diff options
author | root <root@rshg054.dnsready.net> | 2013-02-25 00:05:01 -0800 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2013-02-25 00:05:01 -0800 |
commit | 7fdd408bcb7558171b6a91530226a8b910ec906a (patch) | |
tree | 87f874d69f830d717250b1dea9f376f3a705a51e /extra/netpbm | |
parent | 90f97c6f30af5c30599fab0b6d6c1f474ad15fe0 (diff) |
Mon Feb 25 00:04:58 PST 2013
Diffstat (limited to 'extra/netpbm')
-rw-r--r-- | extra/netpbm/PKGBUILD | 31 | ||||
-rw-r--r-- | extra/netpbm/netpbm-security-code.patch | 850 | ||||
-rw-r--r-- | extra/netpbm/netpbm-security-scripts.patch | 18 |
3 files changed, 452 insertions, 447 deletions
diff --git a/extra/netpbm/PKGBUILD b/extra/netpbm/PKGBUILD index b447bee50..f9e1cfb20 100644 --- a/extra/netpbm/PKGBUILD +++ b/extra/netpbm/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 148858 2012-02-05 11:53:06Z ibiru $ +# $Id: PKGBUILD 178515 2013-02-24 21:47:43Z eric $ # Maintainer: Kevin Piche <kevin@archlinux.org> pkgname=netpbm -pkgver=10.57.1 +pkgver=10.61.02 pkgrel=1 pkgdesc="A toolkit for manipulation of graphic images" arch=('i686' 'x86_64') @@ -11,18 +11,27 @@ url="http://netpbm.sourceforge.net/" depends=('perl' 'libpng' 'libtiff' 'libxml2') makedepends=('python2') options=('!makeflags') -# Releases after 10.34 are available via SVN only. -# Get Advanced tarball here: http://netpbm.sourceforge.net/release.html#tarball -# Get version number from version.mk -# Get docs with: wget --recursive --relative -nH http://netpbm.sourceforge.net/doc/ -source=(ftp://ftp.archlinux.org/other/netpbm/${pkgname}-${pkgver}.tar.gz \ - ftp://ftp.archlinux.org/other/netpbm/netpbm-doc-22Feb2009.tar.xz \ +source=(ftp://ftp.archlinux.org/other/packages/netpbm/${pkgname}-${pkgver}.tar.gz{,.sig} \ + ftp://ftp.archlinux.org/other/packages/netpbm/netpbm-doc-22Feb2009.tar.xz{,.sig} \ netpbm-CAN-2005-2471.patch netpbm-security-code.patch netpbm-security-scripts.patch) -sha1sums=('cd0b99333faf994a680d77c5d217034df35ebd4e' +sha1sums=('dc2354716996c8fe4c4836386e6c403ec2f15589' + '253df0e79f9344e68ee907a43347d630ff6b1b95' 'dfeba9f9a5fe987d64db0aadb5ca8c1b20fcead2' + 'e9513608a661beb05a63270931f6191029e935f8' 'b79cf9d42488fea065ba16262ed97694c47af08d' - '4cd5b94a24886ecae3973c5ae104d8298fe5a1f5' - '2ac31f714121e08e47af9337c6bbaab3cbfc5c75') + 'cde27f75fa5ca8010a3b1f08d8e247d42243d0f5' + '300a2386d3207005f4cb4120bbb2f3788a9b7716') + +# source PKGBUILD && mksource +mksource() { +# Get docs with: wget --recursive --relative -nH http://netpbm.sourceforge.net/doc/ + curl -o advanced.tar.gz 'http://netpbm.svn.sourceforge.net/viewvc/netpbm/advanced.tar.gz?view=tar' + tar -xf advanced.tar.gz advanced/version.mk + _pkgver=$(grep MAJOR advanced/version.mk |cut -d ' ' -f 3).$(grep MINOR advanced/version.mk |cut -d ' ' -f 3).0$(grep POINT advanced/version.mk |cut -d ' ' -f 3) + mv advanced.tar.gz ${pkgname}-${_pkgver}.tar.gz + gpg --detach-sign --use-agent -u ${GPGKEY} ${pkgname}-${_pkgver}.tar.gz + rm -r advanced +} build() { cd "${srcdir}/advanced" diff --git a/extra/netpbm/netpbm-security-code.patch b/extra/netpbm/netpbm-security-code.patch index da67a8f92..27b49fbae 100644 --- a/extra/netpbm/netpbm-security-code.patch +++ b/extra/netpbm/netpbm-security-code.patch @@ -1,39 +1,35 @@ -diff -up netpbm-10.47.04/analyzer/pgmtexture.c.security netpbm-10.47.04/analyzer/pgmtexture.c ---- netpbm-10.47.04/analyzer/pgmtexture.c.security 2009-10-21 13:38:55.000000000 +0200 -+++ netpbm-10.47.04/analyzer/pgmtexture.c 2009-10-21 15:09:33.000000000 +0200 -@@ -79,6 +79,9 @@ vector (int nl, int nh) - { - float *v; - -+ if(nh < nl) -+ pm_error("assert: h < l"); +diff -up netpbm-10.58.01/analyzer/pgmtexture.c.security-code netpbm-10.58.01/analyzer/pgmtexture.c +--- netpbm-10.58.01/analyzer/pgmtexture.c.security-code 2012-04-09 15:31:32.000000000 +0200 ++++ netpbm-10.58.01/analyzer/pgmtexture.c 2012-04-09 15:40:03.183620040 +0200 +@@ -97,7 +97,7 @@ vector(unsigned int const nl, + float * v; + + assert(nh >= nl); +- + overflow_add(nh - nl, 1); MALLOCARRAY(v, (unsigned) (nh - nl + 1)); + if (v == NULL) - pm_error("Unable to allocate memory for a vector."); -@@ -95,6 +98,9 @@ matrix (int nrl, int nrh, int ncl, int n - float **m; +@@ -129,6 +129,7 @@ matrix (unsigned int const nrl, + assert(nrh >= nrl); /* allocate pointers to rows */ -+ if(nrh < nrl) -+ pm_error("assert: h < l"); + overflow_add(nrh - nrl, 1); MALLOCARRAY(m, (unsigned) (nrh - nrl + 1)); if (m == NULL) pm_error("Unable to allocate memory for a matrix."); -@@ -102,6 +108,9 @@ matrix (int nrl, int nrh, int ncl, int n - assert (nch >= ncl); +@@ -136,7 +137,7 @@ matrix (unsigned int const nrl, + m -= ncl; - /* allocate rows and set pointers to them */ -+ if(nch < ncl) -+ pm_error("assert: h < l"); + assert (nch >= ncl); +- + overflow_add(nch - ncl, 1); + /* allocate rows and set pointers to them */ for (i = nrl; i <= nrh; ++i) { MALLOCARRAY(m[i], (unsigned) (nch - ncl + 1)); - if (m[i] == NULL) -diff -up netpbm-10.47.04/converter/other/gemtopnm.c.security netpbm-10.47.04/converter/other/gemtopnm.c ---- netpbm-10.47.04/converter/other/gemtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/gemtopnm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/gemtopnm.c.security-code netpbm-10.58.01/converter/other/gemtopnm.c +--- netpbm-10.58.01/converter/other/gemtopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/gemtopnm.c 2012-04-09 15:40:03.183620040 +0200 @@ -106,6 +106,7 @@ main(argc, argv) pnm_writepnminit( stdout, cols, rows, MAXVAL, type, 0 ); @@ -42,10 +38,10 @@ diff -up netpbm-10.47.04/converter/other/gemtopnm.c.security netpbm-10.47.04/con { /* allocate input row data structure */ int plane; -diff -up netpbm-10.47.04/converter/other/jpegtopnm.c.security netpbm-10.47.04/converter/other/jpegtopnm.c ---- netpbm-10.47.04/converter/other/jpegtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/jpegtopnm.c 2009-10-21 15:54:30.000000000 +0200 -@@ -861,6 +861,8 @@ convertImage(FILE * +diff -up netpbm-10.58.01/converter/other/jpegtopnm.c.security-code netpbm-10.58.01/converter/other/jpegtopnm.c +--- netpbm-10.58.01/converter/other/jpegtopnm.c.security-code 2012-04-09 15:31:40.000000000 +0200 ++++ netpbm-10.58.01/converter/other/jpegtopnm.c 2012-04-09 15:40:03.184620028 +0200 +@@ -861,6 +861,8 @@ convertImage(FILE * /* Calculate output image dimensions so we can allocate space */ jpeg_calc_output_dimensions(cinfoP); @@ -54,9 +50,9 @@ diff -up netpbm-10.47.04/converter/other/jpegtopnm.c.security netpbm-10.47.04/co /* Start decompressor */ jpeg_start_decompress(cinfoP); -diff -up netpbm-10.47.04/converter/other/pbmtopgm.c.security netpbm-10.47.04/converter/other/pbmtopgm.c ---- netpbm-10.47.04/converter/other/pbmtopgm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pbmtopgm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/pbmtopgm.c.security-code netpbm-10.58.01/converter/other/pbmtopgm.c +--- netpbm-10.58.01/converter/other/pbmtopgm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/pbmtopgm.c 2012-04-09 15:40:03.184620028 +0200 @@ -47,6 +47,7 @@ main(int argc, char *argv[]) { "than the image height (%u rows)", height, rows); @@ -65,10 +61,9 @@ diff -up netpbm-10.47.04/converter/other/pbmtopgm.c.security netpbm-10.47.04/con maxval = MIN(PGM_OVERALLMAXVAL, width*height); pgm_writepgminit(stdout, cols, rows, maxval, 0) ; -diff -up netpbm-10.47.04/converter/other/pngtopnm.c.security netpbm-10.47.04/converter/other/pngtopnm.c -diff -up netpbm-10.47.04/converter/other/pnmtoddif.c.security netpbm-10.47.04/converter/other/pnmtoddif.c ---- netpbm-10.47.04/converter/other/pnmtoddif.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtoddif.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/pnmtoddif.c.security-code netpbm-10.58.01/converter/other/pnmtoddif.c +--- netpbm-10.58.01/converter/other/pnmtoddif.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/pnmtoddif.c 2012-04-09 15:40:03.185620015 +0200 @@ -632,6 +632,7 @@ main(int argc, char *argv[]) { switch (PNM_FORMAT_TYPE(format)) { case PBM_TYPE: @@ -85,9 +80,9 @@ diff -up netpbm-10.47.04/converter/other/pnmtoddif.c.security netpbm-10.47.04/co ip.bytes_per_line = 3 * cols; ip.bits_per_pixel = 24; ip.spectral = 5; -diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/converter/other/pnmtojpeg.c ---- netpbm-10.47.04/converter/other/pnmtojpeg.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtojpeg.c 2009-10-21 15:56:32.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/pnmtojpeg.c.security-code netpbm-10.58.01/converter/other/pnmtojpeg.c +--- netpbm-10.58.01/converter/other/pnmtojpeg.c.security-code 2012-04-09 15:31:39.000000000 +0200 ++++ netpbm-10.58.01/converter/other/pnmtojpeg.c 2012-04-09 15:40:03.186620002 +0200 @@ -605,7 +605,11 @@ read_scan_script(j_compress_ptr const ci want JPOOL_PERMANENT. */ @@ -101,7 +96,7 @@ diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/co (jpeg_scan_info *) (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE, scan_info_size); -@@ -936,6 +940,8 @@ compute_rescaling_array(JSAMPLE ** const +@@ -937,6 +941,8 @@ compute_rescaling_array(JSAMPLE ** const const long half_maxval = maxval / 2; long val; @@ -110,7 +105,7 @@ diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/co *rescale_p = (JSAMPLE *) (cinfo.mem->alloc_small) ((j_common_ptr) &cinfo, JPOOL_IMAGE, (size_t) (((long) maxval + 1L) * -@@ -1014,6 +1020,7 @@ convert_scanlines(struct jpeg_compress_s +@@ -1015,6 +1021,7 @@ convert_scanlines(struct jpeg_compress_s */ /* Allocate the libpnm output and compressor input buffers */ @@ -118,33 +113,48 @@ diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/co buffer = (*cinfo_p->mem->alloc_sarray) ((j_common_ptr) cinfo_p, JPOOL_IMAGE, (unsigned int) cinfo_p->image_width * cinfo_p->input_components, -diff -up netpbm-10.47.04/converter/other/pnmtosgi.c.security netpbm-10.47.04/converter/other/pnmtosgi.c ---- netpbm-10.47.04/converter/other/pnmtosgi.