charset 24 + + /* Define literals for automatic children */ + +--- openMotif-2.2.3/tools/wml/motif.wml.utf8 2003-10-08 23:07:47.000000000 +0200 ++++ openMotif-2.2.3/tools/wml/motif.wml 2004-03-17 12:56:09.000000000 +0100 +@@ -163,6 +163,9 @@ + ksc_hangul_gr + { XmStringCharsetName = "KSC5601.1987-1"; + CharacterSize = TwoByte; }; ++ utf8 ++ { XmStringCharsetName = "UTF-8"; }; ++ + XmFONTLIST_DEFAULT_TAG + { FontListElementTag = XmFONTLIST_DEFAULT_TAG; }; + diff --git a/patchsets/motif/2.2.3/10_all_no_demos.patch b/patchsets/motif/2.2.3/10_all_no_demos.patch new file mode 100644 index 0000000..d0a3969 --- /dev/null +++ b/patchsets/motif/2.2.3/10_all_no_demos.patch @@ -0,0 +1,101 @@ +--- openmotif/configure.in.no_demos 2003-09-19 18:40:33.000000000 +0200 ++++ openmotif/configure.in 2003-12-16 12:16:33.000000000 +0100 +@@ -259,88 +259,4 @@ + doc/man/man5/Makefile \ + tools/Makefile \ + tools/wml/Makefile \ +-demos/Makefile \ +-demos/lib/Makefile \ +-demos/lib/Xmd/Makefile \ +-demos/lib/Wsm/Makefile \ +-demos/lib/Exm/Makefile \ +-demos/lib/Exm/wml/Makefile \ +-demos/programs/Makefile \ +-demos/programs/Exm/Makefile \ +-demos/programs/Exm/app_in_c/Makefile \ +-demos/programs/Exm/app_in_uil/Makefile \ +-demos/programs/Exm/simple_app/Makefile \ +-demos/programs/airport/Makefile \ +-demos/programs/animate/Makefile \ +-demos/programs/drag_and_drop/Makefile \ +-demos/programs/draw/Makefile \ +-demos/programs/earth/Makefile \ +-demos/programs/filemanager/Makefile \ +-demos/programs/fileview/Makefile \ +-demos/programs/getsubres/Makefile \ +-demos/programs/hellomotif/Makefile \ +-demos/programs/hellomotifi18n/Makefile \ +-demos/programs/hellomotifi18n/C/Makefile \ +-demos/programs/hellomotifi18n/C/uid/Makefile \ +-demos/programs/hellomotifi18n/english/Makefile \ +-demos/programs/hellomotifi18n/english/uid/Makefile \ +-demos/programs/hellomotifi18n/french/Makefile \ +-demos/programs/hellomotifi18n/french/uid/Makefile \ +-demos/programs/hellomotifi18n/hebrew/Makefile \ +-demos/programs/hellomotifi18n/hebrew/uid/Makefile \ +-demos/programs/hellomotifi18n/japan/Makefile \ +-demos/programs/hellomotifi18n/japan/uid/Makefile \ +-demos/programs/hellomotifi18n/japanese/Makefile \ +-demos/programs/hellomotifi18n/japanese/uid/Makefile \ +-demos/programs/hellomotifi18n/swedish/Makefile \ +-demos/programs/hellomotifi18n/swedish/uid/Makefile \ +-demos/programs/i18ninput/Makefile \ +-demos/programs/panner/Makefile \ +-demos/programs/periodic/Makefile \ +-demos/programs/piano/Makefile \ +-demos/programs/popups/Makefile \ +-demos/programs/sampler2_0/Makefile \ +-demos/programs/setdate/Makefile \ +-demos/programs/todo/Makefile \ +-demos/programs/workspace/Makefile \ +-demos/programs/tooltips/Makefile \ +-demos/programs/FontSel/Makefile \ +-demos/programs/ButtonBox/Makefile \ +-demos/programs/ColorSel/Makefile \ +-demos/programs/Column/Makefile \ +-demos/programs/DropDown/Makefile \ +-demos/programs/MultiList/Makefile \ +-demos/programs/MultiList/pixmaps/Makefile \ +-demos/programs/IconB/Makefile \ +-demos/programs/Outline/Makefile \ +-demos/programs/Paned/Makefile \ +-demos/programs/TabStack/Makefile \ +-demos/programs/Tree/Makefile \ +-demos/programs/pixmaps/Makefile \ +-demos/unsupported/Makefile \ +-demos/unsupported/Exm/Makefile \ +-demos/unsupported/aicon/Makefile \ +-demos/unsupported/dainput/Makefile \ +-demos/unsupported/dogs/Makefile \ +-demos/unsupported/hellomotif/Makefile \ +-demos/unsupported/motifshell/Makefile \ +-demos/unsupported/uilsymdump/Makefile \ +-demos/unsupported/xmapdef/Makefile \ +-demos/unsupported/xmfonts/Makefile \ +-demos/unsupported/xmforc/Makefile \ +-demos/unsupported/xmform/Makefile \ +-demos/doc/Makefile \ +-demos/doc/programGuide/Makefile \ +-demos/doc/programGuide/ch05/Makefile \ +-demos/doc/programGuide/ch05/Scale/Makefile \ +-demos/doc/programGuide/ch06/Makefile \ +-demos/doc/programGuide/ch06/spin_box/Makefile \ +-demos/doc/programGuide/ch06/combo_box/Makefile \ +-demos/doc/programGuide/ch08/Makefile \ +-demos/doc/programGuide/ch08/Notebook/Makefile \ +-demos/doc/programGuide/ch08/Container/Makefile \ +-demos/doc/programGuide/ch16/Makefile \ +-demos/doc/programGuide/ch17/Makefile \ +-demos/doc/programGuide/ch17/simple_drop/Makefile \ +-demos/doc/programGuide/ch17/simple_drag/Makefile \ + ]) +--- openmotif/Makefile.am.no_demos 2003-12-16 12:17:02.000000000 +0100 ++++ openmotif/Makefile.am 2003-12-16 12:17:03.000000000 +0100 +@@ -28,6 +28,5 @@ + include \ + tools \ + clients \ +- doc \ +- demos ++ doc + AUTOMAKE_OPTIONS = 1.4 diff --git a/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch b/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch new file mode 100644 index 0000000..f70a884 --- /dev/null +++ b/patchsets/motif/2.2.3/11_all_CAN-2005-0605.patch @@ -0,0 +1,38 @@ +--- lib/Xm/Xpmscan.c.orig 2005-03-02 17:00:16.415070960 +0100 ++++ lib/Xm/Xpmscan.c 2005-03-02 17:01:38.949709879 +0100 +@@ -672,8 +672,8 @@ + char *dst; + unsigned int *iptr; + char *data; +- unsigned int x, y, i; +- int bits, depth, ibu, ibpp, offset; ++ unsigned int x, y; ++ int bits, depth, ibu, ibpp, offset, i; + unsigned long lbt; + Pixel pixel, px; + +@@ -684,6 +684,9 @@ + ibpp = image->bits_per_pixel; + offset = image->xoffset; + ++ if (image->bitmap_unit < 0) ++ return (XpmNoMemory); ++ + if ((image->bits_per_pixel | image->depth) == 1) { + ibu = image->bitmap_unit; + for (y = 0; y < height; y++) +--- lib/Xm/Xpmcreate.c.orig 2005-03-02 17:02:00.626412844 +0100 ++++ lib/Xm/Xpmcreate.c 2005-03-02 17:02:35.183562480 +0100 +@@ -1265,10 +1265,10 @@ + register char *src; + register char *dst; + register unsigned int *iptr; +- register unsigned int x, y, i; ++ register unsigned int x, y; + register char *data; + Pixel pixel, px; +- int nbytes, depth, ibu, ibpp; ++ int nbytes, depth, ibu, ibpp, i; + + data = image->data; + iptr = pixelindex; diff --git a/patchsets/motif/2.2.3/12_all_uil.patch b/patchsets/motif/2.2.3/12_all_uil.patch new file mode 100644 index 0000000..45e0b8e --- /dev/null +++ b/patchsets/motif/2.2.3/12_all_uil.patch @@ -0,0 +1,350 @@ +--- openMotif-2.2.3/lib/Mrm/Mrmhier.c.UIL 2002-01-11 14:56:24.000000000 +0100 ++++ openMotif-2.2.3/lib/Mrm/Mrmhier.c 2005-12-31 07:42:31.485196184 +0100 +@@ -712,7 +712,7 @@ + * Local variables + */ + Cardinal result; /* function results */ +- char dummy[300]; /* file name (unused) */ ++ char *dummy; /* file name (unused) */ + char err_stg[300]; + + /* +@@ -764,11 +764,13 @@ + + if (resolvedname == 0) + { +- sprintf (err_stg, _MrmMMsg_0031, name) ; ++ snprintf (err_stg, 300, _MrmMMsg_0031, name) ; + return Urm__UT_Error ("I18NOpenFile", err_stg, NULL, NULL, MrmNOT_FOUND); + } + ++ dummy = XtMalloc(strlen(resolvedname)+1); + result = UrmIdbOpenFileRead (resolvedname, os_ext, file_id_return, dummy) ; ++ XtFree(dummy); + switch ( result ) + { + case MrmSUCCESS: +--- openMotif-2.2.3/clients/uil/UilIODef.h.UIL 2002-01-04 22:13:33.