File Xaw3d-1.5E-secure.patch of Package xaw3d
--- AsciiSrcP.h
+++ AsciiSrcP.h 2003-05-19 17:11:59.000000000 +0200
@@ -85,7 +85,11 @@
#ifdef L_tmpnam
#define TMPSIZ L_tmpnam
#else
-#define TMPSIZ 32 /* bytes to allocate for tmpnam */
+#ifdef PATH_MAX
+#define TMPSIZ PATH_MAX
+#else
+#define TMPSIZ 1024 /* bytes to allocate for tmpnam */
+#endif
#endif
#define MAGIC_VALUE ((XawTextPosition) -1) /* Magic value. */
--- Layout.c
+++ Layout.c 2003-05-19 17:14:03.000000000 +0200
@@ -39,6 +39,8 @@
# include <X11/Xaw3d/LayoutP.h>
#endif
+#include "XawAlloc.h"
+
#include <ctype.h>
#include <stdio.h>
@@ -595,10 +597,18 @@
nexpr = LookupVariable (box, expr->u.variable);
if (!nexpr)
{
- char buf[256];
- (void) sprintf (buf, "Layout: undefined variable %s\n",
- XrmQuarkToString (expr->u.variable));
- XtError (buf);
+ char *pvar = XrmQuarkToString (expr->u.variable);
+ char *msg = "Layout: undefined variable ";
+ int len = strlen(msg) + strlen(pvar) + 2;
+ char *pbuf, buf[256];
+
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf != NULL)
+ {
+ sprintf(pbuf, "%s%s\n", msg, pvar);
+ XtError (buf);
+ XtStackFree(pbuf, buf);
+ }
return 0.0;
}
return Evaluate (l, box, nexpr, natural);
--- MenuButton.c
+++ MenuButton.c 2003-05-19 17:11:59.000000000 +0200
@@ -53,6 +53,8 @@
#include <X11/Xaw3d/XawInit.h>
#include <X11/Xaw3d/MenuButtoP.h>
+#include "XawAlloc.h"
+
static void ClassInitialize();
static void PopupMenu();
@@ -179,9 +181,16 @@
if (menu == NULL) {
char error_buf[BUFSIZ];
- (void) sprintf(error_buf, "MenuButton: %s %s.",
- "Could not find menu widget named", mbw->menu_button.menu_name);
- XtAppWarning(XtWidgetToApplicationContext(w), error_buf);
+ char *err1 = "MenuButton: Could not find menu widget named ";
+ char *perr;
+ int len;
+
+ len = strlen(err1) + strlen(mbw->menu_button.menu_name) + 1 + 1;
+ perr = XtStackAlloc(len, error_buf);
+ if (perr == NULL) return;
+ sprintf(perr, "%s%s.", err1, mbw->menu_button.menu_name);
+ XtAppWarning(XtWidgetToApplicationContext(w), perr);
+ XtStackFree(perr, error_buf);
return;
}
if (!XtIsRealized(menu))
--- MultiSrcP.h
+++ MultiSrcP.h 2003-05-19 17:11:59.000000000 +0200
@@ -113,7 +113,11 @@
#ifdef L_tmpnam
#define TMPSIZ L_tmpnam
#else
-#define TMPSIZ 32 /* bytes to allocate for tmpnam */
+#ifdef PATH_MAX
+#define TMPSIZ PATH_MAX
+#else
+#define TMPSIZ 1024 /* bytes to allocate for tmpnam */
+#endif
#endif
#define MAGIC_VALUE ((XawTextPosition) -1) /* Magic value. */
--- Simple.c
+++ Simple.c 2003-05-19 17:11:59.000000000 +0200
@@ -56,6 +56,8 @@
#include <X11/Xaw3d/SimpleP.h>
#include <X11/Xmu/Drawing.h>
+#include "XawAlloc.h"
+
#define offset(field) XtOffsetOf(SimpleRec, simple.field)
static XtResource resources[] = {
@@ -148,11 +150,17 @@
if (c->simple_class.change_sensitive == NULL) {
char buf[BUFSIZ];
-
- (void) sprintf(buf,
- "%s Widget: The Simple Widget class method 'change_sensitive' is undefined.\nA function must be defined or inherited.",
- c->core_class.class_name);
- XtWarning(buf);
+ char *pbuf;
+ char *msg1 = " Widget: The Simple Widget class method 'change_sensitive' is undefined.\nA function must be defined or inherited.";
