Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/zgv
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/zgv')
-rw-r--r--media-gfx/zgv/ChangeLog8
-rw-r--r--media-gfx/zgv/Manifest12
-rw-r--r--media-gfx/zgv/files/zgv-5.7-gcc3.patch170
-rw-r--r--media-gfx/zgv/files/zgv-5.8-integer-overflow-fix.diff316
4 files changed, 11 insertions, 495 deletions
diff --git a/media-gfx/zgv/ChangeLog b/media-gfx/zgv/ChangeLog
index b5deebc8c09d..fdcbf6a409e2 100644
--- a/media-gfx/zgv/ChangeLog
+++ b/media-gfx/zgv/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for media-gfx/zgv
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/zgv/ChangeLog,v 1.15 2008/04/21 17:35:23 phreak Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/zgv/ChangeLog,v 1.16 2009/06/20 23:57:58 flameeyes Exp $
+
+ 20 Jun 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+ -files/zgv-5.7-gcc3.patch, -files/zgv-5.8-integer-overflow-fix.diff:
+ Remove unused files.
21 Apr 2008; Christian Heim <phreak@gentoo.org> metadata.xml:
Fix up metadata.xml. If there's no maintainer for the package, the metadata
diff --git a/media-gfx/zgv/Manifest b/media-gfx/zgv/Manifest
index 2733a841e3c1..fa5ba762d892 100644
--- a/media-gfx/zgv/Manifest
+++ b/media-gfx/zgv/Manifest
@@ -1,17 +1,15 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-AUX zgv-5.7-gcc3.patch 7078 RMD160 90b58946e3dffc55ad28973b028e7648cbfba686 SHA1 21531d051329af1d94035e8c8d1440faddaa81b4 SHA256 c8798c8b5de3a517603aa8b8d83e742a073fbf27af694b892b7a0fced1eae645
-AUX zgv-5.8-integer-overflow-fix.diff 10910 RMD160 f4d6189be8489a06f2c4abcce5a2106f13243a88 SHA1 8b8d3fc898b7583e1e1566e36523fa8d50169524 SHA256 ef38904db4e183f9cbfa05f2b7cdccef32932322f26d33e6905e4bd43ca74a4b
AUX zgv-5.9-cmyk-yccl-fix.diff 1554 RMD160 c7b9c9c4f1bfda5e7b49d4ced5da75e2de974953 SHA1 1e161341030ab69feba9926693e7e97bd8aaecad SHA256 17291c05c6d67c32b5bfc1c4afd0756bc8e168567c7a8e965a2befb20b18689c
DIST zgv-5.9.tar.gz 395525 RMD160 1d1c47c77adc732c581d9db1189243a94c510586 SHA1 e29b81bb51401376b43397de3857e8ed846a7cad SHA256 92e5d848fb51a77dc0ebb0ab383c1499c23aaff01f5445e9b0d75e067a8a64ba
EBUILD zgv-5.9.ebuild 1215 RMD160 c459821a9e1d93bced0e25408673fd325d2b6b56 SHA1 29847aae0a973c5b984d76d2e9d42f9eb13d4ae9 SHA256 307d7d41542d5174e1eb49399495cbbb5266dde2706cdf575bf4720aac3e96a7
-MISC ChangeLog 2116 RMD160 fcd11ceb9e47e25f3c572d96f163911386a493eb SHA1 ea1808cebfae18a9cff02f4a05f4288f84a5be98 SHA256 b1327688389fe8fffaacacece338485f2156243cd98bbc0d928cf20c3e913f8d
+MISC ChangeLog 2270 RMD160 ab2f4ded10dae31a15ecfb3a8b1d4bf86724a49a SHA1 55811c239add8660ed86c868073efc0389a4c99d SHA256 835bf694dd6511ac2b9d22515cec35dad3e8372bfe175b0f40a3580f819c824e
MISC metadata.xml 290 RMD160 b9b86283c09349c8827faef7d3ef5f724a248e77 SHA1 ae1c8e62d75c94ff50b8a5391afb6008460963aa SHA256 380e26e9262298b9cb31e863a9ab641f6fbdc8c50bda2cf2e47fd399f9cb5e85
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.7 (GNU/Linux)
+Version: GnuPG v2.0.11 (GNU/Linux)
-iD8DBQFIDNBgyuNVb5qfaOYRApysAJkBKg+WFrpjgRyLDJW14D+c9a9p8ACgni8J
-3e2zfny/Zro/+e62wn2iJ1M=
-=MgwW
+iEYEARECAAYFAko9d4wACgkQAiZjviIA2Xg/XgCgqHxCcMvIpT+o52jdd6Z5VNbV
+VE4An0EIds0VFYSm9oOarm+FNrAcmrzD
+=Sfhx
-----END PGP SIGNATURE-----
diff --git a/media-gfx/zgv/files/zgv-5.7-gcc3.patch b/media-gfx/zgv/files/zgv-5.7-gcc3.patch
deleted file mode 100644
index 7a43849834ef..000000000000
