[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fw: overflow fix in imlib
- To: ports@openbsd.org
- Subject: Fw: overflow fix in imlib
- From: Anil Madhavapeddy <anil@recoil.org>
- Date: Sat, 30 Aug 2003 22:15:03 +0100
- Content-Disposition: inline
- User-Agent: Mutt/1.4.1i
Again, any comments on the graphics/imlib overflow? testing in particular
would be handy, as I dont use this port.
----- Forwarded message from Anil Madhavapeddy <anil@recoil.org> -----
From: Anil Madhavapeddy <anil@recoil.org>
Date: Thu, 28 Aug 2003 18:23:52 +0100
To: brad@openbsd.org, naddy@openbsd.org
Subject: overflow fix in imlib
untested, i dont use this package, but that sscanf is definitely wrong.
surrounding code suggests that the buffer shouldn't be cranked, but i cant
be sure...
Index: patches/patch-Imlib_utils_c
===================================================================
RCS file: /cvs/ports/graphics/imlib/patches/patch-Imlib_utils_c,v
retrieving revision 1.1
diff -u -r1.1 patch-Imlib_utils_c
--- patches/patch-Imlib_utils_c 20 Jun 2003 14:53:12 -0000 1.1
+++ patches/patch-Imlib_utils_c 28 Aug 2003 17:23:50 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-Imlib_utils_c,v 1.1 2003/06/20 14:53:12 avsm Exp $
---- Imlib/utils.c.orig Fri Mar 22 14:43:04 2002
-+++ Imlib/utils.c Wed Jun 18 20:59:57 2003
+--- Imlib/utils.c.orig 2002-03-22 09:43:04.000000000 -0500
++++ Imlib/utils.c 2003-08-28 13:19:43.000000000 -0400
@@ -801,6 +801,7 @@ Imlib_crop_and_clone_image(ImlibData * i
unsigned char *ptr1, *ptr2;
ImlibImage *im2;
@@ -67,3 +67,12 @@
im2->filename = malloc(strlen(s) + 1);
if (im2->filename)
strcpy(im2->filename, s);
+@@ -1596,7 +1602,7 @@ Imlib_create_image_from_xpm_data(ImlibDa
+ {
+ if (line[k] != ' ')
+ {
+- sscanf(&line[k], "%65536s", s);
++ sscanf(&line[k], "%255s", s);
+ k += strlen(s);
+ if (!strcmp(s, "c"))
+ iscolor = 1;
----- End forwarded message -----
--
Anil Madhavapeddy http://anil.recoil.org
University of Cambridge http://www.cl.cam.ac.uk