+ int len;
+
+ len = strlen(msg1) + strlen(c->core_class.class_name) + 1;
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf != NULL) {
+ sprintf(pbuf, "%s%s", c->core_class.class_name, msg1);
+ XtWarning(pbuf);
+ XtStackFree(pbuf, buf);
+ }
c->simple_class.change_sensitive = ChangeSensitive;
}
--- SimpleMenu.c
+++ SimpleMenu.c 2003-05-19 17:11:59.000000000 +0200
@@ -51,6 +51,8 @@
#include <X11/Xmu/Initer.h>
#include <X11/Xmu/CharSet.h>
+#include "XawAlloc.h"
+
#define streq(a, b) ( strcmp((a), (b)) == 0 )
#define offset(field) XtOffsetOf(SimpleMenuRec, simple_menu.field)
@@ -755,9 +757,17 @@
if ( (menu = FindMenu(w, params[0])) == NULL) {
char error_buf[BUFSIZ];
- (void) sprintf(error_buf, "%s '%s'",
- "Xaw - SimpleMenuWidget: could not find menu named: ", params[0]);
- XtAppWarning(XtWidgetToApplicationContext(w), error_buf);
+ char *err1 = "Xaw - SimpleMenuWidget: could not find menu named: ";
+ char *perr;
+ int len;
+
+ len = strlen(err1) + strlen(params[0]) + 2 + 1;
+ perr = XtStackAlloc(len, error_buf);
+ if (perr == NULL)
+ return;
+ sprintf(perr, "%s'%s'", err1, params[0]);
+ XtAppWarning(XtWidgetToApplicationContext(w), perr);
+ XtStackFree(perr, error_buf);
return;
}
--- SmeBSB.c
+++ SmeBSB.c 2003-05-19 17:11:59.000000000 +0200
@@ -51,6 +51,7 @@
#include <X11/Xaw3d/SmeBSBP.h>
#include <X11/Xaw3d/Cardinals.h>
#include <stdio.h>
+#include "XawAlloc.h"
/* needed for abs() */
#ifndef X_NOT_STDC_ENV
@@ -712,6 +713,8 @@
int x, y;
unsigned int width, height, bw;
char buf[BUFSIZ];
+ char *pbuf;
+ int len;
if (is_left) {
width = height = 0;
@@ -720,18 +723,24 @@
if (!XGetGeometry(XtDisplayOfObject(w),
entry->sme_bsb.left_bitmap, &root, &x, &y,
&width, &height, &bw, &entry->sme_bsb.left_depth)) {
- (void) sprintf(buf, "Xaw SmeBSB Object: %s %s \"%s\".",
- "Could not get Left Bitmap",
- "geometry information for menu entry",
- XtName(w));
- XtAppError(XtWidgetToApplicationContext(w), buf);
+ char *err1 = "Xaw SmeBSB Object: Could not get Left Bitmap geometry information for menu entry ";
+ len = strlen(err1) + strlen(XtName(w)) + 3 + 1;
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf == NULL) return;
+ sprintf(pbuf, "%s\"%s\".", err1, XtName(w));
+ XtAppError(XtWidgetToApplicationContext(w), pbuf);
+ XtStackFree(pbuf, buf);
}
#ifdef NEVER
if (entry->sme_bsb.left_depth != 1) {
- (void) sprintf(buf, "Xaw SmeBSB Object: %s \"%s\" %s.",
- "Left Bitmap of entry", XtName(w),
- "is not one bit deep");
- XtAppError(XtWidgetToApplicationContext(w), buf);
+ char *err1 = "Xaw SmeBSB Object: Left Bitmap of entry ";
+ char *err2 = " is not one bit deep.";
+ len = strlen(err1) + strlen(err2) + strlen(XtName(w)) + 2 + 1;
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf == NULL) return;
+ sprintf(pbuf, "%s\"%s\"%s", err1, XtName(w), err2);
+ XtAppError(XtWidgetToApplicationContext(w), pbuf);
+ XtStackFree(pbuf, buf);
}
#endif
}
@@ -745,18 +754,24 @@
if (!XGetGeometry(XtDisplayOfObject(w),
entry->sme_bsb.right_bitmap, &root, &x, &y,
&width, &height, &bw, &entry->sme_bsb.right_depth)) {