--- a/media-gfx/zgv/files/zgv-5.7-gcc3.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-diff -u src.orig/bdf2h.c src/bdf2h.c
---- src.orig/bdf2h.c 2003-10-03 06:05:53.573182320 +0200
-+++ src/bdf2h.c 2003-10-03 06:16:07.603835472 +0200
-@@ -45,14 +45,14 @@
- */
- printf("#ifndef DEFINED_STRUCT_FONTINFO_TAG\n");
- printf("#define DEFINED_STRUCT_FONTINFO_TAG 1\n");
--printf("\
--struct fontinfo_tag
-- {
-- signed char *data;
-- int table[96];
-- int yofs,fh,oy;
-- };
--");
-+printf(\
-+"struct fontinfo_tag"\
-+" {"\
-+" signed char *data;"\
-+" int table[96];"\
-+" int yofs,fh,oy;"\
-+" };\n"\
-+);
- printf("#endif\n\n");
-
- /* generate font data */
-diff -u src.orig/font.c src/font.c
---- src.orig/font.c 2003-10-03 06:05:53.573182320 +0200
-+++ src/font.c 2003-10-03 06:06:10.775567160 +0200
-@@ -37,9 +37,9 @@
- * best have this:
- */
- static char *bitmap_fonts_copyright=
--"The bitmap fonts zgv uses are: \
--Copyright 1984-1989, 1994 Adobe Systems Incorporated. \
--Copyright 1988, 1994 Digital Equipment Corporation.";
-+"The bitmap fonts zgv uses are: "\
-+"Copyright 1984-1989, 1994 Adobe Systems Incorporated. "\
-+"Copyright 1988, 1994 Digital Equipment Corporation.";
-
-
- /* prototypes */
-diff -u src.orig/install-info.c src/install-info.c
---- src.orig/install-info.c 2003-10-03 06:05:53.573182320 +0200
-+++ src/install-info.c 2003-10-03 06:06:10.775567160 +0200
-@@ -309,38 +309,38 @@
- void
- print_help ()
- {
-- printf (_("Usage: %s [OPTION]... [INFO-FILE [DIR-FILE]]\n\
--\n\
--Install INFO-FILE in the Info directory file DIR-FILE.\n\
--\n\
--Options:\n\
----delete Delete existing entries in INFO-FILE;\n\
-- don't insert any new entries.\n\
----dir-file=NAME Specify file name of Info directory file.\n\
-- This is equivalent to using the DIR-FILE argument.\n\
----entry=TEXT Insert TEXT as an Info directory entry.\n\
-- TEXT should have the form of an Info menu item line\n\
-- plus zero or more extra lines starting with whitespace.\n\
-- If you specify more than one entry, they are all added.\n\
-- If you don't specify any entries, they are determined\n\
-- from information in the Info file itself.\n\
----help Display this help and exit.\n\
----info-file=FILE Specify Info file to install in the directory.\n\
-- This is equivalent to using the INFO-FILE argument.\n\
----info-dir=DIR Same as --dir-file=DIR/dir.\n\
----item=TEXT Same as --entry TEXT.\n\
-- An Info directory entry is actually a menu item.\n\
----quiet Suppress warnings.\n\
----remove Same as --delete.\n\
----section=SEC Put this file's entries in section SEC of the directory.\n\
-- If you specify more than one section, all the entries\n\
-- are added in each of the sections.\n\
-- If you don't specify any sections, they are determined\n\
-- from information in the Info file itself.\n\
----version Display version information and exit.\n\
--\n\
--Email bug reports to bug-texinfo@gnu.org.\n\
--"), progname);
-+ printf (_("Usage: %s [OPTION]... [INFO-FILE [DIR-FILE]]\n"\
-+"\n"\
-+"Install INFO-FILE in the Info directory file DIR-FILE.\n"\
-+"\n"\
-+"Options:\n"\
-+"--delete Delete existing entries in INFO-FILE;\n"\
-+" don't insert any new entries.\n"\
-+"--dir-file=NAME Specify file name of Info directory file.\n"\
-+" This is equivalent to using the DIR-FILE argument.\n"\
-+"--entry=TEXT Insert TEXT as an Info directory entry.\n"\
