Tree - rpms/netpbm - src.fedoraproject.org

rpms / netpbm

Blame netpbm-security-code.patch

Blob History Raw

	717bd45	`diff -up netpbm-10.58.01/analyzer/pgmtexture.c.security-code netpbm-10.58.01/analyzer/pgmtexture.c`
	717bd45	`--- netpbm-10.58.01/analyzer/pgmtexture.c.security-code 2012-04-09 15:31:32.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/analyzer/pgmtexture.c 2012-04-09 15:40:03.183620040 +0200`
	d60ce20	`@@ -97,7 +97,7 @@ vector(unsigned int const nl,`
	d60ce20	`float * v;`
	d60ce20
	d60ce20	`assert(nh >= nl);`
	d60ce20	`-`
	93a9cf2	`+ overflow_add(nh - nl, 1);`
	93a9cf2	`MALLOCARRAY(v, (unsigned) (nh - nl + 1));`
	d60ce20
	93a9cf2	`if (v == NULL)`
	d60ce20	`@@ -129,6 +129,7 @@ matrix (unsigned int const nrl,`
	d60ce20	`assert(nrh >= nrl);`
cvsdist	499931c
	93a9cf2	`/* allocate pointers to rows */`
	93a9cf2	`+ overflow_add(nrh - nrl, 1);`
	93a9cf2	`MALLOCARRAY(m, (unsigned) (nrh - nrl + 1));`
	93a9cf2	`if (m == NULL)`
	93a9cf2	`pm_error("Unable to allocate memory for a matrix.");`
	d60ce20	`@@ -136,7 +137,7 @@ matrix (unsigned int const nrl,`
	93a9cf2	`m -= ncl;`
cvsdist	499931c
	d60ce20	`assert (nch >= ncl);`
	d60ce20	`-`
	93a9cf2	`+ overflow_add(nch - ncl, 1);`
	d60ce20	`/* allocate rows and set pointers to them */`
	d60ce20	`for (i = nrl; i <= nrh; ++i) {`
	93a9cf2	`MALLOCARRAY(m[i], (unsigned) (nch - ncl + 1));`
	717bd45	`diff -up netpbm-10.58.01/converter/other/gemtopnm.c.security-code netpbm-10.58.01/converter/other/gemtopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/gemtopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/gemtopnm.c 2012-04-09 15:40:03.183620040 +0200`
	93a9cf2	`@@ -106,6 +106,7 @@ main(argc, argv)`
cvsdist	499931c
	93a9cf2	`pnm_writepnminit( stdout, cols, rows, MAXVAL, type, 0 );`
cvsdist	499931c
	93a9cf2	`+ overflow_add(cols, padright);`
	93a9cf2	`{`
	93a9cf2	`/* allocate input row data structure */`
	93a9cf2	`int plane;`
	717bd45	`diff -up netpbm-10.58.01/converter/other/jpegtopnm.c.security-code netpbm-10.58.01/converter/other/jpegtopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/jpegtopnm.c.security-code 2012-04-09 15:31:40.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/jpegtopnm.c 2012-04-09 15:40:03.184620028 +0200`
	d60ce20	`@@ -861,6 +861,8 @@ convertImage(FILE *`
	93a9cf2	`/* Calculate output image dimensions so we can allocate space */`
	93a9cf2	`jpeg_calc_output_dimensions(cinfoP);`
cvsdist	499931c
	93a9cf2	`+ overflow2(cinfoP->output_width, cinfoP->output_components);`
	b3d2df7	`+`
	b3d2df7	`/* Start decompressor */`
	b3d2df7	`jpeg_start_decompress(cinfoP);`
	b3d2df7
	717bd45	`diff -up netpbm-10.58.01/converter/other/pbmtopgm.c.security-code netpbm-10.58.01/converter/other/pbmtopgm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/pbmtopgm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/pbmtopgm.c 2012-04-09 15:40:03.184620028 +0200`
	93a9cf2	`@@ -47,6 +47,7 @@ main(int argc, char *argv[]) {`
	93a9cf2	`"than the image height (%u rows)", height, rows);`
	a3c9c4b
	93a9cf2	`outrow = pgm_allocrow(cols) ;`
	93a9cf2	`+ overflow2(width, height);`
	93a9cf2	`maxval = MIN(PGM_OVERALLMAXVAL, width*height);`
	93a9cf2	`pgm_writepgminit(stdout, cols, rows, maxval, 0) ;`
	a3c9c4b
	717bd45	`diff -up netpbm-10.58.01/converter/other/pnmtoddif.c.security-code netpbm-10.58.01/converter/other/pnmtoddif.c`
	717bd45	`--- netpbm-10.58.01/converter/other/pnmtoddif.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/pnmtoddif.c 2012-04-09 15:40:03.185620015 +0200`
	b3d2df7	`@@ -632,6 +632,7 @@ main(int argc, char *argv[]) {`
	93a9cf2	`switch (PNM_FORMAT_TYPE(format)) {`
	93a9cf2	`case PBM_TYPE:`
	93a9cf2	`ip.bits_per_pixel = 1;`
	93a9cf2	`+ overflow_add(cols, 7);`
	93a9cf2	`ip.bytes_per_line = (cols + 7) / 8;`
	93a9cf2	`ip.spectral = 2;`
	93a9cf2	`ip.components = 1;`
	b3d2df7	`@@ -647,6 +648,7 @@ main(int argc, char *argv[]) {`
	93a9cf2	`ip.polarity = 2;`
	93a9cf2	`break;`
	93a9cf2	`case PPM_TYPE:`
	93a9cf2	`+ overflow2(cols, 3);`
	93a9cf2	`ip.bytes_per_line = 3 * cols;`
	93a9cf2	`ip.bits_per_pixel = 24;`
	93a9cf2	`ip.spectral = 5;`
	717bd45	`diff -up netpbm-10.58.01/converter/other/pnmtojpeg.c.security-code netpbm-10.58.01/converter/other/pnmtojpeg.c`
	717bd45	`--- netpbm-10.58.01/converter/other/pnmtojpeg.c.security-code 2012-04-09 15:31:39.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/pnmtojpeg.c 2012-04-09 15:40:03.186620002 +0200`
	b3d2df7	`@@ -605,7 +605,11 @@ read_scan_script(j_compress_ptr const ci`
	b3d2df7	`want JPOOL_PERMANENT.`
	b3d2df7	`*/`
	b3d2df7	`const unsigned int scan_info_size = nscans * sizeof(jpeg_scan_info);`
	b3d2df7	`- jpeg_scan_info * const scan_info =`
	b3d2df7	`+ const jpeg_scan_info * scan_info;`
	b3d2df7	`+`
	b3d2df7	`+ overflow2(nscans, sizeof(jpeg_scan_info));`
	b3d2df7	`+`
	b3d2df7	`+ scan_info =`
	b3d2df7	`(jpeg_scan_info *)`
	b3d2df7	`(*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,`
	b3d2df7	`scan_info_size);`
	d60ce20	`@@ -937,6 +941,8 @@ compute_rescaling_array(JSAMPLE ** const`
	93a9cf2	`const long half_maxval = maxval / 2;`
	93a9cf2	`long val;`
cvsdist	499931c
	93a9cf2	`+ overflow_add(maxval, 1);`
	93a9cf2	`+ overflow2(maxval+1, sizeof(JSAMPLE));`
	93a9cf2	`rescale_p = (JSAMPLE )`
	93a9cf2	`(cinfo.mem->alloc_small) ((j_common_ptr) &cinfo, JPOOL_IMAGE,`
	93a9cf2	`(size_t) (((long) maxval + 1L) *`
	d60ce20	`@@ -1015,6 +1021,7 @@ convert_scanlines(struct jpeg_compress_s`
	93a9cf2	`*/`
cvsdist	499931c
	93a9cf2	`/* Allocate the libpnm output and compressor input buffers */`
	93a9cf2	`+ overflow2(cinfo_p->image_width, cinfo_p->input_components);`
	93a9cf2	`buffer = (*cinfo_p->mem->alloc_sarray)`
	93a9cf2	`((j_common_ptr) cinfo_p, JPOOL_IMAGE,`
	93a9cf2	`(unsigned int) cinfo_p->image_width * cinfo_p->input_components,`
	717bd45	`diff -up netpbm-10.58.01/converter/other/pnmtops.c.security-code netpbm-10.58.01/converter/other/pnmtops.c`
	717bd45	`--- netpbm-10.58.01/converter/other/pnmtops.c.security-code 2012-04-09 15:31:40.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/pnmtops.c 2012-04-09 15:40:03.187619989 +0200`
	d60ce20	`@@ -256,17 +256,21 @@ parseCommandLine(int argc, const char **`
	d60ce20	`validateCompDimension(width, 72, "-width value");`
	d60ce20	`validateCompDimension(height, 72, "-height value");`
	93a9cf2
	93a9cf2	`+ overflow2(width, 72);`
	93a9cf2	`cmdlineP->width = width * 72;`
	93a9cf2	`+ overflow2(height, 72);`
	93a9cf2	`cmdlineP->height = height * 72;`
cvsdist	499931c
	d60ce20	`if (imagewidthSpec) {`
	d60ce20	`validateCompDimension(imagewidth, 72, "-imagewidth value");`
	93a9cf2	`+ overflow2(imagewidth, 72);`
	93a9cf2	`cmdlineP->imagewidth = imagewidth * 72;`
	d60ce20	`}`
	d60ce20	`else`
	93a9cf2	`cmdlineP->imagewidth = 0;`
	d60ce20	`if (imageheightSpec) {`
	d60ce20	`- validateCompDimension(imagewidth, 72, "-imageheight value");`
	d60ce20	`+ validateCompDimension(imageheight, 72, "-imageheight value");`
	93a9cf2	`+ overflow2(imageheight, 72);`
	93a9cf2	`cmdlineP->imageheight = imageheight * 72;`
	d60ce20	`}`
	d60ce20	`else`
	717bd45	`diff -up netpbm-10.58.01/converter/other/pnmtorle.c.security-code netpbm-10.58.01/converter/other/pnmtorle.c`
	717bd45	`--- netpbm-10.58.01/converter/other/pnmtorle.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/pnmtorle.c 2012-04-09 15:40:03.188619976 +0200`
	93a9cf2	`@@ -19,6 +19,8 @@`
	93a9cf2	`* If you modify this software, you should include a notice giving the`
	93a9cf2	`* name of the person performing the modification, the date of modification,`
	93a9cf2	`* and the reason for such modification.`
	93a9cf2	`+ *`
	93a9cf2	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	93a9cf2	`*/`
	93a9cf2	`/*`
	93a9cf2	`* pnmtorle - A program which will convert pbmplus (ppm or pgm) images`
	717bd45	`diff -up netpbm-10.58.01/converter/other/pnmtosgi.c.security-code netpbm-10.58.01/converter/other/pnmtosgi.c`
	717bd45	`--- netpbm-10.58.01/converter/other/pnmtosgi.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/pnmtosgi.c 2012-04-09 15:40:03.188619976 +0200`
	d60ce20	`@@ -254,6 +254,7 @@ build_channels(FILE * const ifp, int con`
	93a9cf2	`#endif`
cvsdist	499931c
	93a9cf2	`if( storage != STORAGE_VERBATIM ) {`
	93a9cf2	`+ overflow2(channels, rows);`
	93a9cf2	`MALLOCARRAY_NOFAIL(table, channels * rows);`
	93a9cf2	`MALLOCARRAY_NOFAIL(rletemp, WORSTCOMPR(cols));`
	1f08c10	`}`
	d60ce20	`@@ -306,6 +307,8 @@ compress(ScanElem * temp,`
	93a9cf2	`break;`
	93a9cf2	`case STORAGE_RLE:`
	93a9cf2	`tabrow = chan_no * rows + row;`
	93a9cf2	`+ overflow2(chan_no, rows);`
	93a9cf2	`+ overflow_add(chan_no* rows, row);`
	93a9cf2	`len = rle_compress(temp, cols); /* writes result into rletemp */`
	93a9cf2	`channel[chan_no][row].length = len;`
	93a9cf2	`MALLOCARRAY(p, len);`
	717bd45	`diff -up netpbm-10.58.01/converter/other/rletopnm.c.security-code netpbm-10.58.01/converter/other/rletopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/rletopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/rletopnm.c 2012-04-09 15:40:03.189619963 +0200`
	93a9cf2	`@@ -19,6 +19,8 @@`
	93a9cf2	`* If you modify this software, you should include a notice giving the`
	93a9cf2	`* name of the person performing the modification, the date of modification,`
	93a9cf2	`* and the reason for such modification.`
	93a9cf2	`+ *`
	93a9cf2	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	93a9cf2	`*/`
	93a9cf2	`/*`
	93a9cf2	`* rletopnm - A conversion program to convert from Utah's "rle" image format`
	717bd45	`diff -up netpbm-10.58.01/converter/other/sgitopnm.c.security-code netpbm-10.58.01/converter/other/sgitopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/sgitopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/sgitopnm.c 2012-04-09 15:40:03.189619963 +0200`
	d60ce20	`@@ -359,10 +359,14 @@ readChannels(FILE * const ifP,`
	d60ce20	`MALLOCARRAY_NOFAIL(image, head->ysize);`
	d60ce20	`} else {`
	d60ce20	`maxchannel = MIN(3, head->zsize);`
	93a9cf2	`+ overflow2(head->ysize, maxchannel);`
	93a9cf2	`MALLOCARRAY_NOFAIL(image, head->ysize * maxchannel);`
cvsdist	499931c	`}`
	d60ce20	`- if (table)`
	d60ce20	`+ if (table) {`
