head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.32 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.30 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.28 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.26 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.24 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.22 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.20 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.18 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.16 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.14 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.12 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.10 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.8 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.6 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.4 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.2 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.3.0.16 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.14 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.12 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.10 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.8 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.6 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.4 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.2 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.2.0.2 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.1.1.1.0.2 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2006.09.27.15.18.17; author joerg; state dead; branches; next 1.3; 1.3 date 2004.09.16.19.28.56; author minskim; state Exp; branches; next 1.2; 1.2 date 2004.03.28.22.06.15; author xtraeme; state dead; branches; next 1.1; 1.1 date 2004.01.24.08.47.31; author xtraeme; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2004.01.24.08.47.31; author xtraeme; state Exp; branches; next ; desc @@ 1.4 log @Remove XFree86. @ text @$NetBSD: patch-an,v 1.3 2004/09/16 19:28:56 minskim Exp $ --- extras/Xpm/lib/scan.c.orig 2002-01-07 13:40:49.000000000 -0600 +++ extras/Xpm/lib/scan.c @@@@ -107,7 +107,8 @@@@ LFUNC(MSWGetImagePixels, int, (Display * LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, XpmAttributes *attributes)); -LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, +LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, + unsigned int ncolors, Pixel *pixels, unsigned int mask, unsigned int cpp, XpmAttributes *attributes)); @@@@ -232,11 +233,17 @@@@ XpmCreateXpmImageFromImage(display, imag else cpp = 0; + if ((height > 0 && width >= SIZE_MAX / height) || + width * height >= SIZE_MAX / sizeof(unsigned int)) + RETURN(XpmNoMemory); pmap.pixelindex = (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); if (!pmap.pixelindex) RETURN(XpmNoMemory); + if (pmap.size >= SIZE_MAX / sizeof(Pixel)) + RETURN(XpmNoMemory); + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); if (!pmap.pixels) RETURN(XpmNoMemory); @@@@ -302,6 +309,8 @@@@ XpmCreateXpmImageFromImage(display, imag * color */ + if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) + RETURN(XpmNoMemory); colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); if (!colorTable) RETURN(XpmNoMemory); @@@@ -360,6 +369,8 @@@@ ScanTransparentColor(color, cpp, attribu /* first get a character string */ a = 0; + if (cpp >= SIZE_MAX - 1) + return (XpmNoMemory); if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) return (XpmNoMemory); *s++ = printable[c = a % MAXPRINTABLE]; @@@@ -407,7 +418,7 @@@@ static int ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) Display *display; XpmColor *colors; - int ncolors; + unsigned int ncolors; Pixel *pixels; unsigned int mask; unsigned int cpp; @@@@ -451,6 +462,8 @@@@ ScanOtherColors(display, colors, ncolors } /* first get character strings and rgb values */ + if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) + return (XpmNoMemory); xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); if (!xcolors) return (XpmNoMemory); @ 1.3 log @Incorporate libXpm security fixes of X.Org X11R6.8.1. