summaryrefslogtreecommitdiff
path: root/graphics/xpm
diff options
context:
space:
mode:
authorminskim <minskim@pkgsrc.org>2004-09-16 15:09:01 +0000
committerminskim <minskim@pkgsrc.org>2004-09-16 15:09:01 +0000
commit73aa6784e29f0fa3f62be669645aa38169642dbb (patch)
tree5d68a363c5edb5c2cc2ed67794798d897023487c /graphics/xpm
parent2a75f7dc5b559b02f9608fceec4e44b62ca68380 (diff)
downloadpkgsrc-73aa6784e29f0fa3f62be669645aa38169642dbb.tar.gz
Incorporate security fixes of X.Org X11R6.8.1.
Bump PKGREVISION.
Diffstat (limited to 'graphics/xpm')
-rw-r--r--graphics/xpm/Makefile4
-rw-r--r--graphics/xpm/buildlink3.mk3
-rw-r--r--graphics/xpm/distinfo13
-rw-r--r--graphics/xpm/patches/patch-aa21
-rw-r--r--graphics/xpm/patches/patch-ad38
-rw-r--r--graphics/xpm/patches/patch-ae29
-rw-r--r--graphics/xpm/patches/patch-af13
-rw-r--r--graphics/xpm/patches/patch-ag53
-rw-r--r--graphics/xpm/patches/patch-ah13
-rw-r--r--graphics/xpm/patches/patch-ai31
-rw-r--r--graphics/xpm/patches/patch-aj179
-rw-r--r--graphics/xpm/patches/patch-ak68
12 files changed, 452 insertions, 13 deletions
diff --git a/graphics/xpm/Makefile b/graphics/xpm/Makefile
index 07f58ded997..54476accab7 100644
--- a/graphics/xpm/Makefile
+++ b/graphics/xpm/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2004/05/15 06:03:11 grant Exp $
+# $NetBSD: Makefile,v 1.38 2004/09/16 15:09:01 minskim Exp $
DISTNAME= xpm-3.4k
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics x11
MASTER_SITES= http://koala.ilog.fr/ftp/pub/xpm/ \
${MASTER_SITE_XCONTRIB:=libraries/}
diff --git a/graphics/xpm/buildlink3.mk b/graphics/xpm/buildlink3.mk
index 9d4e6e41549..a65009e8ee6 100644
--- a/graphics/xpm/buildlink3.mk
+++ b/graphics/xpm/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.15 2004/03/10 17:57:14 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.16 2004/09/16 15:09:01 minskim Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
XPM_BUILDLINK3_MK:= ${XPM_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@ BUILDLINK_PACKAGES+= xpm
.if !empty(XPM_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.xpm+= xpm>=3.4k
+BUILDLINK_RECOMMENDED.xpm?= xpm>=3.4knb2
BUILDLINK_PKGSRCDIR.xpm?= ../../graphics/xpm
USE_X11= yes
diff --git a/graphics/xpm/distinfo b/graphics/xpm/distinfo
index 175e00e71b0..f085a34e32c 100644
--- a/graphics/xpm/distinfo
+++ b/graphics/xpm/distinfo
@@ -1,8 +1,15 @@
-$NetBSD: distinfo,v 1.9 2002/08/25 18:39:26 jlam Exp $
+$NetBSD: distinfo,v 1.10 2004/09/16 15:09:01 minskim Exp $
SHA1 (xpm-3.4k.tar.gz) = a8eac19e5772bf7b3b177353686c1401fbf334bd
Size (xpm-3.4k.tar.gz) = 148887 bytes
-SHA1 (patch-aa) = 86264a0d832382eef43af740f16bcdf9448f4573
+SHA1 (patch-aa) = 33725beb53dc01b022e5110dbffab4c6a3ae65dc
SHA1 (patch-ab) = 0c8f317cdbde27929790e46d1711ada5e454b79d
SHA1 (patch-ac) = a0f1692ecfbf0160f5e5a5e3f31ac9398ff667b7
-SHA1 (patch-ad) = fb85487779cf5430224ae6f0a8cdc55350687eae
+SHA1 (patch-ad) = 0b6a2640a175d354449cab0198e3cbe1220f46b4
+SHA1 (patch-ae) = 31cf9b37d8d138ffdcee66b16adb4ed22c129763
+SHA1 (patch-af) = 17fed3b0e060f7cee19d21bc3ec5bf1b87dd89a7
