head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.2.0.40 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.38 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.36 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.34 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.32 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.30 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.28 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.26 pkgsrc-2008Q1:1.2.0.24 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.22 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.20 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.18 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.16 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.14 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.12 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.10 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.8 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.6 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.4 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.2 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.1.0.6 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.4 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.2 pkgsrc-2004Q3-base:1.1; locks; strict; comment @# @; 1.3 date 2009.12.16.20.07.32; author joerg; state dead; branches; next 1.2; 1.2 date 2005.06.14.18.10.37; author jlam; state Exp; branches; next 1.1; 1.1 date 2004.09.16.15.09.01; author minskim; state Exp; branches; next ; desc @@ 1.3 log @Retire old xpm package. Replaced by x11/libXpm. @ text @$NetBSD: patch-ae,v 1.2 2005/06/14 18:10:37 jlam Exp $ --- lib/Attrib.c.orig 1998-03-19 14:50:59.000000000 -0500 +++ lib/Attrib.c @@@@ -32,13 +32,15 @@@@ * Developed by Arnaud Le Hors * \*****************************************************************************/ +/* October 2004, source code review by Thomas Biege */ + #include "XpmI.h" /* 3.2 backward compatibility code */ -LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, +LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, XpmColor ***oldct)); -LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); +LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors)); /* * Create a colortable compatible with the old style colortable @@@@ -46,11 +48,14 @@@@ LFUNC(FreeOldColorTable, void, (XpmColor static int CreateOldColorTable(ct, ncolors, oldct) XpmColor *ct; - int ncolors; + unsigned int ncolors; XpmColor ***oldct; { XpmColor **colorTable, **color; - int a; + unsigned int a; + + if (ncolors >= UINT_MAX / sizeof(XpmColor *)) + return XpmNoMemory; colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); if (!colorTable) { @@@@ -66,9 +71,9 @@@@ CreateOldColorTable(ct, ncolors, oldct) static void FreeOldColorTable(colorTable, ncolors) XpmColor **colorTable; - int ncolors; + unsigned int ncolors; { - int a, b; + unsigned int a, b; XpmColor **color; char **sptr; @@@@ -119,7 +124,7 @@@@ XpmFreeExtensions(extensions, nextension XpmExtension *ext; char **sptr; - if (extensions) { + if (extensions && nextensions > 0) { for (i = 0, ext = extensions; i < nextensions; i++, ext++) { if (ext->name) XpmFree(ext->name); @ 1.2 log @Apply fixes derived from the HEAD branch of X.Org (6.8.99) to address problems noted in CAN-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitary code via a certain XPM image file. Bump PKGREVISION to 4. Since this is a security-related fix, also bump the BUILDLINK_RECOMMENDED version for this package. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Incorporate security fixes of X.Org X11R6.8.1. Bump PKGREVISION. @ text @d3 1 a3 1 --- lib/Attrib.c.orig Thu Mar 19 13:50:59 1998 d5 6 a10 1 @@@@ -35,7 +35,7 @@@@ d18 6 a23 2 LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); @@@@ -46,11 +46,14 @@@@ LFUNC(FreeOldColorTable, void, (XpmColor d32 2 a33 1 int a; d35 1 a35 1 + if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) d40 21 @