-+" TEXT should have the form of an Info menu item line\n"\
-+" plus zero or more extra lines starting with whitespace.\n"\
-+" If you specify more than one entry, they are all added.\n"\
-+" If you don't specify any entries, they are determined\n"\
-+" from information in the Info file itself.\n"\
-+"--help Display this help and exit.\n"\
-+"--info-file=FILE Specify Info file to install in the directory.\n"\
-+" This is equivalent to using the INFO-FILE argument.\n"\
-+"--info-dir=DIR Same as --dir-file=DIR/dir.\n"\
-+"--item=TEXT Same as --entry TEXT.\n"\
-+" An Info directory entry is actually a menu item.\n"\
-+"--quiet Suppress warnings.\n"\
-+"--remove Same as --delete.\n"\
-+"--section=SEC Put this file's entries in section SEC of the directory.\n"\
-+" If you specify more than one section, all the entries\n"\
-+" are added in each of the sections.\n"\
-+" If you don't specify any sections, they are determined\n"\
-+" from information in the Info file itself.\n"\
-+"--version Display version information and exit.\n"\
-+"\n"\
-+"Email bug reports to bug-texinfo@gnu.org.\n"\
-+), progname);
- }
-
-
-@@ -360,22 +360,22 @@
- f = fopen (dirfile, "w");
- if (f)
- {
-- fputs (_("This is the file .../info/dir, which contains the\n\
--topmost node of the Info hierarchy, called (dir)Top.\n\
--The first time you invoke Info you start off looking at this node.\n\
--\n\
--File: dir,\tNode: Top,\tThis is the top of the INFO tree\n\
--\n\
-- This (the Directory node) gives a menu of major topics.\n\
-- Typing \"q\" exits, \"?\" lists all Info commands, \"d\" returns here,\n\
-- \"h\" gives a primer for first-timers,\n\
-- \"mEmacs<Return>\" visits the Emacs manual, etc.\n\
--\n\
-- In Emacs, you can click mouse button 2 on a menu item or cross reference\n\
-- to select it.\n\
--\n\
--* Menu:\n\
--"), f);
-+ fputs (_("This is the file .../info/dir, which contains the\n"\
-+"topmost node of the Info hierarchy, called (dir)Top.\n"\
-+"The first time you invoke Info you start off looking at this node.\n"\
-+"\n"\
-+"File: dir,\tNode: Top,\tThis is the top of the INFO tree\n"\
-+"\n"\
-+" This (the Directory node) gives a menu of major topics.\n"\
-+" Typing \"q\" exits, \"?\" lists all Info commands, \"d\" returns here,\n"\
-+" \"h\" gives a primer for first-timers,\n"\
-+" \"mEmacs<Return>\" visits the Emacs manual, etc.\n"\
-+"\n"\
-+" In Emacs, you can click mouse button 2 on a menu item or cross reference\n"\
-+" to select it.\n"\
-+"\n"\
-+"* Menu:\n"\
-+), f);
- if (fclose (f) < 0)
- pfatal_with_name (dirfile);
- }
-@@ -540,10 +540,10 @@
-
- case 'V':
- printf ("install-info (GNU %s) %s\n", PACKAGE, VERSION);
-- printf (_("Copyright (C) %s Free Software Foundation, Inc.\n\
--There is NO warranty. You may redistribute this software\n\
--under the terms of the GNU General Public License.\n\
--For more information about these matters, see the files named COPYING.\n"),
-+ printf (_("Copyright (C) %s Free Software Foundation, Inc.\n"\
-+"There is NO warranty. You may redistribute this software\n"\
-+"under the terms of the GNU General Public License.\n"\
-+"For more information about these matters, see the files named COPYING.\n"),
- "1998");
- exit (0);
-
diff --git a/media-gfx/zgv/files/zgv-5.8-integer-overflow-fix.diff b/media-gfx/zgv/files/zgv-5.8-integer-overflow-fix.diff
deleted file mode 100644
index 515ac98e8068..000000000000