- (void) sprintf(buf, "Xaw SmeBSB Object: %s %s \"%s\".",
- "Could not get Right Bitmap",
- "geometry information for menu entry",
- XtName(w));
- XtAppError(XtWidgetToApplicationContext(w), buf);
+ char *err1 = "Xaw SmeBSB Object: Could not get Right Bitmap geometry information for menu entry ";
+ len = strlen(err1) + strlen(XtName(w)) + 3 + 1;
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf == NULL) return;
+ sprintf(pbuf, "%s\"%s\".", err1, XtName(w));
+ XtAppError(XtWidgetToApplicationContext(w), pbuf);
+ XtStackFree(pbuf, buf);
}
#ifdef NEVER
if (entry->sme_bsb.right_depth != 1) {
- (void) sprintf(buf, "Xaw SmeBSB Object: %s \"%s\" %s.",
- "Right Bitmap of entry", XtName(w),
- "is not one bit deep");
- XtAppError(XtWidgetToApplicationContext(w), buf);
+ char *err1 = "Xaw SmeBSB Object: Right Bitmap of entry ";
+ char *err2 = " is not one bit deep.";
+ len = strlen(err1) + strlen(err2) + strlen(XtName(w)) + 2 + 1;
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf == NULL) return;
+ sprintf(pbuf, "%s\"%s\"%s", err1, XtName(w), err2);
+ XtAppError(XtWidgetToApplicationContext(w), pbuf);
+ XtStackFree(pbuf, buf);
}
#endif
}
--- Text.c
+++ Text.c 2003-05-19 17:11:59.000000000 +0200
@@ -75,6 +75,8 @@
#include <X11/Xfuncs.h>
#include <ctype.h> /* for isprint() */
+#include "XawAlloc.h"
+
#ifndef MAX_LEN_CT
#define MAX_LEN_CT 6 /* for sequence: ESC $ ( A \xx \xx */
#endif
@@ -519,7 +521,8 @@
{
TextWidget ctx = (TextWidget) new;
char error_buf[BUFSIZ];
- int s;
+ char *perr;
+ int s, len;
ctx->text.threeD = XtVaCreateWidget("threeD", threeDWidgetClass, new,
XtNx, 0, XtNy, 0,
@@ -568,10 +571,17 @@
if (ctx->text.scroll_vert != XawtextScrollNever)
if ( (ctx->text.resize == XawtextResizeHeight) ||
(ctx->text.resize == XawtextResizeBoth) ) {
- (void) sprintf(error_buf, "Xaw Text Widget %s:\n %s %s.", ctx->core.name,
- "Vertical scrolling not allowed with height resize.\n",
- "Vertical scrolling has been DEACTIVATED.");
- XtAppWarning(XtWidgetToApplicationContext(new), error_buf);
+ char *err1 = "Xaw Text Widget ";
+ char *err2 = ":\nVertical scrolling not allowed with height resize.\n";
+ char *err3 = "Vertical scrolling has been DEACTIVATED.";
+ len = strlen(err1) + strlen(err2) + strlen(err3) +
+ strlen(ctx->core.name) + 1;
+ perr = XtStackAlloc(len, error_buf);
+ if (perr != NULL) {
+ (void) sprintf(perr, "%s%s%s%s", err1, ctx->core.name, err2, err3);
+ XtAppWarning(XtWidgetToApplicationContext(new), perr);
+ XtStackFree(perr, error_buf);
+ }
ctx->text.scroll_vert = XawtextScrollNever;
}
else if (ctx->text.scroll_vert == XawtextScrollAlways)
@@ -579,18 +589,32 @@
if (ctx->text.scroll_horiz != XawtextScrollNever)
if (ctx->text.wrap != XawtextWrapNever) {
- (void) sprintf(error_buf, "Xaw Text Widget %s:\n %s %s.", ctx->core.name,
- "Horizontal scrolling not allowed with wrapping active.\n",
- "Horizontal scrolling has been DEACTIVATED.");
- XtAppWarning(XtWidgetToApplicationContext(new), error_buf);
+ char *err1 = "Xaw Text Widget ";
+ char *err2 = ":\nHorizontal scrolling not allowed with wrapping active.";
