diff options
Diffstat (limited to 'community')
| -rw-r--r-- | community/xemacs/xemacs-21.5.29-large-images.patch | 96 | ||||
| -rw-r--r-- | community/xemacs/xemacs-21.5.29-vcdiff.patch | 19 |
2 files changed, 0 insertions, 115 deletions
diff --git a/community/xemacs/xemacs-21.5.29-large-images.patch b/community/xemacs/xemacs-21.5.29-large-images.patch deleted file mode 100644 index 535c87186..000000000 --- a/community/xemacs/xemacs-21.5.29-large-images.patch +++ /dev/null @@ -1,96 +0,0 @@ -APPROVE COMMIT 21.5 - -This patch has been committed. When trying to open very large image -files (or image files with header files that claim the image is very -large), we multiply length times width to get the number of pixels in -the image (and possibly multiply that number if a pixel occupies more -than 1 byte). The multiplication can overflow, resulting in passing -negative or insufficiently positive size values to malloc. This patch -checks whether the multiplication will overflow. If so, XEmacs -refuses to attempt to load the image. - -(Patch taken from upstream, already applied there) - ---- a/src/glyphs-eimage.c Mon Jun 29 08:20:47 2009 -0600 -+++ b/src/glyphs-eimage.c Wed Jul 01 15:42:54 2009 -0600 -@@ -409,6 +409,7 @@ - */ - - { -+ UINT_64_BIT pixels_sq; - int jpeg_gray = 0; /* if we're dealing with a grayscale */ - /* Step 4: set parameters for decompression. */ - -@@ -431,7 +432,10 @@ - jpeg_start_decompress (&cinfo); - - /* Step 6: Read in the data and put into EImage format (8bit RGB triples)*/ -- -+ pixels_sq = -+ (UINT_64_BIT) cinfo.output_width * (UINT_64_BIT) cinfo.output_height; -+ if (pixels_sq > ((size_t) -1) / 3) -+ signal_image_error ("JPEG image too large to instantiate", instantiator); - unwind.eimage = - xnew_binbytes (cinfo.output_width * cinfo.output_height * 3); - if (!unwind.eimage) -@@ -677,6 +681,7 @@ - { - ColorMapObject *cmo = unwind.giffile->SColorMap; - int i, j, row, pass, interlace, slice; -+ UINT_64_BIT pixels_sq; - Binbyte *eip; - /* interlaced gifs have rows in this order: - 0, 8, 16, ..., 4, 12, 20, ..., 2, 6, 10, ..., 1, 3, 5, ... */ -@@ -685,6 +690,9 @@ - - height = unwind.giffile->SHeight; - width = unwind.giffile->SWidth; -+ pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height; -+ if (pixels_sq > ((size_t) -1) / (3 * unwind.giffile->ImageCount)) -+ signal_image_error ("GIF image too large to instantiate", instantiator); - unwind.eimage = - xnew_binbytes (width * height * 3 * unwind.giffile->ImageCount); - if (!unwind.eimage) -@@ -948,11 +956,15 @@ - { - int y; - Binbyte **row_pointers; -+ UINT_64_BIT pixels_sq; - height = info_ptr->height; - width = info_ptr->width; -+ pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height; -+ if (pixels_sq > ((size_t) -1) / 3) -+ signal_image_error ("PNG image too large to instantiate", instantiator); - - /* Wow, allocate all the memory. Truly, exciting. */ -- unwind.eimage = xnew_array_and_zero (Binbyte, width * height * 3); -+ unwind.eimage = xnew_array_and_zero (Binbyte, (size_t) (pixels_sq * 3)); - /* libpng expects that the image buffer passed in contains a - picture to draw on top of if the png has any transparencies. - This could be a good place to pass that in... */ -@@ -1299,6 +1311,7 @@ - - uint32 *raster; - Binbyte *ep; -+ UINT_64_BIT pixels_sq; - - assert (!NILP (data)); - -@@ -1321,12 +1334,15 @@ - - TIFFGetField (unwind.tiff, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField (unwind.tiff, TIFFTAG_IMAGELENGTH, &height); -- unwind.eimage = xnew_binbytes (width * height * 3); -+ pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height; -+ if (pixels_sq >= 1 << 29) -+ signal_image_error ("TIFF image too large to instantiate", instantiator); -+ unwind.eimage = xnew_binbytes (pixels_sq * 3); - - /* #### This is little more than proof-of-concept/function testing. - It needs to be reimplemented via scanline reads for both memory - compactness. */ -- raster = (uint32*) _TIFFmalloc (width * height * sizeof (uint32)); -+ raster = (uint32*) _TIFFmalloc ((tsize_t) (pixels_sq * sizeof (uint32))); - if (raster != NULL) - { - int i, j; diff --git a/community/xemacs/xemacs-21.5.29-vcdiff.patch b/community/xemacs/xemacs-21.5.29-vcdiff.patch deleted file mode 100644 index 105eb549e..000000000 --- a/community/xemacs/xemacs-21.5.29-vcdiff.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- lib-src/vcdiff.~1~ 1996-12-18 23:42:33.000000000 +0100 -+++ lib-src/vcdiff 2008-04-09 08:20:36.000000000 +0200 -@@ -79,14 +79,14 @@ - case $f in - s.* | */s.*) - if -- rev1=/tmp/geta$$ -+ rev1=`mktemp /tmp/geta.XXXXXXXX` - get -s -p -k $sid1 "$f" > $rev1 && - case $sid2 in - '') - workfile=`expr " /$f" : '.*/s.\(.*\)'` - ;; - *) -- rev2=/tmp/getb$$ -+ rev2=`mktemp /tmp/getb.XXXXXXXX` - get -s -p -k $sid2 "$f" > $rev2 - workfile=$rev2 - esac |