diff options
author | drochner <drochner@pkgsrc.org> | 2006-11-24 12:46:12 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2006-11-24 12:46:12 +0000 |
commit | f7d5b705e2d4e50c0833e5caf6ffb88e007e0ea8 (patch) | |
tree | 9ad4be9e96aa8ed1c6e263145a18bac7fc99f509 /graphics/imlib2 | |
parent | 757f3891fe886ae7604e6e97f37722cbccf6c0a7 (diff) | |
download | pkgsrc-f7d5b705e2d4e50c0833e5caf6ffb88e007e0ea8.tar.gz |
fix some insufficient validation of graphics files, patches from Ubuntu
(CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809)
update to 1.3.0 (no changelog available)
Diffstat (limited to 'graphics/imlib2')
-rw-r--r-- | graphics/imlib2/Makefile | 5 | ||||
-rw-r--r-- | graphics/imlib2/PLIST | 3 | ||||
-rw-r--r-- | graphics/imlib2/distinfo | 20 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-ba | 22 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-bb | 39 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-bc | 78 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-bd | 81 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-ca | 30 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-cb | 18 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-cc | 47 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-cd | 18 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-ce | 13 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-cf | 80 | ||||
-rw-r--r-- | graphics/imlib2/patches/patch-cg | 32 |
14 files changed, 253 insertions, 233 deletions
diff --git a/graphics/imlib2/Makefile b/graphics/imlib2/Makefile index b638b4b7fa3..4511366f8e9 100644 --- a/graphics/imlib2/Makefile +++ b/graphics/imlib2/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.40 2006/11/06 11:28:32 joerg Exp $ +# $NetBSD: Makefile,v 1.41 2006/11/24 12:46:12 drochner Exp $ -DISTNAME= imlib2-1.2.0 -PKGREVISION= 5 +DISTNAME= imlib2-1.3.0 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=enlightenment/} diff --git a/graphics/imlib2/PLIST b/graphics/imlib2/PLIST index 36258e57469..933e3bd02ff 100644 --- a/graphics/imlib2/PLIST +++ b/graphics/imlib2/PLIST @@ -1,8 +1,9 @@ -@comment $NetBSD: PLIST,v 1.7 2005/01/11 13:37:54 adam Exp $ +@comment $NetBSD: PLIST,v 1.8 2006/11/24 12:46:12 drochner Exp $ bin/imlib2-config bin/imlib2_bumpmap bin/imlib2_colorspace bin/imlib2_conv +bin/imlib2_grab bin/imlib2_poly bin/imlib2_show bin/imlib2_test diff --git a/graphics/imlib2/distinfo b/graphics/imlib2/distinfo index 99be75a9d9d..cae45d8da5c 100644 --- a/graphics/imlib2/distinfo +++ b/graphics/imlib2/distinfo @@ -1,14 +1,16 @@ -$NetBSD: distinfo,v 1.16 2006/07/19 16:16:23 rillig Exp $ +$NetBSD: distinfo,v 1.17 2006/11/24 12:46:12 drochner Exp $ -SHA1 (imlib2-1.2.0.tar.gz) = 54f8ef83b0eac3f8e7f2218705e02a425fa73118 -RMD160 (imlib2-1.2.0.tar.gz) = 158ed1bd7c59b8d1db2c00db98027d9c5c0abec3 -Size (imlib2-1.2.0.tar.gz) = 890457 bytes -SHA1 (patch-aa) = 73e23778f6aaee5de213865aa64f9c5a4af6ba24 +SHA1 (imlib2-1.3.0.tar.gz) = ad9c673a94d4e5e610704cefd06855f900151e25 +RMD160 (imlib2-1.3.0.tar.gz) = 272fc0a62699e0f0f690f4cc8418ac5c8e0ee615 +Size (imlib2-1.3.0.tar.gz) = 955862 bytes SHA1 (patch-ab) = 47f0165c3a4abfc6de1078768104b8e2acd2e9b5 SHA1 (patch-ac) = da65ecd50753c37e267c2fd3de7f1dcef8dab1f1 SHA1 (patch-ad) = adf301fe0179aa1ab05fc54bb7ab706ee97ab7a7 SHA1 (patch-ae) = 6503e4cbc9bbb93f971ab2ae9fd7d50ddee9e0e8 -SHA1 (patch-ba) = 0a3937fc4d017356ba5d33f957426f9befc94730 -SHA1 (patch-bb) = 9df1e76c3023c6f9714906b226293bc3e026baca -SHA1 (patch-bc) = 29365da268d210b4eb7bb431f815a78bcf22f1e3 -SHA1 (patch-bd) = 2fd3fa738dc36c360868c0b73f1a3fcb3a4a14e4 +SHA1 (patch-ca) = c2150a4c1ad3ccccaf37961e2f301cd7f2ba2044 +SHA1 (patch-cb) = da837b92a1a4cfd139fe2d9ed319d1cd6e0fb703 +SHA1 (patch-cc) = 6a9d1b59e0574d8bb9cc7493a314feb1c90cc57f +SHA1 (patch-cd) = 398d5ea852ac5ece67dd34d83726422895058a6c +SHA1 (patch-ce) = 2a6d3fd704885d56b3ed4c2a19d2800f29c7c9a0 +SHA1 (patch-cf) = c6a2bd12ce8d6bf2fafcd2ed7cd6ead734456808 +SHA1 (patch-cg) = 5767ddcffce7c0da93aa942c80f67d14e28788fe diff --git a/graphics/imlib2/patches/patch-ba b/graphics/imlib2/patches/patch-ba deleted file mode 100644 index cade992e893..00000000000 --- a/graphics/imlib2/patches/patch-ba +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2005/04/11 05:29:15 kim Exp $ - ---- src/modules/filters/Makefile.am.orig 2004-11-01 22:03:49.000000000 -0500 -+++ src/modules/filters/Makefile.am 2005-04-11 01:11:56.000000000 -0400 -@@ -11,11 +11,14 @@ - pkg_LTLIBRARIES = testfilter.la bumpmap.la colormod.la - - testfilter_la_SOURCES = filter_test.c --testfilter_la_LDFLAGS = -module -avoid-version -+testfilter_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+testfilter_la_LIBADD = -lImlib2 - - bumpmap_la_SOURCES = filter_bumpmap.c --bumpmap_la_LDFLAGS = -module -avoid-version -+bumpmap_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+bumpmap_la_LIBADD = -lImlib2 - - colormod_la_SOURCES = filter_colormod.c --colormod_la_LDFLAGS = -module -avoid-version -+colormod_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+colormod_la_LIBADD = -lImlib2 - diff --git a/graphics/imlib2/patches/patch-bb b/graphics/imlib2/patches/patch-bb deleted file mode 100644 index 0f40eca77a0..00000000000 --- a/graphics/imlib2/patches/patch-bb +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-bb,v 1.1 2005/04/11 05:29:15 kim Exp $ - ---- src/modules/filters/Makefile.in.orig 2005-01-08 02:56:15.000000000 -0500 -+++ src/modules/filters/Makefile.in 2005-04-11 00:55:20.000000000 -0400 -@@ -104,13 +104,16 @@ - pkg_LTLIBRARIES = testfilter.la bumpmap.la colormod.la - - testfilter_la_SOURCES = filter_test.c --testfilter_la_LDFLAGS = -module -avoid-version -+testfilter_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+testfilter_la_LIBADD = -lImlib2 - - bumpmap_la_SOURCES = filter_bumpmap.c --bumpmap_la_LDFLAGS = -module -avoid-version -+bumpmap_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+bumpmap_la_LIBADD = -lImlib2 - - colormod_la_SOURCES = filter_colormod.c --colormod_la_LDFLAGS = -module -avoid-version -+colormod_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+colormod_la_LIBADD = -lImlib2 - mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs - CONFIG_HEADER = ../../../config.h - CONFIG_CLEAN_FILES = -@@ -121,11 +124,11 @@ - CPPFLAGS = @CPPFLAGS@ - LDFLAGS = @LDFLAGS@ - LIBS = @LIBS@ --testfilter_la_LIBADD = -+testfilter_la_DEPENDENCIES = - testfilter_la_OBJECTS = filter_test.lo --bumpmap_la_LIBADD = -+bumpmap_la_DEPENDENCIES = - bumpmap_la_OBJECTS = filter_bumpmap.lo --colormod_la_LIBADD = -+colormod_la_DEPENDENCIES = - colormod_la_OBJECTS = filter_colormod.lo - CFLAGS = @CFLAGS@ - COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) diff --git a/graphics/imlib2/patches/patch-bc b/graphics/imlib2/patches/patch-bc deleted file mode 100644 index 1d976ad77c4..00000000000 --- a/graphics/imlib2/patches/patch-bc +++ /dev/null @@ -1,78 