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Upgrade XFree86 packages to 4.4.0. To see a full list of changes, please review: http://xfree86.org/4.4.0/RELNOTES.html These packages has been tested under NetBSD 1.6/-current, FreeBSD 4.x/5.x, and GNU/Linux (i386) by Jeremy C. Reed, Michal Pasternak and myself. @ text @d1 60 a60 52 $NetBSD: patch-an,v 1.1 2004/01/24 08:47:31 xtraeme Exp $ Index: lib/FS/FSFontInfo.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSFontInfo.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSFontInfo.c 14 Dec 2001 19:53:32 -0000 1.2 +++ lib/FS/FSFontInfo.c 29 Aug 2003 18:01:10 -0000 1.3 @@@@ -65,7 +65,7 @@@@ long nbytes; int i, j; - int size = 0; + size_t size = 0; FSXFontInfoHeader **fhdr = (FSXFontInfoHeader **) 0; FSPropInfo **pi = (FSPropInfo **) 0; FSPropOffset **po = (FSPropOffset **) 0; @@@@ -123,8 +123,14 @@@@ if (reply.nameLength == 0) /* got last reply in version 1 */ break; if ((i + reply.nReplies) >= size) { + + if (reply.nReplies > SIZE_T_MAX - i - 1) + goto badmem; size = i + reply.nReplies + 1; + if (size > SIZE_T_MAX / sizeof(char *)) + goto badmem; + if (fhdr) { FSXFontInfoHeader **tmp_fhdr = (FSXFontInfoHeader **) FSrealloc((char *) fhdr, @@@@ -237,6 +243,9 @@@@ pi[i]->num_offsets = local_pi.num_offsets; pi[i]->data_len = local_pi.data_len; + if (pi[i]->num_offsets > SIZE_T_MAX / sizeof(FSPropOffset)) + goto badmem; + po[i] = (FSPropOffset *) FSmalloc(pi[i]->num_offsets * sizeof(FSPropOffset)); if (!po[i]) { @@@@ -281,6 +290,10 @@@@ nbytes = pi[i]->data_len + reply.nameLength; _FSEatData(svr, (unsigned long) (((nbytes+3)&~3) - nbytes)); + } + /* avoid integer overflow */ + if (i > INT_MAX - 1) { + goto badmem; } a61 116 *info = fhdr; Index: lib/FS/FSFtNames.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSFtNames.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSFtNames.c 14 Dec 2001 19:53:32 -0000 1.2 +++ lib/FS/FSFtNames.c 29 Aug 2003 18:01:10 -0000 1.3 @@@@ -78,7 +78,8 @@@@ (SIZEOF(fsListFontsReply) - SIZEOF(fsGenericReply)) >> 2, fsFalse)) return (char **) 0; - if (rep.nFonts) { + if (rep.nFonts && rep.nFonts <= SIZE_T_MAX / sizeof(char *) + && rep.length <= ((SIZE_T_MAX + SIZEOF(fsListFontsReply) - 1) >> 2)) { flist = (char **) FSmalloc((unsigned) rep.nFonts * sizeof(char *)); rlen = (rep.length << 2) - SIZEOF(fsListFontsReply); c = (char *) FSmalloc((unsigned) (rlen + 1)); Index: lib/FS/FSGetCats.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSGetCats.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSGetCats.c 14 Dec 2001 19:53:32 -0000 1.2 +++ lib/FS/FSGetCats.c 29 Aug 2003 18:01:10 -0000 1.3 @@@@ -72,9 +72,10 @@@@ SyncHandle(); return (char **) NULL; } - if (rep.num_catalogues) { + if (rep.num_catalogues && rep.num_catalogues <= SIZE_T_MAX/sizeof(char *) + && rep.length <= ((SIZE_T_MAX + SIZEOF(fsGetCataloguesReply) - 1)>>2)) { list = (char **) - FSmalloc((unsigned) (rep.num_catalogues * sizeof(char *))); + FSmalloc((unsigned) (rep.num_catalogues * sizeof(char *))); rlen = (rep.length << 2) - SIZEOF(fsGetCataloguesReply); c = (char *) FSmalloc((unsigned) rlen + 1); if ((!list) || (!c)) { Index: lib/FS/FSListCats.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSListCats.