$NetBSD: patch-an,v 1.1 2005/06/14 18:10:37 jlam Exp $

--- lib/RdFToI.c.orig	1998-03-19 14:51:00.000000000 -0500
+++ lib/RdFToI.c
@@ -32,6 +32,8 @@
 *  Developed by Arnaud Le Hors                                                *
 \*****************************************************************************/
 
+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
+
 #include "XpmI.h"
 #include <sys/stat.h>
 #if !defined(NO_ZPIPE) && defined(WIN32)
@@ -122,6 +124,12 @@ XpmReadFileToXpmImage(filename, image, i
 /*
  * open the given file to be read as an xpmData which is returned.
  */
+#ifndef NO_ZPIPE
+	FILE *s_popen(char *cmd, const char *type);
+#else
+#	define s_popen popen
+#endif
+
 static int
 OpenReadFile(filename, mdata)
     char *filename;
@@ -139,17 +147,21 @@ OpenReadFile(filename, mdata)
 	mdata->type = XPMFILE;
     } else {
 #ifndef NO_ZPIPE
-	int len = strlen(filename);
+	size_t len = strlen(filename);
+
+	if(len == 0                        ||
+	   filename[len-1] == '/')
+		return(XpmOpenFailed);
 	if ((len > 2) && !strcmp(".Z", filename + (len - 2))) {
 	    mdata->type = XPMPIPE;
-	    sprintf(buf, "uncompress -c \"%s\"", filename);
-	    if (!(mdata->stream.file = popen(buf, "r")))
+	    snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", filename);
+	    if (!(mdata->stream.file = s_popen(buf, "r")))
 		return (XpmOpenFailed);
 
 	} else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) {
 	    mdata->type = XPMPIPE;
-	    sprintf(buf, "gunzip -qc \"%s\"", filename);
-	    if (!(mdata->stream.file = popen(buf, "r")))
+	    snprintf(buf, sizeof(buf), "gunzip -qc \"%s\"", filename);
+	    if (!(mdata->stream.file = s_popen(buf, "r")))
 		return (XpmOpenFailed);
 
 	} else {
@@ -157,19 +169,19 @@ OpenReadFile(filename, mdata)
 	    if (!(compressfile = (char *) XpmMalloc(len + 4)))
 		return (XpmNoMemory);
 
-	    sprintf(compressfile, "%s.Z", filename);
+	    snprintf(compressfile, len+4, "%s.Z", filename);
 	    if (!stat(compressfile, &status)) {
-		sprintf(buf, "uncompress -c \"%s\"", compressfile);
-		if (!(mdata->stream.file = popen(buf, "r"))) {
+		snprintf(buf, sizeof(buf), "uncompress -c \"%s\"", compressfile);
+		if (!(mdata->stream.file = s_popen(buf, "r"))) {
 		    XpmFree(compressfile);
 		    return (XpmOpenFailed);
 		}
 		mdata->type = XPMPIPE;
 	    } else {
-		sprintf(compressfile, "%s.gz", filename);
+		snprintf(compressfile, len+4, "%s.gz", filename);
 		if (!stat(compressfile, &status)) {
-		    sprintf(buf, "gunzip -c \"%s\"", compressfile);
-		    if (!(mdata->stream.file = popen(buf, "r"))) {
+		    snprintf(buf, sizeof(buf), "gunzip -c \"%s\"", compressfile);
+		    if (!(mdata->stream.file = s_popen(buf, "r"))) {
 			XpmFree(compressfile);
 			return (XpmOpenFailed);
 		    }
@@ -215,7 +227,7 @@ xpmDataClose(mdata)
 	break;
 #ifndef NO_ZPIPE
     case XPMPIPE:
-	pclose(mdata->stream.file);
+	fclose(mdata->stream.file);
 	break;
 #endif
     }