+ char *err3 = "\nHorizontal scrolling has been DEACTIVATED.";
+ len = strlen(err1) + strlen(err2) + strlen(err3) +
+ strlen(ctx->core.name) + 1;
+ perr = XtStackAlloc(len, error_buf);
+ if (perr != NULL) {
+ (void) sprintf(perr, "%s%s%s%s", err1, ctx->core.name, err2, err3);
+ XtAppWarning(XtWidgetToApplicationContext(new), perr);
+ XtStackFree(perr, error_buf);
+ }
ctx->text.scroll_horiz = XawtextScrollNever;
}
else if ( (ctx->text.resize == XawtextResizeWidth) ||
(ctx->text.resize == XawtextResizeBoth) ) {
- (void) sprintf(error_buf, "Xaw Text Widget %s:\n %s %s.", ctx->core.name,
- "Horizontal scrolling not allowed with width resize.\n",
- "Horizontal scrolling has been DEACTIVATED.");
- XtAppWarning(XtWidgetToApplicationContext(new), error_buf);
+ char *err1 = "Xaw Text Widget ";
+ char *err2 = ":\nHorizontal scrolling not allowed with width resize.\n";
+ char *err3 = "Horizontal scrolling has been DEACTIVATED.";
+ len = strlen(err1) + strlen(err2) + strlen(err3) +
+ strlen(ctx->core.name) + 1;
+ perr = XtStackAlloc(len, error_buf);
+ if (perr != NULL) {
+ (void) sprintf(perr, "%s%s%s%s", err1, ctx->core.name, err2, err3);
+ XtAppWarning(XtWidgetToApplicationContext(new), perr);
+ XtStackFree(perr, error_buf);
+ }
ctx->text.scroll_horiz = XawtextScrollNever;
}
else if (ctx->text.scroll_horiz == XawtextScrollAlways)
--- TextPop.c
+++ TextPop.c 2003-05-19 17:11:59.000000000 +0200
@@ -66,6 +66,8 @@
#include <X11/Xos.h> /* for O_RDONLY */
#include <errno.h>
+#include "XawAlloc.h"
+
#ifdef X_NOT_STDC_ENV
extern int errno;
#endif
@@ -809,6 +811,8 @@
struct SearchAndReplace * search;
{
char msg[BUFSIZ];
+ char *pmsg;
+ int len;
Widget tw = XtParent(search->search_popup);
XawTextPosition pos;
XawTextScanDirection dir;
@@ -835,9 +839,20 @@
/* The Raw string in find.ptr may be WC I can't use here, so I re - call
GetString to get a tame version. */
- if (pos == XawTextSearchError)
- (void) sprintf( msg, "Could not find string ``%s''.", GetString( search->search_text ) );
- else {
+ if (pos == XawTextSearchError) {
+ char *msg1 = "Could not find string ``";
+ char *msg2 = "''.";
+ len = strlen(msg1) + strlen(msg2) +
+ strlen(GetString( search->search_text )) + 1;
+ pmsg = XtStackAlloc(len, msg);
+ if (pmsg != NULL) {
+ (void) sprintf( pmsg, "%s%s%s", msg1, GetString( search->search_text ),
+ msg2);
+ } else {
+ pmsg = msg;
+ (void) sprintf( pmsg, "Could not find string");
+ }
+ } else {
if (dir == XawsdRight)
XawTextSetInsertionPoint( tw, pos + text.length);
else
@@ -849,7 +864,8 @@
}
XawTextUnsetSelection(tw);
- SetSearchLabels(search, msg, "", TRUE);
+ SetSearchLabels(search, pmsg, "", TRUE);
+ XtStackFree(pmsg, msg);
return(FALSE);
}
@@ -982,13 +998,26 @@
if ( (new_pos == XawTextSearchError) ) {
if (count == 0) {
char msg[BUFSIZ];
+ char *pmsg;
+ int len;
+ char *msg1 = "*** Error: Could not find string ``";
+ char *msg2 = "''. ***";
/* The Raw string in find.ptr may be WC I can't use here,
so I call GetString to get a tame version.*/
- (void) sprintf( msg, "%s %s %s", "*** Error: Could not find string ``",
- GetString( search->search_text ), "''. ***");