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSListCats.c 14 Dec 2001 19:53:32 -0000 1.2 +++ lib/FS/FSListCats.c 29 Aug 2003 18:01:10 -0000 1.3 @@@@ -78,7 +78,8 @@@@ (SIZEOF(fsListCataloguesReply) - SIZEOF(fsGenericReply)) >> 2, fsFalse)) return (char **) 0; - if (rep.num_catalogues) { + if (rep.num_catalogues && rep.num_catalogues <= SIZE_T_MAX/sizeof(char *) + && rep.length <= ((SIZE_T_MAX+SIZEOF(fsListCataloguesReply)+1)>>2)) { clist = (char **) FSmalloc((unsigned) rep.num_catalogues * sizeof(char *)); rlen = (rep.length << 2) - SIZEOF(fsListCataloguesReply); Index: lib/FS/FSListExt.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSListExt.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSListExt.c 14 Dec 2001 19:53:32 -0000 1.2 +++ lib/FS/FSListExt.c 29 Aug 2003 18:01:10 -0000 1.3 @@@@ -72,7 +72,8 @@@@ SyncHandle(); return (char **) NULL; } - if (rep.nExtensions) { + if (rep.nExtensions && rep.nExtensions <= SIZE_T_MAX / sizeof(char *) + && rep.length <= ((SIZE_T_MAX+SIZEOF(fsListExtensionsReply)+1)>>2)) { list = (char **) FSmalloc((unsigned)(rep.nExtensions * sizeof(char *))); rlen = (rep.length << 2) - SIZEOF(fsListExtensionsReply); c = (char *) FSmalloc((unsigned) rlen + 1); Index: lib/FS/FSOpenServ.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSOpenServ.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -u -r1.6 -r1.7 --- lib/FS/FSOpenServ.c 14 Dec 2001 19:53:33 -0000 1.6 +++ lib/FS/FSOpenServ.c 29 Aug 2003 18:01:11 -0000 1.7 @@@@ -118,7 +118,7 @@@@ AlternateServer *alts; int altlen; char *vendor_string; - long setuplength; + unsigned long setuplength; if (server == NULL || *server == '\0') { if ((server = getenv("FONTSERVER")) == NULL) { @@@@ -153,7 +153,8 @@@@ _FSRead(svr, (char *) &prefix, (long) SIZEOF(fsConnSetup)); setuplength = prefix.alternate_len << 2; - if ((alt_data = (char *) + if (setuplength > (SIZE_T_MAX>>2) + || (alt_data = (char *) (setup = FSmalloc((unsigned) setuplength))) == NULL) { errno = ENOMEM; FSfree((char *) svr); @@@@ -162,6 +163,10 @@@@ _FSRead(svr, (char *) alt_data, setuplength); ad = alt_data; + if (prefix.num_alternates > SIZE_T_MAX / sizeof(AlternateServer)) { + errno = ENOMEM; + return (FSServer *) 0; + } alts = (AlternateServer *) FSmalloc(sizeof(AlternateServer) * prefix.num_alternates); if (!alts) { @@@@ -193,7 +198,8 @@@@ svr->num_alternates = prefix.num_alternates; d63 6 a68 182 setuplength = prefix.auth_len << 2; - if ((auth_data = (char *) + if (prefix.auth_len > (SIZE_T_MAX>>2) + || (auth_data = (char *) (setup = FSmalloc((unsigned) setuplength))) == NULL) { errno = ENOMEM; FSfree((char *) svr); Index: lib/FS/FSQGlyphs.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSQGlyphs.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSQGlyphs.c 14 Dec 2001 19:53:33 -0000 1.2 +++ lib/FS/FSQGlyphs.c 29 Aug 2003 18:01:11 -0000 1.3 @@@@ -85,12 +85,20 @@@@ (SIZEOF(fsQueryXBitmaps8Reply) - SIZEOF(fsGenericReply)) >> 2, fsFalse)) return FSBadAlloc; + if (reply.num_chars > SIZE_T_MAX / sizeof(FSOffset)) + return FSBadAlloc; + offs = (FSOffset *) FSmalloc(sizeof(FSOffset) * reply.num_chars); *offsets = offs; if (!offs) return FSBadAlloc; left = (reply.length << 2) - SIZEOF(fsQueryXBitmaps8Reply) - (SIZEOF(fsOffset32) * reply.num_chars); + /* XXX This thest is incomplete */ + if (reply.length > (SIZE_T_MAX >> 2)) { + FSfree((char *) offs); + return FSBadAlloc; + } gd = (unsigned char *) FSmalloc(left); *glyphdata = gd; if (!gd) { @@@@ -141,6 +149,8 @@@@ int i; fsChar2b_version1 *swapped_str; + if (str_len > SIZE_T_MAX/SIZEOF(fsChar2b_version1)) + return FSBadAlloc; swapped_str = (fsChar2b_version1 *) FSmalloc(SIZEOF(fsChar2b_version1) * str_len); if (!swapped_str) @@@@ -160,12 +170,19 @@@@ fsFalse)) return FSBadAlloc; + if(reply.num_chars > SIZE_T_MAX/sizeof(FSOffset)) + return FSBadAlloc; offs = (FSOffset *) FSmalloc(sizeof(FSOffset) * reply.num_chars); *offsets = offs; if (!offs) return FSBadAlloc; left = (reply.length << 2) - SIZEOF(fsQueryXBitmaps16Reply) - (SIZEOF(fsOffset32) * reply.num_chars); + /* XXX - this test is incomplete */ + if (reply.length > (SIZE_T_MAX>>2)) { + FSfree((char *) offs); + return FSBadAlloc; + } gd = (unsigned char *) FSmalloc(left); *glyphdata = gd; if (!gd) { Index: lib/FS/FSQXExt.