--- a/media-gfx/zgv/files/zgv-5.8-integer-overflow-fix.diff
+++ /dev/null
@@ -1,316 +0,0 @@
-diff -urN zgv-5.8/ChangeLog zgv/ChangeLog
---- zgv-5.8/ChangeLog Mon Mar 29 05:34:03 2004
-+++ zgv/ChangeLog Sun Oct 31 15:23:27 2004
-@@ -1,3 +1,27 @@
-+2004-10-31 Russell Marks <russell.marks@ntlworld.com>
-+
-+ * Added width/height limits to all picture readers, 32767x32767 is
-+ now the maximum image size supported (consistent with xzgv). This
-+ is a crude (albeit effective) fix for heap overflow bugs - there
-+ may yet be more subtle problems, but I can't really fix them until
-+ I know they're there. :-) Thanks to Luke Macken for letting me
-+ know about the heap overflow problems. I suppose I should also
-+ thank "infamous41md" for publishing the original exploit (for the
-+ XPM colours bug), even if he didn't bother emailing me or
-+ anything.
-+
-+ * src/readxpm.c (read_xpm_file): fix for exploitable malloc() arg
-+ overflow. There are several more of these in zgv, but this is the
-+ easiest to fix.
-+
-+2004-07-08 Russell Marks <russell.marks@ntlworld.com>
-+
-+ * src/readgif.c (read_gif_file): added more multiple-image (e.g.
-+ animated) GIF brokenness checks than before. Previously it was
-+ possible to get a segfault with the `right' file, despite there
-+ already being various range checks. Thanks to Mikulas Patocka for
-+ spotting this.
-+
- 2004-03-29 Russell Marks <russell.marks@ntlworld.com>
-
- * Version 5.8.
-diff -urN zgv-5.8/src/readbmp.c zgv/src/readbmp.c
---- zgv-5.8/src/readbmp.c Thu Oct 4 16:48:36 2001
-+++ zgv/src/readbmp.c Sun Oct 31 14:32:44 2004
-@@ -177,7 +177,8 @@
- bytepp=1;
- if ((pp->bpp == 24) && (*output_type == 3))
- bytepp = 3;
-- if ((work_bmap = *bmap = calloc (w * (h + 2) * bytepp,1)) == NULL)
-+ if (WH_BAD(w,h) ||
-+ (work_bmap = *bmap = calloc (w * (h + 2) * bytepp,1)) == NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
- bytes_in_image=w*h*bytepp;
-diff -urN zgv-5.8/src/readgif.c zgv/src/readgif.c
---- zgv-5.8/src/readgif.c Sat Mar 15 02:39:42 2003
-+++ zgv/src/readgif.c Sun Oct 31 14:31:48 2004
-@@ -491,7 +491,7 @@
- readcolmap(in,im->cmap,lnumcols);
- }
-
-- if((im->image=(byte *)malloc(width*height))==NULL)
-+ if(WH_BAD(width,height) || (im->image=(byte *)malloc(width*height))==NULL)
- {
- fclose(in);
- return(_PICERR_NOMEM);
-@@ -599,7 +599,8 @@
-
- /* allocate main image and palette */
-
--if((*theimageptr=(byte *)malloc(ginfo->width*ginfo->height))==NULL)
-+if(WH_BAD(ginfo->width,ginfo->height) ||
-+ (*theimageptr=(byte *)malloc(ginfo->width*ginfo->height))==NULL)
- {
- images_cleanup();
- return(_PICERR_NOMEM);
-@@ -668,7 +669,11 @@
- for(i=0;i<imagecount;i++)
- {
- int x,y,left,w;
-- unsigned char *ptr1,*ptr2;
-+ unsigned char *ptr1,*ptr2,*oldptr1;
-+
-+ /* basic width/height vs. "screen" checks, left/top handled elsewhere */
-+ if(images[i]->width>swidth) images[i]->width=swidth;
-+ if(images[i]->height>sheight) images[i]->height=sheight;
-
- /* for images after the first, we need to set the initial contents
- * (as far as GIF is concerned, the `screen' contents) as directed
-@@ -708,20 +713,28 @@
- */
- }
- }
--
-- ptr1=ptr+images[i]->left+images[i]->top*swidth;
-- ptr2=images[i]->image;
--
-- for(y=0;y<images[i]->height;y++)
-+
-+ /* an image with left or top offscreen is broken, but relying
-+ * unknowingly on the image not appearing at all. So skip it.