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilIODef.h 2005-12-31 07:42:15.129682600 +0100 +@@ -69,13 +69,18 @@ + #define NULL 0L + #endif + ++#include ++#ifndef PATH_MAX ++# define PATH_MAX 256 ++#endif ++ + typedef struct + { + FILE *az_file_ptr; + char *c_buffer; + boolean v_position_before_get; + z_key last_key; +- char expanded_name[ 256 ]; ++ char expanded_name[ PATH_MAX ]; + } uil_fcb_type; + + #endif /* UilIODef_h */ +--- openMotif-2.2.3/clients/uil/UilLstLst.c.UIL 2002-01-10 21:55:43.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilLstLst.c 2005-12-31 07:42:19.447026264 +0100 +@@ -164,7 +164,7 @@ + lst_l_page_no = 0; + lst_v_listing_open = TRUE; + +- sprintf(lst_c_title1, ++ snprintf(lst_c_title1, 132, + "%s %s \t%s\t\t Page ", + _host_compiler, _compiler_version, + current_time(&ctime_buf)); +@@ -270,6 +270,17 @@ + { + /* place the file name in the expanded_name buffer */ + ++ if (strlen(Uil_cmd_z_command.ac_listing_file) >= PATH_MAX) ++ { ++ char *p; ++ int len=0; ++ if((p = rindex(Uil_cmd_z_command.ac_listing_file, '/')) != NULL) ++ len = strlen(++p); ++ if(p == NULL || len >= PATH_MAX) ++ p = ""; ++ strcpy(az_fcb->expanded_name, p); ++ return src_k_open_error; ++ } + strcpy(az_fcb->expanded_name, Uil_cmd_z_command.ac_listing_file); + + /* open the file */ +@@ -529,7 +540,7 @@ + char buffer [132]; + + az_fcb = src_az_source_file_table [i]; +- sprintf (buffer, ++ snprintf (buffer, 132, + " File (%d) %s", + i, az_fcb->expanded_name ); + lst_output_line( buffer, FALSE ); +@@ -598,7 +609,7 @@ + } + + +- sprintf(buffer, "%s (%d) %s", ++ snprintf(buffer, 132, "%s (%d) %s", + diag_get_message_abbrev( az_msg->l_message_number ), + msg_no, + az_msg->c_text); +--- openMotif-2.2.3/clients/uil/UilP2Out.c.UIL 2002-01-10 21:55:44.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilP2Out.c 2005-12-31 07:42:23.022482712 +0100 +@@ -189,7 +189,7 @@ + int topmost_index; + struct + { MrmOsOpenParam os_param; +- char result_file[256]; ++ char result_file[PATH_MAX]; + } uid_fcb; + + +@@ -234,15 +234,20 @@ + if (sym_az_module_entry->az_version != NULL) + module_version = sym_az_module_entry->az_version->value.c_value; + +- urm_status = UrmIdbOpenFileWrite +- ( Uil_cmd_z_command.ac_resource_file, +- & uid_fcb.os_param, +- _host_compiler, +- _compiler_version, +- module_name, +- module_version, +- &out_az_idbfile_id, +- uid_fcb.result_file ); ++ if (strlen(Uil_cmd_z_command.ac_resource_file) < PATH_MAX) ++ { ++ urm_status = UrmIdbOpenFileWrite ++ ( Uil_cmd_z_command.ac_resource_file, ++ & uid_fcb.os_param, ++ _host_compiler, ++ _compiler_version, ++ module_name, ++ module_version, ++ &out_az_idbfile_id, ++ uid_fcb.result_file ); ++ } else { ++ urm_status = MrmFAILURE; ++ } + + if (urm_status != MrmSUCCESS) + { +@@ -2961,7 +2966,7 @@ + { + char buffer[132]; + +- sprintf(buffer, "while %s encountered %s", ++ snprintf(buffer, 132, "while %s encountered %s", + problem, + Urm__UT_LatestErrorMessage()); + +--- openMotif-2.2.3/clients/uil/UilSrcSrc.c.UIL 2002-01-10 21:55:47.