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSQXExt.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -u -r1.5 -r1.6 --- lib/FS/FSQXExt.c 14 Dec 2001 19:53:33 -0000 1.5 +++ lib/FS/FSQXExt.c 29 Aug 2003 18:01:12 -0000 1.6 @@@@ -92,6 +92,9 @@@@ (SIZEOF(fsQueryXExtents8Reply) - SIZEOF(fsGenericReply)) >> 2, fsFalse)) return FSBadAlloc; + + if (reply.num_extents > SIZE_T_MAX / sizeof(FSXCharInfo)) + return FSBadAlloc; ext = (FSXCharInfo *) FSmalloc(sizeof(FSXCharInfo) * reply.num_extents); *extents = ext; @@@@ -147,6 +150,9 @@@@ if (!_FSReply(svr, (fsReply *) & reply, (SIZEOF(fsQueryXExtents16Reply) - SIZEOF(fsGenericReply)) >> 2, fsFalse)) + return FSBadAlloc; + + if (reply.num_extents > SIZE_T_MAX/sizeof(FSXCharInfo)) return FSBadAlloc; ext = (FSXCharInfo *) FSmalloc(sizeof(FSXCharInfo) * reply.num_extents); Index: lib/FS/FSQXInfo.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSQXInfo.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -u -r1.2 -r1.3 --- lib/FS/FSQXInfo.c 14 Dec 2001 19:53:33 -0000 1.2 +++ lib/FS/FSQXInfo.c 29 Aug 2003 18:01:12 -0000 1.3 @@@@ -91,6 +91,9 @@@@ props->num_offsets = local_pi.num_offsets; props->data_len = local_pi.data_len; + if (props->num_offsets > SIZE_T_MAX / sizeof(FSPropOffset)) + return FSBadAlloc; + /* prepare for prop data */ offset_data = (FSPropOffset *) FSmalloc(props->num_offsets * sizeof(FSPropOffset)); Index: lib/FS/FSlibint.h =================================================================== RCS file: /home/ncvs/xfree/xc/lib/FS/FSlibint.h,v retrieving revision 3.7 retrieving revision 3.8 diff -u -u -r3.7 -r3.8 --- lib/FS/FSlibint.h 14 Dec 2001 19:53:33 -0000 3.7 +++ lib/FS/FSlibint.h 29 Aug 2003 18:01:12 -0000 3.8 @@@@ -76,6 +76,11 @@@@ #include "FSlibos.h" #include #include + +#include +#ifndef SIZE_T_MAX +#define SIZE_T_MAX UINT_MAX +#endif typedef int (* FSIOErrorHandler)(FSServer *); typedef int (* FSErrorHandler)(FSServer *, FSErrorEvent *); Index: lib/font/fc/fserve.c =================================================================== RCS file: /home/ncvs/xfree/xc/lib/font/fc/fserve.c,v retrieving revision 3.23 retrieving revision 3.24 diff -u -u -r3.23 -r3.24 --- lib/font/fc/fserve.c 27 May 2003 22:26:48 -0000 3.23 +++ lib/font/fc/fserve.c 29 Aug 2003 18:01:13 -0000 3.24 @@@@ -1505,8 +1505,8 @@@@ if (conn->blockState & FS_GIVE_UP) return BadFontName; - - if (namelen > sizeof (buf) - 1) + + if (namelen <= 0 || namelen > sizeof (buf) - 1) return BadFontName; /* Index: lib/font/fc/fslibos.h =================================================================== RCS file: /home/ncvs/xfree/xc/lib/font/fc/fslibos.h,v retrieving revision 3.7 retrieving revision 3.8 diff -u -u -r3.7 -r3.8 --- lib/font/fc/fslibos.h 31 May 2002 18:45:49 -0000 3.7 +++ lib/font/fc/fslibos.h 29 Aug 2003 18:01:14 -0000 3.8 @@@@ -48,13 +48,16 @@@@ #ifndef FONT_OPEN_MAX #ifndef X_NOT_POSIX -#ifdef _POSIX_SOURCE -#include -#else -#define _POSIX_SOURCE -#include -#undef _POSIX_SOURCE +# ifdef _POSIX_SOURCE +# include +# else +# define _POSIX_SOURCE +# include +# undef _POSIX_SOURCE +# endif #endif +#ifndef SIZE_T_MAX +# define SIZE_T_MAX UINT_MAX #endif #ifndef OPEN_MAX #if defined(SVR4) || defined(__UNIXOS2__) @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ @ 1.1.1.1 log @Initial import of XFree86-libs-4.3.0 from pkgsrc-wip. This package contains the XFree86 include header files and shared library files. @ text @@