ALT Linux repositórios
Group :: Gráficos
RPM: xli
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: 060-security_fixes.patch
Download
Download
CAN-2005-3178, CAN-2005-0639 ?
Index: xli-1.17.0+20061110/zoom.c
===================================================================
--- xli-1.17.0+20061110.orig/zoom.c
+++ xli-1.17.0+20061110/zoom.c
@@ -52,28 +52,29 @@ Image *zoom(Image *oimage, unsigned int
if (verbose)
printf(" Zooming image Y axis by %d%%...", yzoom);
if (changetitle)
- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
+ snprintf(buf, BUFSIZ, "%s (Y zoom %d%%)", oimage->title, yzoom);
}
else if (!yzoom) {
if (verbose)
printf(" Zooming image X axis by %d%%...", xzoom);
if (changetitle)
- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
+ snprintf(buf, BUFSIZ, "%s (X zoom %d%%)", oimage->title, xzoom);
}
else if (xzoom == yzoom) {
if (verbose)
printf(" Zooming image by %d%%...", xzoom);
if (changetitle)
- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
+ snprintf(buf, BUFSIZ, "%s (%d%% zoom)", oimage->title, xzoom);
}
else {
if (verbose)
printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
xzoom, yzoom);
if (changetitle)
- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ snprintf(buf, BUFSIZ, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
xzoom, yzoom);
}
+ buf[BUFSIZ-1] = '\0';
if (!changetitle)
strcpy(buf,oimage->title);
Index: xli-1.17.0+20061110/reduce.c
===================================================================
--- xli-1.17.0+20061110.orig/reduce.c
+++ xli-1.17.0+20061110/reduce.c
@@ -178,7 +178,8 @@ Image *reduce(Image *image, unsigned col
/* get destination image */
depth = colorsToDepth(OutColors);
new_image = newRGBImage(image->width, image->height, depth);
- sprintf(buf, "%s (%d colors)", image->title, OutColors);
+ snprintf(buf, BUFSIZ, "%s (%d colors)", image->title, OutColors);
+ buf[BUFSIZ-1] = '\0';
new_image->title = dupString(buf);
new_image->gamma = image->gamma;
Index: xli-1.17.0+20061110/pbm.c
===================================================================
--- xli-1.17.0+20061110.orig/pbm.c
+++ xli-1.17.0+20061110/pbm.c
@@ -108,8 +108,7 @@ static int pbmReadRawInt(ZFILE * zf, int
return src;
}
-static int isPBM(ZFILE * zf, char *name,
- unsigned int *width, unsigned int *height, unsigned int *maxval,
+static int isPBM(ZFILE * zf, char *name, int *width, int *height, int *maxval,
unsigned int verbose)
{
byte buf[4];
@@ -161,10 +160,10 @@ static int isPBM(ZFILE * zf, char *name,
if (memToVal(buf, 2) == memToVal((byte *) "P2", 2)) {
if (((*width = pbmReadInt(zf)) < 0)
- || ((*height = pbmReadInt(zf)) < 0))
+ || ((*height = pbmReadInt(zf)) < 0)
+ || ((*maxval = pbmReadInt(zf)) < 0))
return (NOTPBM);
- *maxval = pbmReadInt(zf);
if (verbose) {
printf("%s is a %dx%d PGM image with %d levels\n",
name, *width, *height, (*maxval + 1));
@@ -174,10 +173,10 @@ static int isPBM(ZFILE * zf, char *name,
if (memToVal(buf, 2) == memToVal((byte *) "P5", 2)) {
if (((*width = pbmReadInt(zf)) < 0)
- || ((*height = pbmReadInt(zf)) < 0))
+ || ((*height = pbmReadInt(zf)) < 0)
+ || ((*maxval = pbmReadInt(zf)) < 0))
return (NOTPBM);
- *maxval = pbmReadInt(zf);
if (verbose)
printf("%s is a %dx%d Raw PGM image with %d levels\n",
name, *width, *height, (*maxval + 1));
@@ -185,11 +184,11 @@ static int isPBM(ZFILE * zf, char *name,
}
if (memToVal(buf, 2) == memToVal((byte *) "P3", 2)) {
- if (((*width = pbmReadInt(zf)) < 0) ||
- ((*height = pbmReadInt(zf)) < 0))
+ if (((*width = pbmReadInt(zf)) < 0)
+ || ((*height = pbmReadInt(zf)) < 0)
+ || ((*maxval = pbmReadInt(zf)) < 0))
return (NOTPBM);
- *maxval = pbmReadInt(zf);
if (verbose) {
printf("%s is a %dx%d PPM image with %d levels\n",
name, *width, *height, (*maxval + 1));
@@ -198,11 +197,11 @@ static int isPBM(ZFILE * zf, char *name,
}
if (memToVal(buf, 2) == memToVal((byte *) "P6", 2)) {
- if (((*width = pbmReadInt(zf)) < 0) ||
- ((*height = pbmReadInt(zf)) < 0))
+ if (((*width = pbmReadInt(zf)) < 0)
+ || ((*height = pbmReadInt(zf)) < 0)
+ || ((*maxval = pbmReadInt(zf)) < 0))
return (NOTPBM);
- *maxval = pbmReadInt(zf);
if (verbose) {
printf("%s is a %dx%d Raw PPM image with %d levels\n",
name, *width, *height, (*maxval + 1));
@@ -215,7 +214,7 @@ static int isPBM(ZFILE * zf, char *name,
int pbmIdent(char *fullname, char *name)
{
ZFILE *zf;
- unsigned int width, height, maxval, ret;
+ int width, height, maxval, ret;
if (!(zf = zopen(fullname)))
return (0);
@@ -234,7 +233,8 @@ Image *pbmLoad(char *fullname, ImageOpti
Image *image = 0;
int pbm_type;
unsigned int x, y;
- unsigned int width, height, maxval, fmaxval, depth, fdepth;
+ int width, height, maxval, fmaxval;
+ unsigned int depth, fdepth;
unsigned int linelen;
byte srcmask, destmask;
byte *destptr = 0, *destline;