#! /bin/sh -e
## 16_CAN-2005-0639.dpatch
##
## DP: Description: Fix integer overflows in new.c.
## DP: Author: Debian security team
## DP: Upstream status: Not submitted
## DP: Date: 2005-03-18

if [ $# -ne 1 ]; then
    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
    exit 1
fi
case "$1" in
       -patch) patch -f --no-backup-if-mismatch -p1 < $0;;
       -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;;
	*)
		echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
		exit 1;;
esac

exit 0

@DPATCH@
diff -urNad --exclude=CVS --exclude=.svn ./new.c /tmp/dpep-work.Yefw4q/xloadimage-4.1/new.c
--- ./new.c	1993-10-28 17:24:14.000000000 +0000
+++ /tmp/dpep-work.Yefw4q/xloadimage-4.1/new.c	2005-10-08 04:12:37.000000000 +0100
@@ -63,6 +63,18 @@
 }
 
 
+static unsigned int ovmul(unsigned int a, unsigned int b)
+{
+  unsigned int r;
+
+  r = a * b;
+  if (r / a != b) {
+    memoryExhausted();
+  }
+
+  return r;
+}
+
 void goodImage(image, func)
      Image *image;
      char  *func;
@@ -128,7 +140,7 @@
   image->height= height;
   image->depth= 1;
   linelen= (width / 8) + (width % 8 ? 1 : 0); /* thanx johnh@amcc.com */
-  image->data= (unsigned char *)lcalloc(linelen * height);
+  image->data= (unsigned char *)lcalloc(ovmul(linelen, height));
   return(image);
 }
 
@@ -149,7 +161,7 @@
   image->height= height;
   image->depth= depth;
   image->pixlen= pixlen;
-  image->data= (unsigned char *)lmalloc(width * height * pixlen);
+  image->data= (unsigned char *)lmalloc(ovmul(ovmul(width, height), pixlen));
   return(image);
 }
 
@@ -165,6 +177,7 @@
   image->height= height;
   image->depth= 24;
   image->pixlen= 3;
+  image->data= (unsigned char *)lmalloc(ovmul(ovmul(width, height), 3));
   image->data= (unsigned char *)lmalloc(width * height * 3);
   return(image);
 }