$NetBSD: patch-ao,v 1.1 2004/12/10 09:30:42 salo Exp $ --- gdk_imlib/utils.c.orig 2002-03-22 15:43:29.000000000 +0100 +++ gdk_imlib/utils.c 2004-12-10 10:15:22.000000000 +0100 @@ -1236,36 +1236,56 @@ context = 0; ptr = NULL; end = NULL; + memset(lookup, 0, sizeof(lookup)); while (!done) { line = data[count++]; + if (!line) + break; + line = strdup(line); + if (!line) + break; + len = strlen(line); + for (i = 0; i < len; ++i) + { + c = line[i]; + if (c < 32) + line[i] = 32; + else if (c > 127) + line[i] = 127; + } + if (context == 0) { /* Header */ sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n"); free(im); + free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n"); free(im); + free(line); return NULL; } - if (w > 32767) + if (w <= 0 || w > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n"); free(im); + free(line); return NULL; } - if (h > 32767) + if (h <= 0 || h > 32767) { fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n"); free(im); + free(line); return NULL; } cmap = malloc(sizeof(struct _cmap) * ncolors); @@ -1273,6 +1293,7 @@ if (!cmap) { free(im); + free(line); return NULL; } im->rgb_width = w; @@ -1282,6 +1303,7 @@ { free(cmap); free(im); + free(line); return NULL; } im->alpha_data = NULL; @@ -1355,7 +1377,7 @@ strcpy(col + colptr, " "); colptr++; } - if (colptr + ls <= sizeof(col)) + if (colptr + ls < sizeof(col)) { strcpy(col + colptr, s); colptr += ls; @@ -1558,6 +1580,7 @@ } if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) done = 1; + free(line); } if (!transp) {