SECURITY: Update libtiff to 4.0.4beta to fix

CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 (likely) Remaining unfixed vulnerabilities: CVE-2014-9655, CVE-2015-1547 (but these are unfixed upstream AFAICS). ok wiz
author: bsiegert <bsiegert@pkgsrc.org> 2015-03-29 14:47:03 +0000
committer: bsiegert <bsiegert@pkgsrc.org> 2015-03-29 14:47:03 +0000
commit: 0e692dcc16a2d7be1559373d834a4426064378a8 (patch)
tree: 64cf79af79fed3392bda825aef432d6950ea6536 /graphics
parent: d6baaa590ebc8a81d34b2b62c5950d3db7020624 (diff)
download: pkgsrc-0e692dcc16a2d7be1559373d834a4426064378a8.tar.gz
7 files changed, 9 insertions, 416 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 6a422d12211..0fe99c7f9f3 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.117 2014/10/09 14:06:37 wiz Exp $
+# $NetBSD: Makefile,v 1.118 2015/03/29 14:47:03 bsiegert Exp $
 
-DISTNAME=	tiff-4.0.3
-PKGREVISION=	6
+DISTNAME=	tiff-4.0.4beta
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://ftp.remotesensing.org/pub/libtiff/ \
 		http://libtiff.maptools.org/dl/
diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST
index 8c41c08685d..f31a3dae389 100644
--- a/graphics/tiff/PLIST
+++ b/graphics/tiff/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2012/10/01 18:11:29 adam Exp $
+@comment $NetBSD: PLIST,v 1.18 2015/03/29 14:47:03 bsiegert Exp $
 bin/bmp2tiff
 bin/fax2ps
 bin/fax2tiff
@@ -246,3 +246,5 @@ share/doc/tiff/html/v3.9.2.html
 share/doc/tiff/html/v4.0.0.html
 share/doc/tiff/html/v4.0.1.html
 share/doc/tiff/html/v4.0.2.html
+share/doc/tiff/html/v4.0.3.html
+share/doc/tiff/html/v4.0.4beta.html
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index a296f1013da..6f3fd60da7c 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,10 +1,6 @@
-$NetBSD: distinfo,v 1.62 2013/09/21 18:47:05 dholland Exp $
+$NetBSD: distinfo,v 1.63 2015/03/29 14:47:03 bsiegert Exp $
 
-SHA1 (tiff-4.0.3.tar.gz) = 652e97b78f1444237a82cbcfe014310e776eb6f0
-RMD160 (tiff-4.0.3.tar.gz) = eacd725fb3c299682c1c2e508049d98acd170f31
-Size (tiff-4.0.3.tar.gz) = 2051630 bytes
-SHA1 (patch-CVE-2012-4564) = bda3b26e431e8234e5afd984a086c980a8eb6c41
-SHA1 (patch-CVE-2013-1960_1961) = b815edbeeb1eb23ce2633060dd390985dec794f3
-SHA1 (patch-CVE-2013-4231) = bc1420583b9c4b0a34d26142bc35b6d0d26af529
-SHA1 (patch-CVE-2013-4243) = e5d37df64620451f9a34a3f6c14825873db9c1bd
+SHA1 (tiff-4.0.4beta.tar.gz) = 987568b81f6c40653eb79386fa0e163f3c6ab6fb
+RMD160 (tiff-4.0.4beta.tar.gz) = 0f7c47bad8d6d9cd75d3bf42abf0a6133c1ea129
+Size (tiff-4.0.4beta.tar.gz) = 2098962 bytes
 SHA1 (patch-configure) = 1fb9ef790a59ac9c1396dd8e962c75946e2c998a
diff --git a/graphics/tiff/patches/patch-CVE-2012-4564 b/graphics/tiff/patches/patch-CVE-2012-4564
deleted file mode 100644
index fe5a551ac75..00000000000
--- a/graphics/tiff/patches/patch-CVE-2012-4564
+++ /dev/null
@@ -1,33 +0,0 @@
-$NetBSD: patch-CVE-2012-4564,v 1.1 2012/11/05 12:41:48 drochner Exp $
-
-see https://bugzilla.redhat.com/show_bug.cgi?id=871700
-
---- tools/ppm2tiff.c.orig	2010-04-10 19:22:34.000000000 +0000
-+++ tools/ppm2tiff.c
-@@ -89,6 +89,7 @@ main(int argc, char* argv[])
- 	int c;
- 	extern int optind;
- 	extern char* optarg;
-+	tmsize_t scanline_size;
- 
- 	if (argc < 2) {
- 	    fprintf(stderr, "%s: Too few arguments\n", argv[0]);
-@@ -237,8 +238,16 @@ main(int argc, char* argv[])
- 	}
- 	if (TIFFScanlineSize(out) > linebytes)
- 		buf = (unsigned char *)_TIFFmalloc(linebytes);
--	else
--		buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
-+	else {
-+		scanline_size = TIFFScanlineSize(out);
-+		if (scanline_size != 0)
-+			buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
