summaryrefslogtreecommitdiffstats
path: root/media-libs/imlib/files/imlib-security.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/imlib/files/imlib-security.patch')
-rw-r--r--media-libs/imlib/files/imlib-security.patch510
1 files changed, 0 insertions, 510 deletions
diff --git a/media-libs/imlib/files/imlib-security.patch b/media-libs/imlib/files/imlib-security.patch
deleted file mode 100644
index c820270..0000000
--- a/media-libs/imlib/files/imlib-security.patch
+++ /dev/null
@@ -1,510 +0,0 @@
-diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c
---- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002
-+++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004
-@@ -4,6 +4,8 @@
- #include "Imlib_private.h"
- #include <setjmp.h>
-
-+#define G_MAXINT ((int) 0x7fffffff)
-+
- /* Split the ID - damages input */
-
- static char *
-@@ -41,13 +43,17 @@
-
- /*
- * Make sure we don't wrap on our memory allocations
-+ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp
-+ * + 3 is safety margin
- */
-
- void * _imlib_malloc_image(unsigned int w, unsigned int h)
- {
-- if( w > 32767 || h > 32767)
-- return NULL;
-- return malloc(w * h * 3);
-+ if (w <= 0 || w > 32767 ||
-+ h <= 0 || h > 32767 ||
-+ h >= (G_MAXINT/4 - 1) / w)
-+ return NULL;
-+ return malloc(w * h * 3 + 3);
- }
-
- #ifdef HAVE_LIBJPEG
-@@ -360,7 +366,9 @@
- npix = ww * hh;
- *w = (int)ww;
- *h = (int)hh;
-- if(ww > 32767 || hh > 32767)
-+ if (ww <= 0 || ww > 32767 ||
-+ hh <= 0 || hh > 32767 ||
-+ hh >= (G_MAXINT/sizeof(uint32)) / ww)
- {
- TIFFClose(tif);
- return NULL;
-@@ -463,7 +471,7 @@
- }
- *w = gif->Image.Width;
- *h = gif->Image.Height;
-- if (*h > 32767 || *w > 32767)
-+ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
- {
- return NULL;
- }
-@@ -965,7 +973,12 @@
- comment = 0;
- quote = 0;
- context = 0;
-+ memset(lookup, 0, sizeof(lookup));
-+
- line = malloc(lsz);
-+ if (!line)
-+ return NULL;
-+
- while (!done)
- {
- pc = c;
-@@ -994,25 +1007,25 @@
- {
- /* Header */
- sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
-- if (ncolors > 32766)
-+ if (ncolors <= 0 || ncolors > 32766)
- {
- fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n");
- free(line);
- return NULL;
- }
-- if (cpp > 5)
-+ if (cpp <= 0 || cpp > 5)
- {
- fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
- free(line);
- return NULL;
- }
-- if (*w > 32767)
-+ if (*w <= 0 || *w > 32767)
- {
- fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
- free(line);
- return NULL;
- }
-- if (*h > 32767)
-+ if (*h <= 0 || *h > 32767)
- {
- fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
- free(line);
-@@ -1045,11 +1058,13 @@
- {
- int slen;
- int hascolor, iscolor;
-+ int space;
-
- iscolor = 0;
- hascolor = 0;
- tok[0] = 0;
- col[0] = 0;
-+ space = sizeof(col) - 1;
- s[0] = 0;
- len = strlen(line);
- strncpy(cmap[j].str, line, cpp);
-@@ -1072,10 +1087,10 @@
- {
- if (k >= len)
- {
-- if (col[0])
-- strcat(col, " ");
-- if (strlen(col) + strlen(s) < sizeof(col))
-- strcat(col, s);
-+ if (col[0] && space > 0)
-+ strcat(col, " "), space -= 1;
-+ if (slen <= space)
-+ strcat(col, s), space -= slen;
- }
- if (col[0])
- {
-@@ -1105,14 +1120,17 @@
- }
- }
- }
-- strcpy(tok, s);
-+ if (slen < sizeof(tok));
-+ strcpy(tok, s);
- col[0] = 0;
-+ space = sizeof(col) - 1;
- }
- else
- {
-- if (col[0])
-- strcat(col, " ");
-- strcat(col, s);
-+ if (col[0] && space > 0)
-+ strcat(col, " "), space -=1;
-+ if (slen <= space)
-+ strcat(col, s), space -= slen;
- }
- }
- }
-@@ -1341,12 +1359,12 @@
- sscanf(s, "%i %i", w, h);
- a = *w;
- b = *h;
-- if (a > 32767)
-+ if (a <= 0 || a > 32767)
- {
- fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
- return NULL;
- }
-- if (b > 32767)
-+ if (b <= 0 || b > 32767)
- {
- fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
- return NULL;
-diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c
---- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002
-+++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004
-@@ -1496,36 +1496,56 @@
- context = 0;
- ptr = NULL;
- end = NULL;
-+ memset(lookup, 0, sizeof(lookup));
-
- while (!done)
- {
- line = data[count++];
-+ if (!line)
-+ break;
-+ line = strdup(line);
-+ if (!line)
-+ break;
-+ len = strlen(line);
-+ for (i = 0; i < len; ++i)
-+ {
-+ c = line[i];
-+ if (c < 32)
-+ line[i] = 32;
-+ else if (c > 127)
-+ line[i] = 127;
-+ }
-+
- if (context == 0)
- {
- /* Header */
- sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
-- if (ncolors > 32766)
-+ if (ncolors <= 0 || ncolors > 32766)
- {
- fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n");
- free(im);
-+ free(line);
- return NULL;
- }
-- if (cpp > 5)
-+ if (cpp <= 0 || cpp > 5)
- {
- fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n");
- free(im);
-+ free(line);
- return NULL;
- }
-- if (w > 32767)
-+ if (w <= 0 || w > 32767)
- {
- fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n");
- free(im);
-+ free(line);
- return NULL;
- }
-- if (h > 32767)
-+ if (h <= 0 || h > 32767)
- {
- fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n");
- free(im);
-+ free(line);
- return NULL;
- }
- cmap = malloc(sizeof(struct _cmap) * ncolors);
-@@ -1533,6 +1553,7 @@
- if (!cmap)
- {
- free(im);
-+ free(line);
- return NULL;
- }
- im->rgb_width = w;
-@@ -1542,6 +1563,7 @@
- {
- free(cmap);
- free(im);
-+ free(line);
- return NULL;
- }
- im->alpha_data = NULL;
-@@ -1817,6 +1839,7 @@
- }
- if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
- done = 1;
-+ free(line);
- }
- if (!transp)
- {
-diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c
---- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002
-+++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004
-@@ -55,7 +55,7 @@
- }
- *w = gif->Image.Width;
- *h = gif->Image.Height;
-- if(*h > 32767 || *w > 32767)
-+ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
- {
- return NULL;
- }
-diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c
---- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002
-+++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004
-@@ -53,12 +53,12 @@
- sscanf(s, "%i %i", w, h);
- a = *w;
- b = *h;
-- if (a > 32767)
-+ if (a <= 0 || a > 32767)
- {
- fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
- return NULL;
- }
-- if (b > 32767)
-+ if (b <= 0 || b > 32767)
- {
- fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
- return NULL;
-diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c
---- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002
-+++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004
-@@ -36,7 +36,9 @@
- npix = ww * hh;
- *w = (int)ww;
- *h = (int)hh;
-- if(ww > 32767 || hh > 32767)
-+ if (ww <= 0 || ww > 32767 ||
-+ hh <= 0 || hh > 32767 ||
-+ hh >= (G_MAXINT/sizeof(uint32)) / ww)
- {
- TIFFClose(tif);
- return NULL;
-diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c
---- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002
-+++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004
-@@ -40,8 +40,12 @@
- context = 0;
- i = j = 0;
- cmap = NULL;
-+ memset(lookup, 0, sizeof(lookup));
-
- line = malloc(lsz);
-+ if (!line)
-+ return NULL;
-+
- while (!done)
- {
- pc = c;
-@@ -70,25 +74,25 @@
- {
- /* Header */
- sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
-- if (ncolors > 32766)
-+ if (ncolors <= 0 || ncolors > 32766)
- {
- fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n");
- free(line);
- return NULL;
- }
-- if (cpp > 5)
-+ if (cpp <= 0 || cpp > 5)
- {
- fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n");
