File openmotif-xpm.diff of Package openmotif22-libs
--- lib/Xm/XpmAttrib.c
+++ lib/Xm/XpmAttrib.c
@@ -41,7 +41,7 @@
#include "XpmI.h"
/* 3.2 backward compatibility code */
-LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
+LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors,
XpmColor ***oldct));
LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
@@ -52,15 +52,12 @@
static int
CreateOldColorTable(ct, ncolors, oldct)
XpmColor *ct;
- unsigned int ncolors;
+ int ncolors;
XpmColor ***oldct;
{
XpmColor **colorTable, **color;
int a;
- if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
- return XpmNoMemory;
-
colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
if (!colorTable) {
*oldct = NULL;
--- lib/Xm/XpmCrBufFrI.c
+++ lib/Xm/XpmCrBufFrI.c
@@ -43,20 +43,20 @@
#include "XpmI.h"
-LFUNC(WriteColors, int, (char **dataptr, unsigned int *data_size,
- unsigned int *used_size, XpmColor *colors,
+LFUNC(WriteColors, int, (char **dataptr, size_t *data_size,
+ size_t *used_size, XpmColor *colors,
unsigned int ncolors, unsigned int cpp));
-LFUNC(WritePixels, void, (char *dataptr, unsigned int *used_size,
+LFUNC(WritePixels, void, (char *dataptr, size_t *used_size,
unsigned int width, unsigned int height,
unsigned int cpp, unsigned int *pixels,
XpmColor *colors));
-LFUNC(WriteExtensions, void, (char *dataptr, unsigned int *used_size,
+LFUNC(WriteExtensions, void, (char *dataptr, size_t *used_size,
XpmExtension *ext, unsigned int num));
-LFUNC(ExtensionsSize, int, (XpmExtension *ext, unsigned int num));
-LFUNC(CommentsSize, int, (XpmInfo *info));
+LFUNC(ExtensionsSize, size_t, (XpmExtension *ext, unsigned int num));
+LFUNC(CommentsSize, size_t, (XpmInfo *info));
int
XpmCreateBufferFromImage(display, buffer_return, image, shapeimage, attributes)
@@ -113,10 +113,11 @@
/* calculation variables */
int ErrorStatus;
char buf[BUFSIZ];
- unsigned int cmts, extensions, ext_size = 0;
- unsigned int l, cmt_size = 0;
+ unsigned int cmts, extensions;
+ size_t ext_size = 0;
+ size_t l, cmt_size = 0;
char *ptr = NULL, *p;
- unsigned int ptr_size, used_size;
+ size_t ptr_size, used_size;
*buffer_return = NULL;
@@ -253,8 +254,8 @@
static int
WriteColors(dataptr, data_size, used_size, colors, ncolors, cpp)
char **dataptr;
- unsigned int *data_size;
- unsigned int *used_size;
+ size_t *data_size;
+ size_t *used_size;
XpmColor *colors;
unsigned int ncolors;
unsigned int cpp;
@@ -299,7 +300,7 @@
static void
WritePixels(dataptr, used_size, width, height, cpp, pixels, colors)
char *dataptr;
- unsigned int *used_size;
+ size_t *used_size;
unsigned int width;
unsigned int height;
unsigned int cpp;
@@ -329,12 +330,13 @@
*used_size += s - dataptr;
}
-static int
+static size_t
ExtensionsSize(ext, num)
XpmExtension *ext;
unsigned int num;
{
- unsigned int x, y, a, size;
+ unsigned int x, y, a;
+ size_t size;
char **line;
size = 0;
@@ -353,7 +355,7 @@
static void
WriteExtensions(dataptr, used_size, ext, num)
char *dataptr;
- unsigned int *used_size;
+ size_t *used_size;
XpmExtension *ext;
unsigned int num;
{
@@ -384,11 +386,11 @@
*used_size += s - dataptr + 13;
}
-static int
+static size_t
CommentsSize(info)
XpmInfo *info;
{
- int size = 0;
+ size_t size = 0;
/* 5 = 2 (for "/_*") + 3 (for "*_/\n") */
if (info->hints_cmt)
--- lib/Xm/XpmCrDatFrI.c