	93a9cf2	`+ overflow2(head->xsize, 2);`
	93a9cf2	`+ overflow_add(head->xsize*2, 2);`
	93a9cf2	`MALLOCARRAY_NOFAIL(temp, WORSTCOMPR(head->xsize));`
	93a9cf2	`+ }`
	1f08c10
	d60ce20	`for (channel = 0; channel < maxchannel; ++channel) {`
	d60ce20	`unsigned int row;`
	717bd45	`diff -up netpbm-10.58.01/converter/other/sirtopnm.c.security-code netpbm-10.58.01/converter/other/sirtopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/sirtopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/sirtopnm.c 2012-04-09 15:40:03.190619951 +0200`
	93a9cf2	`@@ -69,6 +69,7 @@ char* argv[];`
	93a9cf2	`}`
	93a9cf2	`break;`
	93a9cf2	`case PPM_TYPE:`
	93a9cf2	`+ overflow3(cols, rows, 3);`
	93a9cf2	`picsize = cols * rows * 3;`
	93a9cf2	`planesize = cols * rows;`
	93a9cf2	`if ( !( sirarray = (unsigned char*) malloc( picsize ) ) )`
	717bd45	`diff -up netpbm-10.58.01/converter/other/tifftopnm.c.security-code netpbm-10.58.01/converter/other/tifftopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/tifftopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/tifftopnm.c 2012-04-09 15:40:03.191619939 +0200`
	d60ce20	`@@ -1279,7 +1279,9 @@ convertRasterByRows(pnmOut * const`
	93a9cf2	`if (scanbuf == NULL)`
	93a9cf2	`pm_error("can't allocate memory for scanline buffer");`
cvsdist	499931c
	93a9cf2	`- MALLOCARRAY(samplebuf, cols * spp);`
	93a9cf2	`+ /* samplebuf is unsigned int * !!! */`
	93a9cf2	`+ samplebuf = (unsigned int *) malloc3(cols , sizeof(unsigned int) , spp);`
	b3d2df7	`+`
	93a9cf2	`if (samplebuf == NULL)`
	b3d2df7	`pm_error("can't allocate memory for row buffer");`
	b3d2df7
	717bd45	`diff -up netpbm-10.58.01/converter/other/xwdtopnm.c.security-code netpbm-10.58.01/converter/other/xwdtopnm.c`
	717bd45	`--- netpbm-10.58.01/converter/other/xwdtopnm.c.security-code 2012-04-09 15:31:40.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/other/xwdtopnm.c 2012-04-09 15:40:03.192619927 +0200`
	b3d2df7	`@@ -209,6 +209,10 @@ processX10Header(X10WDFileHeader * cons`
	b3d2df7	`*colorsP = pnm_allocrow(2);`
	b3d2df7	`PNM_ASSIGN1((*colorsP)[0], 0);`
	b3d2df7	`PNM_ASSIGN1((colorsP)[1], maxvalP);`
	b3d2df7	`+ overflow_add(h10P->pixmap_width, 15);`
	b3d2df7	`+ if(h10P->pixmap_width < 0)`
	b3d2df7	`+ pm_error("assert: negative width");`
	b3d2df7	`+ overflow2((((h10P->pixmap_width + 15) / 16) * 16 - h10P->pixmap_width), 8);`
	b3d2df7	`*padrightP =`
	b3d2df7	`(((h10P->pixmap_width + 15) / 16) * 16 - h10P->pixmap_width) * 8;`
	b3d2df7	`*bits_per_itemP = 16;`
	b3d2df7	`@@ -634,6 +638,7 @@ processX11Header(X11WDFileHeader * cons`
cvsdist	499931c
	b3d2df7	`*colsP = h11FixedP->pixmap_width;`
	b3d2df7	`*rowsP = h11FixedP->pixmap_height;`
	b3d2df7	`+ overflow2(h11FixedP->bytes_per_line, 8);`
	b3d2df7	`*padrightP =`
	b3d2df7	`h11FixedP->bytes_per_line * 8 -`
	b3d2df7	`h11FixedP->pixmap_width * h11FixedP->bits_per_pixel;`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/mdatopbm.c.security-code netpbm-10.58.01/converter/pbm/mdatopbm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/mdatopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/mdatopbm.c 2012-04-09 15:40:03.192619927 +0200`
	93a9cf2	`@@ -245,10 +245,13 @@ main(int argc, char **argv) {`
	93a9cf2	`pm_readlittleshort(infile, &yy;; nInCols = yy;`
	1f08c10	`}`
	93a9cf2
	93a9cf2	`+ overflow2(nOutCols, 8);`
	93a9cf2	`nOutCols = 8 * nInCols;`
	93a9cf2	`nOutRows = nInRows;`
	93a9cf2	`- if (bScale)`
	93a9cf2	`+ if (bScale) {`
	93a9cf2	`+ overflow2(nOutRows, 2);`
	93a9cf2	`nOutRows *= 2;`
	93a9cf2	`+ }`
cvsdist	499931c
	93a9cf2	`data = pbm_allocarray(nOutCols, nOutRows);`
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/mgrtopbm.c.security-code netpbm-10.58.01/converter/pbm/mgrtopbm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/mgrtopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/mgrtopbm.c 2012-04-09 15:40:03.193619915 +0200`
	b3d2df7	`@@ -65,6 +65,8 @@ readMgrHeader(FILE * const ifP,`
	1f08c10	`if (head.h_high < ' ' \|\| head.l_high < ' ')`
	1f08c10	`pm_error("Invalid width field in MGR header");`
cvsdist	499931c
	1f08c10	`+ overflow_add(*colsP, pad);`
	1f08c10	`+`
	1f08c10	`*colsP = (((int)head.h_wide - ' ') << 6) + ((int)head.l_wide - ' ');`
	1f08c10	`*rowsP = (((int)head.h_high - ' ') << 6) + ((int) head.l_high - ' ');`
	1f08c10	`padrightP = ( ( colsP + pad - 1 ) / pad ) * pad - *colsP;`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtogem.c.security-code netpbm-10.58.01/converter/pbm/pbmtogem.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtogem.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtogem.c 2012-04-09 15:40:03.193619915 +0200`
	d60ce20	`@@ -79,6 +79,7 @@ putinit (int const rows, int const cols)`
	93a9cf2	`bitsperitem = 0;`
	93a9cf2	`bitshift = 7;`
	93a9cf2	`outcol = 0;`
	93a9cf2	`+ overflow_add(cols, 7);`
	93a9cf2	`outmax = (cols + 7) / 8;`
	93a9cf2	`outrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char));`
	93a9cf2	`lastrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char));`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtogo.c.security-code netpbm-10.58.01/converter/pbm/pbmtogo.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtogo.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtogo.c 2012-04-09 15:40:03.193619915 +0200`
	b3d2df7	`@@ -158,6 +158,7 @@ main(int argc,`
	93a9cf2	`bitrow = pbm_allocrow(cols);`
	93a9cf2
	93a9cf2	`/* Round cols up to the nearest multiple of 8. */`
	93a9cf2	`+ overflow_add(cols, 7);`
	93a9cf2	`rucols = ( cols + 7 ) / 8;`
	93a9cf2	`bytesperrow = rucols; /* GraphOn uses bytes */`
	93a9cf2	`rucols = rucols * 8;`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtolj.c.security-code netpbm-10.58.01/converter/pbm/pbmtolj.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtolj.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtolj.c 2012-04-09 15:40:03.194619902 +0200`
	b3d2df7	`@@ -120,7 +120,11 @@ parseCommandLine(int argc, char ** argv,`
	93a9cf2	`static void`
	93a9cf2	`allocateBuffers(unsigned int const cols) {`
	a3c9c4b
	93a9cf2	`+ overflow_add(cols, 8);`
	93a9cf2	`rowBufferSize = (cols + 7) / 8;`
	93a9cf2	`+ overflow_add(rowBufferSize, 128);`
	93a9cf2	`+ overflow_add(rowBufferSize, rowBufferSize+128);`
	93a9cf2	`+ overflow_add(rowBufferSize+10, rowBufferSize/8);`
	93a9cf2	`packBufferSize = rowBufferSize + (rowBufferSize + 127) / 128 + 1;`
	93a9cf2	`deltaBufferSize = rowBufferSize + rowBufferSize / 8 + 10;`
	a3c9c4b
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtomacp.c.security-code netpbm-10.58.01/converter/pbm/pbmtomacp.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtomacp.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtomacp.c 2012-04-09 15:40:03.195619889 +0200`
	b3d2df7	`@@ -101,6 +101,7 @@ char *argv[];`
	93a9cf2	`if( !lflg )`
	93a9cf2	`left = 0;`
	93a9cf2
	93a9cf2	`+ overflow_add(left, MAX_COLS - 1);`
	93a9cf2	`if( rflg )`
	93a9cf2	`{ if( right - left >= MAX_COLS )`
	93a9cf2	`right = left + MAX_COLS - 1;`
	b3d2df7	`@@ -111,6 +112,8 @@ char *argv[];`
	93a9cf2	`if( !tflg )`
	93a9cf2	`top = 0;`
	93a9cf2
	93a9cf2	`+ overflow_add(top, MAX_LINES - 1);`
	93a9cf2	`+`
	93a9cf2	`if( bflg )`
	93a9cf2	`{ if( bottom - top >= MAX_LINES )`
	93a9cf2	`bottom = top + MAX_LINES - 1;`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtomda.c.security-code netpbm-10.58.01/converter/pbm/pbmtomda.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtomda.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtomda.c 2012-04-09 15:40:03.195619889 +0200`
	93a9cf2	`@@ -179,6 +179,7 @@ int main(int argc, char **argv)`
	93a9cf2
	93a9cf2	`nOutRowsUnrounded = bScale ? nInRows/2 : nInRows;`
	93a9cf2
	93a9cf2	`+ overflow_add(nOutRowsUnrounded, 3);`
	93a9cf2	`nOutRows = ((nOutRowsUnrounded + 3) / 4) * 4;`
	93a9cf2	`/* MDA wants rows a multiple of 4 */`
	93a9cf2	`nOutCols = nInCols / 8;`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c.security-code netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c 2012-04-09 15:40:03.195619889 +0200`
	d60ce20	`@@ -105,6 +105,7 @@ int pbm_readline(pbm_stat* pbm,unsigned`
cvsdist	499931c	`return 0;`
cvsdist	499931c
cvsdist	499931c	`case P4:`
cvsdist	499931c	`+ overflow_add(pbm->width, 7);`
cvsdist	499931c	`tmp=(pbm->width+7)/8;`
cvsdist	499931c	`tmp2=fread(data,1,tmp,pbm->fptr);`
cvsdist	499931c	`if(tmp2 == tmp)`
	93a9cf2	`@@ -129,7 +130,8 @@ void pbm_unreadline (pbm_stat *pbm, void`
cvsdist	499931c	`return;`
cvsdist	499931c
cvsdist	499931c	`pbm->unread = 1;`
cvsdist	499931c	`- pbm->revdata = malloc ((pbm->width+7)/8);`
cvsdist	499931c	`+ overflow_add(pbm->width, 7);`
cvsdist	499931c	`+ pbm->revdata = malloc((pbm->width+7)/8);`
cvsdist	499931c	`memcpy (pbm->revdata, data, (pbm->width+7)/8);`
cvsdist	499931c	`pbm->current_line--;`
cvsdist	499931c	`}`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c.security-code netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c 2012-04-09 15:40:03.196619876 +0200`
	93a9cf2	`@@ -441,6 +441,7 @@ main(int argc, char *argv[]) {`
	93a9cf2	`pm_error("main(): unrecognized parameter '%s'", argv[argn]);`
	1f08c10	`}`
	a3c9c4b
	93a9cf2	`+ overflow_add(Width, 7);`
	93a9cf2	`Pwidth=(Width+7)/8;`
	93a9cf2	`printer.fptr=out;`
cvsdist	499931c
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtoxbm.c.security-code netpbm-10.58.01/converter/pbm/pbmtoxbm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtoxbm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtoxbm.c 2012-04-09 15:40:03.196619876 +0200`
	b3d2df7	`@@ -335,6 +335,8 @@ convertRaster(FILE * const ifP,`
	1f08c10
	b3d2df7	`unsigned char * bitrow;`
	b3d2df7	`unsigned int row;`
	b3d2df7	`+`
	b3d2df7	`+ overflow_add(cols, padright);`
	1f08c10
	b3d2df7	`putinit(xbmVersion);`
	a3c9c4b
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtoybm.c.security-code netpbm-10.58.01/converter/pbm/pbmtoybm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtoybm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtoybm.c 2012-04-09 15:40:03.197619863 +0200`
	d60ce20	`@@ -113,6 +113,7 @@ main(int argc, const char *argv[]) {`
	d60ce20	`bitrow = pbm_allocrow(cols);`
	93a9cf2
