|
 |
e050931 |
diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002
|
|
|
e050931 |
+++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004
|
|
|
e050931 |
@@ -4,6 +4,8 @@
|
|
|
e050931 |
#include "Imlib_private.h"
|
|
|
e050931 |
#include <setjmp.h>
|
|
|
e050931 |
|
|
|
e050931 |
+#define G_MAXINT ((int) 0x7fffffff)
|
|
|
e050931 |
+
|
|
|
e050931 |
/* Split the ID - damages input */
|
|
|
e050931 |
|
|
|
e050931 |
static char *
|
|
|
e050931 |
@@ -41,13 +43,17 @@
|
|
|
e050931 |
|
|
|
e050931 |
/*
|
|
|
e050931 |
* Make sure we don't wrap on our memory allocations
|
|
|
e050931 |
+ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp
|
|
|
e050931 |
+ * + 3 is safety margin
|
|
|
e050931 |
*/
|
|
|
e050931 |
|
|
|
e050931 |
void * _imlib_malloc_image(unsigned int w, unsigned int h)
|
|
|
e050931 |
{
|
|
|
e050931 |
- if( w > 32767 || h > 32767)
|
|
|
e050931 |
- return NULL;
|
|
|
e050931 |
- return malloc(w * h * 3);
|
|
|
e050931 |
+ if (w <= 0 || w > 32767 ||
|
|
|
e050931 |
+ h <= 0 || h > 32767 ||
|
|
|
e050931 |
+ h >= (G_MAXINT/4 - 1) / w)
|
|
|
e050931 |
+ return NULL;
|
|
|
e050931 |
+ return malloc(w * h * 3 + 3);
|
|
|
e050931 |
}
|
|
|
e050931 |
|
|
|
e050931 |
#ifdef HAVE_LIBJPEG
|
|
|
e050931 |
@@ -360,7 +366,9 @@
|
|
|
e050931 |
npix = ww * hh;
|
|
|
e050931 |
*w = (int)ww;
|
|
|
e050931 |
*h = (int)hh;
|
|
|
e050931 |
- if(ww > 32767 || hh > 32767)
|
|
|
e050931 |
+ if (ww <= 0 || ww > 32767 ||
|
|
|
e050931 |
+ hh <= 0 || hh > 32767 ||
|
|
|
e050931 |
+ hh >= (G_MAXINT/sizeof(uint32)) / ww)
|
|
|
e050931 |
{
|
|
|
e050931 |
TIFFClose(tif);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
@@ -463,7 +471,7 @@
|
|
|
e050931 |
}
|
|
|
e050931 |
*w = gif->Image.Width;
|
|
|
e050931 |
*h = gif->Image.Height;
|
|
|
e050931 |
- if (*h > 32767 || *w > 32767)
|
|
|
e050931 |
+ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
@@ -965,7 +973,12 @@
|
|
|
e050931 |
comment = 0;
|
|
|
e050931 |
quote = 0;
|
|
|
e050931 |
context = 0;
|
|
|
e050931 |
+ memset(lookup, 0, sizeof(lookup));
|
|
|
e050931 |
+
|
|
|
e050931 |
line = malloc(lsz);
|
|
|
e050931 |
+ if (!line)
|
|
|
e050931 |
+ return NULL;
|
|
|
e050931 |
+
|
|
|
e050931 |
while (!done)
|
|
|
e050931 |
{
|
|
|
e050931 |
pc = c;
|
|
|
e050931 |
@@ -994,25 +1007,25 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
/* Header */
|
|
|
e050931 |
sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
|
|
|
e050931 |
- if (ncolors > 32766)
|
|
|
e050931 |
+ if (ncolors <= 0 || ncolors > 32766)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (cpp > 5)
|
|
|
e050931 |
+ if (cpp <= 0 || cpp > 5)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (*w > 32767)
|
|
|
e050931 |
+ if (*w <= 0 || *w > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (*h > 32767)
|
|
|
e050931 |
+ if (*h <= 0 || *h > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
@@ -1045,11 +1058,13 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
int slen;
|
|
|
e050931 |
int hascolor, iscolor;
|
|
|
e050931 |
+ int space;
|
|
|
e050931 |
|
|
|
e050931 |
iscolor = 0;
|
|
|
e050931 |
hascolor = 0;
|
|
|
e050931 |
tok[0] = 0;
|
|
|
e050931 |
col[0] = 0;
|
|
|
e050931 |
+ space = sizeof(col) - 1;
|
|
|
e050931 |
s[0] = 0;
|
|
|
e050931 |
len = strlen(line);
|
|
|
e050931 |
strncpy(cmap[j].str, line, cpp);
|
|
|
e050931 |
@@ -1072,10 +1087,10 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
if (k >= len)
|
|
|
e050931 |
{
|
|
|
e050931 |
- if (col[0])
|
|
|
e050931 |
- strcat(col, " ");
|
|
|
e050931 |
- if (strlen(col) + strlen(s) < sizeof(col))
|
|
|
e050931 |
- strcat(col, s);
|
|
|
