summaryrefslogtreecommitdiff
path: root/x11/XFree86-libs
diff options
context:
space:
mode:
authorminskim <minskim@pkgsrc.org>2004-09-16 19:28:56 +0000
committerminskim <minskim@pkgsrc.org>2004-09-16 19:28:56 +0000
commite3103bfae74b5da3f17b73a3e37c930cec27743b (patch)
treeaf40ea91b04fbaef1383ab215392350163622513 /x11/XFree86-libs
parent31472d38a4a8be988488362bc7599fed675b460b (diff)
downloadpkgsrc-e3103bfae74b5da3f17b73a3e37c930cec27743b.tar.gz
Incorporate libXpm security fixes of X.Org X11R6.8.1.
Bump PKGREVISION.
Diffstat (limited to 'x11/XFree86-libs')
-rw-r--r--x11/XFree86-libs/Makefile4
-rw-r--r--x11/XFree86-libs/distinfo10
-rw-r--r--x11/XFree86-libs/patches/patch-ak13
-rw-r--r--x11/XFree86-libs/patches/patch-al31
-rw-r--r--x11/XFree86-libs/patches/patch-am179
-rw-r--r--x11/XFree86-libs/patches/patch-an68
-rw-r--r--x11/XFree86-libs/patches/patch-ao30
-rw-r--r--x11/XFree86-libs/patches/patch-ap13
-rw-r--r--x11/XFree86-libs/patches/patch-aq36
-rw-r--r--x11/XFree86-libs/patches/patch-ar53
10 files changed, 434 insertions, 3 deletions
diff --git a/x11/XFree86-libs/Makefile b/x11/XFree86-libs/Makefile
index 60c50973699..1bb4a218c8f 100644
--- a/x11/XFree86-libs/Makefile
+++ b/x11/XFree86-libs/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2004/07/31 02:28:15 xtraeme Exp $
+# $NetBSD: Makefile,v 1.17 2004/09/16 19:28:56 minskim Exp $
DISTNAME= ${DISTFILES}
PKGNAME= XFree86-libs-${XF_VER}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= x11
MASTER_SITES= ${MASTER_SITE_XFREE}
DISTFILES= XFree86-${XF_VER}-src-1.tgz XFree86-${XF_VER}-src-2.tgz \
diff --git a/x11/XFree86-libs/distinfo b/x11/XFree86-libs/distinfo
index b864e4c681e..f46f5016fea 100644
--- a/x11/XFree86-libs/distinfo
+++ b/x11/XFree86-libs/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2004/07/21 22:21:49 xtraeme Exp $
+$NetBSD: distinfo,v 1.7 2004/09/16 19:28:56 minskim Exp $
SHA1 (XFree86-4.4.0-src-1.tgz) = 44b38a7044c82d0b2f785b0e6a935349abcb5d79
Size (XFree86-4.4.0-src-1.tgz) = 11760814 bytes
@@ -18,3 +18,11 @@ SHA1 (patch-ag) = a06752ee9f55e64a407fac6fbde3547fd096c71d
SHA1 (patch-ah) = 30618658577dd37b31191197cd2c156ff72e0d90
SHA1 (patch-ai) = 178d556fa11818420cd685308cf179ee5f6f7dac
SHA1 (patch-aj) = 4545d9fd50c2a7b6f5a04da330784eaf9a5373ad
+SHA1 (patch-ak) = 8df00ceb043f9a1d99b5bd270bd19198f0a23a51
+SHA1 (patch-al) = 4eb342844fe90e1269b6a0296c5ba52ab7be50b3
+SHA1 (patch-am) = 3a0cda8079164e1f17c5aa1b21c666941b462079
+SHA1 (patch-an) = e78b95ab07b532db41a3785344e89dc23e9e7e34
+SHA1 (patch-ao) = 12af967565c0c3ddb29464f7f726786c5d04c60b
+SHA1 (patch-ap) = e2d533dd24e176e20fb1af7c8791e2670aad5c20
+SHA1 (patch-aq) = 398fbbeca94beb6e4a878941d1b825d0b734e11b
+SHA1 (patch-ar) = c9ad52d94aedd94d7c0e0dc254d02cde5e33b637
diff --git a/x11/XFree86-libs/patches/patch-ak b/x11/XFree86-libs/patches/patch-ak
new file mode 100644
index 00000000000..48a15aca833
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-ak
@@ -0,0 +1,13 @@
+$NetBSD: patch-ak,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/data.c.orig 2002-01-07 13:40:49.000000000 -0600
++++ extras/Xpm/lib/data.c
+@@ -375,7 +375,7 @@ xpmGetCmt(data, cmt)
+ {
+ if (!data->type)
+ *cmt = NULL;
+- else if (data->CommentLength) {
++ else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) {
+ *cmt = (char *) XpmMalloc(data->CommentLength + 1);
+ strncpy(*cmt, data->Comment, data->CommentLength);