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtosgi.c 2009-10-21 15:09:33.000000000 +0200 -@@ -213,6 +213,22 @@ write_channels(cols, rows, channels, put +diff -up netpbm-10.58.01/converter/other/pnmtops.c.security-code netpbm-10.58.01/converter/other/pnmtops.c +--- netpbm-10.58.01/converter/other/pnmtops.c.security-code 2012-04-09 15:31:40.000000000 +0200 ++++ netpbm-10.58.01/converter/other/pnmtops.c 2012-04-09 15:40:03.187619989 +0200 +@@ -256,17 +256,21 @@ parseCommandLine(int argc, const char ** + validateCompDimension(width, 72, "-width value"); + validateCompDimension(height, 72, "-height value"); + ++ overflow2(width, 72); + cmdlineP->width = width * 72; ++ overflow2(height, 72); + cmdlineP->height = height * 72; + + if (imagewidthSpec) { + validateCompDimension(imagewidth, 72, "-imagewidth value"); ++ overflow2(imagewidth, 72); + cmdlineP->imagewidth = imagewidth * 72; } - } - -+static void * -+xmalloc2(int x, int y) -+{ -+ void *mem; -+ -+ overflow2(x,y); -+ if( x * y == 0 ) -+ return NULL; -+ -+ mem = malloc2(x, y); -+ if( mem == NULL ) -+ pm_error("out of memory allocating %d bytes", x * y); -+ return mem; -+} -+ -+ - static void - put_big_short(short s) - { -@@ -250,6 +266,7 @@ build_channels(FILE *ifp, int cols, int + else + cmdlineP->imagewidth = 0; + if (imageheightSpec) { +- validateCompDimension(imagewidth, 72, "-imageheight value"); ++ validateCompDimension(imageheight, 72, "-imageheight value"); ++ overflow2(imageheight, 72); + cmdlineP->imageheight = imageheight * 72; + } + else +diff -up netpbm-10.58.01/converter/other/pnmtorle.c.security-code netpbm-10.58.01/converter/other/pnmtorle.c +--- netpbm-10.58.01/converter/other/pnmtorle.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/pnmtorle.c 2012-04-09 15:40:03.188619976 +0200 +@@ -19,6 +19,8 @@ + * If you modify this software, you should include a notice giving the + * name of the person performing the modification, the date of modification, + * and the reason for such modification. ++ * ++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com> + */ + /* + * pnmtorle - A program which will convert pbmplus (ppm or pgm) images +diff -up netpbm-10.58.01/converter/other/pnmtosgi.c.security-code netpbm-10.58.01/converter/other/pnmtosgi.c +--- netpbm-10.58.01/converter/other/pnmtosgi.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/pnmtosgi.c 2012-04-09 15:40:03.188619976 +0200 +@@ -254,6 +254,7 @@ build_channels(FILE * const ifp, int con #endif if( storage != STORAGE_VERBATIM ) { @@ -152,7 +162,7 @@ diff -up netpbm-10.47.04/converter/other/pnmtosgi.c.security netpbm-10.47.04/con MALLOCARRAY_NOFAIL(table, channels * rows); MALLOCARRAY_NOFAIL(rletemp, WORSTCOMPR(cols)); } -@@ -303,6 +320,8 @@ compress(temp, row, rows, cols, chan_no, +@@ -306,6 +307,8 @@ compress(ScanElem * temp, break; case STORAGE_RLE: tabrow = chan_no * rows + row; @@ -161,9 +171,9 @@ diff -up netpbm-10.47.04/converter/other/pnmtosgi.c.security netpbm-10.47.04/con len = rle_compress(temp, cols); /* writes result into rletemp */ channel[chan_no][row].length = len; MALLOCARRAY(p, len); -diff -up netpbm-10.47.04/converter/other/rletopnm.c.security netpbm-10.47.04/converter/other/rletopnm.c ---- netpbm-10.47.04/converter/other/rletopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/rletopnm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/rletopnm.c.security-code netpbm-10.58.01/converter/other/rletopnm.c +--- netpbm-10.58.01/converter/other/rletopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/rletopnm.c 2012-04-09 15:40:03.189619963 +0200 @@ -19,6 +19,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -173,10 +183,10 @@ diff -up netpbm-10.47.04/converter/other/rletopnm.c.security netpbm-10.47.04/con */ /* * rletopnm - A conversion program to convert from Utah's "rle" image format -diff -up netpbm-10.47.04/converter/other/sgitopnm.c.security netpbm-10.47.04/converter/other/sgitopnm.c ---- netpbm-10.47.04/converter/other/sgitopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/sgitopnm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -252,10 +252,14 @@ read_channels(ifp, head, table, func, oc +diff -up netpbm-10.58.01/converter/other/sgitopnm.c.security-code netpbm-10.58.01/converter/other/sgitopnm.c +--- netpbm-10.58.01/converter/other/sgitopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/sgitopnm.c 2012-04-09 15:40:03.189619963 +0200 +@@ -359,10 +359,14 @@ readChannels(FILE * const ifP, MALLOCARRAY_NOFAIL(image, head->ysize); } else { maxchannel = MIN(3, head->zsize); @@ -190,11 +200,11 @@ diff -up netpbm-10.47.04/converter/other/sgitopnm.c.security netpbm-10.47.04/con MALLOCARRAY_NOFAIL(temp, WORSTCOMPR(head->xsize)); + } - for(channel = 0; channel < maxchannel; ++channel) { + for (channel = 0; channel < maxchannel; ++channel) { unsigned int row; -diff -up netpbm-10.47.04/converter/other/sirtopnm.c.security netpbm-10.47.04/converter/other/sirtopnm.c ---- netpbm-10.47.04/converter/other/sirtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/sirtopnm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/sirtopnm.c.security-code netpbm-10.58.01/converter/other/sirtopnm.c +--- netpbm-10.58.01/converter/other/sirtopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/sirtopnm.c 2012-04-09 15:40:03.190619951 +0200 @@ -69,6 +69,7 @@ char* argv[]; } break; @@ -203,10 +213,10 @@ diff -up netpbm-10.47.04/converter/other/sirtopnm.c.security netpbm-10.47.04/con picsize = cols * rows * 3; planesize = cols * rows; if ( !( sirarray = (unsigned char*) malloc( picsize ) ) ) -diff -up netpbm-10.47.04/converter/other/tifftopnm.c.security netpbm-10.47.04/converter/other/tifftopnm.c ---- netpbm-10.47.04/converter/other/tifftopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/tifftopnm.c 2009-10-21 15:49:29.000000000 +0200 -@@ -1291,7 +1291,9 @@ convertRasterByRows(pnmOut * const +diff -up netpbm-10.58.01/converter/other/tifftopnm.c.security-code netpbm-10.58.01/converter/other/tifftopnm.c +--- netpbm-10.58.01/converter/other/tifftopnm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/other/tifftopnm.c 2012-04-09 15:40:03.191619939 +0200 +@@ -1279,7 +1279,9 @@ convertRasterByRows(pnmOut * const if (scanbuf == NULL) pm_error("can't allocate memory for scanline buffer"); @@ -217,9 +227,9 @@ diff -up netpbm-10.47.04/converter/other/tifftopnm.c.security netpbm-10.47.04/co if (samplebuf == NULL) pm_error("can't allocate memory for row buffer"); -diff -up netpbm-10.47.04/converter/other/xwdtopnm.c.security netpbm-10.47.04/converter/other/xwdtopnm.c ---- netpbm-10.47.04/converter/other/xwdtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/xwdtopnm.c 2009-10-21 15:53:27.000000000 +0200 +diff -up netpbm-10.58.01/converter/other/xwdtopnm.c.security-code netpbm-10.58.01/converter/other/xwdtopnm.c +--- netpbm-10.58.01/converter/other/xwdtopnm.c.security-code 2012-04-09 15:31:40.000000000 +0200 ++++ netpbm-10.58.01/converter/other/xwdtopnm.c 2012-04-09 15:40:03.192619927 +0200 @@ -209,6 +209,10 @@ processX10Header(X10WDFileHeader * cons *colorsP = pnm_allocrow(2); PNM_ASSIGN1((*colorsP)[0], 0); @@ -239,32 +249,9 @@ diff -up netpbm-10.47.04/converter/other/xwdtopnm.c.security netpbm-10.47.04/con *padrightP = h11FixedP->bytes_per_line * 8 - h11FixedP->pixmap_width * h11FixedP->bits_per_pixel; -diff -up netpbm-10.47.04/converter/other/sunicontopnm.c.security netpbm-10.47.04/converter/other/sunicontopnm.c ---- netpbm-10.47.04/converter/other/sunicontopnm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/other/sunicontopnm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -11,6 +11,7 @@ - */ - - #include <string.h> -+#include <limits.h> - - #include "nstring.h" - #include "pbm.h" -@@ -87,6 +88,11 @@ ReadIconFile(FILE * const - if (*heightP <= 0) - pm_error("invalid height (must be positive): %d", *heightP); - -+ if ( *widthP > INT_MAX - 16 || *widthP < 0) -+ pm_error( "invalid width: %d", *widthP); -+ -+ overflow2(*widthP + 16, *heightP); -+ - } - - -diff -up netpbm-10.47.04/converter/pbm/mdatopbm.c.security netpbm-10.47.04/converter/pbm/mdatopbm.c ---- netpbm-10.47.04/converter/pbm/mdatopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/mdatopbm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/mdatopbm.c.security-code netpbm-10.58.01/converter/pbm/mdatopbm.c +--- netpbm-10.58.01/converter/pbm/mdatopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/mdatopbm.c 2012-04-09 15:40:03.192619927 +0200 @@ -245,10 +245,13 @@ main(int argc, char **argv) { pm_readlittleshort(infile, &yy); nInCols = yy; } @@ -280,9 +267,9 @@ diff -up netpbm-10.47.04/converter/pbm/mdatopbm.c.security netpbm-10.47.04/conve data = pbm_allocarray(nOutCols, nOutRows); -diff -up netpbm-10.47.04/converter/pbm/mgrtopbm.c.security netpbm-10.47.04/converter/pbm/mgrtopbm.c ---- netpbm-10.47.04/converter/pbm/mgrtopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/mgrtopbm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/mgrtopbm.c.security-code netpbm-10.58.01/converter/pbm/mgrtopbm.c +--- netpbm-10.58.01/converter/pbm/mgrtopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/mgrtopbm.c 2012-04-09 15:40:03.193619915 +0200 @@ -65,6 +65,8 @@ readMgrHeader(FILE * const ifP, if (head.h_high < ' ' || head.l_high < ' ') pm_error("Invalid width field in MGR header"); @@ -292,42 +279,10 @@ diff -up netpbm-10.47.04/converter/pbm/mgrtopbm.c.security netpbm-10.47.04/conve *colsP = (((int)head.h_wide - ' ') << 6) + ((int)head.l_wide - ' '); *rowsP = (((int)head.h_high - ' ') << 6) + ((int) head.l_high - ' '); *padrightP = ( ( *colsP + pad - 1 ) / pad ) * pad - *colsP; -diff -up netpbm-10.47.04/converter/pbm/pbmto10x.c.security netpbm-10.47.04/converter/pbm/pbmto10x.c ---- netpbm-10.47.04/converter/pbm/pbmto10x.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmto10x.c 2009-10-21 15:09:33.000000000 +0200 -@@ -162,7 +162,7 @@ main(int argc, char * argv[]) { - res_60x72(); - - pm_close(ifp); -- exit(0); -+ return 0; - } - - -diff -up netpbm-10.47.04/converter/pbm/pbmto4425.c.security netpbm-10.47.04/converter/pbm/pbmto4425.c ---- netpbm-10.47.04/converter/pbm/pbmto4425.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmto4425.c 2009-10-21 15:09:33.000000000 +0200 -@@ -2,6 +2,7 @@ - - #include "nstring.h" - #include "pbm.h" -+#include <string.h> - - static char bit_table[2][3] = { - {1, 4, 0x10}, -@@ -160,7 +161,7 @@ main(int argc, char * argv[]) { - xres = vmap_width * 2; - yres = vmap_height * 3; - -- vmap = malloc(vmap_width * vmap_height * sizeof(char)); -+ vmap = malloc3(vmap_width, vmap_height, sizeof(char)); - if(vmap == NULL) - { - pm_error( "Cannot allocate memory" ); -diff -up netpbm-10.47.04/converter/pbm/pbmtogem.c.security netpbm-10.47.04/converter/pbm/pbmtogem.c ---- netpbm-10.47.04/converter/pbm/pbmtogem.