summaryrefslogtreecommitdiffstats
path: root/graphics/xli
diff options
context:
space:
mode:
authorjkoshy <jkoshy@FreeBSD.org>2005-10-21 08:15:53 +0000
committerjkoshy <jkoshy@FreeBSD.org>2005-10-21 08:15:53 +0000
commit6539c601c010cbaa17669663995ce1d806b342ee (patch)
tree28594816c00ecb1388f210bc0b25cd74bdd8eee4 /graphics/xli
parent18c252a66f55329e32f77b7c17baaf45596ceb43 (diff)
downloadFreeBSD-ports-6539c601c010cbaa17669663995ce1d806b342ee.zip
FreeBSD-ports-6539c601c010cbaa17669663995ce1d806b342ee.tar.gz
Fix a few potential buffer overflows in this port.
Security: CAN-2005-3178 (for xloadimage) Prodded by: naddy
Diffstat (limited to 'graphics/xli')
-rw-r--r--graphics/xli/Makefile2
-rw-r--r--graphics/xli/files/patch-reduce.c11
-rw-r--r--graphics/xli/files/patch-rotate.c23
-rw-r--r--graphics/xli/files/patch-tga.c11
-rw-r--r--graphics/xli/files/patch-zoom.c33
5 files changed, 79 insertions, 1 deletions
diff --git a/graphics/xli/Makefile b/graphics/xli/Makefile
index 8b69508..85c9b91 100644
--- a/graphics/xli/Makefile
+++ b/graphics/xli/Makefile
@@ -7,7 +7,7 @@
PORTNAME= xli
PORTVERSION= 1.17.0
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= graphics
MASTER_SITES= http://pantransit.reptiles.org/prog/xli/ \
${MASTER_SITE_XCONTRIB}
diff --git a/graphics/xli/files/patch-reduce.c b/graphics/xli/files/patch-reduce.c
new file mode 100644
index 0000000..49a98c4
--- /dev/null
+++ b/graphics/xli/files/patch-reduce.c
@@ -0,0 +1,11 @@
+--- reduce.c.orig Thu Oct 13 04:36:44 2005
++++ reduce.c Thu Oct 13 04:37:02 2005
+@@ -178,7 +178,7 @@
+ /* get destination image */
+ depth = colorsToDepth(OutColors);
+ new_image = newRGBImage(image->width, image->height, depth);
+- sprintf(buf, "%s (%d colors)", image->title, OutColors);
++ snprintf(buf, sizeof(buf), "%s (%d colors)", image->title, OutColors);
+ new_image->title = dupString(buf);
+ new_image->gamma = image->gamma;
+
diff --git a/graphics/xli/files/patch-rotate.c b/graphics/xli/files/patch-rotate.c
new file mode 100644
index 0000000..53d98fe
--- /dev/null
+++ b/graphics/xli/files/patch-rotate.c
@@ -0,0 +1,23 @@
+--- rotate.c.orig Thu Oct 13 04:39:08 2005
++++ rotate.c Thu Oct 13 04:40:11 2005
+@@ -43,7 +43,7 @@
+ int dlinelen; /* Length of destination line */
+ int bit[8]; /* Array of hex values */
+ int x, y;
+- int i, b;
++ int i, b, tlen;
+ int newi, newb;
+ byte **yptr;
+
+@@ -168,8 +168,9 @@
+ freeImage(simage);
+ simage = dimage;
+ }
+- dimage->title = (char *) lmalloc(strlen(iimage->title) + 40);
+- sprintf(dimage->title, "%s (rotated by %d degrees)", iimage->title, rot);
++ tlen = strlen(iimage->title) + 40;
++ dimage->title = (char *) lmalloc(tlen);
++ snprintf(dimage->title, tlen, "%s (rotated by %d degrees)", iimage->title, rot);
+ dimage->gamma = iimage->gamma;
+ if (verbose)
+ printf("done\n");
diff --git a/graphics/xli/files/patch-tga.c b/graphics/xli/files/patch-tga.c
new file mode 100644
index 0000000..d42ddbd
--- /dev/null
+++ b/graphics/xli/files/patch-tga.c
@@ -0,0 +1,11 @@
+--- tga.c.orig Thu Oct 13 04:41:39 2005
++++ tga.c Thu Oct 13 04:42:08 2005
+@@ -116,7 +116,7 @@
+ char colors[40];
+
+ if (hp->ImgType == TGA_Map || hp->ImgType == TGA_RLEMap)
+- sprintf(colors," with %d colors",hp->Length);
++ snprintf(colors,sizeof(colors)," with %d colors",hp->Length);
+ else
+ colors[0] = '\000';
+
diff --git a/graphics/xli/files/patch-zoom.c b/graphics/xli/files/patch-zoom.c
new file mode 100644
index 0000000..2543667
--- /dev/null
+++ b/graphics/xli/files/patch-zoom.c
@@ -0,0 +1,33 @@
+--- zoom.c.orig Thu Oct 13 04:42:36 2005
++++ zoom.c Thu Oct 13 04:43:47 2005
+@@ -52,26 +52,26 @@
+ if (verbose)
+ printf(" Zooming image Y axis by %d%%...", yzoom);
+ if (changetitle)
+- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++ snprintf(buf, sizeof(buf), "%s (Y zoom %d%%)", oimage->title, yzoom);
+ }
+ else if (!yzoom) {
+ if (verbose)
+ printf(" Zooming image X axis by %d%%...", xzoom);
+ if (changetitle)
+- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++ snprintf(buf, sizeof(buf), "%s (X zoom %d%%)", oimage->title, xzoom);
+ }
+ else if (xzoom == yzoom) {
+ if (verbose)
+ printf(" Zooming image by %d%%...", xzoom);
+ if (changetitle)
+- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++ snprintf(buf, sizeof(buf), "%s (%d%% zoom)", oimage->title, xzoom);
+ }
+ else {
+ if (verbose)
+ printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
+ xzoom, yzoom);
+ if (changetitle)
+- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++ snprintf(buf, sizeof(buf), "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ xzoom, yzoom);
+ }
+ if (!changetitle)
OpenPOWER on IntegriCloud