	93a9cf2	`/* Compute padding to round cols up to the nearest multiple of 16. */`
	93a9cf2	`+ overflow_add(cols, 16);`
	d60ce20	`padright = ((cols + 15) / 16) * 16 - cols;`
	a3c9c4b
	d60ce20	`putinit(cols, rows);`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmtozinc.c.security-code netpbm-10.58.01/converter/pbm/pbmtozinc.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmtozinc.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmtozinc.c 2012-04-09 15:40:03.197619863 +0200`
	93a9cf2	`@@ -65,6 +65,7 @@ main(int argc, char * argv[]) {`
	93a9cf2	`bitrow = pbm_allocrow( cols );`
	a3c9c4b
	93a9cf2	`/* Compute padding to round cols up to the nearest multiple of 16. */`
	93a9cf2	`+ overflow_add(cols, 16);`
	93a9cf2	`padright = ( ( cols + 15 ) / 16 ) * 16 - cols;`
	1f08c10
	93a9cf2	`printf( "USHORT %s[] = {\n",name);`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmto10x.c.security-code netpbm-10.58.01/converter/pbm/pbmto10x.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmto10x.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmto10x.c 2012-04-09 15:40:03.197619863 +0200`
	d60ce20	`@@ -162,7 +162,7 @@ main(int argc, char * argv[]) {`
	d60ce20	`res_60x72();`
	d60ce20
	d60ce20	`pm_close(ifp);`
	d60ce20	`- exit(0);`
	d60ce20	`+ return 0;`
	d60ce20	`}`
	d60ce20
	d60ce20
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pbmto4425.c.security-code netpbm-10.58.01/converter/pbm/pbmto4425.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pbmto4425.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pbmto4425.c 2012-04-09 15:40:03.198619851 +0200`
	d60ce20	`@@ -2,6 +2,7 @@`
	d60ce20
	d60ce20	`#include "nstring.h"`
	d60ce20	`#include "pbm.h"`
	d60ce20	`+#include <string.h>`
	d60ce20
	d60ce20	`static char bit_table[2][3] = {`
	d60ce20	`{1, 4, 0x10},`
	d60ce20	`@@ -160,7 +161,7 @@ main(int argc, char * argv[]) {`
	d60ce20	`xres = vmap_width * 2;`
	d60ce20	`yres = vmap_height * 3;`
	d60ce20
	d60ce20	`- vmap = malloc(vmap_width * vmap_height * sizeof(char));`
	d60ce20	`+ vmap = malloc3(vmap_width, vmap_height, sizeof(char));`
	d60ce20	`if(vmap == NULL)`
	d60ce20	`{`
	d60ce20	`pm_error( "Cannot allocate memory" );`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/pktopbm.c.security-code netpbm-10.58.01/converter/pbm/pktopbm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/pktopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/pktopbm.c 2012-04-09 15:40:03.198619851 +0200`
	93a9cf2	`@@ -277,6 +277,7 @@ main(int argc, char *argv[]) {`
	93a9cf2	`if (flagbyte == 7) { /* long form preamble */`
	93a9cf2	`integer packetlength = get32() ; /* character packet length */`
	93a9cf2	`car = get32() ; /* character number */`
	93a9cf2	`+ overflow_add(packetlength, pktopbm_pkloc);`
	93a9cf2	`endofpacket = packetlength + pktopbm_pkloc;`
	93a9cf2	`/* calculate end of packet */`
	93a9cf2	`if ((car >= MAXPKCHAR) \|\| !filename[car]) {`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/thinkjettopbm.l.security-code netpbm-10.58.01/converter/pbm/thinkjettopbm.l`
	717bd45	`--- netpbm-10.58.01/converter/pbm/thinkjettopbm.l.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/thinkjettopbm.l 2012-04-09 15:40:03.199619839 +0200`
	d60ce20	`@@ -114,7 +114,9 @@ DIG [0-9]`
	1f08c10	`<RASTERMODE>\033\*b{DIG}+W {`
	1f08c10	`int l;`
	1f08c10	`if (rowCount >= rowCapacity) {`
	1f08c10	`+ overflow_add(rowCapacity, 100);`
	1f08c10	`rowCapacity += 100;`
	1f08c10	`+ overflow2(rowCapacity, sizeof *rows);`
	1f08c10	`rows = realloc (rows, rowCapacity * sizeof *rows);`
	1f08c10	`if (rows == NULL)`
	1f08c10	`pm_error ("Out of memory.");`
	d60ce20	`@@ -226,6 +228,8 @@ yywrap (void)`
	1f08c10	`/*`
	1f08c10	`* Quite simple since ThinkJet bit arrangement matches PBM`
	1f08c10	`*/`
	1f08c10	`+`
	1f08c10	`+ overflow2(maxRowLength, 8);`
	1f08c10	`pbm_writepbminit(stdout, maxRowLength*8, rowCount, 0);`
	1f08c10
	1f08c10	`packed_bitrow = malloc(maxRowLength);`
	717bd45	`diff -up netpbm-10.58.01/converter/pbm/ybmtopbm.c.security-code netpbm-10.58.01/converter/pbm/ybmtopbm.c`
	717bd45	`--- netpbm-10.58.01/converter/pbm/ybmtopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pbm/ybmtopbm.c 2012-04-09 15:40:03.199619839 +0200`
	d60ce20	`@@ -49,6 +49,7 @@ getinit(FILE * const ifP,`
	d60ce20	`pm_error("EOF / read error");`
	1f08c10
	93a9cf2	`*depthP = 1;`
	93a9cf2	`+ overflow_add(*colsP, 15);`
	d60ce20	`padrightP = ((colsP + 15) / 16) * 16 - *colsP;`
	d60ce20	`}`
	d60ce20
	717bd45	`diff -up netpbm-10.58.01/converter/pgm/lispmtopgm.c.security-code netpbm-10.58.01/converter/pgm/lispmtopgm.c`
	717bd45	`--- netpbm-10.58.01/converter/pgm/lispmtopgm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pgm/lispmtopgm.c 2012-04-09 15:40:03.199619839 +0200`
	93a9cf2	`@@ -58,6 +58,7 @@ main( argc, argv )`
	93a9cf2	`pm_error( "depth (%d bits) is too large", depth);`
	1f08c10
	93a9cf2	`pgm_writepgminit( stdout, cols, rows, (gray) maxval, 0 );`
	93a9cf2	`+ overflow_add(cols, 7);`
	93a9cf2	`grayrow = pgm_allocrow( ( cols + 7 ) / 8 * 8 );`
	93a9cf2
	93a9cf2	`for ( row = 0; row < rows; ++row )`
	93a9cf2	`@@ -102,7 +103,9 @@ getinit( file, colsP, rowsP, depthP, pad`
	1f08c10
	93a9cf2	`if ( *depthP == 0 )`
	93a9cf2	`depthP = 1; / very old file */`
	93a9cf2	`-`
	93a9cf2	`+`
	93a9cf2	`+ overflow_add((int)colsP, 31);`
	93a9cf2	`+`
	93a9cf2	`padrightP = ( ( colsP + 31 ) / 32 ) * 32 - *colsP;`
	1f08c10
	93a9cf2	`if ( colsP != (cols_32 - padrightP) ) {`
	717bd45	`diff -up netpbm-10.58.01/converter/pgm/psidtopgm.c.security-code netpbm-10.58.01/converter/pgm/psidtopgm.c`
	717bd45	`--- netpbm-10.58.01/converter/pgm/psidtopgm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/pgm/psidtopgm.c 2012-04-09 15:40:03.200619827 +0200`
	93a9cf2	`@@ -78,6 +78,7 @@ main(int argc,`
	93a9cf2	`pm_error("bits/sample (%d) is too large.", bitspersample);`
	93a9cf2
	93a9cf2	`pgm_writepgminit(stdout, cols, rows, maxval, 0);`
	1f08c10	`+ overflow_add(cols, 7);`
	93a9cf2	`grayrow = pgm_allocrow((cols + 7) / 8 * 8);`
	93a9cf2	`for (row = 0; row < rows; ++row) {`
	93a9cf2	`unsigned int col;`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ilbmtoppm.c.security-code netpbm-10.58.01/converter/ppm/ilbmtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ilbmtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ilbmtoppm.c 2012-04-09 15:40:03.201619815 +0200`
	d60ce20	`@@ -592,6 +592,7 @@ decode_row(FILE * const ifP,`
	93a9cf2	`rawtype *chp;`
	1f08c10
	93a9cf2	`cols = bmhdP->w;`
	93a9cf2	`+ overflow_add(cols, 15);`
	93a9cf2	`bytes = RowBytes(cols);`
	93a9cf2	`for( plane = 0; plane < nPlanes; plane++ ) {`
	93a9cf2	`int mask;`
	d60ce20	`@@ -679,6 +680,23 @@ decode_mask(FILE * const ifP,`
	93a9cf2	`Multipalette handling`
	93a9cf2	`****************************************************************************/`
	93a9cf2
	93a9cf2	`+static void *`
	93a9cf2	`+xmalloc2(x, y)`
	93a9cf2	`+ int x;`
	93a9cf2	`+ int y;`
	93a9cf2	`+{`
	93a9cf2	`+ void *mem;`
	93a9cf2	`+`
	93a9cf2	`+ overflow2(x,y);`
	93a9cf2	`+ if( x * y == 0 )`
	93a9cf2	`+ return NULL;`
	93a9cf2	`+`
	93a9cf2	`+ mem = malloc2(x,y);`
	93a9cf2	`+ if( mem == NULL )`
	93a9cf2	`+ pm_error("out of memory allocating %d bytes", x * y);`
	93a9cf2	`+ return mem;`
	93a9cf2	`+}`
	93a9cf2	`+`
	93a9cf2
	93a9cf2	`static void`
	93a9cf2	`multi_adjust(cmap, row, palchange)`
	d60ce20	`@@ -1341,6 +1359,9 @@ dcol_to_ppm(FILE * const ifP,`
	93a9cf2	`if( redmaxval != maxval \|\| greenmaxval != maxval \|\| bluemaxval != maxval )`
	93a9cf2	`pm_message("scaling colors to %d bits", pm_maxvaltobits(maxval));`
	a3c9c4b
	93a9cf2	`+ overflow_add(redmaxval, 1);`
	93a9cf2	`+ overflow_add(greenmaxval, 1);`
	93a9cf2	`+ overflow_add(bluemaxval, 1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(redtable, redmaxval +1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(greentable, greenmaxval +1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(bluetable, bluemaxval +1);`
	d60ce20	`@@ -1763,7 +1784,9 @@ PCHG_ConvertSmall(PCHG, cmap, mask, data`
	93a9cf2	`ChangeCount32 = *data++;`
	93a9cf2	`datasize -= 2;`
	a3c9c4b
	93a9cf2	`+ overflow_add(ChangeCount16, ChangeCount32);`
	93a9cf2	`changes = ChangeCount16 + ChangeCount32;`
	93a9cf2	`+ overflow_add(changes, 1);`
	93a9cf2	`for( i = 0; i < changes; i++ ) {`
	93a9cf2	`if( totalchanges >= PCHG->TotalChanges ) goto fail;`
	93a9cf2	`if( datasize < 2 ) goto fail;`
	d60ce20	`@@ -2028,6 +2051,9 @@ read_pchg(FILE * const ifp,`
	93a9cf2	`cmap->mp_change[i] = NULL;`
	93a9cf2	`if( PCHG.StartLine < 0 ) {`
	93a9cf2	`int nch;`
	93a9cf2	`+ if(PCHG.MaxReg < PCHG.MinReg)`
	93a9cf2	`+ pm_error("assert: MinReg > MaxReg");`
	93a9cf2	`+ overflow_add(PCHG.MaxReg-PCHG.MinReg, 2);`
	93a9cf2	`nch = PCHG.MaxReg - PCHG.MinReg +1;`
	93a9cf2	`MALLOCARRAY_NOFAIL(cmap->mp_init, nch + 1);`
	93a9cf2	`for( i = 0; i < nch; i++ )`
	d60ce20	`@@ -2104,6 +2130,7 @@ process_body( FILE * const ifp,`
	93a9cf2	`if( typeid == ID_ILBM ) {`
	93a9cf2	`int isdeep;`
	1f08c10
	93a9cf2	`+ overflow_add(bmhdP->w, 15);`
	93a9cf2	`MALLOCARRAY_NOFAIL(ilbmrow, RowBytes(bmhdP->w));`
	93a9cf2	`viewportmodesP \|= fakeviewport; / -isham/-isehb */`
	1f08c10
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/imgtoppm.c.security-code netpbm-10.58.01/converter/ppm/imgtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/imgtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/imgtoppm.c 2012-04-09 15:40:03.202619802 +0200`
	93a9cf2	`@@ -84,6 +84,7 @@ main(int argc, char ** argv) {`
	93a9cf2	`len = atoi((char*) buf );`
	93a9cf2	`if ( fread( buf, len, 1, ifp ) != 1 )`
	93a9cf2	`pm_error( "bad colormap buf" );`
	93a9cf2	`+ overflow2(cmaplen, 3);`
	93a9cf2	`if ( cmaplen * 3 != len )`
	93a9cf2	`{`
	93a9cf2	`pm_message(`
	93a9cf2	`@@ -105,6 +106,7 @@ main(int argc, char ** argv) {`
	93a9cf2	`pm_error( "bad pixel data header" );`
	93a9cf2	`buf[8] = '\0';`
	93a9cf2	`len = atoi((char*) buf );`
	93a9cf2	`+ overflow2(cols, rows);`
	93a9cf2	`if ( len != cols * rows )`
	93a9cf2	`pm_message(`
	93a9cf2	`"pixel data length (%d) does not match image size (%d)",`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/Makefile.security-code netpbm-10.58.01/converter/ppm/Makefile`