+SHA1 (patch-ag) = 68435561f8fe7753c4bb8ce71ee6e53faf1e83d6
+SHA1 (patch-ah) = 075229583814bbdd0a3d7ac8dcb6ad0507d182ff
+SHA1 (patch-ai) = 79472013037a1866739b96e97d740378086cc46f
+SHA1 (patch-aj) = 98048e40c338f69915e233aa11df0f95deff75a4
+SHA1 (patch-ak) = b84999d5e981bbe6edd6fc76310681c16263e8b5
diff --git a/graphics/xpm/patches/patch-aa b/graphics/xpm/patches/patch-aa
index a19ae55407e..3e8b8189c51 100644
--- a/graphics/xpm/patches/patch-aa
+++ b/graphics/xpm/patches/patch-aa
@@ -1,8 +1,21 @@
-$NetBSD: patch-aa,v 1.3 1998/08/07 10:40:55 agc Exp $
+$NetBSD: patch-aa,v 1.4 2004/09/16 15:09:01 minskim Exp $
---- Imakefile.orig Thu Mar 19 14:50:59 1998
-+++ Imakefile Sat Jul 4 05:08:45 1998
-@@ -59,6 +59,7 @@
+--- Imakefile.orig Thu Mar 19 13:50:59 1998
++++ Imakefile
+@@ -51,14 +51,19 @@ SPRINTFDEF = -DVOID_SPRINTF
+ # endif
+ # endif
+ #endif
++#if HasStrlcat
++STRLCATDEF = -DHAS_STRLCAT
++#endif
++
+ #if defined(Win32Architecture)
+ ZPIPEDEF = -DNO_ZPIPE
+ #endif
+
+-DEFINES = $(STRDUPDEF) $(STRCASECMPDEF) $(SPRINTFDEF) $(ZPIPEDEF)
++DEFINES = $(STRDUPDEF) $(STRCASECMPDEF) $(SPRINTFDEF) $(STRLCATDEF) $(ZPIPEDEF)
XCOMM You can uncomment the following line to avoid building the shared lib
XCOMM IMAKE_DEFINES = -DSharedLibXpm=NO
diff --git a/graphics/xpm/patches/patch-ad b/graphics/xpm/patches/patch-ad
index 2e6bdd2ba23..bf2231b5152 100644
--- a/graphics/xpm/patches/patch-ad
+++ b/graphics/xpm/patches/patch-ad
@@ -1,7 +1,7 @@
-$NetBSD: patch-ad,v 1.4 2002/08/25 18:39:26 jlam Exp $
+$NetBSD: patch-ad,v 1.5 2004/09/16 15:09:01 minskim Exp $
---- lib/XpmI.h.orig Thu Mar 19 20:51:00 1998
-+++ lib/XpmI.h Mon May 13 00:33:23 2002
+--- lib/XpmI.h.orig Thu Mar 19 13:51:00 1998
++++ lib/XpmI.h
@@ -42,6 +42,7 @@
#ifndef XPMI_h
#define XPMI_h
@@ -10,3 +10,35 @@ $NetBSD: patch-ad,v 1.4 2002/08/25 18:39:26 jlam Exp $
#include "xpm.h"
/*
+@@ -114,6 +115,18 @@ extern FILE *popen();
+ boundCheckingCalloc((long)(nelem),(long) (elsize))
+ #endif
+
++#if defined(SCO) || defined(__USLC__)
++#include <stdint.h> /* For SIZE_MAX */
++#endif
++#include <limits.h>
++#ifndef SIZE_MAX
++# ifdef ULONG_MAX
++# define SIZE_MAX ULONG_MAX
++# else
++# define SIZE_MAX UINT_MAX
++# endif
++#endif
++
+ #define XPMMAXCMTLEN BUFSIZ
+ typedef struct {
+ unsigned int type;
+@@ -215,9 +228,9 @@ typedef struct _xpmHashAtom {
+ } *xpmHashAtom;
+
+ typedef struct {
+- int size;
+- int limit;
+- int used;
++ unsigned int size;
++ unsigned int limit;
++ unsigned int used;
+ xpmHashAtom *atomTable;
+ } xpmHashTable;
+
diff --git a/graphics/xpm/patches/patch-ae b/graphics/xpm/patches/patch-ae
new file mode 100644
index 00000000000..a94b683aaab
--- /dev/null
+++ b/graphics/xpm/patches/patch-ae
@@ -0,0 +1,29 @@
+$NetBSD: patch-ae,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/Attrib.c.orig Thu Mar 19 13:50:59 1998
++++ lib/Attrib.c
+@@ -35,7 +35,7 @@
+ #include "XpmI.h"
+
+ /* 3.2 backward compatibility code */
+-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors,
++LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
+ XpmColor ***oldct));
+
+ LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
+@@ -46,11 +46,14 @@ LFUNC(FreeOldColorTable, void, (XpmColor
+ static int
+ CreateOldColorTable(ct, ncolors, oldct)
+ XpmColor *ct;
+- int ncolors;
++ unsigned int ncolors;
+ XpmColor ***oldct;
+ {
+ XpmColor **colorTable, **color;
+ int a;
++
++ if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
++ return XpmNoMemory;
+
+ colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
+ if (!colorTable) {
diff --git a/graphics/xpm/patches/patch-af b/graphics/xpm/patches/patch-af
new file mode 100644
index 00000000000..5a511d00424
--- /dev/null
+++ b/graphics/xpm/patches/patch-af
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/CrDatFrI.c.orig Thu Mar 19 13:50:59 1998
++++ lib/CrDatFrI.c
+@@ -123,6 +123,8 @@ XpmCreateDataFromXpmImage(data_return, i
+ */
+ header_nlines = 1 + image->ncolors;
+ header_size = sizeof(char *) * header_nlines;
++ if (header_size >= SIZE_MAX / sizeof(char *))
++ return (XpmNoMemory);
+ header = (char **) XpmCalloc(header_size, sizeof(char *));
+ if (!header)
+ return (XpmNoMemory);
diff --git a/graphics/xpm/patches/patch-ag b/graphics/xpm/patches/patch-ag
new file mode 100644
index 00000000000..65c4d5f2c2f
--- /dev/null
+++ b/graphics/xpm/patches/patch-ag
@@ -0,0 +1,53 @@
+$NetBSD: patch-ag,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/create.c.orig Thu Mar 19 13:51:00 1998
++++ lib/create.c
+@@ -819,6 +819,9 @@ XpmCreateImageFromXpmImage(display, imag
+
+ ErrorStatus = XpmSuccess;
+
++ if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
++ return (XpmNoMemory);
++
+ /* malloc pixels index tables */
+ image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
+ if (!image_pixels)
+@@ -991,6 +994,8 @@ CreateXImage(display, visual, depth, for
+ return (XpmNoMemory);
+
+ #if !defined(FOR_MSW) && !defined(AMIGA)
++ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
++ return XpmNoMemory;
+ /* now that bytes_per_line must have been set properly alloc data */
+ (*image_return)->data =
+ (char *) XpmMalloc((*image_return)->bytes_per_line * height);
+@@ -2063,6 +2068,9 @@ xpmParseDataAndCreate(display, data, ima
+ xpmGetCmt(data, &colors_cmt);
+
+ /* malloc pixels index tables */
++ if (ncolors >= SIZE_MAX / sizeof(Pixel))
++ return XpmNoMemory;
++
+ image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
+ if (!image_pixels)
+ RETURN(XpmNoMemory);
+@@ -2317,7 +2325,8 @@ ParseAndPutPixels(
+ }
+ obm = SelectObject(*dc, image->bitmap);
+ #endif
+-
++ if (ncolors > 256)
++ return (XpmFileInvalid);
+
+ bzero((char *)colidx, 256 * sizeof(short));
+ for (a = 0; a < ncolors; a++)
+@@ -2422,6 +2431,9 @@ if (cidx[f]) XpmFree(cidx[f]);}
+ {
+ char *s;
+ char buf[BUFSIZ];
++
++ if (cpp >= sizeof(buf))
++ return (XpmFileInvalid);
+
+ buf[cpp] = '\0';
+ if (USE_HASHTABLE) {
diff --git a/graphics/xpm/patches/patch-ah b/graphics/xpm/patches/patch-ah
new file mode 100644
index 00000000000..423d815392f
--- /dev/null
+++ b/graphics/xpm/patches/patch-ah
@@ -0,0 +1,13 @@
+$NetBSD: patch-ah,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/data.c.orig Thu Mar 19 13:51:00 1998