- free(line);
- return NULL;
- }
-- if (*w > 32767)
-+ if (*w <= 0 || *w > 32767)
- {
- fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
- free(line);
- return NULL;
- }
-- if (*h > 32767)
-+ if (*h <= 0 || *h > 32767)
- {
- fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
- free(line);
-@@ -120,11 +124,13 @@
- {
- int slen;
- int hascolor, iscolor;
-+ int space;
-
- hascolor = 0;
- iscolor = 0;
- tok[0] = 0;
- col[0] = 0;
-+ space = sizeof(col) - 1;
- s[0] = 0;
- len = strlen(line);
- strncpy(cmap[j].str, line, cpp);
-@@ -147,10 +153,10 @@
- {
- if (k >= len)
- {
-- if (col[0])
-- strcat(col, " ");
-- if (strlen(col) + strlen(s) < sizeof(col))
-- strcat(col, s);
-+ if (col[0] && space > 0)
-+ strncat(col, " ", space), space -= 1;
-+ if (slen <= space)
-+ strcat(col, s), space -= slen;
- }
- if (col[0])
- {
-@@ -180,14 +186,17 @@
- }
- }
- }
-- strcpy(tok, s);
-+ if (slen < sizeof(tok))
-+ strcpy(tok, s);
- col[0] = 0;
-+ space = sizeof(col) - 1;
- }
- else
- {
-- if (col[0])
-- strcat(col, " ");
-- strcat(col, s);
-+ if (col[0] && space > 0)
-+ strcat(col, " "), space -= 1;
-+ if (slen <= space)
-+ strcat(col, s), space -= slen;
- }
- }
- }
-diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c
---- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002
-+++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004
-@@ -1355,11 +1355,16 @@
-
- /*
- * Make sure we don't wrap on our memory allocations
-+ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp
-+ * + 3 is safety margin
- */
-
- void *_gdk_malloc_image(unsigned int w, unsigned int h)
- {
-- if( w > 32767 || h > 32767)
-+ if (w <= 0 || w > 32767 ||
-+ h <= 0 || h > 32767 ||
-+ h >= (G_MAXINT/4 - 1) / w)
- return NULL;
-- return malloc(w * h * 3);
-+ return malloc(w * h * 3 + 3);
- }
-+
-diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c
---- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002
-+++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004
-@@ -1236,36 +1236,56 @@
- context = 0;
- ptr = NULL;
- end = NULL;
-+ memset(lookup, 0, sizeof(lookup));
-
- while (!done)
- {
- line = data[count++];
-+ if (!line)
-+ break;
-+ line = strdup(line);
-+ if (!line)
-+ break;
-+ len = strlen(line);
-+ for (i = 0; i < len; ++i)
-+ {
-+ c = line[i];
-+ if (c < 32)
-+ line[i] = 32;
-+ else if (c > 127)
-+ line[i] = 127;
-+ }
-+
- if (context == 0)
- {
- /* Header */
- sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
-- if (ncolors > 32766)
-+ if (ncolors <= 0 || ncolors > 32766)
- {
- fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n");
- free(im);
-+ free(line);
- return NULL;
- }
-- if (cpp > 5)
-+ if (cpp <= 0 || cpp > 5)
- {
- fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n");
- free(im);
-+ free(line);
- return NULL;
- }
-- if (w > 32767)
-+ if (w <= 0 || w > 32767)
- {
- fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n");
- free(im);
-+ free(line);
- return NULL;
- }
-- if (h > 32767)
-+ if (h <= 0 || h > 32767)
- {
- fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n");
- free(im);
-+ free(line);
- return NULL;
- }
- cmap = malloc(sizeof(struct _cmap) * ncolors);
-@@ -1273,6 +1293,7 @@
- if (!cmap)
- {
- free(im);
-+ free(line);
- return NULL;
- }
- im->rgb_width = w;
-@@ -1282,6 +1303,7 @@
- {
- free(cmap);
- free(im);
-+ free(line);
- return NULL;
- }
- im->alpha_data = NULL;
-@@ -1355,7 +1377,7 @@
- strcpy(col + colptr, " ");
- colptr++;
- }
-- if (colptr + ls <= sizeof(col))
-+ if (colptr + ls < sizeof(col))
- {
- strcpy(col + colptr, s);
- colptr += ls;
-@@ -1558,6 +1580,7 @@
- }
- if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
- done = 1;
-+ free(line);
- }
- if (!transp)
- {
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-05 02:43:11 +0000