	717bd45	`--- netpbm-10.58.01/converter/ppm/Makefile.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/Makefile 2012-04-09 15:40:03.202619802 +0200`
	93a9cf2	`@@ -11,7 +11,7 @@ SUBDIRS = hpcdtoppm ppmtompeg`
	a3c9c4b
	93a9cf2	`PORTBINARIES = 411toppm eyuvtoppm gouldtoppm ilbmtoppm imgtoppm \`
	93a9cf2	`leaftoppm mtvtoppm neotoppm \`
	93a9cf2	`- pcxtoppm pc1toppm pi1toppm picttoppm pjtoppm \`
	93a9cf2	`+ pcxtoppm pc1toppm pi1toppm pjtoppm \`
	d60ce20	`ppmtoacad ppmtoapplevol ppmtoarbtxt ppmtoascii \`
	93a9cf2	`ppmtobmp ppmtoeyuv ppmtogif ppmtoicr ppmtoilbm \`
	93a9cf2	`ppmtoleaf ppmtolj ppmtomitsu ppmtoneo \`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/pcxtoppm.c.security-code netpbm-10.58.01/converter/ppm/pcxtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/pcxtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/pcxtoppm.c 2012-04-09 15:40:03.203619789 +0200`
	d60ce20	`@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes,`
	93a9cf2	`/*`
	93a9cf2	`* clear the pixel buffer`
	93a9cf2	`*/`
	93a9cf2	`+ overflow2(bytesperline, 8);`
	93a9cf2	`npixels = (bytesperline * 8) / bitsperpixel;`
	93a9cf2	`p = pixels;`
	93a9cf2	`while (--npixels >= 0)`
	b3d2df7	`@@ -470,6 +471,7 @@ pcx_16col_to_ppm(FILE * const ifP,`
	93a9cf2	`}`
	93a9cf2
	93a9cf2	`/* BytesPerLine should be >= BitsPerPixel * cols / 8 */`
	93a9cf2	`+ overflow2(BytesPerLine, 8);`
	93a9cf2	`rawcols = BytesPerLine * 8 / BitsPerPixel;`
	93a9cf2	`if (headerCols > rawcols) {`
	93a9cf2	`pm_message("warning - BytesPerLine = %d, "`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/picttoppm.c.security-code netpbm-10.58.01/converter/ppm/picttoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/picttoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/picttoppm.c 2012-04-09 15:40:03.205619763 +0200`
	93a9cf2	`@@ -1,3 +1,5 @@`
	93a9cf2	`+#error "Unfixable. Don't ship me"`
cvsdist	499931c	`+`
	93a9cf2	`/*`
	93a9cf2	`* picttoppm.c -- convert a MacIntosh PICT file to PPM format.`
	93a9cf2	`*`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/pjtoppm.c.security-code netpbm-10.58.01/converter/ppm/pjtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/pjtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/pjtoppm.c 2012-04-09 15:40:03.206619751 +0200`
	93a9cf2	`@@ -127,19 +127,21 @@ main(argc, argv)`
	93a9cf2	`case 'V': /* send plane */`
	93a9cf2	`case 'W': /* send last plane */`
	93a9cf2	`if (rows == -1 \|\| r >= rows \|\| image == NULL) {`
	93a9cf2	`- if (rows == -1 \|\| r >= rows)`
	93a9cf2	`+ if (rows == -1 \|\| r >= rows) {`
	93a9cf2	`+ overflow_add(rows, 100);`
	93a9cf2	`rows += 100;`
	93a9cf2	`+ }`
	93a9cf2	`if (image == NULL) {`
	93a9cf2	`- MALLOCARRAY(image, rows * planes);`
	93a9cf2	`- MALLOCARRAY(imlen, rows * planes);`
	93a9cf2	`+ image = (unsigned char **)`
	93a9cf2	`+ malloc3(rows , planes , sizeof(unsigned char *));`
	93a9cf2	`+ imlen = (int *) malloc3(rows , planes, sizeof(int));`
	93a9cf2	`}`
	93a9cf2	`else {`
	93a9cf2	`+ overflow2(rows,planes);`
	93a9cf2	`image = (unsigned char **)`
	93a9cf2	`- realloc(image,`
	93a9cf2	`- rows * planes *`
	93a9cf2	`+ realloc2(image, rows * planes,`
	93a9cf2	`sizeof(unsigned char *));`
	93a9cf2	`- imlen = (int *)`
	93a9cf2	`- realloc(imlen, rows * planes * sizeof(int));`
	93a9cf2	`+ imlen = (int ) realloc2(imlen, rows planes, sizeof(int));`
	93a9cf2	`}`
	93a9cf2	`}`
	93a9cf2	`if (image == NULL \|\| imlen == NULL)`
	93a9cf2	`@@ -212,8 +214,10 @@ main(argc, argv)`
	93a9cf2	`for (i = 0, c = 0; c < imlen[p + r * planes]; c += 2)`
	93a9cf2	`for (cmd = image[p + r * planes][c],`
	93a9cf2	`val = image[p + r * planes][c+1];`
	93a9cf2	`- cmd >= 0 && i < newcols; cmd--, i++)`
	93a9cf2	`+ cmd >= 0 && i < newcols; cmd--, i++) {`
	93a9cf2	`buf[i] = val;`
	93a9cf2	`+ overflow_add(i, 1);`
	93a9cf2	`+ }`
	93a9cf2	`cols = cols > i ? cols : i;`
	93a9cf2	`free(image[p + r * planes]);`
	93a9cf2	`/*`
	93a9cf2	`@@ -224,6 +228,7 @@ main(argc, argv)`
	93a9cf2	`image[p + r * planes] = (unsigned char *) realloc(buf, i);`
	93a9cf2	`}`
	93a9cf2	`}`
	93a9cf2	`+ overflow2(cols, 8);`
	93a9cf2	`cols *= 8;`
	93a9cf2	`}`
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtoeyuv.c.security-code netpbm-10.58.01/converter/ppm/ppmtoeyuv.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtoeyuv.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtoeyuv.c 2012-04-09 15:40:03.206619751 +0200`
	93a9cf2	`@@ -114,6 +114,7 @@ create_multiplication_tables(const pixva`
cvsdist	499931c
	93a9cf2	`int index;`
	93a9cf2
	93a9cf2	`+ overflow_add(maxval, 1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(mult299 , maxval+1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(mult587 , maxval+1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(mult114 , maxval+1);`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtoicr.c.security-code netpbm-10.58.01/converter/ppm/ppmtoicr.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtoicr.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtoicr.c 2012-04-09 15:40:03.207619739 +0200`
	93a9cf2	`@@ -169,7 +169,7 @@ char* argv[];`
	93a9cf2
	93a9cf2	`if (rleflag) {`
	93a9cf2	`pm_message("sending run-length encoded picture data ..." );`
	93a9cf2	`- testimage = (char) malloc(rowscols);`
	93a9cf2	`+ testimage = (char*) malloc2(rows, cols);`
	93a9cf2	`p = testimage;`
	93a9cf2	`for (i=0; i`
	93a9cf2	`for (j=0; j`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtoilbm.c.security-code netpbm-10.58.01/converter/ppm/ppmtoilbm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtoilbm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtoilbm.c 2012-04-09 15:40:03.208619727 +0200`
	d60ce20	`@@ -1220,6 +1220,7 @@ ppm_to_rgb8(ifP, cols, rows, maxval)`
	93a9cf2
	93a9cf2	`maskmethod = 0; /* no masking - RGB8 uses genlock bits */`
	93a9cf2	`compmethod = 4; /* RGB8 files are always compressed */`
	93a9cf2	`+ overflow2(cols, 4);`
	93a9cf2	`MALLOCARRAY_NOFAIL(compr_row, cols * 4);`
	1f08c10
	93a9cf2	`if( maxval != 255 ) {`
	d60ce20	`@@ -1308,6 +1309,7 @@ ppm_to_rgbn(ifP, cols, rows, maxval)`
	1f08c10
	93a9cf2	`maskmethod = 0; /* no masking - RGBN uses genlock bits */`
	93a9cf2	`compmethod = 4; /* RGBN files are always compressed */`
	93a9cf2	`+ overflow2(cols, 2);`
	93a9cf2	`MALLOCARRAY_NOFAIL(compr_row, cols * 2);`
	1f08c10
	93a9cf2	`if( maxval != 15 ) {`
	d60ce20	`@@ -1785,6 +1787,7 @@ make_val_table(oldmaxval, newmaxval)`
	b3d2df7	`unsigned int i;`
	b3d2df7	`int * table;`
	1f08c10
	93a9cf2	`+ overflow_add(oldmaxval, 1);`
	93a9cf2	`MALLOCARRAY_NOFAIL(table, oldmaxval + 1);`
	b3d2df7	`for (i = 0; i <= oldmaxval; ++i)`
	b3d2df7	`table[i] = ROUNDDIV(i * newmaxval, oldmaxval);`
	d60ce20	`@@ -2293,8 +2296,11 @@ main(int argc, char ** argv) {`
	93a9cf2	`MALLOCARRAY_NOFAIL(coded_rowbuf, RowBytes(cols));`
	93a9cf2	`for (i = 0; i < RowBytes(cols); ++i)`
	93a9cf2	`coded_rowbuf[i] = 0;`
	93a9cf2	`- if (DO_COMPRESS)`
	93a9cf2	`+ if (DO_COMPRESS) {`
	93a9cf2	`+ overflow2(cols,2);`
	93a9cf2	`+ overflow_add(cols*2,2);`
	93a9cf2	`MALLOCARRAY_NOFAIL(compr_rowbuf, WORSTCOMPR(RowBytes(cols)));`
	93a9cf2	`+ }`
	a3c9c4b	`}`
	93a9cf2
	93a9cf2	`switch (mode) {`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtolj.c.security-code netpbm-10.58.01/converter/ppm/ppmtolj.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtolj.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtolj.c 2012-04-09 15:40:03.210619701 +0200`
	93a9cf2	`@@ -181,7 +181,8 @@ int main(int argc, char *argv[]) {`
cvsdist	499931c
	93a9cf2	`ppm_readppminit( ifp, &cols, &rows, &maxval, &format );`
	93a9cf2	`pixelrow = ppm_allocrow( cols );`
	93a9cf2	`-`
	93a9cf2	`+`
	93a9cf2	`+ overflow2(cols, 6);`
	93a9cf2	`obuf = (unsigned char ) pm_allocrow(cols 3, sizeof(unsigned char));`
	93a9cf2	`cbuf = (unsigned char ) pm_allocrow(cols 6, sizeof(unsigned char));`
	93a9cf2	`if (mode == C_TRANS_MODE_DELTA)`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtomitsu.c.security-code netpbm-10.58.01/converter/ppm/ppmtomitsu.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtomitsu.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtomitsu.c 2012-04-09 15:40:03.210619702 +0200`
	b3d2df7	`@@ -685,6 +685,8 @@ main(int argc, char * argv[]) {`
	93a9cf2	`medias = MSize_User;`
	1f08c10
	b3d2df7	`if (dpi300) {`
	b3d2df7	`+ overflow2(medias.maxcols, 2);`
	b3d2df7	`+ overflow2(medias.maxrows, 2);`
	b3d2df7	`medias.maxcols *= 2;`
	b3d2df7	`medias.maxrows *= 2;`
	b3d2df7	`}`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtopcx.c.security-code netpbm-10.58.01/converter/ppm/ppmtopcx.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtopcx.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtopcx.c 2012-04-09 15:40:03.210619702 +0200`
	b3d2df7	`@@ -419,6 +419,8 @@ ppmTo16ColorPcx(pixel ** cons`
	93a9cf2	`else Planes = 1;`
	93a9cf2	`}`
	1f08c10	`}`
	93a9cf2	`+ overflow2(BitsPerPixel, cols);`
	93a9cf2	`+ overflow_add(BitsPerPixel * cols, 7);`
	93a9cf2	`BytesPerLine = ((cols * BitsPerPixel) + 7) / 8;`
	93a9cf2	`MALLOCARRAY_NOFAIL(indexRow, cols);`
	93a9cf2	`MALLOCARRAY_NOFAIL(planesrow, BytesPerLine);`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtopict.c.security-code netpbm-10.58.01/converter/ppm/ppmtopict.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtopict.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtopict.c 2012-04-09 15:40:03.211619690 +0200`
	d60ce20	`@@ -441,6 +441,8 @@ main(int argc, const char ** argv) {`
	d60ce20	`putShort(stdout, 0); /* mode */`
	d60ce20
	d60ce20	`/* Finally, write out the data. */`
	d60ce20	`+ overflow_add(cols/MAX_COUNT, 1);`
	d60ce20	`+ overflow_add(cols, cols/MAX_COUNT+1);`
	d60ce20	`packed = malloc((unsigned)(cols+cols/MAX_COUNT+1));`
	d60ce20	`for (row = 0, oc = 0; row < rows; row++)`
	d60ce20	`oc += putRow(stdout, row, cols, pixels[row], packed);`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtopj.c.security-code netpbm-10.58.01/converter/ppm/ppmtopj.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtopj.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtopj.c 2012-04-09 15:40:03.212619677 +0200`