+ (*cmt)[data->CommentLength] = '\0';
diff --git a/x11/XFree86-libs/patches/patch-al b/x11/XFree86-libs/patches/patch-al
new file mode 100644
index 00000000000..6145f9d1238
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-al
@@ -0,0 +1,31 @@
+$NetBSD: patch-al,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/hashtab.c.orig 1999-01-11 07:23:11.000000000 -0600
++++ extras/Xpm/lib/hashtab.c
+@@ -135,7 +135,7 @@ HashTableGrows(table)
+ xpmHashTable *table;
+ {
+ xpmHashAtom *atomTable = table->atomTable;
+- int size = table->size;
++ unsigned int size = table->size;
+ xpmHashAtom *t, *p;
+ int i;
+ int oldSize = size;
+@@ -144,6 +144,8 @@ HashTableGrows(table)
+ HASH_TABLE_GROWS
+ table->size = size;
+ table->limit = size / 3;
++ if (size >= SIZE_MAX / sizeof(*atomTable))
++ return (XpmNoMemory);
+ atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
+ if (!atomTable)
+ return (XpmNoMemory);
+@@ -204,6 +206,8 @@ xpmHashTableInit(table)
+ table->size = INITIAL_HASH_SIZE;
+ table->limit = table->size / 3;
+ table->used = 0;
++ if (table->size >= SIZE_MAX / sizeof(*atomTable))
++ return (XpmNoMemory);
+ atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
+ if (!atomTable)
+ return (XpmNoMemory);
diff --git a/x11/XFree86-libs/patches/patch-am b/x11/XFree86-libs/patches/patch-am
new file mode 100644
index 00000000000..9215c09d26c
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-am
@@ -0,0 +1,179 @@
+$NetBSD: patch-am,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/parse.c.orig 2001-10-27 22:32:10.000000000 -0500
++++ extras/Xpm/lib/parse.c
+@@ -44,6 +44,24 @@
+ #include <ctype.h>
+ #include <string.h>
+
++#ifdef HAS_STRLCAT
++# define STRLCAT(dst, src, dstsize) { \
++ if (strlcat(dst, src, dstsize) >= (dstsize)) \
++ return (XpmFileInvalid); }
++# define STRLCPY(dst, src, dstsize) { \
++ if (strlcpy(dst, src, dstsize) >= (dstsize)) \
++ return (XpmFileInvalid); }
++#else
++# define STRLCAT(dst, src, dstsize) { \
++ if ((strlen(dst) + strlen(src)) < (dstsize)) \
++ strcat(dst, src); \
++ else return (XpmFileInvalid); }
++# define STRLCPY(dst, src, dstsize) { \
++ if (strlen(src) < (dstsize)) \
++ strcpy(dst, src); \
++ else return (XpmFileInvalid); }
++#endif
++
+ LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
+ unsigned int height, unsigned int ncolors,
+ unsigned int cpp, XpmColor *colorTable,
+@@ -66,7 +84,7 @@ xpmParseValues(data, width, height, ncol
+ unsigned int *extensions;
+ {
+ unsigned int l;
+- char buf[BUFSIZ];
++ char buf[BUFSIZ + 1];
+
+ if (!data->format) { /* XPM 2 or 3 */
+
+@@ -175,10 +193,10 @@ xpmParseColors(data, ncolors, cpp, color
+ XpmColor **colorTablePtr;
+ xpmHashTable *hashtable;
+ {
+- unsigned int key = 0, l, a, b;
++ unsigned int key = 0, l, a, b, len;
+ unsigned int curkey; /* current color key */
+ unsigned int lastwaskey; /* key read */
+- char buf[BUFSIZ];
++ char buf[BUFSIZ+1];
+ char curbuf[BUFSIZ]; /* current buffer */
+ char **sptr, *s;
+ XpmColor *color;
+@@ -186,6 +204,8 @@ xpmParseColors(data, ncolors, cpp, color
+ char **defaults;
+ int ErrorStatus;
+
++ if (ncolors >= SIZE_MAX / sizeof(XpmColor))
++ return (XpmNoMemory);
+ colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
+ if (!colorTable)
+ return (XpmNoMemory);
+@@ -197,6 +217,10 @@ xpmParseColors(data, ncolors, cpp, color
+ /*
+ * read pixel value
+ */
++ if (cpp >= SIZE_MAX - 1) {
