head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.36 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.34 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.32 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.30 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.28 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.26 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.24 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.22 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.20 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.18 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.16 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.14 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.12 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.10 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.8 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.6 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.4 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2006.02.01.07.10.03; author wiz; state dead; branches; next 1.1; 1.1 date 2005.11.05.13.32.36; author adrianp; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.11.05.13.32.36; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.11.05.14.03.41; author salo; state Exp; branches; next ; desc @@ 1.2 log @Update to 4.1.4, provided by Matthew Luckie in PR 32688: Version 4.1.4 ============= This version fixes some bugs with deallocating ColorMaps and fix building on several platforms. * Fix several areas in decoding where we removed a ColorMap from our GifFile but didn't set the pointer to NULL. This could lead to double free's of the ColorMap. * Fix a bug in dev2gif.c where we redefined some gl types incorrectly. * Fix building on Windows. Note -- there has been one API changing event for Windows (renaming DrawText to DrawGifText.) This should have conflicted with Windows API and therefore caused the builds to fail previously. If you had it working with DrawText before, apologies, you'll need to change to DrawGifText in your code. This only affects Windows. * Add support for building on The Game Boy Advance. Note: Due to the GBA's limited memory, the API for the GBA uses short's in many places where the other platforms use ints. This shouldn't affect anyone unless you've been able to get an older version of the code to run on GBA and want to start using this version instead. A recompile of your dependent code will be necessary in this case. @ text @$NetBSD: patch-ad,v 1.1 2005/11/05 13:32:36 adrianp Exp $ --- lib/dgif_lib.c.orig 2004-05-29 19:59:59.000000000 +0100 +++ lib/dgif_lib.c @@@@ -263,6 +263,7 @@@@ DGifGetScreenDesc(GifFileType * GifFile) for (i = 0; i < GifFile->SColorMap->ColorCount; i++) { if (READ(GifFile, Buf, 3) != 3) { FreeMapObject(GifFile->SColorMap); + GifFile->SColorMap = NULL; _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; } @@@@ -363,6 +364,7 @@@@ DGifGetImageDesc(GifFileType * GifFile) for (i = 0; i < GifFile->Image.ColorMap->ColorCount; i++) { if (READ(GifFile, Buf, 3) != 3) { FreeMapObject(GifFile->Image.ColorMap); + GifFile->Image.ColorMap = NULL; _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; } @@@@ -923,6 +925,12 @@@@ DGifDecompressInput(GifFileType * GifFil 0x0fff }; + /* The image can't contain more than LZ_BITS per code. */ + if (Private->RunningBits > LZ_BITS) { + _GifError = D_GIF_ERR_IMAGE_DEFECT; + return GIF_ERROR; + } + while (Private->CrntShiftState < Private->RunningBits) { /* Needs to get more bytes from input stream for next code: */ if (DGifBufferedInput(GifFile, Private->Buf, &NextByte) == GIF_ERROR) { @@@@ -938,8 +946,12 @@@@ DGifDecompressInput(GifFileType * GifFil Private->CrntShiftState -= Private->RunningBits; /* If code cannot fit into RunningBits bits, must raise its size. Note - * however that codes above 4095 are used for special signaling. */ - if (++Private->RunningCode > Private->MaxCode1 && + * however that codes above 4095 are used for special signaling. + * If