	93a9cf2	`@@ -179,6 +179,7 @@ char *argv[];`
	93a9cf2	`pixels = ppm_readppm( ifp, &cols, &rows, &maxval );`
cvsdist	499931c
	93a9cf2	`pm_close( ifp );`
	93a9cf2	`+ overflow2(cols,2);`
	93a9cf2	`obuf = (unsigned char *) pm_allocrow(cols, sizeof(unsigned char));`
	93a9cf2	`cbuf = (unsigned char ) pm_allocrow(cols 2, sizeof(unsigned char));`
cvsdist	499931c
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtopjxl.c.security-code netpbm-10.58.01/converter/ppm/ppmtopjxl.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtopjxl.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtopjxl.c 2012-04-09 15:40:03.212619677 +0200`
	b3d2df7	`@@ -276,6 +276,8 @@ main(int argc, const char * argv[]) {`
	b3d2df7	`pm_error("image too large; reduce with ppmscale");`
	b3d2df7	`if (maxval > PCL_MAXVAL)`
	b3d2df7	`pm_error("color range too large; reduce with ppmcscale");`
	b3d2df7	`+ if (cols < 0 \|\| rows < 0)`
	b3d2df7	`+ pm_error("negative size is not possible");`
	b3d2df7
	b3d2df7	`/* Figure out the colormap. */`
	b3d2df7	`pm_message("Computing colormap...");`
	b3d2df7	`@@ -296,6 +298,8 @@ main(int argc, const char * argv[]) {`
	b3d2df7	`case 0: /* direct mode (no palette) */`
	b3d2df7	`bpp = bitsperpixel(maxval); /* bits per pixel */`
	b3d2df7	`bpg = bpp; bpb = bpp;`
	b3d2df7	`+ overflow2(bpp, 3);`
	b3d2df7	`+ overflow_add(bpp*3, 7);`
	b3d2df7	`bpp = (bpp3+7)>>3; / bytes per pixel now */`
	b3d2df7	`bpr = (bpp<<3)-bpg-bpb;`
	b3d2df7	`bpp = cols; / bytes per row now */`
	b3d2df7	`@@ -305,9 +309,13 @@ main(int argc, const char * argv[]) {`
	b3d2df7	`case 3: case 7: pclindex++;`
	b3d2df7	`default:`
	b3d2df7	`bpp = 8/pclindex;`
	b3d2df7	`+ overflow_add(cols, bpp);`
	b3d2df7	`+ if(bpp == 0)`
	93a9cf2	`+ pm_error("assert: no bpp");`
	b3d2df7	`bpp = (cols+bpp-1)/bpp; /* bytes per row */`
	b3d2df7	`}`
	b3d2df7	`}`
	b3d2df7	`+ overflow2(bpp,2);`
	b3d2df7	`inrow = (char *)malloc((unsigned)bpp);`
	b3d2df7	`outrow = (char )malloc((unsigned)bpp2);`
	b3d2df7	`runcnt = (signed char *)malloc((unsigned)bpp);`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtowinicon.c.security-code netpbm-10.58.01/converter/ppm/ppmtowinicon.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtowinicon.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtowinicon.c 2012-04-09 15:40:03.213619664 +0200`
	93a9cf2	`@@ -12,6 +12,7 @@`
	acf309e
	93a9cf2	`#include <math.h>`
	93a9cf2	`#include <string.h>`
	93a9cf2	`+#include <stdlib.h>`
	acf309e
	b3d2df7	`#include "pm_c_util.h"`
	93a9cf2	`#include "winico.h"`
	b3d2df7	`@@ -219,6 +220,7 @@ createAndBitmap (gray ** const ba, int c`
	93a9cf2	`MALLOCARRAY_NOFAIL(rowData, rows);`
	93a9cf2	`icBitmap->xBytes = xBytes;`
	93a9cf2	`icBitmap->data = rowData;`
	93a9cf2	`+ overflow2(xBytes, rows);`
	93a9cf2	`icBitmap->size = xBytes * rows;`
	93a9cf2	`for (y=0;y`
	93a9cf2	`u1 * row;`
	b3d2df7	`@@ -347,6 +349,7 @@ create4Bitmap (pixel ** const pa, int co`
	93a9cf2	`MALLOCARRAY_NOFAIL(rowData, rows);`
	93a9cf2	`icBitmap->xBytes = xBytes;`
	93a9cf2	`icBitmap->data = rowData;`
	93a9cf2	`+ overflow2(xBytes, rows);`
	93a9cf2	`icBitmap->size = xBytes * rows;`
	acf309e
	93a9cf2	`for (y=0;y`
	b3d2df7	`@@ -407,6 +410,7 @@ create8Bitmap (pixel ** const pa, int co`
	93a9cf2	`MALLOCARRAY_NOFAIL(rowData, rows);`
	93a9cf2	`icBitmap->xBytes = xBytes;`
	93a9cf2	`icBitmap->data = rowData;`
	93a9cf2	`+ overflow2(xBytes, rows);`
	93a9cf2	`icBitmap->size = xBytes * rows;`
	93a9cf2
	93a9cf2	`for (y=0;y`
	b3d2df7	`@@ -714,6 +718,10 @@ addEntryToIcon(MS_Ico const MSIcon`
	93a9cf2	`entry->bitcount = bpp;`
	93a9cf2	`entry->ih = createInfoHeader(entry, xorBitmap, andBitmap);`
	93a9cf2	`entry->colors = palette->colors;`
	93a9cf2	`+ overflow2(4, entry->color_count);`
	93a9cf2	`+ overflow_add(xorBitmap->size, andBitmap->size);`
	93a9cf2	`+ overflow_add(xorBitmap->size + andBitmap->size, 40);`
	93a9cf2	`+ overflow_add(xorBitmap->size + andBitmap->size + 40, 4 * entry->color_count);`
	93a9cf2	`entry->size_in_bytes =`
	93a9cf2	`xorBitmap->size + andBitmap->size + 40 + (4 * entry->color_count);`
	93a9cf2	`if (verbose)`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ppmtoxpm.c.security-code netpbm-10.58.01/converter/ppm/ppmtoxpm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ppmtoxpm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ppmtoxpm.c 2012-04-09 15:40:03.214619651 +0200`
	d60ce20	`@@ -197,6 +197,7 @@ genNumstr(unsigned int const input, int`
	93a9cf2	`unsigned int i;`
	93a9cf2
	93a9cf2	`/* Allocate memory for printed number. Abort if error. */`
	93a9cf2	`+ overflow_add(digits, 1);`
	93a9cf2	`if (!(str = (char *) malloc(digits + 1)))`
	93a9cf2	`pm_error("out of memory");`
	93a9cf2
	d60ce20	`@@ -314,6 +315,7 @@ genCmap(colorhist_vector const chv,`
	93a9cf2	`unsigned int charsPerPixel;`
	93a9cf2	`unsigned int xpmMaxval;`
	93a9cf2
	93a9cf2	`+ if (includeTransparent) overflow_add(ncolors, 1);`
	93a9cf2	`MALLOCARRAY(cmap, cmapSize);`
	93a9cf2	`if (cmapP == NULL)`
	93a9cf2	`pm_error("Out of memory allocating %u bytes for a color map.",`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/qrttoppm.c.security-code netpbm-10.58.01/converter/ppm/qrttoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/qrttoppm.c.security-code 2012-04-09 15:31:42.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/qrttoppm.c 2012-04-09 15:40:03.215619638 +0200`
	93a9cf2	`@@ -46,7 +46,7 @@ main( argc, argv )`
	93a9cf2
	93a9cf2	`ppm_writeppminit( stdout, cols, rows, maxval, 0 );`
	93a9cf2	`pixelrow = ppm_allocrow( cols );`
	93a9cf2	`- buf = (unsigned char ) malloc( 3 cols );`
	93a9cf2	`+ buf = (unsigned char *) malloc2( 3 , cols );`
	93a9cf2	`if ( buf == (unsigned char *) 0 )`
	93a9cf2	`pm_error( "out of memory" );`
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/sldtoppm.c.security-code netpbm-10.58.01/converter/ppm/sldtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/sldtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/sldtoppm.c 2012-04-09 15:40:03.216619626 +0200`
	b3d2df7	`@@ -455,6 +455,8 @@ slider(slvecfn slvec,`
	b3d2df7
	93a9cf2	`/* Allocate image buffer and clear it to black. */`
	b3d2df7
	93a9cf2	`+ overflow_add(ixdots,1);`
	93a9cf2	`+ overflow_add(iydots,1);`
	93a9cf2	`pixels = ppm_allocarray(pixcols = ixdots + 1, pixrows = iydots + 1);`
	93a9cf2	`PPM_ASSIGN(rgbcolor, 0, 0, 0);`
	93a9cf2	`ppmd_filledrectangle(pixels, pixcols, pixrows, pixmaxval, 0, 0,`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/ximtoppm.c.security-code netpbm-10.58.01/converter/ppm/ximtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/ximtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/ximtoppm.c 2012-04-09 15:40:03.216619626 +0200`
	b3d2df7	`@@ -117,6 +117,7 @@ ReadXimHeader(FILE * const in_fp,`
	93a9cf2	`header->bits_channel = atoi(a_head.bits_per_channel);`
	93a9cf2	`header->alpha_flag = atoi(a_head.alpha_channel);`
	93a9cf2	`if (strlen(a_head.author)) {`
	93a9cf2	`+ overflow_add(strlen(a_head.author),1);`
	93a9cf2	`if (!(header->author = calloc((unsigned int)strlen(a_head.author)+1,`
	93a9cf2	`1))) {`
	93a9cf2	`pm_message("ReadXimHeader: can't calloc author string" );`
	b3d2df7	`@@ -126,6 +127,7 @@ ReadXimHeader(FILE * const in_fp,`
	93a9cf2	`strncpy(header->author, a_head.author, strlen(a_head.author));`
	1f08c10	`}`
	93a9cf2	`if (strlen(a_head.date)) {`
	93a9cf2	`+ overflow_add(strlen(a_head.date),1);`
	93a9cf2	`if (!(header->date =calloc((unsigned int)strlen(a_head.date)+1,1))){`
	93a9cf2	`pm_message("ReadXimHeader: can't calloc date string" );`
	93a9cf2	`return(0);`
	b3d2df7	`@@ -134,6 +136,7 @@ ReadXimHeader(FILE * const in_fp,`
	93a9cf2	`strncpy(header->date, a_head.date, strlen(a_head.date));`
	93a9cf2	`}`
	93a9cf2	`if (strlen(a_head.program)) {`
	93a9cf2	`+ overflow_add(strlen(a_head.program),1);`
	93a9cf2	`if (!(header->program = calloc(`
	93a9cf2	`(unsigned int)strlen(a_head.program) + 1, 1))) {`
	93a9cf2	`pm_message("ReadXimHeader: can't calloc program string" );`
	b3d2df7	`@@ -160,6 +163,7 @@ ReadXimHeader(FILE * const in_fp,`
	93a9cf2	`if (header->nchannels == 3 && header->bits_channel == 8)`
	93a9cf2	`header->ncolors = 0;`
	93a9cf2	`else if (header->nchannels == 1 && header->bits_channel == 8) {`
	93a9cf2	`+ overflow2(header->ncolors, sizeof(Color));`
	93a9cf2	`header->colors = (Color *)calloc((unsigned int)header->ncolors,`
	93a9cf2	`sizeof(Color));`
	93a9cf2	`if (header->colors == NULL) {`
	717bd45	`diff -up netpbm-10.58.01/converter/ppm/yuvtoppm.c.security-code netpbm-10.58.01/converter/ppm/yuvtoppm.c`
	717bd45	`--- netpbm-10.58.01/converter/ppm/yuvtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/converter/ppm/yuvtoppm.c 2012-04-09 15:40:03.218619602 +0200`
	93a9cf2	`@@ -72,6 +72,7 @@ main(argc, argv)`
cvsdist	499931c
	93a9cf2	`ppm_writeppminit(stdout, cols, rows, (pixval) 255, 0);`
	93a9cf2	`pixrow = ppm_allocrow(cols);`
	93a9cf2	`+ overflow_add(cols, 1);`
	93a9cf2	`MALLOCARRAY(yuvbuf, (cols+1)/2);`
	93a9cf2	`if (yuvbuf == NULL)`
	93a9cf2	`pm_error("Unable to allocate YUV buffer for %d columns.", cols);`
	717bd45	`diff -up netpbm-10.58.01/editor/pamcut.c.security-code netpbm-10.58.01/editor/pamcut.c`
	717bd45	`--- netpbm-10.58.01/editor/pamcut.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pamcut.c 2012-04-09 15:40:03.218619602 +0200`
	b3d2df7	`@@ -655,6 +655,8 @@ cutOneImage(FILE * const ifP`
	1f08c10
	b3d2df7	`outpam = inpam; /* Initial value -- most fields should be same */`
	b3d2df7	`outpam.file = ofP;`
	93a9cf2	`+ overflow_add(rightcol, 1);`
	b3d2df7	`+ overflow_add(bottomrow, 1);`
	b3d2df7	`outpam.width = rightcol - leftcol + 1;`
	b3d2df7	`outpam.height = bottomrow - toprow + 1;`
	b3d2df7
	717bd45	`diff -up netpbm-10.58.01/editor/pbmreduce.c.security-code netpbm-10.58.01/editor/pbmreduce.c`
	717bd45	`--- netpbm-10.58.01/editor/pbmreduce.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pbmreduce.c 2012-04-09 15:40:03.219619590 +0200`
	b3d2df7	`@@ -94,6 +94,7 @@ main( argc, argv )`
	b3d2df7	`if (halftone == QT_FS) {`
	b3d2df7	`unsigned int col;`
	1f08c10	`/* Initialize Floyd-Steinberg. */`
	1f08c10	`+ overflow_add(newcols, 2);`