++ xpmFreeColorTable(colorTable, ncolors);
++ return (XpmNoMemory);
++ }
+ color->string = (char *) XpmMalloc(cpp + 1);
+ if (!color->string) {
+ xpmFreeColorTable(colorTable, ncolors);
+@@ -234,13 +258,14 @@ xpmParseColors(data, ncolors, cpp, color
+ }
+ if (!lastwaskey && key < NKEYS) { /* open new key */
+ if (curkey) { /* flush string */
+- s = (char *) XpmMalloc(strlen(curbuf) + 1);
++ len = strlen(curbuf) + 1;
++ s = (char *) XpmMalloc(len);
+ if (!s) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
+ defaults[curkey] = s;
+- strcpy(s, curbuf);
++ memcpy(s, curbuf, len);
+ }
+ curkey = key + 1; /* set new key */
+ *curbuf = '\0'; /* reset curbuf */
+@@ -251,9 +276,9 @@ xpmParseColors(data, ncolors, cpp, color
+ return (XpmFileInvalid);
+ }
+ if (!lastwaskey)
+- strcat(curbuf, " "); /* append space */
++ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
+ buf[l] = '\0';
+- strcat(curbuf, buf);/* append buf */
++ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
+ lastwaskey = 0;
+ }
+ }
+@@ -261,12 +286,13 @@ xpmParseColors(data, ncolors, cpp, color
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmFileInvalid);
+ }
+- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1);
++ len = strlen(curbuf) + 1;
++ s = defaults[curkey] = (char *) XpmMalloc(len);
+ if (!s) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
+- strcpy(s, curbuf);
++ memcpy(s, curbuf, len);
+ }
+ } else { /* XPM 1 */
+ /* get to the beginning of the first string */
+@@ -279,6 +305,10 @@ xpmParseColors(data, ncolors, cpp, color
+ /*
+ * read pixel value
+ */
++ if (cpp >= SIZE_MAX - 1) {
++ xpmFreeColorTable(colorTable, ncolors);
++ return (XpmNoMemory);
++ }
+ color->string = (char *) XpmMalloc(cpp + 1);
+ if (!color->string) {
+ xpmFreeColorTable(colorTable, ncolors);
+@@ -307,16 +337,17 @@ xpmParseColors(data, ncolors, cpp, color
+ *curbuf = '\0'; /* init curbuf */
+ while ((l = xpmNextWord(data, buf, BUFSIZ))) {
+ if (*curbuf != '\0')
+- strcat(curbuf, " ");/* append space */
++ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
+ buf[l] = '\0';
+- strcat(curbuf, buf); /* append buf */
++ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */
+ }
+- s = (char *) XpmMalloc(strlen(curbuf) + 1);
++ len = strlen(curbuf) + 1;
++ s = (char *) XpmMalloc(len);
+ if (!s) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
+- strcpy(s, curbuf);
++ memcpy(s, curbuf, len);
+ color->c_color = s;
+ *curbuf = '\0'; /* reset curbuf */
+ if (a < ncolors - 1)
+@@ -341,6 +372,9 @@ ParsePixels(data, width, height, ncolors
+ unsigned int *iptr, *iptr2;
+ unsigned int a, x, y;
+
++ if ((height > 0 && width >= SIZE_MAX / height) ||
++ width * height >= SIZE_MAX / sizeof(unsigned int))
++ return XpmNoMemory;
+ #ifndef FOR_MSW
+ iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
+ #else
+@@ -364,6 +398,9 @@ ParsePixels(data, width, height, ncolors
+ {
+ unsigned short colidx[256];
+
++ if (ncolors > 256)
++ return (XpmFileInvalid);
++
+ bzero((char *)colidx, 256 * sizeof(short));
+ for (a = 0; a < ncolors; a++)
+ colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
+@@ -442,6 +479,9 @@ if (cidx[f]) XpmFree(cidx[f]);}
+ char *s;
+ char buf[BUFSIZ];
+
++ if (cpp >= sizeof(buf))
++ return (XpmFileInvalid);
++
+ buf[cpp] = '\0';
+ if (USE_HASHTABLE) {
+ xpmHashAtom *slot;
diff --git a/x11/XFree86-libs/patches/patch-an b/x11/XFree86-libs/patches/patch-an