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtogem.c 2009-10-21 15:09:33.000000000 +0200 -@@ -123,6 +123,7 @@ putinit (rows, cols) +diff -up netpbm-10.58.01/converter/pbm/pbmtogem.c.security-code netpbm-10.58.01/converter/pbm/pbmtogem.c +--- netpbm-10.58.01/converter/pbm/pbmtogem.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtogem.c 2012-04-09 15:40:03.193619915 +0200 +@@ -79,6 +79,7 @@ putinit (int const rows, int const cols) bitsperitem = 0; bitshift = 7; outcol = 0; @@ -335,9 +290,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtogem.c.security netpbm-10.47.04/conve outmax = (cols + 7) / 8; outrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char)); lastrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char)); -diff -up netpbm-10.47.04/converter/pbm/pbmtogo.c.security netpbm-10.47.04/converter/pbm/pbmtogo.c ---- netpbm-10.47.04/converter/pbm/pbmtogo.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtogo.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtogo.c.security-code netpbm-10.58.01/converter/pbm/pbmtogo.c +--- netpbm-10.58.01/converter/pbm/pbmtogo.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtogo.c 2012-04-09 15:40:03.193619915 +0200 @@ -158,6 +158,7 @@ main(int argc, bitrow = pbm_allocrow(cols); @@ -346,9 +301,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtogo.c.security netpbm-10.47.04/conver rucols = ( cols + 7 ) / 8; bytesperrow = rucols; /* GraphOn uses bytes */ rucols = rucols * 8; -diff -up netpbm-10.47.04/converter/pbm/pbmtolj.c.security netpbm-10.47.04/converter/pbm/pbmtolj.c ---- netpbm-10.47.04/converter/pbm/pbmtolj.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtolj.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtolj.c.security-code netpbm-10.58.01/converter/pbm/pbmtolj.c +--- netpbm-10.58.01/converter/pbm/pbmtolj.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtolj.c 2012-04-09 15:40:03.194619902 +0200 @@ -120,7 +120,11 @@ parseCommandLine(int argc, char ** argv, static void allocateBuffers(unsigned int const cols) { @@ -361,9 +316,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtolj.c.security netpbm-10.47.04/conver packBufferSize = rowBufferSize + (rowBufferSize + 127) / 128 + 1; deltaBufferSize = rowBufferSize + rowBufferSize / 8 + 10; -diff -up netpbm-10.47.04/converter/pbm/pbmtomacp.c.security netpbm-10.47.04/converter/pbm/pbmtomacp.c ---- netpbm-10.47.04/converter/pbm/pbmtomacp.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtomacp.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtomacp.c.security-code netpbm-10.58.01/converter/pbm/pbmtomacp.c +--- netpbm-10.58.01/converter/pbm/pbmtomacp.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtomacp.c 2012-04-09 15:40:03.195619889 +0200 @@ -101,6 +101,7 @@ char *argv[]; if( !lflg ) left = 0; @@ -381,9 +336,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtomacp.c.security netpbm-10.47.04/conv if( bflg ) { if( bottom - top >= MAX_LINES ) bottom = top + MAX_LINES - 1; -diff -up netpbm-10.47.04/converter/pbm/pbmtomda.c.security netpbm-10.47.04/converter/pbm/pbmtomda.c ---- netpbm-10.47.04/converter/pbm/pbmtomda.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtomda.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtomda.c.security-code netpbm-10.58.01/converter/pbm/pbmtomda.c +--- netpbm-10.58.01/converter/pbm/pbmtomda.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtomda.c 2012-04-09 15:40:03.195619889 +0200 @@ -179,6 +179,7 @@ int main(int argc, char **argv) nOutRowsUnrounded = bScale ? nInRows/2 : nInRows; @@ -392,11 +347,10 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtomda.c.security netpbm-10.47.04/conve nOutRows = ((nOutRowsUnrounded + 3) / 4) * 4; /* MDA wants rows a multiple of 4 */ nOutCols = nInCols / 8; -diff -up netpbm-10.47.04/converter/pbm/pbmtomgr.c.security netpbm-10.47.04/converter/pbm/pbmtomgr.c -diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c.security netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c ---- netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -105,6 +105,7 @@ int pbm_readline(pbm_stat* pbm,unsigned +diff -up netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c.security-code netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c +--- netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtoppa/pbm.c 2012-04-09 15:40:03.195619889 +0200 +@@ -105,6 +105,7 @@ int pbm_readline(pbm_stat* pbm,unsigned return 0; case P4: @@ -414,9 +368,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c.security netpbm-10.47.04/c memcpy (pbm->revdata, data, (pbm->width+7)/8); pbm->current_line--; } -diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c.security netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c ---- netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c.security-code netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c +--- netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtoppa/pbmtoppa.c 2012-04-09 15:40:03.196619876 +0200 @@ -441,6 +441,7 @@ main(int argc, char *argv[]) { pm_error("main(): unrecognized parameter '%s'", argv[argn]); } @@ -425,9 +379,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c.security netpbm-10.47 Pwidth=(Width+7)/8; printer.fptr=out; -diff -up netpbm-10.47.04/converter/pbm/pbmtoxbm.c.security netpbm-10.47.04/converter/pbm/pbmtoxbm.c ---- netpbm-10.47.04/converter/pbm/pbmtoxbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoxbm.c 2009-10-21 15:36:54.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtoxbm.c.security-code netpbm-10.58.01/converter/pbm/pbmtoxbm.c +--- netpbm-10.58.01/converter/pbm/pbmtoxbm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtoxbm.c 2012-04-09 15:40:03.196619876 +0200 @@ -335,6 +335,8 @@ convertRaster(FILE * const ifP, unsigned char * bitrow; @@ -437,10 +391,10 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoxbm.c.security netpbm-10.47.04/conve putinit(xbmVersion); -diff -up netpbm-10.47.04/converter/pbm/pbmtoybm.c.security netpbm-10.47.04/converter/pbm/pbmtoybm.c ---- netpbm-10.47.04/converter/pbm/pbmtoybm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoybm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -45,6 +45,7 @@ main( argc, argv ) +diff -up netpbm-10.58.01/converter/pbm/pbmtoybm.c.security-code netpbm-10.58.01/converter/pbm/pbmtoybm.c +--- netpbm-10.58.01/converter/pbm/pbmtoybm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtoybm.c 2012-04-09 15:40:03.197619863 +0200 +@@ -113,6 +113,7 @@ main(int argc, const char *argv[]) { bitrow = pbm_allocrow(cols); /* Compute padding to round cols up to the nearest multiple of 16. */ @@ -448,9 +402,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoybm.c.security netpbm-10.47.04/conve padright = ((cols + 15) / 16) * 16 - cols; putinit(cols, rows); -diff -up netpbm-10.47.04/converter/pbm/pbmtozinc.c.security netpbm-10.47.04/converter/pbm/pbmtozinc.c ---- netpbm-10.47.04/converter/pbm/pbmtozinc.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtozinc.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmtozinc.c.security-code netpbm-10.58.01/converter/pbm/pbmtozinc.c +--- netpbm-10.58.01/converter/pbm/pbmtozinc.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmtozinc.c 2012-04-09 15:40:03.197619863 +0200 @@ -65,6 +65,7 @@ main(int argc, char * argv[]) { bitrow = pbm_allocrow( cols ); @@ -459,9 +413,41 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtozinc.c.security netpbm-10.47.04/conv padright = ( ( cols + 15 ) / 16 ) * 16 - cols; printf( "USHORT %s[] = {\n",name); -diff -up netpbm-10.47.04/converter/pbm/pktopbm.c.security netpbm-10.47.04/converter/pbm/pktopbm.c ---- netpbm-10.47.04/converter/pbm/pktopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pktopbm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pbm/pbmto10x.c.security-code netpbm-10.58.01/converter/pbm/pbmto10x.c +--- netpbm-10.58.01/converter/pbm/pbmto10x.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmto10x.c 2012-04-09 15:40:03.197619863 +0200 +@@ -162,7 +162,7 @@ main(int argc, char * argv[]) { + res_60x72(); + + pm_close(ifp); +- exit(0); ++ return 0; + } + + +diff -up netpbm-10.58.01/converter/pbm/pbmto4425.c.security-code netpbm-10.58.01/converter/pbm/pbmto4425.c +--- netpbm-10.58.01/converter/pbm/pbmto4425.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pbmto4425.c 2012-04-09 15:40:03.198619851 +0200 +@@ -2,6 +2,7 @@ + + #include "nstring.h" + #include "pbm.h" ++#include <string.h> + + static char bit_table[2][3] = { + {1, 4, 0x10}, +@@ -160,7 +161,7 @@ main(int argc, char * argv[]) { + xres = vmap_width * 2; + yres = vmap_height * 3; + +- vmap = malloc(vmap_width * vmap_height * sizeof(char)); ++ vmap = malloc3(vmap_width, vmap_height, sizeof(char)); + if(vmap == NULL) + { + pm_error( "Cannot allocate memory" ); +diff -up netpbm-10.58.01/converter/pbm/pktopbm.c.security-code netpbm-10.58.01/converter/pbm/pktopbm.c +--- netpbm-10.58.01/converter/pbm/pktopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/pktopbm.c 2012-04-09 15:40:03.198619851 +0200 @@ -277,6 +277,7 @@ main(int argc, char *argv[]) { if (flagbyte == 7) { /* long form preamble */ integer packetlength = get32() ; /* character packet length */ @@ -470,10 +456,10 @@ diff -up netpbm-10.47.04/converter/pbm/pktopbm.c.security netpbm-10.47.04/conver endofpacket = packetlength + pktopbm_pkloc; /* calculate end of packet */ if ((car >= MAXPKCHAR) || !filename[car]) { -diff -up netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security netpbm-10.47.04/converter/pbm/thinkjettopbm.l ---- netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/thinkjettopbm.l 2009-10-21 15:09:33.000000000 +0200 -@@ -107,7 +107,9 @@ DIG [0-9] +diff -up netpbm-10.58.01/converter/pbm/thinkjettopbm.l.security-code netpbm-10.58.01/converter/pbm/thinkjettopbm.l +--- netpbm-10.58.01/converter/pbm/thinkjettopbm.l.