-+		else {
-+			fprintf(stderr, "%s: scanline size overflow\n",infile);
-+			(void) TIFFClose(out);
-+			exit(-2);
-+		}
-+	}
- 	if (resolution > 0) {
- 		TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
- 		TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff --git a/graphics/tiff/patches/patch-CVE-2013-1960_1961 b/graphics/tiff/patches/patch-CVE-2013-1960_1961
deleted file mode 100644
index 4d2c1dee7c9..00000000000
--- a/graphics/tiff/patches/patch-CVE-2013-1960_1961
+++ /dev/null
@@ -1,295 +0,0 @@
-$NetBSD: patch-CVE-2013-1960_1961,v 1.2 2013/08/15 14:58:46 drochner Exp $
-
-see https://bugzilla.redhat.com/show_bug.cgi?id=952131
-and https://bugzilla.redhat.com/show_bug.cgi?id=952158
-
-also fixes CVE-2013-4232
-see http://bugzilla.maptools.org/show_bug.cgi?id=2449
-
---- contrib/dbs/xtiff/xtiff.c.orig	2010-06-08 20:55:15.000000000 +0200
-+++ contrib/dbs/xtiff/xtiff.c	2013-05-02 16:27:43.000000000 +0200
-@@ -512,9 +512,9 @@ SetNameLabel()
-     Arg args[1];
- 
-     if (tfMultiPage)
--        sprintf(buffer, "%s - page %d", fileName, tfDirectory);
-+        snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory);
-     else
--        strcpy(buffer, fileName);
-+        snprintf(buffer, sizeof(buffer), "%s", fileName);
-     XtSetArg(args[0], XtNlabel, buffer);
-     XtSetValues(labelWidget, args, 1);
- }
---- libtiff/tif_codec.c.orig	2010-12-14 15:18:28.000000000 +0100
-+++ libtiff/tif_codec.c	2013-05-02 16:27:43.000000000 +0200
-@@ -108,7 +108,8 @@ _notConfigured(TIFF* tif)
- 	const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression);
-         char compression_code[20];
-         
--        sprintf( compression_code, "%d", tif->tif_dir.td_compression );
-+        snprintf(compression_code, sizeof(compression_code), "%d",
-+		 tif->tif_dir.td_compression );
- 	TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
-                      "%s compression support is not configured", 
-                      c ? c->name : compression_code );
---- libtiff/tif_dirinfo.c.orig	2012-08-19 18:56:34.000000000 +0200
-+++ libtiff/tif_dirinfo.c	2013-05-02 16:27:43.000000000 +0200
-@@ -711,7 +711,7 @@ _TIFFCreateAnonField(TIFF *tif, uint32 t
- 	 * note that this name is a special sign to TIFFClose() and
- 	 * _TIFFSetupFields() to free the field
- 	 */
--	sprintf(fld->field_name, "Tag %d", (int) tag);
-+	snprintf(fld->field_name, 32, "Tag %d", (int) tag);
- 
- 	return fld;    
- }
---- tools/rgb2ycbcr.c.orig	2011-05-31 19:03:16.000000000 +0200
-+++ tools/rgb2ycbcr.c	2013-05-02 16:27:43.000000000 +0200
-@@ -332,7 +332,8 @@ tiffcvt(TIFF* in, TIFF* out)
- 	TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
- 	{ char buf[2048];
- 	  char *cp = strrchr(TIFFFileName(in), '/');
--	  sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in));
-+	  snprintf(buf, sizeof(buf), "YCbCr conversion of %s",
-+		   cp ? cp+1 : TIFFFileName(in));
- 	  TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf);
- 	}
- 	TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion());
---- tools/tiff2bw.c.orig	2010-07-08 18:10:24.000000000 +0200
-+++ tools/tiff2bw.c	2013-05-02 16:27:43.000000000 +0200
-@@ -205,7 +205,7 @@ main(int argc, char* argv[])
- 		}
- 	}
- 	TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK);
--	sprintf(thing, "B&W version of %s", argv[optind]);
-+	snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]);
- 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
- 	TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
- 	outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
---- tools/tiff2pdf.c.orig	2012-07-26 02:56:43.000000000 +0000