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilSrcSrc.c 2005-12-31 07:42:27.176851152 +0100 +@@ -626,11 +626,15 @@ + static unsigned short main_dir_len = 0; + boolean main_file; + int i; /* loop index through include files */ +- char buffer[256]; ++ char buffer[PATH_MAX]; ++ int c_file_name_len; + ++ az_fcb->az_file_ptr = NULL; ++ c_file_name_len = strlen(c_file_name); + + /* place the file name in the expanded_name buffer */ +- ++ if(c_file_name_len >= PATH_MAX) ++ return src_k_open_error; + strcpy(buffer, c_file_name); + + /* Determine if this is the main file or an include file. */ +@@ -644,7 +648,7 @@ + + /* Save the directory info for the main file. */ + +- for (len = strlen (c_file_name), ++ for (len = c_file_name_len, + ptr = & c_file_name [len - 1]; + len > 0; len--, ptr--) { + if ((* ptr) == '/') { +@@ -673,9 +677,11 @@ + } + + if (!specific_directory) { ++ if (main_dir_len + c_file_name_len >= PATH_MAX) ++ goto open_label; + _move (buffer, main_fcb -> expanded_name, main_dir_len); + _move (& buffer [main_dir_len], +- c_file_name, strlen (c_file_name) + 1); /* + NULL */ ++ c_file_name, c_file_name_len + 1); /* + NULL */ + } else { + strcpy (buffer, c_file_name); + } +@@ -695,16 +701,22 @@ + + for (i = 0; i < Uil_cmd_z_command.include_dir_count; i++) { + int inc_dir_len; ++ int need_slash=0; + + inc_dir_len = strlen (Uil_cmd_z_command.ac_include_dir[i]); + if (inc_dir_len == 0) { + search_user_include = False; + } ++ if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') ++ need_slash=1; ++ if (inc_dir_len + need_slash + c_file_name_len >= PATH_MAX) ++ goto open_label; ++ + _move (buffer, Uil_cmd_z_command.ac_include_dir[i], inc_dir_len); + + /* Add '/' if not specified at end of directory */ + +- if (Uil_cmd_z_command.ac_include_dir[i][inc_dir_len - 1] != '/') { ++ if (need_slash) { + buffer [inc_dir_len] = '/'; + inc_dir_len++; + }; +@@ -723,9 +735,11 @@ + + /* Look in the default include directory. */ + if (search_user_include) { ++ if (sizeof(c_include_dir)-1 + c_file_name_len >= PATH_MAX) ++ goto open_label; + _move(buffer, c_include_dir, sizeof c_include_dir - 1); /* no NULL */ + _move(&buffer[sizeof c_include_dir - 1], +- c_file_name, strlen (c_file_name) + 1); /* + NULL */ ++ c_file_name, c_file_name_len + 1); /* + NULL */ + + /* Open the include file. */ + az_fcb->az_file_ptr = fopen (buffer, "r"); +--- openMotif-2.2.3/clients/uil/UilSarMod.c.UIL 2002-01-10 21:55:45.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilSarMod.c 2005-12-31 07:42:35.593571616 +0100 +@@ -379,7 +379,7 @@ + */ + + if (Uil_cmd_z_command.v_listing_file) +- sprintf(Uil_lst_c_title2, ++ snprintf(Uil_lst_c_title2, 132, + "Module: %s", + name_entry->c_text ); + +@@ -479,7 +479,7 @@ + */ + + if (Uil_cmd_z_command.v_listing_file) +- sprintf(Uil_lst_c_title2, ++ snprintf(Uil_lst_c_title2, 132, + "Module: %s \t Version: %s", + sym_az_module_entry->obj_header.az_name->c_text, + value_entry->value.c_value ); +--- openMotif-2.2.3/clients/uil/UilDiags.c.UIL 2002-01-10 21:55:42.