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/thinkjettopbm.l 2012-04-09 15:40:03.199619839 +0200 +@@ -114,7 +114,9 @@ DIG [0-9] <RASTERMODE>\033\*b{DIG}+W { int l; if (rowCount >= rowCapacity) { @@ -483,7 +469,7 @@ diff -up netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security netpbm-10.47.04/ rows = realloc (rows, rowCapacity * sizeof *rows); if (rows == NULL) pm_error ("Out of memory."); -@@ -217,6 +219,8 @@ yywrap (void) +@@ -226,6 +228,8 @@ yywrap (void) /* * Quite simple since ThinkJet bit arrangement matches PBM */ @@ -492,20 +478,20 @@ diff -up netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security netpbm-10.47.04/ pbm_writepbminit(stdout, maxRowLength*8, rowCount, 0); packed_bitrow = malloc(maxRowLength); -diff -up netpbm-10.47.04/converter/pbm/ybmtopbm.c.security netpbm-10.47.04/converter/pbm/ybmtopbm.c ---- netpbm-10.47.04/converter/pbm/ybmtopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/ybmtopbm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -88,4 +88,5 @@ getinit( file, colsP, rowsP, depthP, pad - pm_error("EOF / read error"); +diff -up netpbm-10.58.01/converter/pbm/ybmtopbm.c.security-code netpbm-10.58.01/converter/pbm/ybmtopbm.c +--- netpbm-10.58.01/converter/pbm/ybmtopbm.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/converter/pbm/ybmtopbm.c 2012-04-09 15:40:03.199619839 +0200 +@@ -49,6 +49,7 @@ getinit(FILE * const ifP, + pm_error("EOF / read error"); *depthP = 1; + overflow_add(*colsP, 15); *padrightP = ((*colsP + 15) / 16) * 16 - *colsP; -} - -diff -up netpbm-10.47.04/converter/pgm/lispmtopgm.c.security netpbm-10.47.04/converter/pgm/lispmtopgm.c ---- netpbm-10.47.04/converter/pgm/lispmtopgm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/pgm/lispmtopgm.c 2009-10-21 15:09:33.000000000 +0200 + } + +diff -up netpbm-10.58.01/converter/pgm/lispmtopgm.c.security-code netpbm-10.58.01/converter/pgm/lispmtopgm.c +--- netpbm-10.58.01/converter/pgm/lispmtopgm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/pgm/lispmtopgm.c 2012-04-09 15:40:03.199619839 +0200 @@ -58,6 +58,7 @@ main( argc, argv ) pm_error( "depth (%d bits) is too large", depth); @@ -525,9 +511,9 @@ diff -up netpbm-10.47.04/converter/pgm/lispmtopgm.c.security netpbm-10.47.04/con *padrightP = ( ( *colsP + 31 ) / 32 ) * 32 - *colsP; if ( *colsP != (cols_32 - *padrightP) ) { -diff -up netpbm-10.47.04/converter/pgm/psidtopgm.c.security netpbm-10.47.04/converter/pgm/psidtopgm.c ---- netpbm-10.47.04/converter/pgm/psidtopgm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/pgm/psidtopgm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/pgm/psidtopgm.c.security-code netpbm-10.58.01/converter/pgm/psidtopgm.c +--- netpbm-10.58.01/converter/pgm/psidtopgm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/pgm/psidtopgm.c 2012-04-09 15:40:03.200619827 +0200 @@ -78,6 +78,7 @@ main(int argc, pm_error("bits/sample (%d) is too large.", bitspersample); @@ -536,10 +522,10 @@ diff -up netpbm-10.47.04/converter/pgm/psidtopgm.c.security netpbm-10.47.04/conv grayrow = pgm_allocrow((cols + 7) / 8 * 8); for (row = 0; row < rows; ++row) { unsigned int col; -diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/converter/ppm/ilbmtoppm.c ---- netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ilbmtoppm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -594,6 +594,7 @@ decode_row(FILE * const ifP, +diff -up netpbm-10.58.01/converter/ppm/ilbmtoppm.c.security-code netpbm-10.58.01/converter/ppm/ilbmtoppm.c +--- netpbm-10.58.01/converter/ppm/ilbmtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ilbmtoppm.c 2012-04-09 15:40:03.201619815 +0200 +@@ -592,6 +592,7 @@ decode_row(FILE * const ifP, rawtype *chp; cols = bmhdP->w; @@ -547,7 +533,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv bytes = RowBytes(cols); for( plane = 0; plane < nPlanes; plane++ ) { int mask; -@@ -681,6 +682,23 @@ decode_mask(FILE * const ifP, +@@ -679,6 +680,23 @@ decode_mask(FILE * const ifP, Multipalette handling ****************************************************************************/ @@ -571,7 +557,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv static void multi_adjust(cmap, row, palchange) -@@ -1300,6 +1318,9 @@ dcol_to_ppm(FILE * const ifP, +@@ -1341,6 +1359,9 @@ dcol_to_ppm(FILE * const ifP, if( redmaxval != maxval || greenmaxval != maxval || bluemaxval != maxval ) pm_message("scaling colors to %d bits", pm_maxvaltobits(maxval)); @@ -581,7 +567,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(redtable, redmaxval +1); MALLOCARRAY_NOFAIL(greentable, greenmaxval +1); MALLOCARRAY_NOFAIL(bluetable, bluemaxval +1); -@@ -1729,7 +1750,9 @@ PCHG_ConvertSmall(PCHG, cmap, mask, data +@@ -1763,7 +1784,9 @@ PCHG_ConvertSmall(PCHG, cmap, mask, data ChangeCount32 = *data++; datasize -= 2; @@ -591,7 +577,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv for( i = 0; i < changes; i++ ) { if( totalchanges >= PCHG->TotalChanges ) goto fail; if( datasize < 2 ) goto fail; -@@ -1994,6 +2017,9 @@ read_pchg(FILE * const ifp, +@@ -2028,6 +2051,9 @@ read_pchg(FILE * const ifp, cmap->mp_change[i] = NULL; if( PCHG.StartLine < 0 ) { int nch; @@ -601,7 +587,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv nch = PCHG.MaxReg - PCHG.MinReg +1; MALLOCARRAY_NOFAIL(cmap->mp_init, nch + 1); for( i = 0; i < nch; i++ ) -@@ -2070,6 +2096,7 @@ process_body( FILE * const ifp, +@@ -2104,6 +2130,7 @@ process_body( FILE * const ifp, if( typeid == ID_ILBM ) { int isdeep; @@ -609,9 +595,9 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(ilbmrow, RowBytes(bmhdP->w)); *viewportmodesP |= fakeviewport; /* -isham/-isehb */ -diff -up netpbm-10.47.04/converter/ppm/imgtoppm.c.security netpbm-10.47.04/converter/ppm/imgtoppm.c ---- netpbm-10.47.04/converter/ppm/imgtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/imgtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/imgtoppm.c.security-code netpbm-10.58.01/converter/ppm/imgtoppm.c +--- netpbm-10.58.01/converter/ppm/imgtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/imgtoppm.c 2012-04-09 15:40:03.202619802 +0200 @@ -84,6 +84,7 @@ main(int argc, char ** argv) { len = atoi((char*) buf ); if ( fread( buf, len, 1, ifp ) != 1 ) @@ -628,9 +614,9 @@ diff -up netpbm-10.47.04/converter/ppm/imgtoppm.c.security netpbm-10.47.04/conve if ( len != cols * rows ) pm_message( "pixel data length (%d) does not match image size (%d)", -diff -up netpbm-10.47.04/converter/ppm/Makefile.security netpbm-10.47.04/converter/ppm/Makefile ---- netpbm-10.47.04/converter/ppm/Makefile.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/Makefile 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/Makefile.security-code netpbm-10.58.01/converter/ppm/Makefile +--- netpbm-10.58.01/converter/ppm/Makefile.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/Makefile 2012-04-09 15:40:03.202619802 +0200 @@ -11,7 +11,7 @@ SUBDIRS = hpcdtoppm ppmtompeg PORTBINARIES = 411toppm eyuvtoppm gouldtoppm ilbmtoppm imgtoppm \ @@ -640,10 +626,10 @@ diff -up netpbm-10.47.04/converter/ppm/Makefile.security netpbm-10.47.04/convert ppmtoacad ppmtoapplevol ppmtoarbtxt ppmtoascii \ ppmtobmp ppmtoeyuv ppmtogif ppmtoicr ppmtoilbm \ ppmtoleaf ppmtolj ppmtomitsu ppmtoneo \ -diff -up netpbm-10.47.04/converter/ppm/pcxtoppm.c.security netpbm-10.47.04/converter/ppm/pcxtoppm.c ---- netpbm-10.47.04/converter/ppm/pcxtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/pcxtoppm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes, +diff -up netpbm-10.58.01/converter/ppm/pcxtoppm.c.security-code netpbm-10.58.01/converter/ppm/pcxtoppm.c +--- netpbm-10.58.01/converter/ppm/pcxtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/pcxtoppm.c 2012-04-09 15:40:03.203619789 +0200 +@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes, /* * clear the pixel buffer */ @@ -659,18 +645,18 @@ diff -up netpbm-10.47.04/converter/ppm/pcxtoppm.c.security netpbm-10.47.04/conve rawcols = BytesPerLine * 8 / BitsPerPixel; if (headerCols > rawcols) { pm_message("warning - BytesPerLine = %d, " -diff -up netpbm-10.47.04/converter/ppm/picttoppm.c.security netpbm-10.47.04/converter/ppm/picttoppm.c ---- netpbm-10.47.04/converter/ppm/picttoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/picttoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/picttoppm.c.security-code netpbm-10.58.01/converter/ppm/picttoppm.c +--- netpbm-10.58.01/converter/ppm/picttoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/picttoppm.c 2012-04-09 15:40:03.205619763 +0200 @@ -1,3 +1,5 @@ +#error "Unfixable. Don't ship me" + /* * picttoppm.c -- convert a MacIntosh PICT file to PPM format. * -diff -up netpbm-10.47.04/converter/ppm/pjtoppm.c.security netpbm-10.47.04/converter/ppm/pjtoppm.c ---- netpbm-10.47.04/converter/ppm/pjtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/pjtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/pjtoppm.c.security-code netpbm-10.58.01/converter/ppm/pjtoppm.c +--- netpbm-10.58.01/converter/ppm/pjtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/pjtoppm.c 2012-04-09 15:40:03.206619751 +0200 @@ -127,19 +127,21 @@ main(argc, argv) case 'V': /* send plane */ case 'W': /* send last plane */ @@ -720,9 +706,9 @@ diff -up netpbm-10.47.04/converter/ppm/pjtoppm.c.security netpbm-10.47.04/conver cols *= 8; } -diff -up netpbm-10.47.04/converter/ppm/ppmtoeyuv.c.security netpbm-10.47.04/converter/ppm/ppmtoeyuv.c ---- netpbm-10.47.04/converter/ppm/ppmtoeyuv.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoeyuv.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtoeyuv.c.security-code netpbm-10.58.01/converter/ppm/ppmtoeyuv.c +--- netpbm-10.58.01/converter/ppm/ppmtoeyuv.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtoeyuv.c 2012-04-09 15:40:03.206619751 +0200 @@ -114,6 +114,7 @@ create_multiplication_tables(const pixva int index; @@ -731,9 +717,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoeyuv.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(mult299 , maxval+1); MALLOCARRAY_NOFAIL(mult587 , maxval+1); MALLOCARRAY_NOFAIL(mult114 , maxval+1); -diff -up netpbm-10.47.04/converter/ppm/ppmtoicr.c.security netpbm-10.47.04/converter/ppm/ppmtoicr.c ---- netpbm-10.47.04/converter/ppm/ppmtoicr.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoicr.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtoicr.c.security-code netpbm-10.58.01/converter/ppm/ppmtoicr.c +--- netpbm-10.58.01/converter/ppm/ppmtoicr.