new file mode 100644
index 00000000000..a3c6fd1e4bf
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-an
@@ -0,0 +1,68 @@
+$NetBSD: patch-an,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/scan.c.orig 2002-01-07 13:40:49.000000000 -0600
++++ extras/Xpm/lib/scan.c
+@@ -107,7 +107,8 @@ LFUNC(MSWGetImagePixels, int, (Display *
+ LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp,
+ XpmAttributes *attributes));
+
+-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors,
++LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors,
++ unsigned int ncolors,
+ Pixel *pixels, unsigned int mask,
+ unsigned int cpp, XpmAttributes *attributes));
+
+@@ -232,11 +233,17 @@ XpmCreateXpmImageFromImage(display, imag
+ else
+ cpp = 0;
+
++ if ((height > 0 && width >= SIZE_MAX / height) ||
++ width * height >= SIZE_MAX / sizeof(unsigned int))
++ RETURN(XpmNoMemory);
+ pmap.pixelindex =
+ (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
+ if (!pmap.pixelindex)
+ RETURN(XpmNoMemory);
+
++ if (pmap.size >= SIZE_MAX / sizeof(Pixel))
++ RETURN(XpmNoMemory);
++
+ pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
+ if (!pmap.pixels)
+ RETURN(XpmNoMemory);
+@@ -302,6 +309,8 @@ XpmCreateXpmImageFromImage(display, imag
+ * color
+ */
+
++ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
++ RETURN(XpmNoMemory);
+ colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
+ if (!colorTable)
+ RETURN(XpmNoMemory);
+@@ -360,6 +369,8 @@ ScanTransparentColor(color, cpp, attribu
+
+ /* first get a character string */
+ a = 0;
++ if (cpp >= SIZE_MAX - 1)
++ return (XpmNoMemory);
+ if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
+ return (XpmNoMemory);
+ *s++ = printable[c = a % MAXPRINTABLE];
+@@ -407,7 +418,7 @@ static int
+ ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes)
+ Display *display;
+ XpmColor *colors;
+- int ncolors;
++ unsigned int ncolors;
+ Pixel *pixels;
+ unsigned int mask;
+ unsigned int cpp;
+@@ -451,6 +462,8 @@ ScanOtherColors(display, colors, ncolors
+ }
+
+ /* first get character strings and rgb values */
++ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
++ return (XpmNoMemory);
+ xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
+ if (!xcolors)
+ return (XpmNoMemory);
diff --git a/x11/XFree86-libs/patches/patch-ao b/x11/XFree86-libs/patches/patch-ao
new file mode 100644
index 00000000000..2a6e740dcaa
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-ao
@@ -0,0 +1,30 @@
+$NetBSD: patch-ao,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/Attrib.c.orig 1999-01-11 07:23:09.000000000 -0600
++++ extras/Xpm/lib/Attrib.c
+@@ -35,7 +35,7 @@
+ #include "XpmI.h"
+
+ /* 3.2 backward compatibility code */
+-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors,
++LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
+ XpmColor ***oldct));
+
+ LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
+@@ -46,12 +46,15 @@ LFUNC(FreeOldColorTable, void, (XpmColor
+ static int
+ CreateOldColorTable(ct, ncolors, oldct)
+ XpmColor *ct;
+- int ncolors;
++ unsigned int ncolors;
+ XpmColor ***oldct;
+ {
+ XpmColor **colorTable, **color;
+ int a;
+
++ if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
++ return XpmNoMemory;
++
+ colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
+ if (!colorTable) {
+ *oldct = NULL;
diff --git a/x11/XFree86-libs/patches/patch-ap b/x11/XFree86-libs/patches/patch-ap