-+++ tools/tiff2pdf.c
-@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p
- 					TIFFFileName(input));
- 				t2p->t2p_error = T2P_ERR_ERROR;
- 			  _TIFFfree(buffer);
-+			  return(0);
- 			} else {
- 				buffer=samplebuffer;
- 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
-@@ -3341,33 +3342,56 @@ int t2p_process_jpeg_strip(
- 	uint32 height){
- 
- 	tsize_t i=0;
--	uint16 ri =0;
--	uint16 v_samp=1;
--	uint16 h_samp=1;
--	int j=0;
--	
--	i++;
--	
--	while(i<(*striplength)){
-+
-+	while (i < *striplength) {
-+		tsize_t datalen;
-+		uint16 ri;
-+		uint16 v_samp;
-+		uint16 h_samp;
-+		int j;
-+		int ncomp;
-+
-+		/* marker header: one or more FFs */
-+		if (strip[i] != 0xff)
-+			return(0);
-+		i++;
-+		while (i < *striplength && strip[i] == 0xff)
-+			i++;
-+		if (i >= *striplength)
-+			return(0);
-+		/* SOI is the only pre-SOS marker without a length word */
-+		if (strip[i] == 0xd8)
-+			datalen = 0;
-+		else {
-+			if ((*striplength - i) <= 2)
-+				return(0);
-+			datalen = (strip[i+1] << 8) | strip[i+2];
-+			if (datalen < 2 || datalen >= (*striplength - i))
-+				return(0);
-+		}
- 		switch( strip[i] ){
--			case 0xd8:
--				/* SOI - start of image */
-+			case 0xd8:	/* SOI - start of image */
- 				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
- 				*bufferoffset+=2;
--				i+=2;
- 				break;
--			case 0xc0:
--			case 0xc1:
--			case 0xc3:
--			case 0xc9:
--			case 0xca:
-+			case 0xc0:	/* SOF0 */
-+			case 0xc1:	/* SOF1 */
-+			case 0xc3:	/* SOF3 */
-+			case 0xc9:	/* SOF9 */
-+			case 0xca:	/* SOF10 */
- 				if(no==0){
--					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--					for(j=0;j<buffer[*bufferoffset+9];j++){
--						if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) 
--							h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
--						if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) 
--							v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
-+					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+					ncomp = buffer[*bufferoffset+9];
-+					if (ncomp < 1 || ncomp > 4)
-+						return(0);
-+					v_samp=1;
-+					h_samp=1;
-+					for(j=0;j<ncomp;j++){
-+						uint16 samp = buffer[*bufferoffset+11+(3*j)];
-+						if( (samp>>4) > h_samp) 
-+							h_samp = (samp>>4);
-+						if( (samp & 0x0f) > v_samp) 
-+							v_samp = (samp & 0x0f);
- 					}
- 					v_samp*=8;
- 					h_samp*=8;
-@@ -3381,45 +3405,43 @@ int t2p_process_jpeg_strip(
-                                           (unsigned char) ((height>>8) & 0xff);
- 					buffer[*bufferoffset+6]=
-                                             (unsigned char) (height & 0xff);
--					*bufferoffset+=strip[i+2]+2;
--					i+=strip[i+2]+2;
--
-+					*bufferoffset+=datalen+2;
-+					/* insert a DRI marker */
- 					buffer[(*bufferoffset)++]=0xff;
- 					buffer[(*bufferoffset)++]=0xdd;
- 					buffer[(*bufferoffset)++]=0x00;
- 					buffer[(*bufferoffset)++]=0x04;
- 					buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
- 					buffer[(*bufferoffset)++]= ri & 0xff;
--				} else {
--					i+=strip[i+2]+2;
- 				}
- 				break;
--			case 0xc4:
--			case 0xdb:
--				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--				*bufferoffset+=strip[i+2]+2;
--				i+=strip[i+2]+2;
-+			case 0xc4: /* DHT */
-+			case 0xdb: /* DQT */
-+				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+				*bufferoffset+=datalen+2;
- 				break;
--			case 0xda:
-+			case 0xda: /* SOS */
- 				if(no==0){
--					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--					*bufferoffset+=strip[i+2]+2;
--					i+=strip[i+2]+2;