+++ lib/Xm/XpmCrDatFrI.c
@@ -134,8 +134,6 @@
*/
header_nlines = 1 + image->ncolors;
header_size = sizeof(char *) * header_nlines;
- if (header_size >= SIZE_MAX / sizeof(char *))
- return (XpmNoMemory);
header = (char **) XpmCalloc(header_size, sizeof(char *));
if (!header)
return (XpmNoMemory);
--- lib/Xm/XpmI.h
+++ lib/Xm/XpmI.h
@@ -179,26 +179,14 @@
boundCheckingCalloc((long)(nelem),(long) (elsize))
#endif
-#if defined(SCO) || defined(__USLC__)
-#include <stdint.h> /* For SIZE_MAX */
-#endif
-#include <limits.h>
-#ifndef SIZE_MAX
-# ifdef ULONG_MAX
-# define SIZE_MAX ULONG_MAX
-# else
-# define SIZE_MAX UINT_MAX
-# endif
-#endif
-
#define XPMMAXCMTLEN BUFSIZ
typedef struct {
unsigned int type;
union {
FILE *file;
- char **data;
+ unsigned char **data;
} stream;
- char *cptr;
+ unsigned char *cptr;
unsigned int line;
int CommentLength;
char Comment[XPMMAXCMTLEN];
@@ -288,9 +276,9 @@
} *xpmHashAtom;
typedef struct {
- unsigned int size;
- unsigned int limit;
- unsigned int used;
+ int size;
+ int limit;
+ int used;
xpmHashAtom *atomTable;
} xpmHashTable;
--- lib/Xm/XpmRdFToI.c
+++ lib/Xm/XpmRdFToI.c
@@ -124,6 +124,27 @@
return (ErrorStatus);
}
+
+/* Quote filename and prepend prefix. */
+static char *quote_file(prefix, filename, len)
+ const char *prefix, *filename;
+ size_t len;
+{
+ char *buf = XpmMalloc(strlen(prefix) + len * 2 + 1);
+ char *p = buf, *q;
+
+ if (!buf)
+ return 0;
+ strcpy(p, prefix);
+ p += strlen(p);
+ for (q = filename; *q; q++) {
+ *p++ = '\\';
+ *p++ = *q;
+ }
+ return buf;
+}
+
+
/*
* open the given file to be read as an xpmData which is returned.
*/
@@ -133,7 +154,7 @@
xpmData *mdata;
{
#ifndef NO_ZPIPE
- char *compressfile, buf[(2*MAXPATHLEN) + 1];
+ char *compressfile, *buf;
# ifdef STAT_ZFILE
struct stat status;
# endif
@@ -144,17 +165,25 @@
mdata->type = XPMFILE;
} else {
#ifndef NO_ZPIPE
- int len = strlen(filename);
+ size_t len = strlen(filename);
if ((len > 2) && !strcmp(".Z", filename + (len - 2))) {
mdata->type = XPMPIPE;
- sprintf(buf, "uncompress -c \"%s\"", filename);
- if (!(mdata->stream.file = popen(buf, "r")))
+ buf = quote_file("uncompress -c ", filename, len);
+ if (!buf)
+ return (XpmNoMemory);
+ mdata->stream.file = popen(buf, "r");
+ XpmFree(buf);
+ if (!mdata->stream.file)
return (XpmOpenFailed);
} else if ((len > 3) && !strcmp(".gz", filename + (len - 3))) {
mdata->type = XPMPIPE;
- sprintf(buf, "gunzip -qc \"%s\"", filename);
- if (!(mdata->stream.file = popen(buf, "r")))
+ buf = quote_file("gunzip -qc ", filename, len);
+ if (!buf)
+ return (XpmNoMemory);
+ mdata->stream.file = popen(buf, "r");
+ XpmFree(buf);
+ if (!mdata->stream.file)
return (XpmOpenFailed);
} else {
@@ -164,28 +193,32 @@
sprintf(compressfile, "%s.Z", filename);
if (!stat(compressfile, &status)) {
- sprintf(buf, "uncompress -c \"%s\"", compressfile);
- if (!(mdata->stream.file = popen(buf, "r"))) {
- XpmFree(compressfile);
+ buf = quote_file("uncompress -c ", compressfile, len + 2);
+ XpmFree(compressfile);
+ if (!buf)
+ return (XpmNoMemory);
+ mdata->stream.file = popen(buf, "r");
+ XpmFree(buf);
+ if (!mdata->stream.file)
return (XpmOpenFailed);
- }
mdata->type = XPMPIPE;
} else {
sprintf(compressfile, "%s.gz", filename);
if (!stat(compressfile, &status)) {
- sprintf(buf, "gunzip -c \"%s\"", compressfile);