++++ lib/data.c
+@@ -374,7 +374,7 @@ xpmGetCmt(data, cmt)
+ {
+ if (!data->type)
+ *cmt = NULL;
+- else if (data->CommentLength) {
++ else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) {
+ *cmt = (char *) XpmMalloc(data->CommentLength + 1);
+ strncpy(*cmt, data->Comment, data->CommentLength);
+ (*cmt)[data->CommentLength] = '\0';
diff --git a/graphics/xpm/patches/patch-ai b/graphics/xpm/patches/patch-ai
new file mode 100644
index 00000000000..7f9bb7a60bb
--- /dev/null
+++ b/graphics/xpm/patches/patch-ai
@@ -0,0 +1,31 @@
+$NetBSD: patch-ai,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/hashtab.c.orig Thu Mar 19 13:51:00 1998
++++ lib/hashtab.c
+@@ -135,7 +135,7 @@ HashTableGrows(table)
+ xpmHashTable *table;
+ {
+ xpmHashAtom *atomTable = table->atomTable;
+- int size = table->size;
++ unsigned int size = table->size;
+ xpmHashAtom *t, *p;
+ int i;
+ int oldSize = size;
+@@ -144,6 +144,8 @@ HashTableGrows(table)
+ HASH_TABLE_GROWS
+ table->size = size;
+ table->limit = size / 3;
++ if (size >= SIZE_MAX / sizeof(*atomTable))
++ return (XpmNoMemory);
+ atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
+ if (!atomTable)
+ return (XpmNoMemory);
+@@ -204,6 +206,8 @@ xpmHashTableInit(table)
+ table->size = INITIAL_HASH_SIZE;
+ table->limit = table->size / 3;
+ table->used = 0;
++ if (table->size >= SIZE_MAX / sizeof(*atomTable))
++ return (XpmNoMemory);
+ atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
+ if (!atomTable)
+ return (XpmNoMemory);
diff --git a/graphics/xpm/patches/patch-aj b/graphics/xpm/patches/patch-aj
new file mode 100644
index 00000000000..040a7ebe2bd
--- /dev/null
+++ b/graphics/xpm/patches/patch-aj
@@ -0,0 +1,179 @@
+$NetBSD: patch-aj,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/parse.c.orig Thu Mar 19 13:51:00 1998
++++ lib/parse.c
+@@ -41,6 +41,24 @@
+ #include "XpmI.h"
+ #include <ctype.h>
+
++#ifdef HAS_STRLCAT
++# define STRLCAT(dst, src, dstsize) { \
++ if (strlcat(dst, src, dstsize) >= (dstsize)) \
++ return (XpmFileInvalid); }
++# define STRLCPY(dst, src, dstsize) { \
++ if (strlcpy(dst, src, dstsize) >= (dstsize)) \
++ return (XpmFileInvalid); }
++#else
++# define STRLCAT(dst, src, dstsize) { \
++ if ((strlen(dst) + strlen(src)) < (dstsize)) \
++ strcat(dst, src); \
++ else return (XpmFileInvalid); }
++# define STRLCPY(dst, src, dstsize) { \
++ if (strlen(src) < (dstsize)) \
++ strcpy(dst, src); \
++ else return (XpmFileInvalid); }
++#endif
++
+ LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
+ unsigned int height, unsigned int ncolors,
+ unsigned int cpp, XpmColor *colorTable,
+@@ -63,7 +81,7 @@ xpmParseValues(data, width, height, ncol
+ unsigned int *extensions;
+ {
+ unsigned int l;
+- char buf[BUFSIZ];
++ char buf[BUFSIZ + 1];
+
+ if (!data->format) { /* XPM 2 or 3 */
+
+@@ -172,10 +190,10 @@ xpmParseColors(data, ncolors, cpp, color
+ XpmColor **colorTablePtr;
+ xpmHashTable *hashtable;
+ {
+- unsigned int key, l, a, b;
++ unsigned int key, l, a, b, len;
+ unsigned int curkey; /* current color key */
