head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.16
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.14
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.12
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.10
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.8
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.6
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.4
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.2
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.1.0.32
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.30
	pkgsrc-2008Q1:1.1.0.28
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.26
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.24
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.22
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.20
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.18
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.16
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.14
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.12
	pkgsrc-2006Q1-base:1.1
	pkgsrc-2005Q4:1.1.0.10
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.8
	pkgsrc-2005Q3-base:1.1
	pkgsrc-2005Q2:1.1.0.6
	pkgsrc-2005Q2-base:1.1
	pkgsrc-2005Q1:1.1.0.4
	pkgsrc-2005Q1-base:1.1
	pkgsrc-2004Q4:1.1.0.2
	pkgsrc-2004Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2008.07.14.23.01.32;	author christos;	state dead;
branches;
next	1.1;

1.1
date	2004.12.18.00.39.31;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to openmotif 2.3.1
@
text
@$NetBSD: patch-be,v 1.1 2004/12/18 00:39:31 tron Exp $

--- lib/Xm/Xpmcreate.c.orig	2000-04-28 16:05:21.000000000 +0100
+++ lib/Xm/Xpmcreate.c	2004-12-17 23:28:32.000000000 +0000
@@@@ -1,4 +1,5 @@@@
 /* $XConsortium: Xpmcreate.c /main/8 1996/09/20 08:15:02 pascale $ */
+/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
 /*
  * Copyright (C) 1989-95 GROUPE BULL
  *
@@@@ -799,6 +800,9 @@@@
 
     ErrorStatus = XpmSuccess;
 
+    if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) 
+	return (XpmNoMemory);
+
     /* malloc pixels index tables */
     image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
     if (!image_pixels)
@@@@ -942,6 +946,8 @@@@
 	return (XpmNoMemory);
 
 #ifndef FOR_MSW
+     if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
+	return XpmNoMemory;
     /* now that bytes_per_line must have been set properly alloc data */
     (*image_return)->data =
 	(char *) XpmMalloc((*image_return)->bytes_per_line * height);
@@@@ -1987,6 +1993,9 @@@@
 	xpmGetCmt(data, &colors_cmt);
 
     /* malloc pixels index tables */
+    if (ncolors >= SIZE_MAX / sizeof(Pixel)) 
+	return XpmNoMemory;
+
     image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
     if (!image_pixels)
 	RETURN(XpmNoMemory);
@@@@ -2200,6 +2209,9 @@@@
 	{
 	    unsigned short colidx[256];
 
+	    if (ncolors > 256)
+		return (XpmFileInvalid);
+
 	    bzero((char *)colidx, 256 * sizeof(short));
 	    for (a = 0; a < ncolors; a++)
 		colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
@@@@ -2298,6 +2310,9 @@@@
 	    char *s;
 	    char buf[BUFSIZ];
 
+	    if (cpp >= sizeof(buf))
+		return (XpmFileInvalid);
+
 	    buf[cpp] = '\0';
 	    if (USE_HASHTABLE) {
 		xpmHashAtom *slot;
@


1.1
log
@Fix vulnerabilities reported in CAN-2004-0687 and CAN-2004-0688 by
applying a patch based on ICS's patch for OpenMotif 2.2.3.
@
text
@d1 1
a1 1
$NetBSD$
@