- if (!(mdata->stream.file = popen(buf, "r"))) {
- XpmFree(compressfile);
+ buf = quote_file("gunzip -c ", compressfile, len + 3);
+ XpmFree(compressfile);
+ if (!buf)
+ return (XpmNoMemory);
+ mdata->stream.file = popen(buf, "r");
+ XpmFree(buf);
+ if (!mdata->stream.file)
return (XpmOpenFailed);
- }
mdata->type = XPMPIPE;
} else {
+ XpmFree(compressfile);
# endif
#endif
if (!(mdata->stream.file = fopen(filename, "r"))) {
-#if !defined(NO_ZPIPE) && defined(STAT_ZFILE)
- XpmFree(compressfile);
-#endif
return (XpmOpenFailed);
}
mdata->type = XPMFILE;
@@ -193,7 +226,6 @@
# ifdef STAT_ZFILE
}
}
- XpmFree(compressfile);
# endif
}
#endif
--- lib/Xm/XpmWrFFrI.c
+++ lib/Xm/XpmWrFFrI.c
@@ -117,7 +117,8 @@
#endif
/* let's try to make a valid C syntax name */
if ((dot = index(name, '.'))) {
- strcpy(new_name, name);
+ strncpy(new_name, name, sizeof(new_name));
+ new_name[sizeof(new_name) - 1] = 0;
/* change '.' to '_' */
name = s = new_name;
while ((dot = index(s, '.'))) {
@@ -127,7 +128,8 @@
}
if ((dot = index(name, '-'))) {
if (name != new_name) {
- strcpy(new_name, name);
+ strncpy(new_name, name, sizeof(new_name));
+ new_name[sizeof(new_name) - 1] = 0;
name = new_name;
}
/* change '-' to '_' */
@@ -243,10 +245,13 @@
char *s, *p, *buf;
unsigned int x, y, h;
+ if (height == 0)
+ return XpmFileInvalid;
+
h = height - 1;
- if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
+ if (cpp != 0 && width >= ((size_t)-1 - 3)/cpp)
return XpmNoMemory;
- p = buf = (char *) XpmMalloc(width * cpp + 3);
+ p = buf = (char *) XpmMalloc((size_t)width * cpp + 3);
if (!buf)
return (XpmNoMemory);
*buf = '"';
@@ -293,6 +298,25 @@
fprintf(file, ",\n\"XPMENDEXT\"");
}
+/* Quote filename and prepend prefix. */
+static char *quote_file(prefix, filename, len)
+ const char *prefix, *filename;
+ size_t len;
+{
+ char *buf = XpmMalloc(strlen(prefix) + len * 2 + 1);
+ char *p = buf, *q;
+
+ if (!buf)
+ return 0;
+ strcpy(p, prefix);
+ p += strlen(p);
+ for (q = filename; *q; q++) {
+ *p++ = '\\';
+ *p++ = *q;
+ }
+ return buf;
+}
+
/*
* open the given file to be written as an xpmData which is returned
*/
@@ -302,7 +326,7 @@
xpmData *mdata;
{
#ifndef NO_ZPIPE
- char buf[BUFSIZ];
+ char *buf;
#endif
@@ -311,16 +335,24 @@
mdata->type = XPMFILE;
} else {
#ifndef NO_ZPIPE
- int len = strlen(filename);
+ size_t len = strlen(filename);
if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
- sprintf(buf, "compress > \"%s\"", filename);
- if (!(mdata->stream.file = popen(buf, "w")))
+ buf = quote_file("compress > ", filename, len);
+ if (!buf)
+ return XpmNoMemory;
+ mdata->stream.file = popen(buf, "w");
+ XpmFree(buf);
+ if (!mdata->stream.file)
return (XpmOpenFailed);
mdata->type = XPMPIPE;
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
- sprintf(buf, "gzip -q > \"%s\"", filename);
- if (!(mdata->stream.file = popen(buf, "w")))
+ buf = quote_file("gzip -q > ", filename, len);
+ if (!buf)
+ return XpmNoMemory;
+ mdata->stream.file = popen(buf, "w");
+ XpmFree(buf);
+ if (!mdata->stream.file)
return (XpmOpenFailed);
mdata->type = XPMPIPE;
--- lib/Xm/Xpmcreate.c
+++ lib/Xm/Xpmcreate.c
@@ -804,9 +804,6 @@
ErrorStatus = XpmSuccess;
- if (image->ncolors >= SIZE_MAX / sizeof(Pixel))
- return (XpmNoMemory);
-
/* malloc pixels index tables */
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