-+ */
-+ if(images[i]->left<swidth && images[i]->top<sheight)
- {
-- for(x=0;x<images[i]->width;x++)
-- if(!(images[i]->gcb_control&1) || /* if no transparent col defined */
-- images[i]->transparent_col!=*ptr2)
-- *ptr1++=*ptr2++;
-- else
-- ptr1++,ptr2++;
-+ ptr1=ptr+images[i]->left+images[i]->top*swidth;
-
-- ptr1+=swidth-images[i]->width;
-+ for(y=0;y<images[i]->height && images[i]->top+y<sheight;y++)
-+ {
-+ oldptr1=ptr1;
-+ ptr2=images[i]->image+y*images[i]->width;
-+
-+ for(x=0;x<images[i]->width && images[i]->left+x<swidth;x++)
-+ if(!(images[i]->gcb_control&1) || /* if no transparent col defined */
-+ images[i]->transparent_col!=*ptr2)
-+ *ptr1++=*ptr2++;
-+ else
-+ ptr1++,ptr2++;
-+
-+ ptr1=oldptr1+swidth;
-+ }
- }
-
- ptr+=swidth*sheight;
-diff -urN zgv-5.8/src/readjpeg.c zgv/src/readjpeg.c
---- zgv-5.8/src/readjpeg.c Wed Sep 27 17:28:30 2000
-+++ zgv/src/readjpeg.c Sun Oct 31 14:54:26 2004
-@@ -190,10 +190,10 @@
- height=cinfo.output_height;
- }
-
--theimage=(byte *)malloc(pixelsize*width*height);
--if(theimage==NULL)
-+if(WH_BAD(width,height) ||
-+ (theimage=(byte *)malloc(pixelsize*width*height))==NULL)
- {
-- jpegerr("Out of memory");
-+ jpegerr("Out of memory"); /* XXX misleading if width/height are bad */
- longjmp(jerr.setjmp_buffer,1);
- }
-
-diff -urN zgv-5.8/src/readmrf.c zgv/src/readmrf.c
---- zgv-5.8/src/readmrf.c Wed Oct 21 07:28:23 1998
-+++ zgv/src/readmrf.c Sun Oct 31 14:56:33 2004
-@@ -103,7 +103,8 @@
- w64=(w+63)/64;
- h64=(h+63)/64;
-
--if((*bmap=malloc(w*h))==NULL ||
-+if(WH_BAD(w64*64,h64*64) || WH_BAD(w,h) ||
-+ (*bmap=malloc(w*h))==NULL ||
- (image=calloc(w64*h64*64*64,1))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
-diff -urN zgv-5.8/src/readpcd.c zgv/src/readpcd.c
---- zgv-5.8/src/readpcd.c Thu Sep 30 01:56:59 1999
-+++ zgv/src/readpcd.c Sun Oct 31 14:57:37 2004
-@@ -39,7 +39,7 @@
-
- if((*output_type)!=1)*output_type=3;
-
--if((*bmap=malloc(w*(h+3-*output_type)*(*output_type)))==NULL)
-+if(WH_BAD(w,h) || (*bmap=malloc(w*(h+3-*output_type)*(*output_type)))==NULL)
- return(_PICERR_NOMEM);
-
- if((*pal=malloc(768))==NULL)
-diff -urN zgv-5.8/src/readpcx.c zgv/src/readpcx.c
---- zgv-5.8/src/readpcx.c Wed Mar 31 00:11:36 1999
-+++ zgv/src/readpcx.c Sun Oct 31 14:59:30 2004
-@@ -127,7 +127,7 @@
- bytemax=(1<<30); /* we use a 'y<h' test instead for these files */
-
- /* the normal +2 lines in case we're dithering a 24-bit file */
--if((*bmap=malloc(w*(h+2)*bytepp))==NULL)
-+if(WH_BAD(w,h) || (*bmap=malloc(w*(h+2)*bytepp))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