-+					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+					*bufferoffset+=datalen+2;
- 				} else {
- 					buffer[(*bufferoffset)++]=0xff;
- 					buffer[(*bufferoffset)++]=
-                                             (unsigned char)(0xd0 | ((no-1)%8));
--					i+=strip[i+2]+2;
- 				}
--				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
--				*bufferoffset+=(*striplength)-i-1;
-+				i += datalen + 1;
-+				/* copy remainder of strip */
-+				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
-+				*bufferoffset+= *striplength - i;
- 				return(1);
- 			default:
--				i+=strip[i+2]+2;
-+				/* ignore any other marker */
-+				break;
- 		}
-+		i += datalen + 1;
- 	}
--	
- 
-+	/* failed to find SOS marker */
- 	return(0);
- }
- #endif
---- tools/tiff2ps.c.orig	2011-05-31 19:10:18.000000000 +0200
-+++ tools/tiff2ps.c	2013-05-02 16:27:43.000000000 +0200
-@@ -1781,8 +1781,8 @@ PS_Lvl2ImageDict(FILE* fd, TIFF* tif, ui
- 		imageOp = "imagemask";
- 
- 	(void)strcpy(im_x, "0");
--	(void)sprintf(im_y, "%lu", (long) h);
--	(void)sprintf(im_h, "%lu", (long) h);
-+	(void)snprintf(im_y, sizeof(im_y), "%lu", (long) h);
-+	(void)snprintf(im_h, sizeof(im_h), "%lu", (long) h);
- 	tile_width = w;
- 	tile_height = h;
- 	if (TIFFIsTiled(tif)) {
-@@ -1803,7 +1803,7 @@ PS_Lvl2ImageDict(FILE* fd, TIFF* tif, ui
- 		}
- 		if (tile_height < h) {
- 			fputs("/im_y 0 def\n", fd);
--			(void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
-+			(void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
- 		}
- 	} else {
- 		repeat_count = tf_numberstrips;
-@@ -1815,7 +1815,7 @@ PS_Lvl2ImageDict(FILE* fd, TIFF* tif, ui
- 			fprintf(fd, "/im_h %lu def\n",
- 			    (unsigned long) tile_height);
- 			(void)strcpy(im_h, "im_h");
--			(void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
-+			(void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
- 		}
- 	}
- 
---- tools/tiffcrop.c.orig	2010-12-14 15:18:28.000000000 +0100
-+++ tools/tiffcrop.c	2013-05-02 16:27:43.000000000 +0200
-@@ -2077,7 +2077,7 @@ update_output_file (TIFF **tiffout, char
-         return 1;
-         }
- 
--      sprintf (filenum, "-%03d%s", findex, export_ext);
-+      snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext);
-       filenum[14] = '\0';
-       strncat (exportname, filenum, 15);
-       }
-@@ -2230,8 +2230,8 @@ main(int argc, char* argv[])
- 
-           /* dump.infilename is guaranteed to be NUL termimated and have 20 bytes 
-              fewer than PATH_MAX */ 
--          memset (temp_filename, '\0', PATH_MAX + 1);              
--          sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images,
-+          snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s",
-+		   dump.infilename, dump_images,
-                   (dump.format == DUMP_TEXT) ? "txt" : "raw");
-           if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL)
-             {
-@@ -2249,8 +2249,8 @@ main(int argc, char* argv[])
- 
-           /* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes 
-              fewer than PATH_MAX */ 
--          memset (temp_filename, '\0', PATH_MAX + 1);              
--          sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images,
-+          snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s",
-+		   dump.outfilename, dump_images,
-                   (dump.format == DUMP_TEXT) ? "txt" : "raw");
-           if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL)
-             {
---- tools/tiffdither.c.orig	2010-03-10 19:56:50.000000000 +0100
-+++ tools/tiffdither.c	2013-05-02 16:27:43.000000000 +0200
-@@ -260,7 +260,7 @@ main(int argc, char* argv[])