if (!image_pixels)
@@ -950,8 +947,6 @@
return (XpmNoMemory);
#ifndef FOR_MSW
- if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height)
- return (XpmNoMemory);
/* now that bytes_per_line must have been set properly alloc data */
(*image_return)->data =
(char *) XpmMalloc((*image_return)->bytes_per_line * height);
@@ -1997,9 +1992,6 @@
xpmGetCmt(data, &colors_cmt);
/* malloc pixels index tables */
- if (ncolors >= SIZE_MAX / sizeof(Pixel))
- return XpmNoMemory;
-
image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors);
if (!image_pixels)
RETURN(XpmNoMemory);
@@ -2215,9 +2207,6 @@
{
unsigned short colidx[256];
- if (ncolors > 256)
- return (XpmFileInvalid);
-
bzero((char *)colidx, 256 * sizeof(short));
for (a = 0; a < ncolors; a++)
colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
@@ -2316,9 +2305,6 @@
char *s;
char buf[BUFSIZ];
- if (cpp >= sizeof(buf))
- return (XpmFileInvalid);
-
buf[cpp] = '\0';
if (USE_HASHTABLE) {
xpmHashAtom *slot;
--- lib/Xm/Xpmdata.c
+++ lib/Xm/Xpmdata.c
@@ -297,7 +297,7 @@
if (!mdata->type || mdata->type == XPMBUFFER) {
if (mdata->cptr) {
- char *start = mdata->cptr;
+ unsigned char *start = mdata->cptr;
while ((c = *mdata->cptr) && c != mdata->Eos)
mdata->cptr++;
n = mdata->cptr - start + 1;
@@ -376,7 +376,7 @@
{
if (!mdata->type)
*cmt = NULL;
- else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
+ else if (mdata->CommentLength) {
*cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
strncpy(*cmt, mdata->Comment, mdata->CommentLength);
(*cmt)[mdata->CommentLength] = '\0';
--- lib/Xm/Xpmhashtab.c
+++ lib/Xm/Xpmhashtab.c
@@ -141,17 +141,17 @@
xpmHashTable *table;
{
xpmHashAtom *atomTable = table->atomTable;
- unsigned int size = table->size;
+ int size = table->size;
xpmHashAtom *t, *p;
int i;
int oldSize = size;
t = atomTable;
HASH_TABLE_GROWS
- table->size = size;
- table->limit = size / 3;
- if (size >= SIZE_MAX / sizeof(*atomTable))
+ if (size <= 0)
return (XpmNoMemory);
+ table->size = size;
+ table->limit = size / 3;
atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable));
if (!atomTable)
return (XpmNoMemory);
@@ -212,8 +212,6 @@
table->size = INITIAL_HASH_SIZE;
table->limit = table->size / 3;
table->used = 0;
- if (table->size >= SIZE_MAX / sizeof(*atomTable))
- return (XpmNoMemory);
atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
if (!atomTable)
return (XpmNoMemory);
--- lib/Xm/Xpmmisc.c
+++ lib/Xm/Xpmmisc.c
@@ -52,7 +52,7 @@
char *s1;
{
char *s2;
- int l = strlen(s1) + 1;
+ size_t l = strlen(s1) + 1;
if (s2 = (char *) XpmMalloc(l))
strcpy(s2, s1);
--- lib/Xm/Xpmparse.c
+++ lib/Xm/Xpmparse.c
@@ -46,25 +46,6 @@
#include "XpmI.h"
#include <ctype.h>
-#include <string.h>
-
-#ifdef HAS_STRLCAT
-# define STRLCAT(dst, src, dstsize) { \
- if (strlcat(dst, src, dstsize) >= (dstsize)) \
- return (XpmFileInvalid); }
-# define STRLCPY(dst, src, dstsize) { \
- if (strlcpy(dst, src, dstsize) >= (dstsize)) \
- return (XpmFileInvalid); }
-#else
-# define STRLCAT(dst, src, dstsize) { \
- if ((strlen(dst) + strlen(src)) < (dstsize)) \
- strcat(dst, src); \
- else return (XpmFileInvalid); }
-# define STRLCPY(dst, src, dstsize) { \
- if (strlen(src) < (dstsize)) \
- strcpy(dst, src); \
- else return (XpmFileInvalid); }
-#endif
LFUNC(ParsePixels, int, (xpmData *data, unsigned int width,