	1f08c10	`MALLOCARRAY(thiserr, newcols + 2);`
	1f08c10	`MALLOCARRAY(nexterr, newcols + 2);`
	b3d2df7	`if (thiserr == NULL \|\| nexterr == NULL)`
	717bd45	`diff -up netpbm-10.58.01/editor/pnmgamma.c.security-code netpbm-10.58.01/editor/pnmgamma.c`
	717bd45	`--- netpbm-10.58.01/editor/pnmgamma.c.security-code 2012-04-09 15:31:34.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmgamma.c 2012-04-09 15:40:03.220619577 +0200`
	d60ce20	`@@ -586,6 +586,7 @@ createGammaTables(enum transferFunction`
	93a9cf2	`xelval ** const btableP) {`
cvsdist	499931c
	93a9cf2	`/* Allocate space for the tables. */`
	93a9cf2	`+ overflow_add(maxval, 1);`
	93a9cf2	`MALLOCARRAY(*rtableP, maxval+1);`
	93a9cf2	`MALLOCARRAY(*gtableP, maxval+1);`
	93a9cf2	`MALLOCARRAY(*btableP, maxval+1);`
	717bd45	`diff -up netpbm-10.58.01/editor/pnmhisteq.c.security-code netpbm-10.58.01/editor/pnmhisteq.c`
	717bd45	`--- netpbm-10.58.01/editor/pnmhisteq.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmhisteq.c 2012-04-09 15:40:03.220619577 +0200`
	b3d2df7	`@@ -103,6 +103,7 @@ computeLuminosityHistogram(xel * const *`
	93a9cf2	`unsigned int pixelCount;`
	93a9cf2	`unsigned int * lumahist;`
cvsdist	499931c
	93a9cf2	`+ overflow_add(maxval, 1);`
	93a9cf2	`MALLOCARRAY(lumahist, maxval + 1);`
	93a9cf2	`if (lumahist == NULL)`
	93a9cf2	`pm_error("Out of storage allocating array for %u histogram elements",`
	717bd45	`diff -up netpbm-10.58.01/editor/pnmindex.csh.security-code netpbm-10.58.01/editor/pnmindex.csh`
	717bd45	`--- netpbm-10.58.01/editor/pnmindex.csh.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmindex.csh 2012-04-09 15:40:03.221619564 +0200`
	93a9cf2	`@@ -1,5 +1,8 @@`
	93a9cf2	`#!/bin/csh -f`
	93a9cf2	`#`
	93a9cf2	`+echo "Unsafe code, needs debugging, do not ship"`
	93a9cf2	`+exit 1`
	93a9cf2	`+#`
	93a9cf2	`# pnmindex - build a visual index of a bunch of anymaps`
	93a9cf2	`#`
	93a9cf2	`# Copyright (C) 1991 by Jef Poskanzer.`
	717bd45	`diff -up netpbm-10.58.01/editor/pnmpad.c.security-code netpbm-10.58.01/editor/pnmpad.c`
	717bd45	`--- netpbm-10.58.01/editor/pnmpad.c.security-code 2012-04-09 15:31:34.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmpad.c 2012-04-09 15:40:03.221619564 +0200`
	b3d2df7	`@@ -527,6 +527,8 @@ main(int argc, const char ** argv) {`
cvsdist	499931c
	1f08c10	`computePadSizes(cmdline, cols, rows, &lpad, &rpad, &tpad, &bpad);`
	1f08c10
	1f08c10	`+ overflow_add(cols, lpad);`
	1f08c10	`+ overflow_add(cols + lpad, rpad);`
	1f08c10	`newcols = cols + lpad + rpad;`
cvsdist	499931c
	b3d2df7	`if (PNM_FORMAT_TYPE(format) == PBM_TYPE)`
	717bd45	`diff -up netpbm-10.58.01/editor/pnmremap.c.security-code netpbm-10.58.01/editor/pnmremap.c`
	717bd45	`--- netpbm-10.58.01/editor/pnmremap.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmremap.c 2012-04-09 15:40:03.222619551 +0200`
	d60ce20	`@@ -409,7 +409,7 @@ initFserr(struct pam * const pamP,`
	b3d2df7	`unsigned int plane;`
cvsdist	499931c
	b3d2df7	`unsigned int const fserrSize = pamP->width + 2;`
	b3d2df7	`-`
	93a9cf2	`+ overflow_add(pamP->width, 2);`
	b3d2df7	`fserrP->width = pamP->width;`
	b3d2df7
	93a9cf2	`MALLOCARRAY(fserrP->thiserr, pamP->depth);`
	d60ce20	`@@ -445,6 +445,7 @@ floydInitRow(struct pam * const pamP, st`
cvsdist	499931c
	93a9cf2	`int col;`
	93a9cf2
	93a9cf2	`+ overflow_add(pamP->width, 2);`
	93a9cf2	`for (col = 0; col < pamP->width + 2; ++col) {`
	93a9cf2	`unsigned int plane;`
	93a9cf2	`for (plane = 0; plane < pamP->depth; ++plane)`
	717bd45	`diff -up netpbm-10.58.01/editor/pnmscalefixed.c.security-code netpbm-10.58.01/editor/pnmscalefixed.c`
	717bd45	`--- netpbm-10.58.01/editor/pnmscalefixed.c.security-code 2012-04-09 15:31:34.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmscalefixed.c 2012-04-09 15:40:03.223619538 +0200`
	d60ce20	`@@ -214,6 +214,8 @@ compute_output_dimensions(const struct c`
	93a9cf2	`const int rows, const int cols,`
	93a9cf2	`int * newrowsP, int * newcolsP) {`
	21b205c
	93a9cf2	`+ overflow2(rows, cols);`
	93a9cf2	`+`
	93a9cf2	`if (cmdline.pixels) {`
	93a9cf2	`if (rows * cols <= cmdline.pixels) {`
	93a9cf2	`*newrowsP = rows;`
	d60ce20	`@@ -265,6 +267,8 @@ compute_output_dimensions(const struct c`
cvsdist	499931c
	93a9cf2	`if (newcolsP < 1) newcolsP = 1;`
	93a9cf2	`if (newrowsP < 1) newrowsP = 1;`
	93a9cf2	`+`
	93a9cf2	`+ overflow2(newcolsP, newrowsP);`
	93a9cf2	`}`
	93a9cf2
	93a9cf2
	d60ce20	`@@ -446,6 +450,9 @@ main(int argc, char **argv ) {`
	93a9cf2	`unfilled. We can address that by stretching, whereas the other`
	93a9cf2	`case would require throwing away some of the input.`
	93a9cf2	`*/`
	93a9cf2	`+`
	93a9cf2	`+ overflow2(newcols, SCALE);`
	93a9cf2	`+ overflow2(newrows, SCALE);`
	93a9cf2	`sxscale = SCALE * newcols / cols;`
	93a9cf2	`syscale = SCALE * newrows / rows;`
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/editor/pnmshear.c.security-code netpbm-10.58.01/editor/pnmshear.c`
	717bd45	`--- netpbm-10.58.01/editor/pnmshear.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/pnmshear.c 2012-04-09 15:40:03.224619526 +0200`
	b3d2df7	`@@ -15,6 +15,7 @@`
	b3d2df7	`#include <assert.h>`
	1f08c10	`#include <math.h>`
	1f08c10	`#include <string.h>`
	1f08c10	`+#include <limits.h>`
	1f08c10
	b3d2df7	`#include "pm_c_util.h"`
	b3d2df7	`#include "ppm.h"`
	b3d2df7	`@@ -236,6 +237,11 @@ main(int argc, char * argv[]) {`
	b3d2df7
	b3d2df7	`shearfac = fabs(tan(cmdline.angle));`
	1f08c10
	1f08c10	`+ if(rows * shearfac >= INT_MAX-1)`
	b3d2df7	`+ pm_error("image too large");`
	1f08c10	`+`
	1f08c10	`+ overflow_add(rows * shearfac, cols+1);`
	b3d2df7	`+`
	1f08c10	`newcols = rows * shearfac + cols + 0.999999;`
	1f08c10
	b3d2df7	`pnm_writepnminit(stdout, newcols, rows, newmaxval, newformat, 0);`
	717bd45	`diff -up netpbm-10.58.01/editor/ppmdither.c.security-code netpbm-10.58.01/editor/ppmdither.c`
	717bd45	`--- netpbm-10.58.01/editor/ppmdither.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/ppmdither.c 2012-04-09 15:40:03.224619526 +0200`
	d60ce20	`@@ -355,7 +355,11 @@ dithMatrix(unsigned int const dithPower)`
	d60ce20	`unsigned int const dithMatSize =`
	d60ce20	`(dithDim * sizeof(dithMat)) + / pointers */`
	d60ce20	`(dithDim * dithDim * sizeof(*dithMat)); / data */`
	d60ce20	`-`
	d60ce20	`+`
	d60ce20	`+ overflow2(dithDim, sizeof(*dithMat));`
	d60ce20	`+ overflow3(dithDim, dithDim, sizeof(**dithMat));`
	d60ce20	`+ overflow_add(dithDim * sizeof(dithMat), dithDim dithDim * sizeof(**dithMat));`
	d60ce20	`+`
	d60ce20	`dithMat = malloc(dithMatSize);`
	d60ce20
	d60ce20	`if (dithMat == NULL)`
	717bd45	`diff -up netpbm-10.58.01/editor/specialty/pamoil.c.security-code netpbm-10.58.01/editor/specialty/pamoil.c`
	717bd45	`--- netpbm-10.58.01/editor/specialty/pamoil.c.security-code 2012-04-09 15:31:33.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/editor/specialty/pamoil.c 2012-04-09 15:40:03.224619526 +0200`
	b3d2df7	`@@ -112,6 +112,7 @@ main(int argc, char *argv[] ) {`
	b3d2df7	`tuples = pnm_readpam(ifp, &inpam, PAM_STRUCT_SIZE(tuple_type));`
	b3d2df7	`pm_close(ifp);`
	b3d2df7
	b3d2df7	`+ overflow_add(inpam.maxval, 1);`
	b3d2df7	`MALLOCARRAY(hist, inpam.maxval + 1);`
	b3d2df7	`if (hist == NULL)`
	b3d2df7	`pm_error("Unable to allocate memory for histogram.");`
	717bd45	`diff -up netpbm-10.58.01/generator/pbmtext.c.security-code netpbm-10.58.01/generator/pbmtext.c`
	717bd45	`--- netpbm-10.58.01/generator/pbmtext.c.security-code 2012-04-09 15:31:34.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/generator/pbmtext.c 2012-04-09 15:40:03.225619514 +0200`
	b3d2df7	`@@ -96,12 +96,14 @@ parseCommandLine(int argc, const char **`
	93a9cf2
	b3d2df7	`for (i = 1; i < argc; ++i) {`
	93a9cf2	`if (i > 1) {`
	93a9cf2	`+ overflow_add(totaltextsize, 1);`
	93a9cf2	`totaltextsize += 1;`
	93a9cf2	`text = realloc(text, totaltextsize);`
	93a9cf2	`if (text == NULL)`
	93a9cf2	`pm_error("out of memory allocating space for input text");`
	93a9cf2	`strcat(text, " ");`
	93a9cf2	`}`
	93a9cf2	`+ overflow_add(totaltextsize, strlen(argv[i]));`
	93a9cf2	`totaltextsize += strlen(argv[i]);`
	93a9cf2	`text = realloc(text, totaltextsize);`
	93a9cf2	`if (text == NULL)`
	d60ce20	`@@ -712,6 +714,7 @@ getText(const char cmdline_text`
	b3d2df7	`pm_error("A line of input text is longer than %u characters."`
	d60ce20	`"Cannot process.", (unsigned)sizeof(buf)-1);`
	93a9cf2	`if (lineCount >= maxlines) {`
	d60ce20	`+ overflow2(maxlines, 2);`
	93a9cf2	`maxlines *= 2;`
	b3d2df7	`REALLOCARRAY(text_array, maxlines);`
	93a9cf2	`if (text_array == NULL)`
	d60ce20	`@@ -832,6 +835,7 @@ main(int argc, const char *argv[]) {`
	93a9cf2	`hmargin = fontP->maxwidth;`
	93a9cf2	`} else {`
	93a9cf2	`vmargin = fontP->maxheight;`
	93a9cf2	`+ overflow2(2, fontP->maxwidth);`
	93a9cf2	`hmargin = 2 * fontP->maxwidth;`
	93a9cf2	`}`
	93a9cf2	`}`
	717bd45	`diff -up netpbm-10.58.01/generator/pgmcrater.c.security-code netpbm-10.58.01/generator/pgmcrater.c`
	717bd45	`--- netpbm-10.58.01/generator/pgmcrater.c.security-code 2012-04-09 15:31:34.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/generator/pgmcrater.c 2012-04-09 15:40:03.226619502 +0200`
	b3d2df7	`@@ -130,7 +130,7 @@ static void gencraters()`
	93a9cf2	`/* Acquire the elevation array and initialize it to mean`
	93a9cf2	`surface elevation. */`
	93a9cf2
	93a9cf2	`- MALLOCARRAY(aux, SCRX * SCRY);`
	93a9cf2	`+ aux = (unsigned short *) malloc3(SCRX, SCRY, sizeof(short));`
	93a9cf2	`if (aux == NULL)`
	93a9cf2	`pm_error("out of memory allocating elevation array");`
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/generator/pgmkernel.c.security-code netpbm-10.58.01/generator/pgmkernel.c`
	717bd45	`--- netpbm-10.58.01/generator/pgmkernel.c.security-code 2012-04-09 15:31:34.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/generator/pgmkernel.c 2012-04-09 15:40:03.226619502 +0200`
	93a9cf2	`@@ -68,7 +68,7 @@ main ( argc, argv )`
	93a9cf2	`kycenter = (fysize - 1) / 2.0;`
	93a9cf2	`ixsize = fxsize + 0.999;`
	93a9cf2	`iysize = fysize + 0.999;`
	93a9cf2	`- MALLOCARRAY(fkernel, ixsize * iysize);`
	93a9cf2	`+ fkernel = (double *) malloc3 (ixsize, iysize, sizeof(double));`
	93a9cf2	`for (i = 0; i < iysize; i++)`