e050931 |
+ if (col[0] && space > 0)
|
|
|
e050931 |
+ strcat(col, " "), space -= 1;
|
|
|
e050931 |
+ if (slen <= space)
|
|
|
e050931 |
+ strcat(col, s), space -= slen;
|
|
|
e050931 |
}
|
|
|
e050931 |
if (col[0])
|
|
|
e050931 |
{
|
|
|
e050931 |
@@ -1105,14 +1120,17 @@
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
- strcpy(tok, s);
|
|
|
e050931 |
+ if (slen < sizeof(tok));
|
|
|
e050931 |
+ strcpy(tok, s);
|
|
|
e050931 |
col[0] = 0;
|
|
|
e050931 |
+ space = sizeof(col) - 1;
|
|
|
e050931 |
}
|
|
|
e050931 |
else
|
|
|
e050931 |
{
|
|
|
e050931 |
- if (col[0])
|
|
|
e050931 |
- strcat(col, " ");
|
|
|
e050931 |
- strcat(col, s);
|
|
|
e050931 |
+ if (col[0] && space > 0)
|
|
|
e050931 |
+ strcat(col, " "), space -=1;
|
|
|
e050931 |
+ if (slen <= space)
|
|
|
e050931 |
+ strcat(col, s), space -= slen;
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
@@ -1341,12 +1359,12 @@
|
|
|
e050931 |
sscanf(s, "%i %i", w, h);
|
|
|
e050931 |
a = *w;
|
|
|
e050931 |
b = *h;
|
|
|
e050931 |
- if (a > 32767)
|
|
|
e050931 |
+ if (a <= 0 || a > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (b > 32767)
|
|
|
e050931 |
+ if (b <= 0 || b > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002
|
|
|
e050931 |
+++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004
|
|
|
e050931 |
@@ -1496,36 +1496,56 @@
|
|
|
e050931 |
context = 0;
|
|
|
e050931 |
ptr = NULL;
|
|
|
e050931 |
end = NULL;
|
|
|
e050931 |
+ memset(lookup, 0, sizeof(lookup));
|
|
|
e050931 |
|
|
|
e050931 |
while (!done)
|
|
|
e050931 |
{
|
|
|
e050931 |
line = data[count++];
|
|
|
e050931 |
+ if (!line)
|
|
|
e050931 |
+ break;
|
|
|
e050931 |
+ line = strdup(line);
|
|
|
e050931 |
+ if (!line)
|
|
|
e050931 |
+ break;
|
|
|
e050931 |
+ len = strlen(line);
|
|
|
e050931 |
+ for (i = 0; i < len; ++i)
|
|
|
e050931 |
+ {
|
|
|
e050931 |
+ c = line[i];
|
|
|
e050931 |
+ if (c < 32)
|
|
|
e050931 |
+ line[i] = 32;
|
|
|
e050931 |
+ else if (c > 127)
|
|
|
e050931 |
+ line[i] = 127;
|
|
|
e050931 |
+ }
|
|
|
e050931 |
+
|
|
|
e050931 |
if (context == 0)
|
|
|
e050931 |
{
|
|
|
e050931 |
/* Header */
|
|
|
e050931 |
sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
|
|
|
e050931 |
- if (ncolors > 32766)
|
|
|
e050931 |
+ if (ncolors <= 0 || ncolors > 32766)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (cpp > 5)
|
|
|
e050931 |
+ if (cpp <= 0 || cpp > 5)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (w > 32767)
|
|
|
e050931 |
+ if (w <= 0 || w > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (h > 32767)
|
|
|
e050931 |
+ if (h <= 0 || h > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
cmap = malloc(sizeof(struct _cmap) * ncolors);
|
|
|
e050931 |
@@ -1533,6 +1553,7 @@
|
|
|
e050931 |
if (!cmap)
|
|
|
e050931 |
{
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
im->rgb_width = w;
|
|
|
e050931 |
@@ -1542,6 +1563,7 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
free(cmap);
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
im->alpha_data = NULL;
|
|
|
e050931 |
@@ -1817,6 +1839,7 @@
|
|
|
e050931 |
}
|
|
|
e050931 |
if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
|
|
|
e050931 |
done = 1;
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
}
|
|
|
e050931 |
if (!transp)
|
|
|
e050931 |
{
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002
|
|
|
e050931 |
+++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004
|
|
|
e050931 |
@@ -55,7 +55,7 @@
|
|
|
e050931 |
}
|
|
|
e050931 |
*w = gif->Image.Width;
|
|
|
e050931 |
*h = gif->Image.Height;
|
|
|
e050931 |
- if(*h > 32767 || *w > 32767)
|
|
|
e050931 |
+ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002
|
|
|
e050931 |
+++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004
|
|
|
e050931 |
@@ -53,12 +53,12 @@
|
|
|
e050931 |
sscanf(s, "%i %i", w, h);
|
|
|
e050931 |
a = *w;
|
|
|
e050931 |
b = *h;
|
|
|
e050931 |
- if (a > 32767)
|
|
|
e050931 |
+ if (a <= 0 || a > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (b > 32767)
|
|
|
e050931 |
+ if (b <= 0 || b > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002
|
|
|
e050931 |
+++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004
|
|
|
e050931 |
@@ -36,7 +36,9 @@
|
|
|
e050931 |
npix = ww * hh;
|
|
|
e050931 |
*w = (int)ww;
|
|
|
e050931 |
*h = (int)hh;
|
|
|
e050931 |
- if(ww > 32767 || hh > 32767)
|
|
|
e050931 |
+ if (ww <= 0 || ww > 32767 ||
|
|
|
e050931 |
+ hh <= 0 || hh > 32767 ||
|
|
|
e050931 |
+ hh >= (G_MAXINT/sizeof(uint32)) / ww)
|
|
|
e050931 |
{
|
|
|
e050931 |
TIFFClose(tif);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002
|
|
|
e050931 |
+++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004
|
|
|
e050931 |
@@ -40,8 +40,12 @@
|
|
|
e050931 |
context = 0;
|
|
|
e050931 |
i = j = 0;
|
|
|
e050931 |
cmap = NULL;
|
|
|
e050931 |
+ memset(lookup, 0, sizeof(lookup));
|
|
|
e050931 |
|
|
|
e050931 |
line = malloc(lsz);
|
|
|
e050931 |
+ if (!line)
|
|
|
e050931 |
+ return NULL;
|
|
|
e050931 |
+
|
|
|
e050931 |
while (!done)
|
|
|
e050931 |
{
|
|
|
e050931 |
pc = c;
|
|
|
e050931 |
@@ -70,25 +74,25 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
/* Header */
|
|
|
e050931 |
sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
|
|
|
e050931 |
- if (ncolors > 32766)
|
|
|
e050931 |
+ if (ncolors <= 0 || ncolors > 32766)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (cpp > 5)
|
|
|
e050931 |
+ if (cpp <= 0 || cpp > 5)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (*w > 32767)
|
|
|
e050931 |
+ if (*w <= 0 || *w > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (*h > 32767)
|
|
|
e050931 |
+ if (*h <= 0 || *h > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
|
|
|
e050931 |
free(line);
|
|
|
e050931 |
@@ -120,11 +124,13 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
int slen;
|
|
|
e050931 |
int hascolor, iscolor;
|
|
|
e050931 |
+ int space;
|
|
|
e050931 |
|
|
|
e050931 |
hascolor = 0;
|
|
|
e050931 |
iscolor = 0;
|
|
|
e050931 |
tok[0] = 0;
|
|
|
e050931 |
col[0] = 0;
|
|
|
e050931 |
+ space = sizeof(col) - 1;
|
|
|
e050931 |
s[0] = 0;
|
|
|
e050931 |
len = strlen(line);
|
|
|
e050931 |
strncpy(cmap[j].str, line, cpp);
|
|
|
e050931 |
@@ -147,10 +153,10 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
if (k >= len)
|
|
|
e050931 |
{
|
|
|
e050931 |
- if (col[0])
|
|
|
e050931 |
- strcat(col, " ");
|
|
|
e050931 |
- if (strlen(col) + strlen(s) < sizeof(col))
|
|
|
e050931 |
- strcat(col, s);
|
|
|
e050931 |
+ if (col[0] && space > 0)
|
|
|
e050931 |
+ strncat(col, " ", space), space -= 1;
|
|
|
e050931 |
+ if (slen <= space)
|
|
|
e050931 |
+ strcat(col, s), space -= slen;
|
|
|
e050931 |
}
|
|
|
e050931 |
if (col[0])
|
|
|
e050931 |
{
|
|
|
e050931 |
@@ -180,14 +186,17 @@
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
- strcpy(tok, s);
|
|
|
e050931 |
+ if (slen < sizeof(tok))
|
|
|
e050931 |
+ strcpy(tok, s);
|
|
|
e050931 |
col[0] = 0;
|
|
|
e050931 |
+ space = sizeof(col) - 1;
|
|
|
e050931 |
}
|
|
|
e050931 |
else
|
|
|
e050931 |
{
|
|
|
e050931 |
- if (col[0])
|
|
|
e050931 |
- strcat(col, " ");
|
|
|
e050931 |
- strcat(col, s);
|
|
|
e050931 |
+ if (col[0] && space > 0)
|
|
|
e050931 |
+ strcat(col, " "), space -= 1;
|
|
|
e050931 |
+ if (slen <= space)
|
|
|
e050931 |