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtoicr.c 2012-04-09 15:40:03.207619739 +0200 @@ -169,7 +169,7 @@ char* argv[]; if (rleflag) { @@ -743,10 +729,10 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoicr.c.security netpbm-10.47.04/conve p = testimage; for (i=0; i<rows; i++) for (j=0; j<cols; j++) -diff -up netpbm-10.47.04/converter/ppm/ppmtoilbm.c.security netpbm-10.47.04/converter/ppm/ppmtoilbm.c ---- netpbm-10.47.04/converter/ppm/ppmtoilbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoilbm.c 2009-10-21 15:47:50.000000000 +0200 -@@ -1214,6 +1214,7 @@ ppm_to_rgb8(ifP, cols, rows, maxval) +diff -up netpbm-10.58.01/converter/ppm/ppmtoilbm.c.security-code netpbm-10.58.01/converter/ppm/ppmtoilbm.c +--- netpbm-10.58.01/converter/ppm/ppmtoilbm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtoilbm.c 2012-04-09 15:40:03.208619727 +0200 +@@ -1220,6 +1220,7 @@ ppm_to_rgb8(ifP, cols, rows, maxval) maskmethod = 0; /* no masking - RGB8 uses genlock bits */ compmethod = 4; /* RGB8 files are always compressed */ @@ -754,7 +740,7 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoilbm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(compr_row, cols * 4); if( maxval != 255 ) { -@@ -1302,6 +1303,7 @@ ppm_to_rgbn(ifP, cols, rows, maxval) +@@ -1308,6 +1309,7 @@ ppm_to_rgbn(ifP, cols, rows, maxval) maskmethod = 0; /* no masking - RGBN uses genlock bits */ compmethod = 4; /* RGBN files are always compressed */ @@ -762,7 +748,7 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoilbm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(compr_row, cols * 2); if( maxval != 15 ) { -@@ -1779,6 +1781,7 @@ make_val_table(oldmaxval, newmaxval) +@@ -1785,6 +1787,7 @@ make_val_table(oldmaxval, newmaxval) unsigned int i; int * table; @@ -770,7 +756,7 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoilbm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(table, oldmaxval + 1); for (i = 0; i <= oldmaxval; ++i) table[i] = ROUNDDIV(i * newmaxval, oldmaxval); -@@ -2283,8 +2286,11 @@ main(int argc, char ** argv) { +@@ -2293,8 +2296,11 @@ main(int argc, char ** argv) { MALLOCARRAY_NOFAIL(coded_rowbuf, RowBytes(cols)); for (i = 0; i < RowBytes(cols); ++i) coded_rowbuf[i] = 0; @@ -783,9 +769,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoilbm.c.security netpbm-10.47.04/conv } switch (mode) { -diff -up netpbm-10.47.04/converter/ppm/ppmtolj.c.security netpbm-10.47.04/converter/ppm/ppmtolj.c ---- netpbm-10.47.04/converter/ppm/ppmtolj.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtolj.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtolj.c.security-code netpbm-10.58.01/converter/ppm/ppmtolj.c +--- netpbm-10.58.01/converter/ppm/ppmtolj.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtolj.c 2012-04-09 15:40:03.210619701 +0200 @@ -181,7 +181,8 @@ int main(int argc, char *argv[]) { ppm_readppminit( ifp, &cols, &rows, &maxval, &format ); @@ -796,9 +782,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtolj.c.security netpbm-10.47.04/conver obuf = (unsigned char *) pm_allocrow(cols * 3, sizeof(unsigned char)); cbuf = (unsigned char *) pm_allocrow(cols * 6, sizeof(unsigned char)); if (mode == C_TRANS_MODE_DELTA) -diff -up netpbm-10.47.04/converter/ppm/ppmtomitsu.c.security netpbm-10.47.04/converter/ppm/ppmtomitsu.c ---- netpbm-10.47.04/converter/ppm/ppmtomitsu.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtomitsu.c 2009-10-21 15:48:30.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtomitsu.c.security-code netpbm-10.58.01/converter/ppm/ppmtomitsu.c +--- netpbm-10.58.01/converter/ppm/ppmtomitsu.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtomitsu.c 2012-04-09 15:40:03.210619702 +0200 @@ -685,6 +685,8 @@ main(int argc, char * argv[]) { medias = MSize_User; @@ -808,9 +794,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtomitsu.c.security netpbm-10.47.04/con medias.maxcols *= 2; medias.maxrows *= 2; } -diff -up netpbm-10.47.04/converter/ppm/ppmtopcx.c.security netpbm-10.47.04/converter/ppm/ppmtopcx.c ---- netpbm-10.47.04/converter/ppm/ppmtopcx.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtopcx.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtopcx.c.security-code netpbm-10.58.01/converter/ppm/ppmtopcx.c +--- netpbm-10.58.01/converter/ppm/ppmtopcx.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtopcx.c 2012-04-09 15:40:03.210619702 +0200 @@ -419,6 +419,8 @@ ppmTo16ColorPcx(pixel ** cons else Planes = 1; } @@ -820,21 +806,21 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtopcx.c.security netpbm-10.47.04/conve BytesPerLine = ((cols * BitsPerPixel) + 7) / 8; MALLOCARRAY_NOFAIL(indexRow, cols); MALLOCARRAY_NOFAIL(planesrow, BytesPerLine); -diff -up netpbm-10.47.04/converter/ppm/ppmtopict.c.security netpbm-10.47.04/converter/ppm/ppmtopict.c ---- netpbm-10.47.04/converter/ppm/ppmtopict.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtopict.c 2009-10-21 15:09:33.000000000 +0200 -@@ -245,6 +245,8 @@ char *argv[]; - putShort(stdout, 0); /* mode */ +diff -up netpbm-10.58.01/converter/ppm/ppmtopict.c.security-code netpbm-10.58.01/converter/ppm/ppmtopict.c +--- netpbm-10.58.01/converter/ppm/ppmtopict.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtopict.c 2012-04-09 15:40:03.211619690 +0200 +@@ -441,6 +441,8 @@ main(int argc, const char ** argv) { + putShort(stdout, 0); /* mode */ /* Finally, write out the data. */ -+ overflow_add(cols/MAX_COUNT, 1); -+ overflow_add(cols, cols/MAX_COUNT+1); ++ overflow_add(cols/MAX_COUNT, 1); ++ overflow_add(cols, cols/MAX_COUNT+1); packed = malloc((unsigned)(cols+cols/MAX_COUNT+1)); for (row = 0, oc = 0; row < rows; row++) oc += putRow(stdout, row, cols, pixels[row], packed); -diff -up netpbm-10.47.04/converter/ppm/ppmtopj.c.security netpbm-10.47.04/converter/ppm/ppmtopj.c ---- netpbm-10.47.04/converter/ppm/ppmtopj.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtopj.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtopj.c.security-code netpbm-10.58.01/converter/ppm/ppmtopj.c +--- netpbm-10.58.01/converter/ppm/ppmtopj.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtopj.c 2012-04-09 15:40:03.212619677 +0200 @@ -179,6 +179,7 @@ char *argv[]; pixels = ppm_readppm( ifp, &cols, &rows, &maxval ); @@ -843,9 +829,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtopj.c.security netpbm-10.47.04/conver obuf = (unsigned char *) pm_allocrow(cols, sizeof(unsigned char)); cbuf = (unsigned char *) pm_allocrow(cols * 2, sizeof(unsigned char)); -diff -up netpbm-10.47.04/converter/ppm/ppmtopjxl.c.security netpbm-10.47.04/converter/ppm/ppmtopjxl.c ---- netpbm-10.47.04/converter/ppm/ppmtopjxl.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtopjxl.c 2009-10-21 15:43:31.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtopjxl.c.security-code netpbm-10.58.01/converter/ppm/ppmtopjxl.c +--- netpbm-10.58.01/converter/ppm/ppmtopjxl.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtopjxl.c 2012-04-09 15:40:03.212619677 +0200 @@ -276,6 +276,8 @@ main(int argc, const char * argv[]) { pm_error("image too large; reduce with ppmscale"); if (maxval > PCL_MAXVAL) @@ -878,9 +864,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtopjxl.c.security netpbm-10.47.04/conv inrow = (char *)malloc((unsigned)bpp); outrow = (char *)malloc((unsigned)bpp*2); runcnt = (signed char *)malloc((unsigned)bpp); -diff -up netpbm-10.47.04/converter/ppm/ppmtowinicon.c.security netpbm-10.47.04/converter/ppm/ppmtowinicon.c ---- netpbm-10.47.04/converter/ppm/ppmtowinicon.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtowinicon.c 2009-10-21 15:44:54.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ppmtowinicon.c.security-code netpbm-10.58.01/converter/ppm/ppmtowinicon.c +--- netpbm-10.58.01/converter/ppm/ppmtowinicon.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtowinicon.c 2012-04-09 15:40:03.213619664 +0200 @@ -12,6 +12,7 @@ #include <math.h> @@ -924,10 +910,10 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtowinicon.c.security netpbm-10.47.04/c entry->size_in_bytes = xorBitmap->size + andBitmap->size + 40 + (4 * entry->color_count); if (verbose) -diff -up netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security netpbm-10.47.04/converter/ppm/ppmtoxpm.c ---- netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoxpm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -197,6 +197,7 @@ genNumstr(unsigned int const input, int +diff -up netpbm-10.58.01/converter/ppm/ppmtoxpm.c.security-code netpbm-10.58.01/converter/ppm/ppmtoxpm.c +--- netpbm-10.58.01/converter/ppm/ppmtoxpm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ppmtoxpm.c 2012-04-09 15:40:03.214619651 +0200 +@@ -197,6 +197,7 @@ genNumstr(unsigned int const input, int unsigned int i; /* Allocate memory for printed number. Abort if error. */ @@ -935,7 +921,7 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security netpbm-10.47.04/conve if (!(str = (char *) malloc(digits + 1))) pm_error("out of memory"); -@@ -314,6 +315,7 @@ genCmap(colorhist_vector const chv, +@@ -314,6 +315,7 @@ genCmap(colorhist_vector const chv, unsigned int charsPerPixel; unsigned int xpmMaxval; @@ -943,9 +929,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security netpbm-10.47.04/conve MALLOCARRAY(cmap, cmapSize); if (cmapP == NULL) pm_error("Out of memory allocating %u bytes for a color map.", -diff -up netpbm-10.47.04/converter/ppm/qrttoppm.c.security netpbm-10.47.04/converter/ppm/qrttoppm.c ---- netpbm-10.47.04/converter/ppm/qrttoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/qrttoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/qrttoppm.c.security-code netpbm-10.58.01/converter/ppm/qrttoppm.c +--- netpbm-10.58.01/converter/ppm/qrttoppm.c.security-code 2012-04-09 15:31:42.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/qrttoppm.c 2012-04-09 15:40:03.215619638 +0200 @@ -46,7 +46,7 @@ main( argc, argv ) ppm_writeppminit( stdout, cols, rows, maxval, 0 ); @@ -955,9 +941,9 @@ diff -up netpbm-10.47.04/converter/ppm/qrttoppm.c.security netpbm-10.47.04/conve if ( buf == (unsigned char *) 0 ) pm_error( "out of memory" ); -diff -up netpbm-10.47.04/converter/ppm/sldtoppm.c.security netpbm-10.47.04/converter/ppm/sldtoppm.c ---- netpbm-10.47.04/converter/ppm/sldtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/sldtoppm.c 2009-10-21 15:44:11.