	93a9cf2	`for (j = 0; j < ixsize; j++) {`
	93a9cf2	`fkernel[iixsize+j] = 1.0 / (1.0 + w sqrt((double)`
	717bd45	`diff -up netpbm-10.58.01/lib/libpam.c.security-code netpbm-10.58.01/lib/libpam.c`
	717bd45	`--- netpbm-10.58.01/lib/libpam.c.security-code 2012-04-09 15:31:38.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/lib/libpam.c 2012-04-09 15:40:03.227619490 +0200`
	d60ce20	`@@ -220,7 +220,8 @@ allocPamRow(const struct pam * const pam`
	d60ce20	`unsigned int const bytesPerTuple = allocationDepth(pamP) * sizeof(sample);`
	93a9cf2	`tuple * tuplerow;`
	93a9cf2
	93a9cf2	`- tuplerow = malloc(pamP->width * (sizeof(tuple *) + bytesPerTuple));`
	93a9cf2	`+ overflow_add(sizeof(tuple *), bytesPerTuple);`
	d60ce20	`+ tuplerow = malloc2(pamP->width, (sizeof(tuple *) + bytesPerTuple));`
	93a9cf2
	93a9cf2	`if (tuplerow != NULL) {`
	93a9cf2	`/* Now we initialize the pointers to the individual tuples`
	717bd45	`diff -up netpbm-10.58.01/lib/libpammap.c.security-code netpbm-10.58.01/lib/libpammap.c`
	717bd45	`--- netpbm-10.58.01/lib/libpammap.c.security-code 2012-04-09 15:31:38.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/lib/libpammap.c 2012-04-09 15:40:03.228619477 +0200`
	b3d2df7	`@@ -104,6 +104,8 @@ allocTupleIntListItem(struct pam * const`
	93a9cf2	`*/`
	93a9cf2	`struct tupleint_list_item * retval;`
	93a9cf2
	93a9cf2	`+ overflow2(pamP->depth, sizeof(sample));`
	93a9cf2	`+ overflow_add(sizeof(retval)-sizeof(retval->tupleint.tuple), pamP->depthsizeof(sample));`
	93a9cf2	`unsigned int const size =`
	93a9cf2	`sizeof(*retval) - sizeof(retval->tupleint.tuple)`
	93a9cf2	`+ pamP->depth * sizeof(sample);`
	717bd45	`diff -up netpbm-10.58.01/lib/libpbm1.c.security-code netpbm-10.58.01/lib/libpbm1.c`
	717bd45	`--- netpbm-10.58.01/lib/libpbm1.c.security-code 2012-04-09 15:31:38.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/lib/libpbm1.c 2012-04-09 15:40:03.228619477 +0200`
	b3d2df7	`@@ -77,6 +77,7 @@ pbm_check(FILE * file, const enum pm_che`
	93a9cf2	`pm_message("pm_filepos passed to pm_check() is %u bytes",`
	93a9cf2	`sizeof(pm_filepos));`
	93a9cf2	`#endif`
	93a9cf2	`+ overflow2(bytes_per_row, rows);`
	93a9cf2	`pm_check(file, check_type, need_raster_size, retval_p);`
	93a9cf2	`}`
	93a9cf2	`}`
	717bd45	`diff -up netpbm-10.58.01/lib/libpm.c.security-code netpbm-10.58.01/lib/libpm.c`
	717bd45	`--- netpbm-10.58.01/lib/libpm.c.security-code 2012-04-09 15:31:38.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/lib/libpm.c 2012-04-09 15:40:03.229619464 +0200`
	717bd45	`@@ -808,4 +808,53 @@ pm_parse_height(const char * const arg)`
	93a9cf2	`}`
	1f08c10
	1f08c10
	93a9cf2	`+/*`
	93a9cf2	`+ * Maths wrapping`
	1f08c10	`+ */`
	1f08c10	`+`
	93a9cf2	`+void __overflow2(int a, int b)`
	93a9cf2	`+{`
	93a9cf2	`+ if(a < 0 \|\| b < 0)`
	93a9cf2	`+ pm_error("object too large");`
	93a9cf2	`+ if(b == 0)`
	93a9cf2	`+ return;`
	93a9cf2	`+ if(a > INT_MAX / b)`
	93a9cf2	`+ pm_error("object too large");`
	93a9cf2	`+}`
	93a9cf2	`+`
	93a9cf2	`+void overflow3(int a, int b, int c)`
	93a9cf2	`+{`
	93a9cf2	`+ overflow2(a,b);`
	93a9cf2	`+ overflow2(a*b, c);`
	93a9cf2	`+}`
	93a9cf2	`+`
	93a9cf2	`+void overflow_add(int a, int b)`
	93a9cf2	`+{`
	93a9cf2	`+ if( a > INT_MAX - b)`
	93a9cf2	`+ pm_error("object too large");`
	93a9cf2	`+}`
	93a9cf2	`+`
	93a9cf2	`+void *malloc2(int a, int b)`
	93a9cf2	`+{`
	93a9cf2	`+ overflow2(a, b);`
	93a9cf2	`+ if(a*b == 0)`
	93a9cf2	`+ pm_error("Zero byte allocation");`
	93a9cf2	`+ return malloc(a*b);`
	93a9cf2	`+}`
	93a9cf2	`+`
	93a9cf2	`+void *malloc3(int a, int b, int c)`
	93a9cf2	`+{`
	93a9cf2	`+ overflow3(a, b, c);`
	93a9cf2	`+ if(abc == 0)`
	93a9cf2	`+ pm_error("Zero byte allocation");`
	93a9cf2	`+ return malloc(abc);`
	93a9cf2	`+}`
	93a9cf2	`+`
	93a9cf2	`+void realloc2(void a, int b, int c)`
	93a9cf2	`+{`
	93a9cf2	`+ overflow2(b, c);`
	93a9cf2	`+ if(b*c == 0)`
	93a9cf2	`+ pm_error("Zero byte allocation");`
	93a9cf2	`+ return realloc(a, b*c);`
	93a9cf2	`+}`
cvsdist	499931c
	717bd45	`diff -up netpbm-10.58.01/lib/pm.h.security-code netpbm-10.58.01/lib/pm.h`
	717bd45	`--- netpbm-10.58.01/lib/pm.h.security-code 2012-04-09 15:31:38.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/lib/pm.h 2012-04-09 15:40:03.229619464 +0200`
	717bd45	`@@ -432,4 +432,11 @@ pm_parse_height(const char * const arg);`
	93a9cf2	`#endif`
cvsdist	499931c
cvsdist	499931c
	93a9cf2	`+void *malloc2(int, int);`
	93a9cf2	`+void *malloc3(int, int, int);`
	93a9cf2	`+#define overflow2(a,b) __overflow2(a,b)`
	93a9cf2	`+void __overflow2(int, int);`
	93a9cf2	`+void overflow3(int, int, int);`
	93a9cf2	`+void overflow_add(int, int);`
	93a9cf2	`+`
	93a9cf2	`#endif`
	717bd45	`diff -up netpbm-10.58.01/other/pnmcolormap.c.security-code netpbm-10.58.01/other/pnmcolormap.c`
	717bd45	`--- netpbm-10.58.01/other/pnmcolormap.c.security-code 2012-04-09 15:31:32.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/other/pnmcolormap.c 2012-04-09 15:40:03.230619451 +0200`
	b3d2df7	`@@ -840,6 +840,7 @@ colormapToSquare(struct pam * const pamP`
	93a9cf2	`pamP->width = intsqrt;`
	93a9cf2	`else`
	93a9cf2	`pamP->width = intsqrt + 1;`
	93a9cf2	`+ overflow_add(intsqrt, 1);`
	93a9cf2	`}`
	93a9cf2	`{`
	93a9cf2	`unsigned int const intQuotient = colormap.size / pamP->width;`
	717bd45	`diff -up netpbm-10.58.01/urt/README.security-code netpbm-10.58.01/urt/README`
	717bd45	`--- netpbm-10.58.01/urt/README.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/README 2012-04-09 15:40:03.231619438 +0200`
	93a9cf2	`@@ -18,3 +18,8 @@ in its initializer in the original. But`
	93a9cf2	`defines stdout as a variable, so that wouldn't compile. So I changed`
	93a9cf2	`it to NULL and added a line to rle_hdr_init to set that field to`
	93a9cf2	`'stdout' dynamically. 2000.06.02 BJH.`
	93a9cf2	`+`
	93a9cf2	`+Redid the code to check for maths overflows and other crawly horrors.`
	93a9cf2	`+Removed pipe through and compress support (unsafe)`
	93a9cf2	`+`
	93a9cf2	`+Alan Cox <alan@redhat.com>`
	717bd45	`diff -up netpbm-10.58.01/urt/rle_addhist.c.security-code netpbm-10.58.01/urt/rle_addhist.c`
	717bd45	`--- netpbm-10.58.01/urt/rle_addhist.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/rle_addhist.c 2012-04-09 15:40:03.231619438 +0200`
	a3c9c4b	`@@ -14,6 +14,8 @@`
	a3c9c4b	`* If you modify this software, you should include a notice giving the`
	a3c9c4b	`* name of the person performing the modification, the date of modification,`
	a3c9c4b	`* and the reason for such modification.`
	a3c9c4b	`+ *`
	a3c9c4b	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	a3c9c4b	`*/`
	a3c9c4b	`/*`
	a3c9c4b	`* rle_addhist.c - Add to the HISTORY comment in header`
	717bd45	`@@ -71,13 +73,19 @@ rle_addhist(char * argv[],`
	acf309e	`return;`
	acf309e
	acf309e	`length = 0;`
	acf309e	`- for (i = 0; argv[i]; ++i)`
	acf309e	`+ for (i = 0; argv[i]; ++i) {`
	acf309e	`+ overflow_add(length, strlen(argv[i]));`
	acf309e	`+ overflow_add(length+1, strlen(argv[i]));`
	acf309e	`length += strlen(argv[i]) +1; /* length of each arg plus space. */`
	acf309e	`+ }`
cvsdist	499931c
	acf309e	`time(&temp);`
	acf309e	`timedate = ctime(&temp);`
	acf309e	`length += strlen(timedate); /* length of date and time in ASCII. */`
	acf309e
	acf309e	`+ overflow_add(strlen(padding), 4);`
	acf309e	`+ overflow_add(strlen(histoire), strlen(padding) + 4);`
	acf309e	`+ overflow_add(length, strlen(histoire) + strlen(padding) + 4);`
	acf309e	`length += strlen(padding) + 3 + strlen(histoire) + 1;`
	acf309e	`/* length of padding, "on " and length of history name plus "="*/`
	acf309e	`if (in_hdr) /* if we are interested in the old comments... */`
	717bd45	`@@ -85,9 +93,12 @@ rle_addhist(char * argv[],`
	acf309e	`else`
	acf309e	`old = NULL;`
	acf309e
	acf309e	`- if (old && *old)`
	acf309e	`+ if (old && *old) {`
	acf309e	`+ overflow_add(length, strlen(old));`
	acf309e	`length += strlen(old); /* add length if there. */`
	acf309e	`+ }`
cvsdist	499931c
	acf309e	`+ overflow_add(length, 1);`
	acf309e	`++length; /Cater for the null. /`
cvsdist	499931c
	acf309e	`MALLOCARRAY(newc, length);`
	717bd45	`diff -up netpbm-10.58.01/urt/rle_getrow.c.security-code netpbm-10.58.01/urt/rle_getrow.c`
	717bd45	`--- netpbm-10.58.01/urt/rle_getrow.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/rle_getrow.c 2012-04-09 15:40:03.232619426 +0200`
	93a9cf2	`@@ -17,6 +17,8 @@`
	93a9cf2	`*`
	93a9cf2	`* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire`
	93a9cf2	`* to have all "void" functions so declared.`
	93a9cf2	`+ *`
	93a9cf2	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	93a9cf2	`*/`
	93a9cf2	`/*`
	93a9cf2	`* rle_getrow.c - Read an RLE file in.`
	93a9cf2	`@@ -168,6 +170,7 @@ rle_get_setup(rle_hdr * const the_hdr) {`
	93a9cf2	`register char * cp;`
	93a9cf2
	93a9cf2	`VAXSHORT( comlen, infile ); /* get comment length */`
	93a9cf2	`+ overflow_add(comlen, 1);`
	93a9cf2	`evenlen = (comlen + 1) & ~1; /* make it even */`
	93a9cf2	`if ( evenlen )`
	93a9cf2	`{`
	717bd45	`diff -up netpbm-10.58.01/urt/rle_hdr.c.security-code netpbm-10.58.01/urt/rle_hdr.c`
	717bd45	`--- netpbm-10.58.01/urt/rle_hdr.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/rle_hdr.c 2012-04-09 15:40:03.233619414 +0200`
	1f08c10	`@@ -14,6 +14,8 @@`
	1f08c10	`* If you modify this software, you should include a notice giving the`
	1f08c10	`* name of the person performing the modification, the date of modification,`
	1f08c10	`* and the reason for such modification.`
	1f08c10	`+ *`
	1f08c10	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	1f08c10	`*/`
	1f08c10	`/*`
	1f08c10	`* rle_hdr.c - Functions to manipulate rle_hdr structures.`
	717bd45	`@@ -80,7 +82,10 @@ int img_num;`
	1f08c10	`/* Fill in with copies of the strings. */`
	1f08c10	`if ( the_hdr->cmd != pgmname )`
	1f08c10	`{`
	1f08c10	`- char tmp = (char )malloc( strlen( pgmname ) + 1 );`
	1f08c10	`+ char *tmp ;`
	1f08c10	`+`
	1f08c10	`+ overflow_add(strlen(pgmname), 1);`
	1f08c10	`+ tmp = malloc( strlen( pgmname ) + 1 );`
	1f08c10	`RLE_CHECK_ALLOC( pgmname, tmp, 0 );`
	1f08c10	`strcpy( tmp, pgmname );`
	1f08c10	`the_hdr->cmd = tmp;`