+ unsigned int lastwaskey; /* key read */
+- char buf[BUFSIZ];
++ char buf[BUFSIZ+1];
+ char curbuf[BUFSIZ]; /* current buffer */
+ char **sptr, *s;
+ XpmColor *color;
+@@ -183,6 +201,8 @@ xpmParseColors(data, ncolors, cpp, color
+ char **defaults;
+ int ErrorStatus;
+
++ if (ncolors >= SIZE_MAX / sizeof(XpmColor))
++ return (XpmNoMemory);
+ colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
+ if (!colorTable)
+ return (XpmNoMemory);
+@@ -194,6 +214,10 @@ xpmParseColors(data, ncolors, cpp, color
+ /*
+ * read pixel value
+ */
++ if (cpp >= SIZE_MAX - 1) {
++ xpmFreeColorTable(colorTable, ncolors);
++ return (XpmNoMemory);
++ }
+ color->string = (char *) XpmMalloc(cpp + 1);
+ if (!color->string) {
+ xpmFreeColorTable(colorTable, ncolors);
+@@ -231,13 +255,14 @@ xpmParseColors(data, ncolors, cpp, color
+ }
+ if (!lastwaskey && key < NKEYS) { /* open new key */
+ if (curkey) { /* flush string */
+- s = (char *) XpmMalloc(strlen(curbuf) + 1);
++ len = strlen(curbuf) + 1;
++ s = (char *) XpmMalloc(len);
+ if (!s) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
+ defaults[curkey] = s;
+- strcpy(s, curbuf);
++ memcpy(s, curbuf, len);
+ }
+ curkey = key + 1; /* set new key */
+ *curbuf = '\0'; /* reset curbuf */
+@@ -248,9 +273,9 @@ xpmParseColors(data, ncolors, cpp, color
+ return (XpmFileInvalid);
+ }
+ if (!lastwaskey)
+- strcat(curbuf, " "); /* append space */
++ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
+ buf[l] = '\0';
+- strcat(curbuf, buf);/* append buf */
++ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
+ lastwaskey = 0;
+ }
+ }
+@@ -258,12 +283,13 @@ xpmParseColors(data, ncolors, cpp, color
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmFileInvalid);
+ }
+- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1);
++ len = strlen(curbuf) + 1;
++ s = defaults[curkey] = (char *) XpmMalloc(len);
+ if (!s) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
+- strcpy(s, curbuf);
++ memcpy(s, curbuf, len);
+ }
+ } else { /* XPM 1 */
+ /* get to the beginning of the first string */
+@@ -276,6 +302,10 @@ xpmParseColors(data, ncolors, cpp, color
+ /*
+ * read pixel value
+ */
++ if (cpp >= SIZE_MAX - 1) {
++ xpmFreeColorTable(colorTable, ncolors);
++ return (XpmNoMemory);
++ }
+ color->string = (char *) XpmMalloc(cpp + 1);
+ if (!color->string) {
+ xpmFreeColorTable(colorTable, ncolors);
+@@ -304,16 +334,17 @@ xpmParseColors(data, ncolors, cpp, color
+ *curbuf = '\0'; /* init curbuf */
+ while (l = xpmNextWord(data, buf, BUFSIZ)) {
+ if (*curbuf != '\0')
+- strcat(curbuf, " ");/* append space */
++ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
+ buf[l] = '\0';
+- strcat(curbuf, buf); /* append buf */
++ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */
+ }
+- s = (char *) XpmMalloc(strlen(curbuf) + 1);
++ len = strlen(curbuf) + 1;
++ s = (char *) XpmMalloc(len);
+ if (!s) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
+- strcpy(s, curbuf);
++ memcpy(s, curbuf, len);
+ color->c_color = s;
+ *curbuf = '\0'; /* reset curbuf */
+ if (a < ncolors - 1)