we're using LZ_BITS bits already and we're at the max code, just + * keep using the table as it is, don't increment Private->RunningCode. + */ + if (Private->RunningCode < LZ_MAX_CODE + 2 && + ++Private->RunningCode > Private->MaxCode1 && Private->RunningBits < LZ_BITS) { Private->MaxCode1 <<= 1; Private->RunningBits++; @@@@ -964,6 +976,14 @@@@ DGifBufferedInput(GifFileType * GifFile, _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; } + /* There shouldn't be any empty data blocks here as the LZW spec + * says the LZW termination code should come first. Therefore we + * shouldn't be inside this routine at that point. + */ + if (Buf[0] == 0) { + _GifError = D_GIF_ERR_IMAGE_DEFECT; + return GIF_ERROR; + } if (READ(GifFile, &Buf[1], Buf[0]) != Buf[0]) { _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; @ 1.1 log @Add patches for http://secunia.com/advisories/17436/ via. RedHat @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ad was added on branch pkgsrc-2005Q3 on 2005-11-05 13:32:36 +0000 @ text @d1 63 @ 1.1.2.2 log @Pullup ticket 893 - requested by Adrian Portelli security fix for libungif Revisions pulled up: - pkgsrc/graphics/libungif/Makefile 1.35 - pkgsrc/graphics/libungif/distinfo 1.10 - pkgsrc/graphics/libungif/patches/patch-ac 1.6 - pkgsrc/graphics/libungif/patches/patch-ad 1.1 - pkgsrc/graphics/libungif/patches/patch-ae 1.1 Module Name: pkgsrc Committed By: adrianp Date: Sat Nov 5 13:32:36 UTC 2005 Modified Files: pkgsrc/graphics/libungif: Makefile distinfo Added Files: pkgsrc/graphics/libungif/patches: patch-ac patch-ad patch-ae Log Message: Add patches for http://secunia.com/advisories/17436/ via. RedHat @ text @a0 63 $NetBSD: patch-ad,v 1.1.2.1 2005/11/05 14:03:41 salo Exp $ --- lib/dgif_lib.c.orig 2004-05-29 19:59:59.000000000 +0100 +++ lib/dgif_lib.c @@@@ -263,6 +263,7 @@@@ DGifGetScreenDesc(GifFileType * GifFile) for (i = 0; i < GifFile->SColorMap->ColorCount; i++) { if (READ(GifFile, Buf, 3) != 3) { FreeMapObject(GifFile->SColorMap); + GifFile->SColorMap = NULL; _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; } @@@@ -363,6 +364,7 @@@@ DGifGetImageDesc(GifFileType * GifFile) for (i = 0; i < GifFile->Image.ColorMap->ColorCount; i++) { if (READ(GifFile, Buf, 3) != 3) { FreeMapObject(GifFile->Image.ColorMap); + GifFile->Image.ColorMap = NULL; _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; } @@@@ -923,6 +925,12 @@@@ DGifDecompressInput(GifFileType * GifFil 0x0fff }; + /* The image can't contain more than LZ_BITS per code. */ + if (Private->RunningBits > LZ_BITS) { + _GifError = D_GIF_ERR_IMAGE_DEFECT; + return GIF_ERROR; + } + while (Private->CrntShiftState < Private->RunningBits) { /* Needs to get more bytes from input stream for next code: */ if (DGifBufferedInput(GifFile, Private->Buf, &NextByte) == GIF_ERROR) { @@@@ -938,8 +946,12 @@@@ DGifDecompressInput(GifFileType * GifFil Private->CrntShiftState -= Private->RunningBits; /* If code cannot fit into RunningBits bits, must raise its size. Note - * however that codes above 4095 are used for special signaling. */ - if (++Private->RunningCode > Private->MaxCode1 && + * however that codes above 4095 are used for special signaling. + * If we're using LZ_BITS bits already and we're at the max code, just + * keep using the table as it is, don't increment Private->RunningCode. + */ + if (Private->RunningCode < LZ_MAX_CODE + 2 && + ++Private->RunningCode > Private->MaxCode1 && Private->RunningBits < LZ_BITS) { Private->MaxCode1 <<= 1; Private->RunningBits++; @@@@ -964,6 +976,14 @@@@ DGifBufferedInput(GifFileType * GifFile, _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; } + /* There shouldn't be any empty data blocks here as the LZW spec + * says the LZW termination code should come first. Therefore we + * shouldn't be inside this routine at that point. + */ + if (Buf[0] == 0) { + _GifError = D_GIF_ERR_IMAGE_DEFECT; + return GIF_ERROR; + } if (READ(GifFile, &Buf[1], Buf[0]) != Buf[0]) { _GifError = D_GIF_ERR_READ_FAILED; return GIF_ERROR; @