- /* need this if more than one bitplane */
-diff -urN zgv-5.8/src/readpng.c zgv/src/readpng.c
---- zgv-5.8/src/readpng.c Mon Jul 7 19:59:18 2003
-+++ zgv/src/readpng.c Sun Oct 31 15:00:23 2004
-@@ -223,8 +223,9 @@
-
-
- /* allocate image memory (with two extra lines for dithering) */
--theimage=(byte *)malloc(pixelsize*width*(height+2));
--if(theimage==NULL) return(_PICERR_NOMEM);
-+if(WH_BAD(width,height) ||
-+ (theimage=(byte *)malloc(pixelsize*width*(height+2)))==NULL)
-+ return(_PICERR_NOMEM);
-
-
- ilheight=height*number_passes;
-diff -urN zgv-5.8/src/readpnm.c zgv/src/readpnm.c
---- zgv-5.8/src/readpnm.c Thu Jun 1 15:45:53 2000
-+++ zgv/src/readpnm.c Sun Oct 31 15:02:58 2004
-@@ -144,7 +144,7 @@
- * 3 times as much for each line, which works out only meaning
- * 3x as much for the last line. If you see what I mean. (!?)
- */
--if((*bmap=malloc(w*(h+2)*bytepp))==NULL)
-+if(WH_BAD(w,h) || (*bmap=malloc(w*(h+2)*bytepp))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
-
-@@ -294,6 +294,8 @@
-
- int ditherinit(int w)
- {
-+if(WH_BAD(w+10,sizeof(int))) return(0);
-+
- ditherfinish(); /* make sure any previous mem is unallocated */
- if((evenerr=calloc(3*(w+10),sizeof(int)))==NULL ||
- (odderr =calloc(3*(w+10),sizeof(int)))==NULL ||
-@@ -418,7 +420,7 @@
- if((maxval=read_next_number(in))!=255)
- return(_PICERR_CORRUPT);
-
--if((*bmap=malloc(w*h))==NULL)
-+if(WH_BAD(w,h) || (*bmap=malloc(w*h))==NULL)
- return(_PICERR_NOMEM);
-
- count=fread(*bmap,1,w*h,in);
-diff -urN zgv-5.8/src/readprf.c zgv/src/readprf.c
---- zgv-5.8/src/readprf.c Mon Jan 15 20:31:51 2001
-+++ zgv/src/readprf.c Sun Oct 31 15:05:24 2004
-@@ -184,7 +184,7 @@
- }
-
- n=width*squaresize;
--if((planebuf[0]=work_planebuf=calloc(n,planes))==NULL)
-+if(WH_BAD(width,height) || (planebuf[0]=work_planebuf=calloc(n,planes))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
- for(f=1;f<planes;f++)
- planebuf[f]=planebuf[f-1]+n;
-@@ -202,7 +202,9 @@
- }
-
- /* add the usual extra 2 lines in case of dithering */
--if((*bmap=work_bmap=malloc(width*(height+2)*planes))==NULL)
-+/* width/height check already done, but WTF :-) */
-+if(WH_BAD(width,height) ||
-+ (*bmap=work_bmap=malloc(width*(height+2)*planes))==NULL)
- {
- free(planebuf[0]);
- CLOSE_AND_RET(_PICERR_NOMEM);
-diff -urN zgv-5.8/src/readtga.c zgv/src/readtga.c
---- zgv-5.8/src/readtga.c Wed Oct 24 17:02:24 2001
-+++ zgv/src/readtga.c Sun Oct 31 15:05:54 2004
-@@ -179,7 +179,7 @@
- * 3 times as much for each line, which works out only meaning
- * 3x as much for the last line. If you see what I mean. (!?)