+ strcat(col, s), space -= slen;
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
}
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002
|
|
|
e050931 |
+++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004
|
|
|
e050931 |
@@ -1355,11 +1355,16 @@
|
|
|
e050931 |
|
|
|
e050931 |
/*
|
|
|
e050931 |
* Make sure we don't wrap on our memory allocations
|
|
|
e050931 |
+ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp
|
|
|
e050931 |
+ * + 3 is safety margin
|
|
|
e050931 |
*/
|
|
|
e050931 |
|
|
|
e050931 |
void *_gdk_malloc_image(unsigned int w, unsigned int h)
|
|
|
e050931 |
{
|
|
|
e050931 |
- if( w > 32767 || h > 32767)
|
|
|
e050931 |
+ if (w <= 0 || w > 32767 ||
|
|
|
e050931 |
+ h <= 0 || h > 32767 ||
|
|
|
e050931 |
+ h >= (G_MAXINT/4 - 1) / w)
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
- return malloc(w * h * 3);
|
|
|
e050931 |
+ return malloc(w * h * 3 + 3);
|
|
|
e050931 |
}
|
|
|
e050931 |
+
|
|
|
e050931 |
diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c
|
|
|
e050931 |
--- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002
|
|
|
e050931 |
+++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004
|
|
|
e050931 |
@@ -1236,36 +1236,56 @@
|
|
|
e050931 |
context = 0;
|
|
|
e050931 |
ptr = NULL;
|
|
|
e050931 |
end = NULL;
|
|
|
e050931 |
+ memset(lookup, 0, sizeof(lookup));
|
|
|
e050931 |
|
|
|
e050931 |
while (!done)
|
|
|
e050931 |
{
|
|
|
e050931 |
line = data[count++];
|
|
|
e050931 |
+ if (!line)
|
|
|
e050931 |
+ break;
|
|
|
e050931 |
+ line = strdup(line);
|
|
|
e050931 |
+ if (!line)
|
|
|
e050931 |
+ break;
|
|
|
e050931 |
+ len = strlen(line);
|
|
|
e050931 |
+ for (i = 0; i < len; ++i)
|
|
|
e050931 |
+ {
|
|
|
e050931 |
+ c = line[i];
|
|
|
e050931 |
+ if (c < 32)
|
|
|
e050931 |
+ line[i] = 32;
|
|
|
e050931 |
+ else if (c > 127)
|
|
|
e050931 |
+ line[i] = 127;
|
|
|
e050931 |
+ }
|
|
|
e050931 |
+
|
|
|
e050931 |
if (context == 0)
|
|
|
e050931 |
{
|
|
|
e050931 |
/* Header */
|
|
|
e050931 |
sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
|
|
|
e050931 |
- if (ncolors > 32766)
|
|
|
e050931 |
+ if (ncolors <= 0 || ncolors > 32766)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (cpp > 5)
|
|
|
e050931 |
+ if (cpp <= 0 || cpp > 5)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (w > 32767)
|
|
|
e050931 |
+ if (w <= 0 || w > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (h > 32767)
|
|
|
e050931 |
+ if (h <= 0 || h > 32767)
|
|
|
e050931 |
{
|
|
|
e050931 |
fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n");
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
cmap = malloc(sizeof(struct _cmap) * ncolors);
|
|
|
e050931 |
@@ -1273,6 +1293,7 @@
|
|
|
e050931 |
if (!cmap)
|
|
|
e050931 |
{
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
im->rgb_width = w;
|
|
|
e050931 |
@@ -1282,6 +1303,7 @@
|
|
|
e050931 |
{
|
|
|
e050931 |
free(cmap);
|
|
|
e050931 |
free(im);
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
return NULL;
|
|
|
e050931 |
}
|
|
|
e050931 |
im->alpha_data = NULL;
|
|
|
e050931 |
@@ -1355,7 +1377,7 @@
|
|
|
e050931 |
strcpy(col + colptr, " ");
|
|
|
e050931 |
colptr++;
|
|
|
e050931 |
}
|
|
|
e050931 |
- if (colptr + ls <= sizeof(col))
|
|
|
e050931 |
+ if (colptr + ls < sizeof(col))
|
|
|
e050931 |
{
|
|
|
e050931 |
strcpy(col + colptr, s);
|
|
|
e050931 |
colptr += ls;
|
|
|
e050931 |
@@ -1558,6 +1580,7 @@
|
|
|
e050931 |
}
|
|
|
e050931 |
if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3))
|
|
|
e050931 |
done = 1;
|
|
|
e050931 |
+ free(line);
|
|
|
e050931 |
}
|
|
|
e050931 |
if (!transp)
|
|
|
e050931 |
{
|