- SetSearchLabels(search, msg, "", TRUE);
+ len = strlen(msg1) + strlen(msg2) +
+ strlen(GetString( search->search_text )) + 1;
+ pmsg = XtStackAlloc(len, msg);
+ if (pmsg != NULL) {
+ (void) sprintf( pmsg, "%s%s%s", msg1,
+ GetString( search->search_text ), msg2);
+ } else {
+ pmsg = msg;
+ (void) sprintf(pmsg, "*** Error: Could not find string ***");
+ }
+ SetSearchLabels(search, pmsg, "", TRUE);
+ XtStackFree(pmsg, msg);
return(FALSE);
}
else
@@ -1011,9 +1040,22 @@
if (XawTextReplace(tw, pos, end_pos, &replace) != XawEditDone) {
char msg[BUFSIZ];
-
- (void) sprintf( msg, "'%s' with '%s'. ***", find.ptr, replace.ptr);
+ char *pmsg;
+ int len;
+ char *msg1 = "' with '";
+ char *msg2 = "'. ***";
+
+ len = 1 + strlen(msg1) + strlen(msg2) + strlen(find.ptr) +
+ strlen(replace.ptr) + 1;
+ pmsg = XtStackAlloc(len, msg);
+ if (pmsg != NULL) {
+ (void) sprintf( pmsg, "`%s%s%s%s", find.ptr, msg1, replace.ptr, msg2);
+ } else {
+ pmsg = msg;
+ (void) sprintf(pmsg, "string ***");
+ }
SetSearchLabels(search, "*** Error while replacing", msg, TRUE);
+ XtStackFree(pmsg, msg);
return(FALSE);
}
@@ -1164,13 +1206,20 @@
{
Widget temp_widget;
char buf[BUFSIZ];
+ char *pbuf;
+ int len;
- (void) sprintf(buf, "%s.%s", FORM_NAME, name);
+ len = strlen(FORM_NAME) + strlen(name) + 2;
+ pbuf = XtStackAlloc(len, buf);
+ if (pbuf == NULL) return FALSE;
+ (void) sprintf(pbuf, "%s.%s", FORM_NAME, name);
- if ( (temp_widget = XtNameToWidget(shell, buf)) != NULL) {
+ if ( (temp_widget = XtNameToWidget(shell, pbuf)) != NULL) {
SetResource(temp_widget, res_name, value);
+ XtStackFree(pbuf, buf);
return(TRUE);
}
+ XtStackFree(pbuf, buf);
return(FALSE);
}
--- XawAlloc.h
+++ XawAlloc.h 2003-05-19 17:11:59.000000000 +0200
@@ -0,0 +1,10 @@
+/* $XFree86: xc/lib/Xaw/XawAlloc.h,v 1.1.2.1 1998/05/16 09:05:23 dawes Exp $ */
+
+#define XtStackAlloc(size, stack_cache_array) \
+ ((size) <= sizeof(stack_cache_array) \
+ ? (XtPointer)(stack_cache_array) \
+ : XtMalloc((unsigned)(size)))
+
+#define XtStackFree(pointer, stack_cache_array) \
+ if ((pointer) != ((XtPointer)(stack_cache_array))) XtFree(pointer); else
+
--- XawI18n.h
+++ XawI18n.h 2003-05-19 17:11:59.000000000 +0200
@@ -29,11 +29,13 @@
#ifdef HAS_WCTYPE_H
#include <wctype.h>
+#ifndef NO_WIDEC_H
#include <widec.h>
#define wcslen(c) wslen(c)
#define wcscpy(d,s) wscpy(d,s)
#define wcsncpy(d,s,l) wsncpy(d,s,l)
#endif
+#endif
#ifdef HAS_WCHAR_H
#include <wchar.h>
--- XawIm.c
+++ XawIm.c 2003-05-19 17:11:59.000000000 +0200
@@ -1644,10 +1644,10 @@
if ((vw = SearchVendorShell(inwidg)) && (ve = GetExtPart(vw)) &&
ve->im.xim && (p = GetIcTableShared(inwidg, ve)) && p->xic) {
- return(XwcLookupString(p->xic, event, buffer_return, bytes_buffer,
+ return(XwcLookupString(p->xic, event, buffer_return, bytes_buffer/sizeof(wchar_t),
keysym_return, status_return));
}
- ret = XLookupString( event, tmp_buf, 64, keysym_return,
+ ret = XLookupString( event, tmp_buf, sizeof(tmp_buf), keysym_return,
(XComposeStatus*) status_return );
for ( i = 0, tmp_p = tmp_buf, buf_p = buffer_return; i < ret; i++ ) {
*buf_p++ = _Xaw_atowc(*tmp_p++);
