Fw: overflow fix in imlib

From: Anil Madhavapeddy <anil(at)recoil.org>
Date: Sat Aug 30 2003 - 17:15:03 EDT

Again, any comments on the graphics/imlib overflow? testing in particular would be handy, as I dont use this port.

• Forwarded message from Anil Madhavapeddy <anil@recoil.org> -----

From: Anil Madhavapeddy <anil@recoil.org> Date: Thu, 28 Aug 2003 18:23:52 +0100
To: brad@openbsd.org, naddy@openbsd.org
Subject: overflow fix in imlib

untested, i dont use this package, but that sscanf is definitely wrong. surrounding code suggests that the buffer shouldn't be cranked, but i cant be sure...

Index: patches/patch-Imlib_utils_c

---

RCS file: /cvs/ports/graphics/imlib/patches/patch-Imlib_utils_c,v retrieving revision 1.1
diff -u -r1.1 patch-Imlib_utils_c
--- patches/patch-Imlib_utils_c 20 Jun 2003 14:53:12 -0000 1.1 +++ patches/patch-Imlib_utils_c 28 Aug 2003 17:23:50 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-Imlib_utils_c,v 1.1 2003/06/20 14:53:12 avsm Exp $

---- Imlib/utils.c.orig Fri Mar 22 14:43:04 2002
-+++ Imlib/utils.c      Wed Jun 18 20:59:57 2003
+--- Imlib/utils.c.orig 2002-03-22 09:43:04.000000000 -0500
++++ Imlib/utils.c      2003-08-28 13:19:43.000000000 -0400
 @@ -801,6 +801,7 @@ Imlib_crop_and_clone_image(ImlibData * i
    unsigned char      *ptr1, *ptr2;
    ImlibImage         *im2;


@@ -67,3 +67,12 @@


        im2->filename = malloc(strlen(s) + 1);
        if (im2->filename)
        strcpy(im2->filename, s);
+@@ -1596,7 +1602,7 @@ Imlib_create_image_from_xpm_data(ImlibDa
+               {
+                 if (line[k] != ' ')
+                   {
+-                    sscanf(&line[k], "%65536s", s);
++                    sscanf(&line[k], "%255s", s);
+                     k += strlen(s);
+                     if (!strcmp(s, "c"))
+                       iscolor = 1;

• End forwarded message -----

-- 
Anil Madhavapeddy                                   
http://anil.recoil.org
University of Cambridge                            
http://www.cl.cam.ac.uk

Received on Sat Aug 30 17:18:58 2003