new file mode 100644
index 00000000000..d8391259806
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-ap
@@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/CrDatFrI.c.orig 2001-10-27 22:32:09.000000000 -0500
++++ extras/Xpm/lib/CrDatFrI.c
+@@ -124,6 +124,8 @@ XpmCreateDataFromXpmImage(data_return, i
+ */
+ header_nlines = 1 + image->ncolors;
+ header_size = sizeof(char *) * header_nlines;
++ if (header_size >= SIZE_MAX / sizeof(char *))
++ return (XpmNoMemory);
+ header = (char **) XpmCalloc(header_size, sizeof(char *));
+ if (!header)
+ return (XpmNoMemory);
diff --git a/x11/XFree86-libs/patches/patch-aq b/x11/XFree86-libs/patches/patch-aq
new file mode 100644
index 00000000000..436da06043a
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-aq
@@ -0,0 +1,36 @@
+$NetBSD: patch-aq,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/XpmI.h.orig 2003-08-06 09:03:58.000000000 -0500
++++ extras/Xpm/lib/XpmI.h
+@@ -86,6 +86,18 @@ extern FILE *popen();
+ boundCheckingCalloc((long)(nelem),(long) (elsize))
+ #endif
+
++#if defined(SCO) || defined(__USLC__)
++#include <stdint.h> /* For SIZE_MAX */
++#endif
++#include <limits.h>
++#ifndef SIZE_MAX
++# ifdef ULONG_MAX
++# define SIZE_MAX ULONG_MAX
++# else
++# define SIZE_MAX UINT_MAX
++# endif
++#endif
++
+ #define XPMMAXCMTLEN BUFSIZ
+ typedef struct {
+ unsigned int type;
+@@ -187,9 +199,9 @@ typedef struct _xpmHashAtom {
+ } *xpmHashAtom;
+
+ typedef struct {
+- int size;
+- int limit;
+- int used;
++ unsigned int size;
++ unsigned int limit;
++ unsigned int used;
+ xpmHashAtom *atomTable;
+ } xpmHashTable;
+
diff --git a/x11/XFree86-libs/patches/patch-ar b/x11/XFree86-libs/patches/patch-ar
new file mode 100644
index 00000000000..1e0b84c3886
--- /dev/null
+++ b/x11/XFree86-libs/patches/patch-ar
@@ -0,0 +1,53 @@
+$NetBSD: patch-ar,v 1.3 2004/09/16 19:28:56 minskim Exp $
+
+--- extras/Xpm/lib/create.c.orig 2003-10-07 16:25:37.000000000 -0500
++++ extras/Xpm/lib/create.c
+@@ -816,6 +816,9 @@ XpmCreateImageFromXpmImage(display, imag
+
+ ErrorStatus = XpmSuccess;
+
++ if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
++ return (XpmNoMemory);
++
+ /* malloc pixels index tables */
+ image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
+ if (!image_pixels)
+@@ -988,6 +991,8 @@ CreateXImage(display, visual, depth, for
+ return (XpmNoMemory);
+
+ #if !defined(FOR_MSW) && !defined(AMIGA)
++ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
++ return XpmNoMemory;
+ /* now that bytes_per_line must have been set properly alloc data */
+ (*image_return)->data =
+ (char *) XpmMalloc((*image_return)->bytes_per_line * height);
+@@ -2055,6 +2060,9 @@ xpmParseDataAndCreate(display, data, ima
+ xpmGetCmt(data, &colors_cmt);
+
+ /* malloc pixels index tables */
++ if (ncolors >= SIZE_MAX / sizeof(Pixel))
++ return XpmNoMemory;
++
+ image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
+ if (!image_pixels)
+ RETURN(XpmNoMemory);
+@@ -2309,7 +2317,8 @@ ParseAndPutPixels(
+ }
+ obm = SelectObject(*dc, image->bitmap);
+ #endif
+-
++ if (ncolors > 256)
++ return (XpmFileInvalid);
+
+ bzero((char *)colidx, 256 * sizeof(short));
+ for (a = 0; a < ncolors; a++)
+@@ -2415,6 +2424,9 @@ if (cidx[f]) XpmFree(cidx[f]);}
+ char *s;
+ char buf[BUFSIZ];
+
++ if (cpp >= sizeof(buf))
++ return (XpmFileInvalid);
++
+ buf[cpp] = '\0';
+ if (USE_HASHTABLE) {
+ xpmHashAtom *slot;