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/sldtoppm.c.security-code netpbm-10.58.01/converter/ppm/sldtoppm.c +--- netpbm-10.58.01/converter/ppm/sldtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/sldtoppm.c 2012-04-09 15:40:03.216619626 +0200 @@ -455,6 +455,8 @@ slider(slvecfn slvec, /* Allocate image buffer and clear it to black. */ @@ -967,9 +953,9 @@ diff -up netpbm-10.47.04/converter/ppm/sldtoppm.c.security netpbm-10.47.04/conve pixels = ppm_allocarray(pixcols = ixdots + 1, pixrows = iydots + 1); PPM_ASSIGN(rgbcolor, 0, 0, 0); ppmd_filledrectangle(pixels, pixcols, pixrows, pixmaxval, 0, 0, -diff -up netpbm-10.47.04/converter/ppm/ximtoppm.c.security netpbm-10.47.04/converter/ppm/ximtoppm.c ---- netpbm-10.47.04/converter/ppm/ximtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ximtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/ximtoppm.c.security-code netpbm-10.58.01/converter/ppm/ximtoppm.c +--- netpbm-10.58.01/converter/ppm/ximtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/ximtoppm.c 2012-04-09 15:40:03.216619626 +0200 @@ -117,6 +117,7 @@ ReadXimHeader(FILE * const in_fp, header->bits_channel = atoi(a_head.bits_per_channel); header->alpha_flag = atoi(a_head.alpha_channel); @@ -1002,20 +988,9 @@ diff -up netpbm-10.47.04/converter/ppm/ximtoppm.c.security netpbm-10.47.04/conve header->colors = (Color *)calloc((unsigned int)header->ncolors, sizeof(Color)); if (header->colors == NULL) { -diff -up netpbm-10.47.04/converter/ppm/xpmtoppm.c.security netpbm-10.47.04/converter/ppm/xpmtoppm.c ---- netpbm-10.47.04/converter/ppm/xpmtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/xpmtoppm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -701,6 +701,7 @@ ReadXPMFile(FILE * const stream, int * c - &ncolors, colorsP, &ptab); - *transparentP = -1; /* No transparency in version 1 */ - } -+ overflow2(*widthP, *heightP); - totalpixels = *widthP * *heightP; - MALLOCARRAY(*dataP, totalpixels); - if (*dataP == NULL) -diff -up netpbm-10.47.04/converter/ppm/yuvtoppm.c.security netpbm-10.47.04/converter/ppm/yuvtoppm.c ---- netpbm-10.47.04/converter/ppm/yuvtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/yuvtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/converter/ppm/yuvtoppm.c.security-code netpbm-10.58.01/converter/ppm/yuvtoppm.c +--- netpbm-10.58.01/converter/ppm/yuvtoppm.c.security-code 2012-04-09 15:31:44.000000000 +0200 ++++ netpbm-10.58.01/converter/ppm/yuvtoppm.c 2012-04-09 15:40:03.218619602 +0200 @@ -72,6 +72,7 @@ main(argc, argv) ppm_writeppminit(stdout, cols, rows, (pixval) 255, 0); @@ -1024,9 +999,9 @@ diff -up netpbm-10.47.04/converter/ppm/yuvtoppm.c.security netpbm-10.47.04/conve MALLOCARRAY(yuvbuf, (cols+1)/2); if (yuvbuf == NULL) pm_error("Unable to allocate YUV buffer for %d columns.", cols); -diff -up netpbm-10.47.04/editor/pamcut.c.security netpbm-10.47.04/editor/pamcut.c ---- netpbm-10.47.04/editor/pamcut.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pamcut.c 2009-10-21 15:29:36.000000000 +0200 +diff -up netpbm-10.58.01/editor/pamcut.c.security-code netpbm-10.58.01/editor/pamcut.c +--- netpbm-10.58.01/editor/pamcut.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/pamcut.c 2012-04-09 15:40:03.218619602 +0200 @@ -655,6 +655,8 @@ cutOneImage(FILE * const ifP outpam = inpam; /* Initial value -- most fields should be same */ @@ -1036,9 +1011,9 @@ diff -up netpbm-10.47.04/editor/pamcut.c.security netpbm-10.47.04/editor/pamcut. outpam.width = rightcol - leftcol + 1; outpam.height = bottomrow - toprow + 1; -diff -up netpbm-10.47.04/editor/pbmreduce.c.security netpbm-10.47.04/editor/pbmreduce.c ---- netpbm-10.47.04/editor/pbmreduce.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pbmreduce.c 2009-10-21 15:26:13.000000000 +0200 +diff -up netpbm-10.58.01/editor/pbmreduce.c.security-code netpbm-10.58.01/editor/pbmreduce.c +--- netpbm-10.58.01/editor/pbmreduce.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/pbmreduce.c 2012-04-09 15:40:03.219619590 +0200 @@ -94,6 +94,7 @@ main( argc, argv ) if (halftone == QT_FS) { unsigned int col; @@ -1047,10 +1022,10 @@ diff -up netpbm-10.47.04/editor/pbmreduce.c.security netpbm-10.47.04/editor/pbmr MALLOCARRAY(thiserr, newcols + 2); MALLOCARRAY(nexterr, newcols + 2); if (thiserr == NULL || nexterr == NULL) -diff -up netpbm-10.47.04/editor/pnmgamma.c.security netpbm-10.47.04/editor/pnmgamma.c ---- netpbm-10.47.04/editor/pnmgamma.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmgamma.c 2009-10-21 15:09:34.000000000 +0200 -@@ -586,6 +586,7 @@ createGammaTables(enum transferFunction +diff -up netpbm-10.58.01/editor/pnmgamma.c.security-code netpbm-10.58.01/editor/pnmgamma.c +--- netpbm-10.58.01/editor/pnmgamma.c.security-code 2012-04-09 15:31:34.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmgamma.c 2012-04-09 15:40:03.220619577 +0200 +@@ -586,6 +586,7 @@ createGammaTables(enum transferFunction xelval ** const btableP) { /* Allocate space for the tables. */ @@ -1058,9 +1033,9 @@ diff -up netpbm-10.47.04/editor/pnmgamma.c.security netpbm-10.47.04/editor/pnmga MALLOCARRAY(*rtableP, maxval+1); MALLOCARRAY(*gtableP, maxval+1); MALLOCARRAY(*btableP, maxval+1); -diff -up netpbm-10.47.04/editor/pnmhisteq.c.security netpbm-10.47.04/editor/pnmhisteq.c ---- netpbm-10.47.04/editor/pnmhisteq.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmhisteq.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/editor/pnmhisteq.c.security-code netpbm-10.58.01/editor/pnmhisteq.c +--- netpbm-10.58.01/editor/pnmhisteq.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmhisteq.c 2012-04-09 15:40:03.220619577 +0200 @@ -103,6 +103,7 @@ computeLuminosityHistogram(xel * const * unsigned int pixelCount; unsigned int * lumahist; @@ -1069,9 +1044,9 @@ diff -up netpbm-10.47.04/editor/pnmhisteq.c.security netpbm-10.47.04/editor/pnmh MALLOCARRAY(lumahist, maxval + 1); if (lumahist == NULL) pm_error("Out of storage allocating array for %u histogram elements", -diff -up netpbm-10.47.04/editor/pnmindex.csh.security netpbm-10.47.04/editor/pnmindex.csh ---- netpbm-10.47.04/editor/pnmindex.csh.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmindex.csh 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/editor/pnmindex.csh.security-code netpbm-10.58.01/editor/pnmindex.csh +--- netpbm-10.58.01/editor/pnmindex.csh.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmindex.csh 2012-04-09 15:40:03.221619564 +0200 @@ -1,5 +1,8 @@ #!/bin/csh -f # @@ -1081,9 +1056,9 @@ diff -up netpbm-10.47.04/editor/pnmindex.csh.security netpbm-10.47.04/editor/pnm # pnmindex - build a visual index of a bunch of anymaps # # Copyright (C) 1991 by Jef Poskanzer. -diff -up netpbm-10.47.04/editor/pnmpad.c.security netpbm-10.47.04/editor/pnmpad.c ---- netpbm-10.47.04/editor/pnmpad.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmpad.c 2009-10-21 15:33:51.000000000 +0200 +diff -up netpbm-10.58.01/editor/pnmpad.c.security-code netpbm-10.58.01/editor/pnmpad.c +--- netpbm-10.58.01/editor/pnmpad.c.security-code 2012-04-09 15:31:34.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmpad.c 2012-04-09 15:40:03.221619564 +0200 @@ -527,6 +527,8 @@ main(int argc, const char ** argv) { computePadSizes(cmdline, cols, rows, &lpad, &rpad, &tpad, &bpad); @@ -1093,11 +1068,10 @@ diff -up netpbm-10.47.04/editor/pnmpad.c.security netpbm-10.47.04/editor/pnmpad. newcols = cols + lpad + rpad; if (PNM_FORMAT_TYPE(format) == PBM_TYPE) -diff -up netpbm-10.47.04/editor/pnmpaste.c.security netpbm-10.47.04/editor/pnmpaste.c -diff -up netpbm-10.47.04/editor/pnmremap.c.security netpbm-10.47.04/editor/pnmremap.c ---- netpbm-10.47.04/editor/pnmremap.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmremap.c 2009-10-21 15:28:20.000000000 +0200 -@@ -408,7 +408,7 @@ initFserr(struct pam * const pamP, +diff -up netpbm-10.58.01/editor/pnmremap.c.security-code netpbm-10.58.01/editor/pnmremap.c +--- netpbm-10.58.01/editor/pnmremap.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmremap.c 2012-04-09 15:40:03.222619551 +0200 +@@ -409,7 +409,7 @@ initFserr(struct pam * const pamP, unsigned int plane; unsigned int const fserrSize = pamP->width + 2; @@ -1106,7 +1080,7 @@ diff -up netpbm-10.47.04/editor/pnmremap.c.security netpbm-10.47.04/editor/pnmre fserrP->width = pamP->width; MALLOCARRAY(fserrP->thiserr, pamP->depth); -@@ -444,6 +444,7 @@ floydInitRow(struct pam * const pamP, st +@@ -445,6 +445,7 @@ floydInitRow(struct pam * const pamP, st int col; @@ -1114,10 +1088,10 @@ diff -up netpbm-10.47.04/editor/pnmremap.c.security netpbm-10.47.04/editor/pnmre for (col = 0; col < pamP->width + 2; ++col) { unsigned int plane; for (plane = 0; plane < pamP->depth; ++plane) -diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/pnmscalefixed.c ---- netpbm-10.47.04/editor/pnmscalefixed.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmscalefixed.c 2009-10-21 15:09:34.000000000 +0200 -@@ -211,6 +211,8 @@ compute_output_dimensions(const struct c +diff -up netpbm-10.58.01/editor/pnmscalefixed.c.security-code netpbm-10.58.01/editor/pnmscalefixed.c +--- netpbm-10.58.01/editor/pnmscalefixed.c.security-code 2012-04-09 15:31:34.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmscalefixed.c 2012-04-09 15:40:03.223619538 +0200 +@@ -214,6 +214,8 @@ compute_output_dimensions(const struct c const int rows, const int cols, int * newrowsP, int * newcolsP) { @@ -1126,7 +1100,7 @@ diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/ if (cmdline.pixels) { if (rows * cols <= cmdline.pixels) { *newrowsP = rows; -@@ -262,6 +264,8 @@ compute_output_dimensions(const struct c +@@ -265,6 +267,8 @@ compute_output_dimensions(const struct c if (*newcolsP < 1) *newcolsP = 1; if (*newrowsP < 1) *newrowsP = 1; @@ -1135,7 +1109,7 @@ diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/ } -@@ -443,6 +447,9 @@ main(int argc, char **argv ) { +@@ -446,6 +450,9 @@ main(int argc, char **argv ) { unfilled. We can address that by stretching, whereas the other case would require throwing away some of the input. */ @@ -1145,9 +1119,9 @@ diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/ sxscale = SCALE * newcols / cols; syscale = SCALE * newrows / rows; -diff -up netpbm-10.47.04/editor/pnmshear.c.security netpbm-10.47.04/editor/pnmshear.c ---- netpbm-10.47.04/editor/pnmshear.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmshear.c 2009-10-21 15:31:26.000000000 +0200 +diff -up netpbm-10.58.01/editor/pnmshear.c.security-code netpbm-10.58.01/editor/pnmshear.c +--- netpbm-10.58.01/editor/pnmshear.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/pnmshear.c 2012-04-09 15:40:03.224619526 +0200 @@ -15,6 +15,7 @@ #include <assert.h> #include <math.h> @@ -1168,9 +1142,25 @@ diff -up netpbm-10.47.04/editor/pnmshear.c.security netpbm-10.47.04/editor/pnmsh newcols = rows * shearfac + cols + 0.999999; pnm_writepnminit(stdout, newcols, rows, newmaxval, newformat, 0); -diff -up netpbm-10.47.04/editor/specialty/pamoil.c.security netpbm-10.47.04/editor/specialty/pamoil.c ---- netpbm-10.47.04/editor/specialty/pamoil.c.security 2009-10-21 13:38:56.000000000 +0200 -+++ netpbm-10.47.04/editor/specialty/pamoil.