+@@ -338,6 +369,9 @@ ParsePixels(data, width, height, ncolors
+ unsigned int *iptr, *iptr2;
+ unsigned int a, x, y;
+
++ if ((height > 0 && width >= SIZE_MAX / height) ||
++ width * height >= SIZE_MAX / sizeof(unsigned int))
++ return XpmNoMemory;
+ #ifndef FOR_MSW
+ iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
+ #else
+@@ -361,6 +395,9 @@ ParsePixels(data, width, height, ncolors
+ {
+ unsigned short colidx[256];
+
++ if (ncolors > 256)
++ return (XpmFileInvalid);
++
+ bzero((char *)colidx, 256 * sizeof(short));
+ for (a = 0; a < ncolors; a++)
+ colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
+@@ -438,6 +475,9 @@ if (cidx[f]) XpmFree(cidx[f]);}
+ {
+ char *s;
+ char buf[BUFSIZ];
++
++ if (cpp >= sizeof(buf))
++ return (XpmFileInvalid);
+
+ buf[cpp] = '\0';
+ if (USE_HASHTABLE) {
diff --git a/graphics/xpm/patches/patch-ak b/graphics/xpm/patches/patch-ak
new file mode 100644
index 00000000000..3b7624a8839
--- /dev/null
+++ b/graphics/xpm/patches/patch-ak
@@ -0,0 +1,68 @@
+$NetBSD: patch-ak,v 1.1 2004/09/16 15:09:01 minskim Exp $
+
+--- lib/scan.c.orig Thu Mar 19 13:51:00 1998
++++ lib/scan.c
+@@ -103,7 +103,8 @@ LFUNC(MSWGetImagePixels, int, (Display *
+ LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp,
+ XpmAttributes *attributes));
+
+-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors,
++LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors,
++ unsigned int ncolors,
+ Pixel *pixels, unsigned int mask,
+ unsigned int cpp, XpmAttributes *attributes));
+
+@@ -228,11 +229,17 @@ XpmCreateXpmImageFromImage(display, imag
+ else
+ cpp = 0;
+
++ if ((height > 0 && width >= SIZE_MAX / height) ||
++ width * height >= SIZE_MAX / sizeof(unsigned int))
++ RETURN(XpmNoMemory);
+ pmap.pixelindex =
+ (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
+ if (!pmap.pixelindex)
+ RETURN(XpmNoMemory);
+
++ if (pmap.size >= SIZE_MAX / sizeof(Pixel))
++ RETURN(XpmNoMemory);
++
+ pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
+ if (!pmap.pixels)
+ RETURN(XpmNoMemory);
+@@ -298,6 +305,8 @@ XpmCreateXpmImageFromImage(display, imag
+ * color
+ */
+
++ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
++ RETURN(XpmNoMemory);
+ colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
+ if (!colorTable)
+ RETURN(XpmNoMemory);
+@@ -356,6 +365,8 @@ ScanTransparentColor(color, cpp, attribu
+
+ /* first get a character string */
+ a = 0;
++ if (cpp >= SIZE_MAX - 1)
++ return (XpmNoMemory);
+ if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
+ return (XpmNoMemory);
+ *s++ = printable[c = a % MAXPRINTABLE];
+@@ -403,7 +414,7 @@ static int
+ ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes)
+ Display *display;
+ XpmColor *colors;
+- int ncolors;
++ unsigned int ncolors;
+ Pixel *pixels;
+ unsigned int mask;
+ unsigned int cpp;
+@@ -447,6 +458,8 @@ ScanOtherColors(display, colors, ncolors
+ }
+
+ /* first get character strings and rgb values */
++ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
++ return (XpmNoMemory);
+ xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
+ if (!xcolors)
+ return (XpmNoMemory);