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2005/04/11 05:29:15 kim Exp $ - ---- src/modules/loaders/Makefile.am.orig 2004-11-01 22:04:05.000000000 -0500 -+++ src/modules/loaders/Makefile.am 2005-04-11 01:11:56.000000000 -0400 -@@ -43,49 +43,49 @@ - lbm.la - - jpeg_la_SOURCES = loader_jpeg.c --jpeg_la_LDFLAGS = -module -avoid-version --jpeg_la_LIBADD = @JPEGLIBS@ -+jpeg_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+jpeg_la_LIBADD = @JPEGLIBS@ -lImlib2 - - png_la_SOURCES = loader_png.c --png_la_LDFLAGS = -module -avoid-version --png_la_LIBADD = @PNGLIBS@ -+png_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+png_la_LIBADD = @PNGLIBS@ -lImlib2 - - tiff_la_SOURCES = loader_tiff.c --tiff_la_LDFLAGS = -module -avoid-version --tiff_la_LIBADD = @TIFFLIBS@ -+tiff_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+tiff_la_LIBADD = @TIFFLIBS@ -lImlib2 - - gif_la_SOURCES = loader_gif.c --gif_la_LDFLAGS = -module -avoid-version --gif_la_LIBADD = @GIFLIBS@ -+gif_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+gif_la_LIBADD = @GIFLIBS@ -lImlib2 - - zlib_la_SOURCES = loader_zlib.c --zlib_la_LDFLAGS = -module -avoid-version --zlib_la_LIBADD = @ZLIBLIBS@ -+zlib_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+zlib_la_LIBADD = @ZLIBLIBS@ -lImlib2 - - bz2_la_SOURCES = loader_bz2.c --bz2_la_LDFLAGS = -module -avoid-version --bz2_la_LIBADD = @BZ2LIBS@ -+bz2_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+bz2_la_LIBADD = @BZ2LIBS@ -lImlib2 - - pnm_la_SOURCES = loader_pnm.c --pnm_la_LDFLAGS = -module -avoid-version --pnm_la_LIBADD = -+pnm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+pnm_la_LIBADD = -lImlib2 - - argb_la_SOURCES = loader_argb.c --argb_la_LDFLAGS = -module -avoid-version --argb_la_LIBADD = -+argb_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+argb_la_LIBADD = -lImlib2 - - bmp_la_SOURCES = loader_bmp.c --bmp_la_LDFLAGS = -module -avoid-version --bmp_la_LIBADD = -+bmp_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+bmp_la_LIBADD = -lImlib2 - - xpm_la_SOURCES = loader_xpm.c --xpm_la_LDFLAGS = -module -avoid-version --xpm_la_LIBADD = -+xpm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+xpm_la_LIBADD = -lImlib2 - - tga_la_SOURCES = loader_tga.c --tga_la_LDFLAGS = -module -avoid-version --tga_la_LIBADD = -+tga_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+tga_la_LIBADD = -lImlib2 - - lbm_la_SOURCES = loader_lbm.c --lbm_la_LDFLAGS = -module -avoid-version --lbm_la_LIBADD = -+lbm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+lbm_la_LIBADD = -lImlib2 diff --git a/graphics/imlib2/patches/patch-bd b/graphics/imlib2/patches/patch-bd deleted file mode 100644 index fe4b9f43c93..00000000000 --- a/graphics/imlib2/patches/patch-bd +++ /dev/null @@ -1,81 +0,0 @@ -$NetBSD: patch-bd,v 1.1 2005/04/11 05:29:15 kim Exp $ - ---- src/modules/loaders/Makefile.in.orig 2005-01-08 02:56:15.000000000 -0500 -+++ src/modules/loaders/Makefile.in 2005-04-11 01:19:24.000000000 -0400 -@@ -113,52 +113,52 @@ - - - jpeg_la_SOURCES = loader_jpeg.c --jpeg_la_LDFLAGS = -module -avoid-version --jpeg_la_LIBADD = @JPEGLIBS@ -+jpeg_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+jpeg_la_LIBADD = @JPEGLIBS@ -lImlib2 - - png_la_SOURCES = loader_png.c --png_la_LDFLAGS = -module -avoid-version --png_la_LIBADD = @PNGLIBS@ -+png_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+png_la_LIBADD = @PNGLIBS@ -lImlib2 - - tiff_la_SOURCES = loader_tiff.c --tiff_la_LDFLAGS = -module -avoid-version --tiff_la_LIBADD = @TIFFLIBS@ -+tiff_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+tiff_la_LIBADD = @TIFFLIBS@ -lImlib2 - - gif_la_SOURCES = loader_gif.c --gif_la_LDFLAGS = -module -avoid-version --gif_la_LIBADD = @GIFLIBS@ -+gif_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+gif_la_LIBADD = @GIFLIBS@ -lImlib2 - - zlib_la_SOURCES = loader_zlib.c --zlib_la_LDFLAGS = -module -avoid-version --zlib_la_LIBADD = @ZLIBLIBS@ -+zlib_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+zlib_la_LIBADD = @ZLIBLIBS@ -lImlib2 - - bz2_la_SOURCES = loader_bz2.c --bz2_la_LDFLAGS = -module -avoid-version --bz2_la_LIBADD = @BZ2LIBS@ -+bz2_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+bz2_la_LIBADD = @BZ2LIBS@ -lImlib2 - - pnm_la_SOURCES = loader_pnm.c --pnm_la_LDFLAGS = -module -avoid-version --pnm_la_LIBADD = -+pnm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+pnm_la_LIBADD = -lImlib2 - - argb_la_SOURCES = loader_argb.c --argb_la_LDFLAGS = -module -avoid-version --argb_la_LIBADD = -+argb_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+argb_la_LIBADD = -lImlib2 - - bmp_la_SOURCES = loader_bmp.c --bmp_la_LDFLAGS = -module -avoid-version --bmp_la_LIBADD = -+bmp_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+bmp_la_LIBADD = -lImlib2 - - xpm_la_SOURCES = loader_xpm.c --xpm_la_LDFLAGS = -module -avoid-version --xpm_la_LIBADD = -+xpm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+xpm_la_LIBADD = -lImlib2 - - tga_la_SOURCES = loader_tga.c --tga_la_LDFLAGS = -module -avoid-version --tga_la_LIBADD = -+tga_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+tga_la_LIBADD = -lImlib2 - - lbm_la_SOURCES = loader_lbm.c --lbm_la_LDFLAGS = -module -avoid-version --lbm_la_LIBADD = -+lbm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/ -+lbm_la_LIBADD = -lImlib2 - mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs - CONFIG_HEADER = ../../../config.h - CONFIG_CLEAN_FILES = diff --git a/graphics/imlib2/patches/patch-ca b/graphics/imlib2/patches/patch-ca new file mode 100644 index 00000000000..b487d29517b --- /dev/null +++ b/graphics/imlib2/patches/patch-ca @@ -0,0 +1,30 @@ +$NetBSD: patch-ca,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_argb.c.orig 2006-09-05 02:37:07.000000000 +0200 ++++ src/modules/loaders/loader_argb.c +@@ -23,7 +23,7 @@ char + load(ImlibImage * im, ImlibProgressFunction progress, + char progress_granularity, char immediate_load) + { +- int w, h, alpha; ++ int w=0, h=0, alpha=0; + FILE *f; + + if (im->data) +@@ -36,13 +36,15 @@ load(ImlibImage * im, ImlibProgressFunct + { + char buf[256], buf2[256]; + ++ memset(buf, 0, sizeof(buf)); ++ memset(buf2, 0, sizeof(buf)); + if (!fgets(buf, 255, f)) + { + fclose(f); + return 0; + } + sscanf(buf, "%s %i %i %i", buf2, &w, &h, &alpha); +- if (strcmp(buf2, "ARGB")) ++ if (strcmp(buf2, "ARGB") || w < 1 || h < 1 || w > 16383 || h > 16383) + { + fclose(f); + return 0; diff --git a/graphics/imlib2/patches/patch-cb b/graphics/imlib2/patches/patch-cb new file mode 100644 index 00000000000..f550835fc03 --- /dev/null +++ b/graphics/imlib2/patches/patch-cb @@ -0,0 +1,18 @@ +$NetBSD: patch-cb,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_jpeg.c.orig 2006-09-05 02:37:07.000000000 +0200 ++++ src/modules/loaders/loader_jpeg.c +@@ -95,6 +95,13 @@ load(ImlibImage * im, ImlibProgressFunct + UNSET_FLAG(im->flags, F_HAS_ALPHA); + im->format = strdup("jpeg"); + } ++ if (w < 1 || h < 1 || w > 16383 || h > 16383) ++ { ++ im->w = im->h = 0; ++ jpeg_destroy_decompress(&cinfo); ++ fclose(f); ++ return 0; ++ } + if (((!im->data) && (im->loader)) || (immediate_load) || (progress)) + { + DATA8 *ptr, *line[16], *data; diff --git a/graphics/imlib2/patches/patch-cc b/graphics/imlib2/patches/patch-cc new file mode 100644 index 00000000000..922246d0e34 --- /dev/null +++ b/graphics/imlib2/patches/patch-cc @@ -0,0 +1,47 @@ +$NetBSD: patch-cc,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_lbm.c.orig 2006-09-06 13:34:49.000000000 +0200 ++++ src/modules/loaders/loader_lbm.c +@@ -421,7 +421,7 @@ ILBM ilbm; + + im->w = L2RWORD(ilbm.bmhd.data); + im->h = L2RWORD(ilbm.bmhd.data + 2); +- if (im->w <= 0 || im->h <= 0) ok = 0; ++ if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0; + + ilbm.depth = ilbm.bmhd.data[8]; + if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */ +@@ -453,6 +453,7 @@ ILBM ilbm; + } + } + if (!full || !ok) { ++ im->w = im->h = 0; + freeilbm(&ilbm); + return ok; + } +@@ -467,12 +468,13 @@ ILBM ilbm; + cancel = 0; + plane[0] = NULL; + ++ n = ilbm.depth; ++ if (ilbm.mask == 1) n++; ++ + im->data = malloc(im->w * im->h * sizeof(DATA32)); +- if (im->data) { +- n = ilbm.depth; +- if (ilbm.mask == 1) n++; ++ plane[0] = malloc(((im->w + 15) / 16) * 2 * n); ++ if (im->data && plane[0]) { + +- plane[0] = malloc(((im->w + 15) / 16) * 2 * n); + for (i = 1; i < n; i++) plane[i] = plane[i - 1] + ((im->w + 15) / 16) * 2; + + z = ((im->w + 15) / 16) * 2 * n; +@@ -511,6 +513,7 @@ ILBM ilbm; + * the memory for im->data. + *----------*/ + if (!ok) { ++ im->w = im->h = 0; + if (im->data) free(im->data); + im->data = NULL; + } diff --git a/graphics/imlib2/patches/patch-cd b/graphics/imlib2/patches/patch-cd new file mode 100644 index 00000000000..5ce10df7dba --- /dev/null +++ b/graphics/imlib2/patches/patch-cd @@ -0,0 +1,18 @@ +$NetBSD: patch-cd,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_png.c.orig 2006-09-05 02:37:07.000000000 +0200 ++++ src/modules/loaders/loader_png.c +@@ -83,6 +83,13 @@ load(ImlibImage * im, ImlibProgressFunct + png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32), + (png_uint_32 *) (&h32), &bit_depth, &color_type, + &interlace_type, NULL, NULL); ++ if (w32 < 1 || h32 < 1 || w32 > 16383 || h32 > 16383) ++ { ++ png_read_end(png_ptr, info_ptr); ++ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL); ++ fclose(f); ++ return 0; ++ } + im->w = (int)w32; + im->h = (int)h32; + if (color_type == PNG_COLOR_TYPE_PALETTE) diff --git a/graphics/imlib2/patches/patch-ce b/graphics/imlib2/patches/patch-ce new file mode 100644 index 00000000000..f9e9e6ba251 --- /dev/null +++ b/graphics/imlib2/patches/patch-ce @@ -0,0 +1,13 @@ +$NetBSD: patch-ce,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_pnm.c.orig 2006-09-05 02:37:07.000000000 +0200 ++++ src/modules/loaders/loader_pnm.c +@@ -80,7 +80,7 @@ load(ImlibImage * im, ImlibProgressFunct + int i = 0; + + /* read numbers */ +- while (c != EOF && !isspace(c)) ++ while (c != EOF && i+1 < sizeof(buf) && !isspace(c)) + { + buf[i++] = c; + c = fgetc(f); diff --git a/graphics/imlib2/patches/patch-cf b/graphics/imlib2/patches/patch-cf new file mode 100644 index 00000000000..bd6e1fe8219 --- /dev/null +++ b/graphics/imlib2/patches/patch-cf @@ -0,0 +1,80 @@ +$NetBSD: patch-cf,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_tga.c.orig 2006-09-06 13:34:49.000000000 +0200 ++++ src/modules/loaders/loader_tga.c +@@ -319,6 +319,7 @@ load(ImlibImage * im, ImlibProgressFunct + { + unsigned long datasize; + unsigned char *bufptr; ++ unsigned char *bufend; + DATA32 *dataptr; + + int y; +@@ -347,6 +348,9 @@ load(ImlibImage * im, ImlibProgressFunct + /* bufptr is the next byte to be read from the buffer */ + bufptr = filedata; + ++ /* bufend is one past the last byte to be read from the buffer */ ++ bufend = filedata + datasize; ++ + /* dataptr is the next 32-bit pixel to be filled in */ + dataptr = im->data; + +@@ -364,7 +368,9 @@ load(ImlibImage * im, ImlibProgressFunct + else + dataptr = im->data + (y * im->w); + +- for (x = 0; x < im->w; x++) /* for each pixel in the row */ ++ for (x = 0; ++ x < im->w && bufptr+bpp/8 < bufend; ++ x++) /* for each pixel in the row */ + { + switch (bpp) + { +@@ -418,8 +424,8 @@ load(ImlibImage * im, ImlibProgressFunct + unsigned char curbyte, red, green, blue, alpha; + DATA32 *final_pixel = dataptr + im->w * im->h; + +- /* loop until we've got all the pixels */ +- while (dataptr < final_pixel) ++ /* loop until we've got all the pixels or run out of input */ ++ while (dataptr < final_pixel && bufptr+1+bpp/8 < bufend) + { + int count; + +@@ -437,7 +443,7 @@ load(ImlibImage * im, ImlibProgressFunct + green = *bufptr++; + red = *bufptr++; + alpha = *bufptr++; +- for (i = 0; i < count; i++) ++ for (i = 0; i < count && dataptr < final_pixel; i++) + { + WRITE_RGBA(dataptr, red, green, blue, alpha); + dataptr++; +@@ -448,7 +454,7 @@ load(ImlibImage * im, ImlibProgressFunct + blue = *bufptr++; + green = *bufptr++; + red = *bufptr++; +- for (i = 0; i < count; i++) ++ for (i = 0; i < count && dataptr < final_pixel; i++) + { + WRITE_RGBA(dataptr, red, green, blue, + (char)0xff); +@@ -458,7 +464,7 @@ load(ImlibImage * im, ImlibProgressFunct + + case 8: + alpha = *bufptr++; +- for (i = 0; i < count; i++) ++ for (i = 0; i < count && dataptr < final_pixel; i++) + { + WRITE_RGBA(dataptr, alpha, alpha, alpha, + (char)0xff); +@@ -473,7 +479,7 @@ load(ImlibImage * im, ImlibProgressFunct + { + int i; + +- for (i = 0; i < count; i++) ++ for (i = 0; i < count && dataptr < final_pixel; i++) + { + switch (bpp) + { diff --git a/graphics/imlib2/patches/patch-cg b/graphics/imlib2/patches/patch-cg new file mode 100644 index 00000000000..549be9b13d9 --- /dev/null +++ b/graphics/imlib2/patches/patch-cg @@ -0,0 +1,32 @@ +$NetBSD: patch-cg,v 1.1 2006/11/24 12:46:12 drochner Exp $ + +--- src/modules/loaders/loader_tiff.c.orig 2006-09-05 02:37:07.000000000 +0200 ++++ src/modules/loaders/loader_tiff.c +@@ -75,7 +75,7 @@ static void + raster(TIFFRGBAImage_Extra * img, uint32 * rast, + uint32 x, uint32 y, uint32 w, uint32 h) + { +- uint32 image_width, image_height; ++ int image_width, image_height; + uint32 *pixel, pixel_value; + int i, j, dy, rast_offset; + DATA32 *buffer_pixel, *buffer = img->image->data; +@@ -202,8 +202,16 @@ load(ImlibImage * im, ImlibProgressFunct + } + + rgba_image.image = im; +- im->w = width = rgba_image.rgba.width; +- im->h = height = rgba_image.rgba.height; ++ width = rgba_image.rgba.width; ++ height = rgba_image.rgba.height; ++ if (width < 1 || height < 1 || width >= 16384 || height >= 16384) ++ { ++ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image); ++ TIFFClose(tif); ++ return 0; ++ } ++ im->w = width; ++ im->h = height; + rgba_image.num_pixels = num_pixels = width * height; + if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED) + SET_FLAG(im->flags, F_HAS_ALPHA); |