head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.16 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.14 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.12 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.10 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.8 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.6 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.4 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.2 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.2.0.30 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.28 pkgsrc-2008Q1:1.2.0.26 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.24 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.22 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.20 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.18 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.16 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.14 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.12 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.10 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.8 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.6 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.4 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.2 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.1.0.2 pkgsrc-2004Q4-base:1.1; locks; strict; comment @# @; 1.3 date 2008.07.14.23.01.32; author christos; state dead; branches; next 1.2; 1.2 date 2005.03.10.16.00.32; author wiz; state Exp; branches; next 1.1; 1.1 date 2004.12.18.00.39.31; author tron; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.03.11.06.45.03; author snj; state Exp; branches; next ; desc @@ 1.3 log @update to openmotif 2.3.1 @ text @$NetBSD: patch-bi,v 1.2 2005/03/10 16:00:32 wiz Exp $ --- lib/Xm/Xpmscan.c.orig 2000-04-28 17:05:21.000000000 +0200 +++ lib/Xm/Xpmscan.c @@@@ -93,7 +93,8 @@@@ LFUNC(MSWGetImagePixels, int, (Display * LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, XpmAttributes *attributes)); -LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, +LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, + unsigned int ncolors, Pixel *pixels, unsigned int mask, unsigned int cpp, XpmAttributes *attributes)); @@@@ -220,11 +221,17 @@@@ XpmCreateXpmImageFromImage(display, imag else cpp = 0; + if ((height > 0 && width >= SIZE_MAX / height) || + width * height >= SIZE_MAX / sizeof(unsigned int)) + RETURN(XpmNoMemory); pmap.pixelindex = (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); if (!pmap.pixelindex) RETURN(XpmNoMemory); + if (pmap.size >= SIZE_MAX / sizeof(Pixel)) + RETURN(XpmNoMemory); + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); if (!pmap.pixels) RETURN(XpmNoMemory); @@@@ -279,7 +286,8 @@@@ XpmCreateXpmImageFromImage(display, imag * get rgb values and a string of char, and possibly a name for each * color */ - + if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) + RETURN(XpmNoMemory); colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); if (!colorTable) RETURN(XpmNoMemory); @@@@ -327,6 +335,8 @@@@ ScanTransparentColor(color, cpp, attribu /* first get a character string */ a = 0; + if (cpp >= SIZE_MAX - 1) + return (XpmNoMemory); if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) return (XpmNoMemory); *s++ = printable[c = a % MAXPRINTABLE]; @@@@ -374,7 +384,7 @@@@ static int ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) Display *display; XpmColor *colors; - int ncolors; + unsigned int ncolors; Pixel *pixels; unsigned int mask; unsigned int cpp; @@@@ -418,6 +428,8 @@@@ ScanOtherColors(display, colors, ncolors } /* first get character strings and rgb values */ + if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) + return (XpmNoMemory); xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); if (!xcolors) return (XpmNoMemory); @@@@ -585,6 +597,9 @@@@ GetImagePixels(image, width, height, pma ibpp = image->bits_per_pixel; offset = image->xoffset; + if (image->bitmap_unit < 0) + return (XpmNoMemory); + if ((image->bits_per_pixel | image->depth) == 1) { ibu = image->bitmap_unit; for (y = 0; y < height; y++) @ 1.2 log @Add patch to fix CAN-2005-0605. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-bi,v 1.1 2004/12/18 00:39:31 tron Exp $ @ 1.1 log @Fix vulnerabilities reported in CAN-2004-0687 and CAN-2004-0688 by applying a patch based on ICS's patch for OpenMotif 2.2.3. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- lib/Xm/Xpmscan.c.orig 2000-04-28 16:05:21.000000000 +0100 +++ lib/Xm/Xpmscan.c 2004-12-17 23:42:33.000000000 +0000 @@@@ -93,7 +93,8 @@@@ d15 1 a15 1 @@@@ -220,11 +221,17 @@@@ d33 1 a33 1 @@@@ -279,7 +286,8 @@@@ d43 1 a43 1 @@@@ -327,6 +335,8 @@@@ d52 1 a52 1 @@@@ -374,7 +384,7 @@@@ d61 1 a61 1 @@@@ -418,6 +428,8 @@@@ d70 10 @ 1.1.2.1 log @Pullup ticket 351 - requested by Lubomir Sedlacik security fix for openmotif Revisions pulled up: - pkgsrc/x11/openmotif/Makefile 1.32 - pkgsrc/x11/openmotif/distinfo 1.16 - pkgsrc/x11/openmotif/patches/patch-bi 1.2 Module Name: pkgsrc Committed By: wiz Date: Thu Mar 10 16:00:32 UTC 2005 Modified Files: pkgsrc/x11/openmotif: Makefile distinfo pkgsrc/x11/openmotif/patches: patch-bi Log Message: Add patch to fix CAN-2005-0605. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-bi,v 1.2 2005/03/10 16:00:32 wiz Exp $ d3 3 a5 3 --- lib/Xm/Xpmscan.c.orig 2000-04-28 17:05:21.000000000 +0200 +++ lib/Xm/Xpmscan.c @@@@ -93,7 +93,8 @@@@ LFUNC(MSWGetImagePixels, int, (Display * d15 1 a15 1 @@@@ -220,11 +221,17 @@@@ XpmCreateXpmImageFromImage(display, imag d33 1 a33 1 @@@@ -279,7 +286,8 @@@@ XpmCreateXpmImageFromImage(display, imag d43 1 a43 1 @@@@ -327,6 +335,8 @@@@ ScanTransparentColor(color, cpp, attribu d52 1 a52 1 @@@@ -374,7 +384,7 @@@@ static int d61 1 a61 1 @@@@ -418,6 +428,8 @@@@ ScanOtherColors(display, colors, ncolors a69 10 @@@@ -585,6 +597,9 @@@@ GetImagePixels(image, width, height, pma ibpp = image->bits_per_pixel; offset = image->xoffset; + if (image->bitmap_unit < 0) + return (XpmNoMemory); + if ((image->bits_per_pixel | image->depth) == 1) { ibu = image->bitmap_unit; for (y = 0; y < height; y++) @