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilDiags.c 2005-12-31 07:42:39.273012256 +0100 +@@ -293,12 +293,12 @@ + va_start(ap, l_start_column); + + #ifndef NO_MESSAGE_CATALOG +- vsprintf( msg_buffer, ++ vsnprintf( msg_buffer, 132, + catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ], + diag_rz_msg_table[ message_number ].ac_text), + ap ); + #else +- vsprintf( msg_buffer, ++ vsnprintf( msg_buffer, 132, + diag_rz_msg_table[ message_number ].ac_text, + ap ); + #endif +@@ -317,13 +317,13 @@ + */ + + #ifndef NO_MESSAGE_CATALOG +- sprintf( loc_buffer, ++ snprintf( loc_buffer, 132, + catgets(uil_catd, UIL_SET_MISC, + UIL_MISC_0, "\t\t line: %d file: %s"), + az_src_rec->w_line_number, + src_get_file_name( az_src_rec ) ); + #else +- sprintf( loc_buffer, ++ snprintf( loc_buffer, 132, + "\t\t line: %d file: %s", + az_src_rec->w_line_number, + src_get_file_name( az_src_rec ) ); +@@ -371,7 +371,7 @@ + + if (l_start_column != diag_k_no_column) + #ifndef NO_MESSAGE_CATALOG +- sprintf(loc_buffer, ++ snprintf(loc_buffer, 132, + catgets(uil_catd, UIL_SET_MISC, + UIL_MISC_1, + "\t\t line: %d position: %d file: %s"), +@@ -379,7 +379,7 @@ + l_start_column + 1, + src_get_file_name( az_src_rec ) ); + #else +- sprintf(loc_buffer, ++ snprintf(loc_buffer, 132, + "\t\t line: %d position: %d file: %s", + az_src_rec->w_line_number, + l_start_column + 1, +@@ -387,13 +387,13 @@ + #endif + else + #ifndef NO_MESSAGE_CATALOG +- sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC, ++ snprintf( loc_buffer, 132, catgets(uil_catd, UIL_SET_MISC, + UIL_MISC_0, + "\t\t line: %d file: %s"), + az_src_rec->w_line_number, + src_get_file_name( az_src_rec ) ); + #else +- sprintf( loc_buffer, ++ snprintf( loc_buffer, 132, + "\t\t line: %d file: %s", + az_src_rec->w_line_number, + src_get_file_name( az_src_rec ) ); +--- openMotif-2.2.3/clients/uil/UilSymDef.h.UIL 2002-01-04 22:13:38.000000000 +0100 ++++ openMotif-2.2.3/clients/uil/UilSymDef.h 2005-12-31 07:42:44.106277488 +0100 +@@ -65,6 +65,11 @@ + + #include + #include ++#include ++#ifndef PATH_MAX ++# define PATH_MAX 256 ++#endif ++ + + /* + ** constraint check access macro +@@ -874,10 +879,10 @@ + sym_section_entry_type *sections; + /* pointer to a section list; this list is all of the sections that */ + /* exist in this include file. */ +- char file_name[255]; ++ char file_name[PATH_MAX]; + /* the file name as specified in the include statement in the UIL */ + /* source. */ +- char full_file_name[255]; ++ char full_file_name[PATH_MAX]; + /* the expanded name for the include file actually opened. */ + } sym_include_file_entry_type; + +@@ -894,9 +899,9 @@ + /* common header */ + struct _src_source_record_type *src_record_list; + /* pointer to a list of source records. */ +- char file_name[255]; ++ char file_name[PATH_MAX]; + /* the main UIL file name as specified on the command line. */ +- char full_file_name[255]; ++ char full_file_name[PATH_MAX]; + /* the expanded name for the main UIL file that was actually */ + /* opened. */ + sym_section_entry_type *sections; diff --git a/patchsets/motif/2.2.3/13_all_automake.patch b/patchsets/motif/2.2.3/13_all_automake.patch new file mode 100644 index 0000000..ed8fc14 --- /dev/null +++ b/patchsets/motif/2.2.3/13_all_automake.patch @@ -0,0 +1,10 @@ +--- clients/uil/Makefile.am Fri Aug 15 04:56:19 2003 ++++ clients/uil/Makefile.am.new Tue Feb 8 12:06:15 2005 +@@ -65,6 +65,7 @@ + lib_LTLIBRARIES = libUil.la + + libUil_la_SOURCES = $(SRCS) ++libUil_la_CFLAGS = $(AM_CFLAGS) + + libUil_la_DEPENDENCIES = UilDBDef.h UilParser.lo + -- cgit v1.2.3-65-gdbad