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.58.01/editor/ppmdither.c.security-code netpbm-10.58.01/editor/ppmdither.c +--- netpbm-10.58.01/editor/ppmdither.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/ppmdither.c 2012-04-09 15:40:03.224619526 +0200 +@@ -355,7 +355,11 @@ dithMatrix(unsigned int const dithPower) + unsigned int const dithMatSize = + (dithDim * sizeof(*dithMat)) + /* pointers */ + (dithDim * dithDim * sizeof(**dithMat)); /* data */ +- ++ ++ overflow2(dithDim, sizeof(*dithMat)); ++ overflow3(dithDim, dithDim, sizeof(**dithMat)); ++ overflow_add(dithDim * sizeof(*dithMat), dithDim * dithDim * sizeof(**dithMat)); ++ + dithMat = malloc(dithMatSize); + + if (dithMat == NULL) +diff -up netpbm-10.58.01/editor/specialty/pamoil.c.security-code netpbm-10.58.01/editor/specialty/pamoil.c +--- netpbm-10.58.01/editor/specialty/pamoil.c.security-code 2012-04-09 15:31:33.000000000 +0200 ++++ netpbm-10.58.01/editor/specialty/pamoil.c 2012-04-09 15:40:03.224619526 +0200 @@ -112,6 +112,7 @@ main(int argc, char *argv[] ) { tuples = pnm_readpam(ifp, &inpam, PAM_STRUCT_SIZE(tuple_type)); pm_close(ifp); @@ -1179,9 +1169,9 @@ diff -up netpbm-10.47.04/editor/specialty/pamoil.c.security netpbm-10.47.04/edit MALLOCARRAY(hist, inpam.maxval + 1); if (hist == NULL) pm_error("Unable to allocate memory for histogram."); -diff -up netpbm-10.47.04/generator/pbmtext.c.security netpbm-10.47.04/generator/pbmtext.c ---- netpbm-10.47.04/generator/pbmtext.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pbmtext.c 2009-10-21 15:23:15.000000000 +0200 +diff -up netpbm-10.58.01/generator/pbmtext.c.security-code netpbm-10.58.01/generator/pbmtext.c +--- netpbm-10.58.01/generator/pbmtext.c.security-code 2012-04-09 15:31:34.000000000 +0200 ++++ netpbm-10.58.01/generator/pbmtext.c 2012-04-09 15:40:03.225619514 +0200 @@ -96,12 +96,14 @@ parseCommandLine(int argc, const char ** for (i = 1; i < argc; ++i) { @@ -1197,15 +1187,15 @@ diff -up netpbm-10.47.04/generator/pbmtext.c.security netpbm-10.47.04/generator/ totaltextsize += strlen(argv[i]); text = realloc(text, totaltextsize); if (text == NULL) -@@ -711,6 +713,7 @@ getText(const char cmdline_text +@@ -712,6 +714,7 @@ getText(const char cmdline_text pm_error("A line of input text is longer than %u characters." - "Cannot process.", sizeof(buf)-1); + "Cannot process.", (unsigned)sizeof(buf)-1); if (lineCount >= maxlines) { -+ overflow2(maxlines, 2); ++ overflow2(maxlines, 2); maxlines *= 2; REALLOCARRAY(text_array, maxlines); if (text_array == NULL) -@@ -831,6 +834,7 @@ main(int argc, const char *argv[]) { +@@ -832,6 +835,7 @@ main(int argc, const char *argv[]) { hmargin = fontP->maxwidth; } else { vmargin = fontP->maxheight; @@ -1213,9 +1203,9 @@ diff -up netpbm-10.47.04/generator/pbmtext.c.security netpbm-10.47.04/generator/ hmargin = 2 * fontP->maxwidth; } } -diff -up netpbm-10.47.04/generator/pgmcrater.c.security netpbm-10.47.04/generator/pgmcrater.c ---- netpbm-10.47.04/generator/pgmcrater.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pgmcrater.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/generator/pgmcrater.c.security-code netpbm-10.58.01/generator/pgmcrater.c +--- netpbm-10.58.01/generator/pgmcrater.c.security-code 2012-04-09 15:31:34.000000000 +0200 ++++ netpbm-10.58.01/generator/pgmcrater.c 2012-04-09 15:40:03.226619502 +0200 @@ -130,7 +130,7 @@ static void gencraters() /* Acquire the elevation array and initialize it to mean surface elevation. */ @@ -1225,9 +1215,9 @@ diff -up netpbm-10.47.04/generator/pgmcrater.c.security netpbm-10.47.04/generato if (aux == NULL) pm_error("out of memory allocating elevation array"); -diff -up netpbm-10.47.04/generator/pgmkernel.c.security netpbm-10.47.04/generator/pgmkernel.c ---- netpbm-10.47.04/generator/pgmkernel.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pgmkernel.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/generator/pgmkernel.c.security-code netpbm-10.58.01/generator/pgmkernel.c +--- netpbm-10.58.01/generator/pgmkernel.c.security-code 2012-04-09 15:31:34.000000000 +0200 ++++ netpbm-10.58.01/generator/pgmkernel.c 2012-04-09 15:40:03.226619502 +0200 @@ -68,7 +68,7 @@ main ( argc, argv ) kycenter = (fysize - 1) / 2.0; ixsize = fxsize + 0.999; @@ -1237,22 +1227,22 @@ diff -up netpbm-10.47.04/generator/pgmkernel.c.security netpbm-10.47.04/generato for (i = 0; i < iysize; i++) for (j = 0; j < ixsize; j++) { fkernel[i*ixsize+j] = 1.0 / (1.0 + w * sqrt((double) -diff -up netpbm-10.47.04/lib/libpam.c.security netpbm-10.47.04/lib/libpam.c ---- netpbm-10.47.04/lib/libpam.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpam.c 2009-10-21 15:09:34.000000000 +0200 -@@ -235,7 +235,8 @@ allocPamRow(const struct pam * const pam - int const bytesPerTuple = allocationDepth(pamP) * sizeof(sample); +diff -up netpbm-10.58.01/lib/libpam.c.security-code netpbm-10.58.01/lib/libpam.c +--- netpbm-10.58.01/lib/libpam.c.security-code 2012-04-09 15:31:38.000000000 +0200 ++++ netpbm-10.58.01/lib/libpam.c 2012-04-09 15:40:03.227619490 +0200 +@@ -220,7 +220,8 @@ allocPamRow(const struct pam * const pam + unsigned int const bytesPerTuple = allocationDepth(pamP) * sizeof(sample); tuple * tuplerow; - tuplerow = malloc(pamP->width * (sizeof(tuple *) + bytesPerTuple)); + overflow_add(sizeof(tuple *), bytesPerTuple); -+ tuplerow = malloc2(pamP->width, sizeof(tuple *) + bytesPerTuple); ++ tuplerow = malloc2(pamP->width, (sizeof(tuple *) + bytesPerTuple)); if (tuplerow != NULL) { /* Now we initialize the pointers to the individual tuples -diff -up netpbm-10.47.04/lib/libpammap.c.security netpbm-10.47.04/lib/libpammap.c ---- netpbm-10.47.04/lib/libpammap.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpammap.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/lib/libpammap.c.security-code netpbm-10.58.01/lib/libpammap.c +--- netpbm-10.58.01/lib/libpammap.c.security-code 2012-04-09 15:31:38.000000000 +0200 ++++ netpbm-10.58.01/lib/libpammap.c 2012-04-09 15:40:03.228619477 +0200 @@ -104,6 +104,8 @@ allocTupleIntListItem(struct pam * const */ struct tupleint_list_item * retval; @@ -1262,9 +1252,9 @@ diff -up netpbm-10.47.04/lib/libpammap.c.security netpbm-10.47.04/lib/libpammap. unsigned int const size = sizeof(*retval) - sizeof(retval->tupleint.tuple) + pamP->depth * sizeof(sample); -diff -up netpbm-10.47.04/lib/libpbm1.c.security netpbm-10.47.04/lib/libpbm1.c ---- netpbm-10.47.04/lib/libpbm1.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpbm1.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/lib/libpbm1.c.security-code netpbm-10.58.01/lib/libpbm1.c +--- netpbm-10.58.01/lib/libpbm1.c.security-code 2012-04-09 15:31:38.000000000 +0200 ++++ netpbm-10.58.01/lib/libpbm1.c 2012-04-09 15:40:03.228619477 +0200 @@ -77,6 +77,7 @@ pbm_check(FILE * file, const enum pm_che pm_message("pm_filepos passed to pm_check() is %u bytes", sizeof(pm_filepos)); @@ -1273,9 +1263,10 @@ diff -up netpbm-10.47.04/lib/libpbm1.c.security netpbm-10.47.04/lib/libpbm1.c pm_check(file, check_type, need_raster_size, retval_p); } } ---- netpbm-10.47.04/lib/libpm.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpm.c 2009-10-21 15:09:34.000000000 +0200 -@@ -827,4 +827,53 @@ pm_parse_height(const char * const arg) +diff -up netpbm-10.58.01/lib/libpm.c.security-code netpbm-10.58.01/lib/libpm.c +--- netpbm-10.58.01/lib/libpm.c.security-code 2012-04-09 15:31:38.000000000 +0200 ++++ netpbm-10.58.01/lib/libpm.c 2012-04-09 15:40:03.229619464 +0200 +@@ -808,4 +808,53 @@ pm_parse_height(const char * const arg) } @@ -1329,10 +1320,10 @@ diff -up netpbm-10.47.04/lib/libpbm1.c.security netpbm-10.47.04/lib/libpbm1.c + return realloc(a, b*c); +} -diff -up netpbm-10.47.04/lib/pm.h.security netpbm-10.47.04/lib/pm.h ---- netpbm-10.47.04/lib/pm.h.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/pm.h 2009-10-21 15:09:34.000000000 +0200 -@@ -377,4 +377,11 @@ pm_parse_height(const char * const arg); +diff -up netpbm-10.58.01/lib/pm.h.security-code netpbm-10.58.01/lib/pm.h +--- netpbm-10.58.01/lib/pm.h.security-code 2012-04-09 15:31:38.000000000 +0200 ++++ netpbm-10.58.01/lib/pm.h 2012-04-09 15:40:03.229619464 +0200 +@@ -432,4 +432,11 @@ pm_parse_height(const char * const arg); #endif @@ -1344,9 +1335,9 @@ diff -up netpbm-10.47.04/lib/pm.h.security netpbm-10.47.04/lib/pm.h +void overflow_add(int, int); + #endif -diff -up netpbm-10.47.04/other/pnmcolormap.c.security netpbm-10.47.04/other/pnmcolormap.c ---- netpbm-10.47.04/other/pnmcolormap.c.security 2009-10-21 13:38:54.000000000 +0200 -+++ netpbm-10.47.04/other/pnmcolormap.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/other/pnmcolormap.c.security-code netpbm-10.58.01/other/pnmcolormap.c +--- netpbm-10.58.01/other/pnmcolormap.c.security-code 2012-04-09 15:31:32.000000000 +0200 ++++ netpbm-10.58.01/other/pnmcolormap.c 2012-04-09 15:40:03.230619451 +0200 @@ -840,6 +840,7 @@ colormapToSquare(struct pam * const pamP pamP->width = intsqrt; else @@ -1355,9 +1346,21 @@ diff -up netpbm-10.47.04/other/pnmcolormap.c.security netpbm-10.47.04/other/pnmc } { unsigned int const intQuotient = colormap.size / pamP->width; -diff -up netpbm-10.47.04/urt/rle_addhist.c.security netpbm-10.47.04/urt/rle_addhist.c ---- netpbm-10.47.04/urt/rle_addhist.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_addhist.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/urt/README.security-code netpbm-10.58.01/urt/README +--- netpbm-10.58.01/urt/README.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/README 2012-04-09 15:40:03.231619438 +0200 +@@ -18,3 +18,8 @@ in its initializer in the original. But + defines stdout as a variable, so that wouldn't compile. So I changed + it to NULL and added a line to rle_hdr_init to set that field to + 'stdout' dynamically. 2000.06.02 BJH. ++ ++Redid the code to check for maths overflows and other crawly horrors. ++Removed pipe through and compress support (unsafe) ++ ++Alan Cox <alan@redhat.com> +diff -up netpbm-10.58.01/urt/rle_addhist.c.security-code netpbm-10.58.01/urt/rle_addhist.c +--- netpbm-10.58.01/urt/rle_addhist.