unsigned int height, unsigned int ncolors,
@@ -234,7 +215,7 @@
unsigned int *extensions;
{
unsigned int l;
- char buf[BUFSIZ + 1];
+ char buf[BUFSIZ];
if (!data->format) { /* XPM 2 or 3 */
@@ -332,6 +313,17 @@
*hotspot = 0;
*extensions = 0;
}
+
+ /* Do some plausibility checks. */
+ if (*width == 0 || *height == 0 || *ncolors == 0 || *cpp == 0)
+ return XpmFileInvalid;
+ if (*cpp > 8)
+ return XpmFileInvalid;
+ if (*width > (1 << (sizeof(int) * 8 - 4)) / *height)
+ return XpmFileInvalid;
+ if (*ncolors > (1 << (sizeof(int) * 8 - 4)) / (*width * *height))
+ return XpmFileInvalid;
+
return (XpmSuccess);
}
@@ -343,10 +335,10 @@
XpmColor **colorTablePtr;
xpmHashTable *hashtable;
{
- unsigned int key, l, a, b, len;
+ unsigned int key, l, a, b;
unsigned int curkey; /* current color key */
unsigned int lastwaskey; /* key read */
- char buf[BUFSIZ + 1];
+ char buf[BUFSIZ];
char curbuf[BUFSIZ]; /* current buffer */
char **sptr, *s;
XpmColor *color;
@@ -354,8 +346,6 @@
char **defaults;
int ErrorStatus;
- if (ncolors >= SIZE_MAX / sizeof(XpmColor))
- return (XpmNoMemory);
colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor));
if (!colorTable)
return (XpmNoMemory);
@@ -367,10 +357,6 @@
/*
* read pixel value
*/
- if (cpp >= SIZE_MAX - 1) {
- xpmFreeColorTable(colorTable, ncolors);
- return (XpmNoMemory);
- }
color->string = (char *) XpmMalloc(cpp + 1);
if (!color->string) {
xpmFreeColorTable(colorTable, ncolors);
@@ -408,14 +394,13 @@
}
if (!lastwaskey && key < NKEYS) { /* open new key */
if (curkey) { /* flush string */
- len = strlen(curbuf) + 1;
- s = (char *) XpmMalloc(len);
+ s = (char *) XpmMalloc(strlen(curbuf) + 1);
if (!s) {
xpmFreeColorTable(colorTable, ncolors);
return (XpmNoMemory);
}
defaults[curkey] = s;
- memcpy(s, curbuf, len);
+ strcpy(s, curbuf);
}
curkey = key + 1; /* set new key */
*curbuf = '\0'; /* reset curbuf */
@@ -425,10 +410,14 @@
xpmFreeColorTable(colorTable, ncolors);
return (XpmFileInvalid);
}
+ if (strlen(curbuf) + l + 2 >= sizeof(curbuf)) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
if (!lastwaskey)
- STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */
+ strcat(curbuf, " "); /* append space */
buf[l] = '\0';
- STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */
+ strcat(curbuf, buf);/* append buf */
lastwaskey = 0;
}
}
@@ -436,13 +425,12 @@
xpmFreeColorTable(colorTable, ncolors);
return (XpmFileInvalid);
}
- len = strlen(curbuf) + 1;
- s = defaults[curkey] = (char *) XpmMalloc(len);
+ s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1);
if (!s) {
xpmFreeColorTable(colorTable, ncolors);
return (XpmNoMemory);
}
- memcpy(s, curbuf, len);
+ strcpy(s, curbuf);
}
} else { /* XPM 1 */
/* get to the beginning of the first string */
@@ -455,10 +443,6 @@
/*
* read pixel value
*/
- if (cpp >= SIZE_MAX - 1) {
- xpmFreeColorTable(colorTable, ncolors);
- return (XpmNoMemory);
- }
color->string = (char *) XpmMalloc(cpp + 1);
if (!color->string) {
xpmFreeColorTable(colorTable, ncolors);
@@ -486,18 +470,21 @@
xpmNextString(data); /* get to the next string */
*curbuf = '\0'; /* init curbuf */
while ((l = xpmNextWord(data, buf, BUFSIZ))) {
+ if (strlen(curbuf) + l + 2 >= sizeof(curbuf)) {
+ xpmFreeColorTable(colorTable, ncolors);
+ return (XpmNoMemory);
+ }
if (*curbuf != '\0')
- STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */
+ strcat(curbuf, " ");/* append space */
buf[l] = '\0';
- STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */
+ strcat(curbuf, buf); /* append buf */
}
- len = strlen(curbuf) + 1;
- s = (char *) XpmMalloc(len);
+ s = (char *) XpmMalloc(strlen(curbuf) + 1);
if (!s) {
xpmFreeColorTable(colorTable, ncolors);
return (XpmNoMemory);
}
- memcpy(s, curbuf, len);
+ strcpy(s, curbuf);
color->c_color = s;
*curbuf = '\0'; /* reset curbuf */
if (a < ncolors - 1)
@@ -522,9 +509,6 @@
unsigned int *iptr, *iptr2;
unsigned int a, x, y;
- if ((height > 0 && width >= SIZE_MAX / height) ||
- width * height >= SIZE_MAX / sizeof(unsigned int))
- return XpmNoMemory;
#ifndef FOR_MSW
iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height);
#else
@@ -548,9 +532,6 @@
{
unsigned short colidx[256];
- if (ncolors > 256)
- return (XpmFileInvalid);
-
bzero((char *)colidx, 256 * sizeof(short));
for (a = 0; a < ncolors; a++)
colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
@@ -585,7 +566,7 @@
bzero((char *)cidx, 256 * sizeof(unsigned short *)); /* init */
for (a = 0; a < ncolors; a++) {
- char1 = colorTable[a].string[0];
+ char1 = (unsigned char)colorTable[a].string[0];
if (cidx[char1] == NULL) { /* get new memory */
cidx[char1] = (unsigned short *)
XpmCalloc(256, sizeof(unsigned short));
@@ -628,9 +609,6 @@
char *s;
char buf[BUFSIZ];
- if (cpp >= sizeof(buf))
- return (XpmFileInvalid);
-
buf[cpp] = '\0';
if (USE_HASHTABLE) {
xpmHashAtom *slot;
--- lib/Xm/Xpmscan.c
+++ lib/Xm/Xpmscan.c
@@ -98,8 +98,7 @@
LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp,
XpmAttributes *attributes));
-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors,
- unsigned int ncolors,
+LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors,
Pixel *pixels, unsigned int mask,
unsigned int cpp, XpmAttributes *attributes));
@@ -226,17 +225,11 @@
else
cpp = 0;
- if ((height > 0 && width >= SIZE_MAX / height) ||
- width * height >= SIZE_MAX / sizeof(unsigned int))
- RETURN(XpmNoMemory);
pmap.pixelindex =
(unsigned int *) XpmCalloc(width * height, sizeof(unsigned int));
if (!pmap.pixelindex)
RETURN(XpmNoMemory);
- if (pmap.size >= SIZE_MAX / sizeof(Pixel))
- RETURN(XpmNoMemory);
-
pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size);
if (!pmap.pixels)
RETURN(XpmNoMemory);
@@ -291,8 +284,7 @@
* get rgb values and a string of char, and possibly a name for each
* color
*/
- if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor))
- RETURN(XpmNoMemory);
+
colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor));
if (!colorTable)
RETURN(XpmNoMemory);
@@ -340,8 +332,6 @@
/* first get a character string */
a = 0;
- if (cpp >= SIZE_MAX - 1)
- return (XpmNoMemory);
if (!(s = color->string = (char *) XpmMalloc(cpp + 1)))
return (XpmNoMemory);
*s++ = printable[c = a % MAXPRINTABLE];
@@ -389,7 +379,7 @@
ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes)
Display *display;
XpmColor *colors;
- unsigned int ncolors;
+ int ncolors;
Pixel *pixels;
unsigned int mask;
unsigned int cpp;
@@ -433,8 +423,6 @@
}
/* first get character strings and rgb values */
- if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1)
- return (XpmNoMemory);
xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
if (!xcolors)
return (XpmNoMemory);