- 		TIFFSetField(out, TIFFTAG_FILLORDER, fillorder);
- 	else
- 		CopyField(TIFFTAG_FILLORDER, shortv);
--	sprintf(thing, "Dithered B&W version of %s", argv[optind]);
-+	snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]);
- 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
- 	CopyField(TIFFTAG_PHOTOMETRIC, shortv);
- 	CopyField(TIFFTAG_ORIENTATION, shortv);
diff --git a/graphics/tiff/patches/patch-CVE-2013-4231 b/graphics/tiff/patches/patch-CVE-2013-4231
deleted file mode 100644
index 0916dfd5818..00000000000
--- a/graphics/tiff/patches/patch-CVE-2013-4231
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-CVE-2013-4231,v 1.1 2013/08/15 14:58:46 drochner Exp $
-
-see http://bugzilla.maptools.org/show_bug.cgi?id=2450
-
-also fixes CVE-2013-4244
-see https://bugzilla.redhat.com/show_bug.cgi?id=996468
-
---- tools/gif2tiff.c.orig	2010-12-15 03:52:53.000000000 +0000
-+++ tools/gif2tiff.c
-@@ -333,6 +333,10 @@ readraster(void)
-     int status = 1;
- 
-     datasize = getc(infile);
-+
-+    if (datasize > 12)
-+	return 0;
-+
-     clear = 1 << datasize;
-     eoi = clear + 1;
-     avail = clear + 2;
-@@ -398,6 +402,10 @@ process(register int code, unsigned char
-     }
- 
-     if (oldcode == -1) {
-+	if (code >= clear) {
-+	    fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
-+	    return 0;
-+	}
- 	*(*fill)++ = suffix[code];
- 	firstchar = oldcode = code;
- 	return 1;
diff --git a/graphics/tiff/patches/patch-CVE-2013-4243 b/graphics/tiff/patches/patch-CVE-2013-4243
deleted file mode 100644
index e71ac593450..00000000000
--- a/graphics/tiff/patches/patch-CVE-2013-4243
+++ /dev/null
@@ -1,45 +0,0 @@
-$NetBSD: patch-CVE-2013-4243,v 1.1 2013/09/21 18:47:05 dholland Exp $
-
-Upstream candidate patch for CVE 2013-4243.
-taken from http://bugzilla.maptools.org/attachment.cgi?id=518
-(via http://bugzilla.maptools.org/show_bug.cgi?id=2451)
-
-Despite looking suspect with respect to integer overflows, this
-appears to be ok, as long as you aren't on a 16-bit platform, because
-the largest image size the input can encode is apparently 65535*65535.
-
---- tools/gif2tiff.c.orig	2013-09-21 18:45:13.000000000 +0000
-+++ tools/gif2tiff.c
-@@ -280,6 +280,10 @@ readgifimage(char* mode)
-         fprintf(stderr, "no colormap present for image\n");
-         return (0);
-     }
-+    if (width == 0 || height == 0) {
-+        fprintf(stderr, "Invalid value of width or height\n");
-+        return(0);
-+    }
-     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
-         fprintf(stderr, "not enough memory for image\n");
-         return (0);
-@@ -406,6 +410,10 @@ process(register int code, unsigned char
- 	    fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
- 	    return 0;
- 	}
-+	if (*fill >= raster + width*height) {
-+	    fprintf(stderr, "raster full before eoi code\n");
-+	    return 0;
-+	}
- 	*(*fill)++ = suffix[code];
- 	firstchar = oldcode = code;
- 	return 1;
-@@ -436,6 +444,10 @@ process(register int code, unsigned char
-     }
-     oldcode = incode;
-     do {
-+        if (*fill >= raster + width*height) {
-+            fprintf(stderr, "raster full before eoi code\n");
-+            return 0;
-+        }
- 	*(*fill)++ = *--stackp;
-     } while (stackp > stack);
-     return 1;
author	bsiegert <bsiegert@pkgsrc.org>	2015-03-29 14:47:03 +0000
committer	bsiegert <bsiegert@pkgsrc.org>	2015-03-29 14:47:03 +0000
commit	0e692dcc16a2d7be1559373d834a4426064378a8 (patch)
tree	64cf79af79fed3392bda825aef432d6950ea6536 /graphics
parent	d6baaa590ebc8a81d34b2b62c5950d3db7020624 (diff)
download	pkgsrc-0e692dcc16a2d7be1559373d834a4426064378a8.tar.gz