	717bd45	`@@ -88,7 +93,9 @@ int img_num;`
	1f08c10
	1f08c10	`if ( the_hdr->file_name != fname )`
	1f08c10	`{`
	1f08c10	`- char tmp = (char )malloc( strlen( fname ) + 1 );`
	1f08c10	`+ char *tmp;`
	1f08c10	`+ overflow_add(strlen(fname), 1);`
	1f08c10	`+ tmp = malloc( strlen( fname ) + 1 );`
	1f08c10	`RLE_CHECK_ALLOC( pgmname, tmp, 0 );`
	1f08c10	`strcpy( tmp, fname );`
	1f08c10	`the_hdr->file_name = tmp;`
	717bd45	`@@ -153,6 +160,7 @@ rle_hdr from_hdr, to_hdr;`
	1f08c10	`if ( to_hdr->bg_color )`
	1f08c10	`{`
	1f08c10	`int size = to_hdr->ncolors * sizeof(int);`
	1f08c10	`+ overflow2(to_hdr->ncolors, sizeof(int));`
	1f08c10	`to_hdr->bg_color = (int *)malloc( size );`
	1f08c10	`RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->bg_color, "background color" );`
	1f08c10	`memcpy( to_hdr->bg_color, from_hdr->bg_color, size );`
	717bd45	`@@ -161,7 +169,7 @@ rle_hdr from_hdr, to_hdr;`
	1f08c10	`if ( to_hdr->cmap )`
	1f08c10	`{`
	1f08c10	`int size = to_hdr->ncmap * (1 << to_hdr->cmaplen) * sizeof(rle_map);`
	1f08c10	`- to_hdr->cmap = (rle_map *)malloc( size );`
	1f08c10	`+ to_hdr->cmap = (rle_map *)malloc3( to_hdr->ncmap, 1<<to_hdr->cmaplen, sizeof(rle_map));`
	1f08c10	`RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->cmap, "color map" );`
	1f08c10	`memcpy( to_hdr->cmap, from_hdr->cmap, size );`
	1f08c10	`}`
	717bd45	`@@ -174,11 +182,16 @@ rle_hdr from_hdr, to_hdr;`
	1f08c10	`int size = 0;`
	1f08c10	`CONST_DECL char **cp;`
	1f08c10	`for ( cp=to_hdr->comments; *cp; cp++ )`
	1f08c10	`+ {`
	1f08c10	`+ overflow_add(size, 1);`
	1f08c10	`size++; /* Count the comments. */`
	1f08c10	`+ }`
	1f08c10	`/* Check if there are really any comments. */`
	1f08c10	`if ( size )`
	1f08c10	`{`
	1f08c10	`+ overflow_add(size, 1);`
	1f08c10	`size++; /* Copy the NULL pointer, too. */`
	1f08c10	`+ overflow2(size, sizeof(char *));`
	1f08c10	`size = sizeof(char );`
	1f08c10	`to_hdr->comments = (CONST_DECL char **)malloc( size );`
	1f08c10	`RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->comments, "comments" );`
	717bd45	`diff -up netpbm-10.58.01/urt/rle.h.security-code netpbm-10.58.01/urt/rle.h`
	717bd45	`--- netpbm-10.58.01/urt/rle.h.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/rle.h 2012-04-09 15:40:03.233619414 +0200`
	93a9cf2	`@@ -14,6 +14,9 @@`
	93a9cf2	`* If you modify this software, you should include a notice giving the`
	93a9cf2	`* name of the person performing the modification, the date of modification,`
	93a9cf2	`* and the reason for such modification.`
	93a9cf2	`+ *`
	93a9cf2	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	93a9cf2	`+ * Header declarations needed`
	93a9cf2	`*/`
	93a9cf2	`/*`
	93a9cf2	`* rle.h - Global declarations for Utah Raster Toolkit RLE programs.`
	717bd45	`@@ -160,6 +163,17 @@ rle_hdr /* End of typedef. *`
	93a9cf2	`*/`
	93a9cf2	`extern rle_hdr rle_dflt_hdr;`
	93a9cf2
	93a9cf2	`+/*`
	93a9cf2	`+ * Provided by pm library`
	93a9cf2	`+ */`
	93a9cf2	`+`
	93a9cf2	`+extern void overflow_add(int, int);`
	93a9cf2	`+#define overflow2(a,b) __overflow2(a,b)`
	93a9cf2	`+extern void __overflow2(int, int);`
	93a9cf2	`+extern void overflow3(int, int, int);`
	93a9cf2	`+extern void *malloc2(int, int);`
	93a9cf2	`+extern void *malloc3(int, int, int);`
	93a9cf2	`+extern void realloc2(void , int, int);`
	93a9cf2
	93a9cf2	`/* Declare RLE library routines. */`
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/urt/rle_open_f.c.security-code netpbm-10.58.01/urt/rle_open_f.c`
	717bd45	`--- netpbm-10.58.01/urt/rle_open_f.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/rle_open_f.c 2012-04-09 15:40:03.234619402 +0200`
	717bd45	`@@ -163,65 +163,7 @@ dealWithSubprocess(const char * const f`
	d60ce20	`FILE ** const fpP,`
	b3d2df7	`bool * const noSubprocessP,`
	b3d2df7	`const char ** const errorP) {`
	d60ce20	`-`
	b3d2df7	`-#ifdef NO_OPEN_PIPES`
	b3d2df7	`*noSubprocessP = TRUE;`
	b3d2df7	`-#else`
	b3d2df7	`- const char *cp;`
	b3d2df7	`-`
	b3d2df7	`- reapChildren(catchingChildrenP, pids);`
	b3d2df7	`-`
	b3d2df7	`- /* Real file, not stdin or stdout. If name ends in ".Z",`
	b3d2df7	`- * pipe from/to un/compress (depending on r/w mode).`
	b3d2df7	`- *`
	b3d2df7	`- * If it starts with "\|", popen that command.`
	b3d2df7	`- */`
	b3d2df7	`-`
	b3d2df7	`- cp = file_name + strlen(file_name) - 2;`
	b3d2df7	`- /* Pipe case. */`
	b3d2df7	`- if (file_name[0] == '\|') {`
	b3d2df7	`- pid_t thepid; /* PID from my_popen */`
	b3d2df7	`-`
	b3d2df7	`- *noSubprocessP = FALSE;`
	b3d2df7	`-`
	b3d2df7	`- *fpP = my_popen(file_name + 1, mode, &thepid);`
	b3d2df7	`- if (*fpP == NULL)`
	b3d2df7	`- *errorP = "%s: can't invoke <<%s>> for %s: ";`
	b3d2df7	`- else {`
	b3d2df7	`- /* One more child to catch, eventually. */`
	b3d2df7	`- if (*catchingChildrenP < MAX_CHILDREN)`
	b3d2df7	`- pids[(*catchingChildrenP)++] = thepid;`
	b3d2df7	`- }`
	b3d2df7	`- } else if (cp > file_name && cp == '.' && (cp + 1) == 'Z' ) {`
	b3d2df7	`- /* Compress case. */`
	b3d2df7	`- pid_t thepid; /* PID from my_popen. */`
	b3d2df7	`- const char * command;`
	b3d2df7	`-`
	b3d2df7	`- *noSubprocessP = FALSE;`
	b3d2df7	`-`
	b3d2df7	`- if (*mode == 'w')`
	d60ce20	`- pm_asprintf(&command, "compress > %s", file_name);`
	b3d2df7	`- else if (*mode == 'a')`
	d60ce20	`- pm_asprintf(&command, "compress >> %s", file_name);`
	b3d2df7	`- else`
	d60ce20	`- pm_asprintf(&command, "compress -d < %s", file_name);`
	b3d2df7	`-`
	b3d2df7	`- *fpP = my_popen(command, mode, &thepid);`
	b3d2df7	`-`
	b3d2df7	`- if (*fpP == NULL)`
	b3d2df7	`- *errorP = "%s: can't invoke 'compress' program, "`
	b3d2df7	`- "trying to open %s for %s";`
	b3d2df7	`- else {`
	b3d2df7	`- /* One more child to catch, eventually. */`
	b3d2df7	`- if (*catchingChildrenP < MAX_CHILDREN)`
	b3d2df7	`- pids[(*catchingChildrenP)++] = thepid;`
	b3d2df7	`- }`
	d60ce20	`- pm_strfree(command);`
	b3d2df7	`- } else {`
	b3d2df7	`- *noSubprocessP = TRUE;`
	b3d2df7	`- *errorP = NULL;`
	b3d2df7	`- }`
	b3d2df7	`-#endif`
	b3d2df7	`}`
	93a9cf2
	93a9cf2
	717bd45	`diff -up netpbm-10.58.01/urt/rle_putcom.c.security-code netpbm-10.58.01/urt/rle_putcom.c`
	717bd45	`--- netpbm-10.58.01/urt/rle_putcom.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/rle_putcom.c 2012-04-09 15:40:03.234619402 +0200`
	93a9cf2	`@@ -14,6 +14,8 @@`
	93a9cf2	`* If you modify this software, you should include a notice giving the`
	93a9cf2	`* name of the person performing the modification, the date of modification,`
	93a9cf2	`* and the reason for such modification.`
	93a9cf2	`+ *`
	93a9cf2	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	93a9cf2	`*/`
	93a9cf2	`/*`
	93a9cf2	`* rle_putcom.c - Add a picture comment to the header struct.`
	93a9cf2	`@@ -98,12 +100,14 @@ rle_putcom(const char * const value,`
	93a9cf2	`const char * v;`
	93a9cf2	`const char ** old_comments;`
	93a9cf2	`int i;`
	93a9cf2	`- for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp)`
	93a9cf2	`+ for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp) {`
	93a9cf2	`+ overflow_add(i, 1);`
	93a9cf2	`if (match(value, *cp) != NULL) {`
	93a9cf2	`v = *cp;`
	93a9cf2	`*cp = value;`
	93a9cf2	`return v;`
	93a9cf2	`}`
	93a9cf2	`+ }`
	93a9cf2	`/* Not found */`
	93a9cf2	`/* Can't realloc because somebody else might be pointing to this`
	93a9cf2	`* comments block. Of course, if this were true, then the`
	717bd45	`diff -up netpbm-10.58.01/urt/Runput.c.security-code netpbm-10.58.01/urt/Runput.c`
	717bd45	`--- netpbm-10.58.01/urt/Runput.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/Runput.c 2012-04-09 15:40:03.235619390 +0200`
	1f08c10	`@@ -17,6 +17,8 @@`
	1f08c10	`*`
	1f08c10	`* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire`
	1f08c10	`* to have all "void" functions so declared.`
	1f08c10	`+ *`
	1f08c10	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	1f08c10	`*/`
	1f08c10	`/*`
	1f08c10	`* Runput.c - General purpose Run Length Encoding.`
	93a9cf2	`@@ -202,9 +204,11 @@ RunSetup(rle_hdr * the_hdr)`
	1f08c10	`if ( the_hdr->background != 0 )`
	1f08c10	`{`
	1f08c10	`register int i;`
	1f08c10	`- register rle_pixel *background =`
	1f08c10	`- (rle_pixel *)malloc( (unsigned)(the_hdr->ncolors + 1) );`
	1f08c10	`+ register rle_pixel *background;`
	1f08c10	`register int *bg_color;`
	1f08c10	`+`
	1f08c10	`+ overflow_add(the_hdr->ncolors,1);`
	1f08c10	`+ background = (rle_pixel *)malloc( (unsigned)(the_hdr->ncolors + 1) );`
	1f08c10	`/*`
	1f08c10	`* If even number of bg color bytes, put out one more to get to`
	1f08c10	`* 16 bit boundary.`
	93a9cf2	`@@ -224,7 +228,7 @@ RunSetup(rle_hdr * the_hdr)`
	1f08c10	`/* Big-endian machines are harder */`
	1f08c10	`register int i, nmap = (1 << the_hdr->cmaplen) *`
	1f08c10	`the_hdr->ncmap;`
	1f08c10	`- register char h_cmap = (char )malloc( nmap * 2 );`
	1f08c10	`+ register char h_cmap = (char )malloc2( nmap, 2 );`
	1f08c10	`if ( h_cmap == NULL )`
	1f08c10	`{`
	1f08c10	`fprintf( stderr,`
	717bd45	`diff -up netpbm-10.58.01/urt/scanargs.c.security-code netpbm-10.58.01/urt/scanargs.c`
	717bd45	`--- netpbm-10.58.01/urt/scanargs.c.security-code 2012-04-09 15:31:45.000000000 +0200`
	717bd45	`+++ netpbm-10.58.01/urt/scanargs.c 2012-04-09 15:40:03.235619390 +0200`
	93a9cf2	`@@ -38,6 +38,8 @@`
	a3c9c4b	`*`
	a3c9c4b	`* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire`
	a3c9c4b	`* to have all "void" functions so declared.`
	a3c9c4b	`+ *`
	a3c9c4b	`+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com>`
	a3c9c4b	`*/`
cvsdist	499931c
	333bd72	`#include <stdio.h>`
	717bd45	`@@ -63,8 +65,8 @@ typedef int *ptr;`
	a3c9c4b	`/*`
	93a9cf2	`* Storage allocation macros`
	93a9cf2	`*/`
	93a9cf2	`-#define NEW( type, cnt ) (type ) malloc( (cnt) sizeof( type ) )`
	93a9cf2	`-#define RENEW( type, ptr, cnt ) (type ) realloc( ptr, (cnt) sizeof( type ) )`
	93a9cf2	`+#define NEW( type, cnt ) (type *) malloc2( (cnt) , sizeof( type ) )`
	93a9cf2	`+#define RENEW( type, ptr, cnt ) (type *) realloc2( ptr, (cnt), sizeof( type ) )`
	93a9cf2
	717bd45	`static CONST_DECL char * prformat( CONST_DECL char *, int );`
	717bd45	`static int isnum( CONST_DECL char *, int, int );`

rpms / netpbm

Source Code

Blame netpbm-security-code.patch