- */
--if((*bmap=malloc(w*(h+2)*bytepp))==NULL)
-+if(WH_BAD(w,h) || (*bmap=malloc(w*(h+2)*bytepp))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
-
-diff -urN zgv-5.8/src/readtiff.c zgv/src/readtiff.c
---- zgv-5.8/src/readtiff.c Thu Jan 18 23:45:59 2001
-+++ zgv/src/readtiff.c Sun Oct 31 15:06:15 2004
-@@ -86,7 +86,8 @@
- * certain the dithering has room.
- */
- numpix=width*height;
--if((image=*bmap=work_bmap=malloc(numpix*sizeof(uint32)+width*3*2))==NULL)
-+if(WH_BAD(width,height) ||
-+ (image=*bmap=work_bmap=malloc(numpix*sizeof(uint32)+width*3*2))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
- /* XXX what about hffunc!? */
-diff -urN zgv-5.8/src/readxbm.c zgv/src/readxbm.c
---- zgv-5.8/src/readxbm.c Wed Oct 21 07:28:23 1998
-+++ zgv/src/readxbm.c Sun Oct 31 15:08:14 2004
-@@ -97,7 +97,7 @@
-
- w8=(w+7)/8;
-
--if((*bmap=image=malloc(w*h))==NULL)
-+if(WH_BAD(w,h) || (*bmap=image=malloc(w*h))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
- /* save stuff in case of abort */
-diff -urN zgv-5.8/src/readxpm.c zgv/src/readxpm.c
---- zgv-5.8/src/readxpm.c Sat Jan 22 11:32:28 2000
-+++ zgv/src/readxpm.c Sun Oct 31 15:08:48 2004
-@@ -180,7 +180,7 @@
- if(colchars!=NULL) free(colchars);
-
- /* alloc colchars array */
--if((colchars=malloc(ncols*sizeof(struct colchars_tag)))==NULL)
-+if(ncols>(1<<24) || (colchars=malloc(ncols*sizeof(struct colchars_tag)))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
-
-@@ -369,7 +369,7 @@
- */
-
- /* extra lines are in case we're dithering. */
--if((*bmap=malloc(w*(h+2)*bytepp))==NULL)
-+if(WH_BAD(w,h) || (*bmap=malloc(w*(h+2)*bytepp))==NULL)
- CLOSE_AND_RET(_PICERR_NOMEM);
-
- ptr=*bmap;
-diff -urN zgv-5.8/src/zgv.h zgv/src/zgv.h
---- zgv-5.8/src/zgv.h Sat Feb 21 16:31:29 2004
-+++ zgv/src/zgv.h Sun Oct 31 14:58:34 2004
-@@ -66,3 +66,12 @@
- /* make 15/16-bit colours, used in a few different places */
- #define GET15BITCOLOUR(r,g,b) ((((r)&0xf8)<<7)|(((g)&0xf8)<<2)|((b)>>3))
- #define GET16BITCOLOUR(r,g,b) ((((r)&0xf8)<<8)|(((g)&0xfc)<<3)|((b)>>3))
-+
-+/* range check on width and height as a crude way of avoiding overflows
-+ * when calling malloc/calloc. The maximum we can allow is around 37000,
-+ * but 32767 at least makes it consistent with xzgv. :-)
-+ * Adds an extra 2 to height for max-height check, as we usually allocate
-+ * 2 more lines to allow for dithering.
-+ */
-+#define WH_MAX 32767
-+#define WH_BAD(w,h) ((w)<=0 || (w)>WH_MAX || (h)<=0 || ((h)+2)>WH_MAX)