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/rle_addhist.c 2012-04-09 15:40:03.231619438 +0200 @@ -14,6 +14,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1367,7 +1370,7 @@ diff -up netpbm-10.47.04/urt/rle_addhist.c.security netpbm-10.47.04/urt/rle_addh */ /* * rle_addhist.c - Add to the HISTORY comment in header -@@ -76,13 +78,19 @@ rle_addhist(char * argv[], +@@ -71,13 +73,19 @@ rle_addhist(char * argv[], return; length = 0; @@ -1388,7 +1391,7 @@ diff -up netpbm-10.47.04/urt/rle_addhist.c.security netpbm-10.47.04/urt/rle_addh length += strlen(padding) + 3 + strlen(histoire) + 1; /* length of padding, "on " and length of history name plus "="*/ if (in_hdr) /* if we are interested in the old comments... */ -@@ -90,9 +98,12 @@ rle_addhist(char * argv[], +@@ -85,9 +93,12 @@ rle_addhist(char * argv[], else old = NULL; @@ -1402,9 +1405,9 @@ diff -up netpbm-10.47.04/urt/rle_addhist.c.security netpbm-10.47.04/urt/rle_addh ++length; /*Cater for the null. */ MALLOCARRAY(newc, length); -diff -up netpbm-10.47.04/urt/rle_getrow.c.security netpbm-10.47.04/urt/rle_getrow.c ---- netpbm-10.47.04/urt/rle_getrow.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_getrow.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/urt/rle_getrow.c.security-code netpbm-10.58.01/urt/rle_getrow.c +--- netpbm-10.58.01/urt/rle_getrow.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/rle_getrow.c 2012-04-09 15:40:03.232619426 +0200 @@ -17,6 +17,8 @@ * * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire @@ -1422,9 +1425,9 @@ diff -up netpbm-10.47.04/urt/rle_getrow.c.security netpbm-10.47.04/urt/rle_getro evenlen = (comlen + 1) & ~1; /* make it even */ if ( evenlen ) { -diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c ---- netpbm-10.47.04/urt/rle_hdr.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_hdr.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/urt/rle_hdr.c.security-code netpbm-10.58.01/urt/rle_hdr.c +--- netpbm-10.58.01/urt/rle_hdr.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/rle_hdr.c 2012-04-09 15:40:03.233619414 +0200 @@ -14,6 +14,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1434,7 +1437,7 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c */ /* * rle_hdr.c - Functions to manipulate rle_hdr structures. -@@ -79,7 +81,10 @@ int img_num; +@@ -80,7 +82,10 @@ int img_num; /* Fill in with copies of the strings. */ if ( the_hdr->cmd != pgmname ) { @@ -1446,7 +1449,7 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c RLE_CHECK_ALLOC( pgmname, tmp, 0 ); strcpy( tmp, pgmname ); the_hdr->cmd = tmp; -@@ -87,7 +92,9 @@ int img_num; +@@ -88,7 +93,9 @@ int img_num; if ( the_hdr->file_name != fname ) { @@ -1457,7 +1460,7 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c RLE_CHECK_ALLOC( pgmname, tmp, 0 ); strcpy( tmp, fname ); the_hdr->file_name = tmp; -@@ -152,6 +159,7 @@ rle_hdr *from_hdr, *to_hdr; +@@ -153,6 +160,7 @@ rle_hdr *from_hdr, *to_hdr; if ( to_hdr->bg_color ) { int size = to_hdr->ncolors * sizeof(int); @@ -1465,7 +1468,7 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c to_hdr->bg_color = (int *)malloc( size ); RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->bg_color, "background color" ); memcpy( to_hdr->bg_color, from_hdr->bg_color, size ); -@@ -160,7 +168,7 @@ rle_hdr *from_hdr, *to_hdr; +@@ -161,7 +169,7 @@ rle_hdr *from_hdr, *to_hdr; if ( to_hdr->cmap ) { int size = to_hdr->ncmap * (1 << to_hdr->cmaplen) * sizeof(rle_map); @@ -1474,7 +1477,7 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->cmap, "color map" ); memcpy( to_hdr->cmap, from_hdr->cmap, size ); } -@@ -173,11 +181,16 @@ rle_hdr *from_hdr, *to_hdr; +@@ -174,11 +182,16 @@ rle_hdr *from_hdr, *to_hdr; int size = 0; CONST_DECL char **cp; for ( cp=to_hdr->comments; *cp; cp++ ) @@ -1491,13 +1494,45 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c size *= sizeof(char *); to_hdr->comments = (CONST_DECL char **)malloc( size ); RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->comments, "comments" ); -diff -up netpbm-10.47.04/urt/rle_open_f.c.security netpbm-10.47.04/urt/rle_open_f.c ---- netpbm-10.47.04/urt/rle_open_f.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_open_f.c 2009-10-21 15:15:38.000000000 +0200 -@@ -163,64 +163,7 @@ dealWithSubprocess(const char * const f +diff -up netpbm-10.58.01/urt/rle.h.security-code netpbm-10.58.01/urt/rle.h +--- netpbm-10.58.01/urt/rle.h.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/rle.h 2012-04-09 15:40:03.233619414 +0200 +@@ -14,6 +14,9 @@ + * If you modify this software, you should include a notice giving the + * name of the person performing the modification, the date of modification, + * and the reason for such modification. ++ * ++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com> ++ * Header declarations needed + */ + /* + * rle.h - Global declarations for Utah Raster Toolkit RLE programs. +@@ -160,6 +163,17 @@ rle_hdr /* End of typedef. * + */ + extern rle_hdr rle_dflt_hdr; + ++/* ++ * Provided by pm library ++ */ ++ ++extern void overflow_add(int, int); ++#define overflow2(a,b) __overflow2(a,b) ++extern void __overflow2(int, int); ++extern void overflow3(int, int, int); ++extern void *malloc2(int, int); ++extern void *malloc3(int, int, int); ++extern void *realloc2(void *, int, int); + + /* Declare RLE library routines. */ + +diff -up netpbm-10.58.01/urt/rle_open_f.c.security-code netpbm-10.58.01/urt/rle_open_f.c +--- netpbm-10.58.01/urt/rle_open_f.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/rle_open_f.c 2012-04-09 15:40:03.234619402 +0200 +@@ -163,65 +163,7 @@ dealWithSubprocess(const char * const f + FILE ** const fpP, bool * const noSubprocessP, const char ** const errorP) { - +- -#ifdef NO_OPEN_PIPES *noSubprocessP = TRUE; -#else @@ -1559,9 +1594,9 @@ diff -up netpbm-10.47.04/urt/rle_open_f.c.security netpbm-10.47.04/urt/rle_open_ } -diff -up netpbm-10.47.04/urt/rle_putcom.c.security netpbm-10.47.04/urt/rle_putcom.c ---- netpbm-10.47.04/urt/rle_putcom.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_putcom.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/urt/rle_putcom.c.security-code netpbm-10.58.01/urt/rle_putcom.c +--- netpbm-10.58.01/urt/rle_putcom.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/rle_putcom.c 2012-04-09 15:40:03.234619402 +0200 @@ -14,6 +14,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1587,9 +1622,9 @@ diff -up netpbm-10.47.04/urt/rle_putcom.c.security netpbm-10.47.04/urt/rle_putco /* Not found */ /* Can't realloc because somebody else might be pointing to this * comments block. Of course, if this were true, then the -diff -up netpbm-10.47.04/urt/Runput.c.security netpbm-10.47.04/urt/Runput.c ---- netpbm-10.47.04/urt/Runput.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/Runput.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/urt/Runput.c.security-code netpbm-10.58.01/urt/Runput.c +--- netpbm-10.58.01/urt/Runput.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/Runput.c 2012-04-09 15:40:03.235619390 +0200 @@ -17,6 +17,8 @@ * * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire @@ -1622,9 +1657,9 @@ diff -up netpbm-10.47.04/urt/Runput.c.security netpbm-10.47.04/urt/Runput.c if ( h_cmap == NULL ) { fprintf( stderr, -diff -up netpbm-10.47.04/urt/scanargs.c.security netpbm-10.47.04/urt/scanargs.c ---- netpbm-10.47.04/urt/scanargs.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/scanargs.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.58.01/urt/scanargs.c.security-code netpbm-10.58.01/urt/scanargs.c +--- netpbm-10.58.01/urt/scanargs.c.security-code 2012-04-09 15:31:45.000000000 +0200 ++++ netpbm-10.58.01/urt/scanargs.c 2012-04-09 15:40:03.235619390 +0200 @@ -38,6 +38,8 @@ * * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire @@ -1633,8 +1668,8 @@ diff -up netpbm-10.47.04/urt/scanargs.c.security netpbm-10.47.04/urt/scanargs.c + * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan@redhat.com> */ - #include "rle.h" -@@ -65,8 +67,8 @@ typedef int *ptr; + #include <stdio.h> +@@ -63,8 +65,8 @@ typedef int *ptr; /* * Storage allocation macros */ @@ -1643,26 +1678,5 @@ diff -up netpbm-10.47.04/urt/scanargs.c.security netpbm-10.47.04/urt/scanargs.c +#define NEW( type, cnt ) (type *) malloc2( (cnt) , sizeof( type ) ) +#define RENEW( type, ptr, cnt ) (type *) realloc2( ptr, (cnt), sizeof( type ) ) - #if defined(c_plusplus) && !defined(USE_PROTOTYPES) - #define USE_PROTOTYPES ---- advanced/urt/rle_hdr.c.old 2012-01-21 05:57:25.000000000 -0500 -+++ advanced/urt/rle_hdr.c 2012-01-21 05:57:50.000000000 -0500 -@@ -29,6 +29,18 @@ - - #include <string.h> - -+/* -+ * Provided by pm library -+ */ -+ -+extern void overflow_add(int, int); -+#define overflow2(a,b) __overflow2(a,b) -+extern void __overflow2(int, int); -+extern void overflow3(int, int, int); -+extern void *malloc2(int, int); -+/*extern void *malloc3(int, int, int);*/ -+extern void *realloc2(void *, int, int); -+ - /***************************************************************** - * TAG( rle_names ) - * + static CONST_DECL char * prformat( CONST_DECL char *, int ); + static int isnum( CONST_DECL char *, int, int ); diff --git a/extra/netpbm/netpbm-security-scripts.patch b/extra/netpbm/netpbm-security-scripts.patch index 557914b66..831be8295 100644 --- a/extra/netpbm/netpbm-security-scripts.patch +++ b/extra/netpbm/netpbm-security-scripts.patch @@ -356,24 +356,6 @@ diff -up netpbm-10.47.05/editor/ppmfade.security-scripts netpbm-10.47.05/editor/ +system("rm $tmpdir/junk*$$.ppm"); exit(0); -diff -up netpbm-10.47.05/editor/ppmquantall.security-scripts netpbm-10.47.05/editor/ppmquantall ---- netpbm-10.47.05/editor/ppmquantall.security-scripts 2009-12-10 08:34:32.000000000 +0100 -+++ netpbm-10.47.05/editor/ppmquantall 2010-03-16 21:28:09.000000000 +0100 -@@ -70,12 +70,8 @@ for i in ${files[@]}; do - heights=(${heights[*]} `grep -v '^#' $i | sed '1d; s/.* //; 2q'`) - done - --tempdir="${TMPDIR-/tmp}/ppmquantall.$$" --mkdir -m 0700 $tempdir || \ -- { echo "Could not create temporary file. Exiting."; exit 1;} --trap 'rm -rf $tempdir' 0 1 3 15 -- --all=$tempdir/pqa.all.$$ -+all=$(mktemp -t pqa.all.XXXXXXXXXX) || exit 1 -+rm -f $all - - pnmcat -topbottom -jleft -white ${files[@]} | pnmquant $newcolors > $all - if [ $? != 0 ]; then diff -up netpbm-10.47.05/editor/ppmshadow.security-scripts netpbm-10.47.05/editor/ppmshadow --- netpbm-10.47.05/editor/ppmshadow.security-scripts 2009-12-10 08:34:32.000000000 +0100 +++ netpbm-10.47.05/editor/ppmshadow 2010-03-16 21:28:09.000000000 +0100 |