Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 56161 Details for
Bug 88742
media-gfx/xv: new jumbo patches include security fixes
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch cleaned up by werner fink of suse.
xv-3.10a-yaos.diff (text/plain), 15.08 KB, created by
Tavis Ormandy (RETIRED)
on 2005-04-13 06:32:24 UTC
(
hide
)
Description:
patch cleaned up by werner fink of suse.
Filename:
MIME Type:
Creator:
Tavis Ormandy (RETIRED)
Created:
2005-04-13 06:32:24 UTC
Size:
15.08 KB
patch
obsolete
>diff -ruN xv-3.10a.orig/xvbrowse.c xv-3.10a/xvbrowse.c >--- xv-3.10a.orig/xvbrowse.c 2005-04-13 14:15:46.000000000 +0100 >+++ xv-3.10a/xvbrowse.c 2005-04-13 14:29:06.000000000 +0100 >@@ -4950,7 +4950,21 @@ > > if (dstdir) { > #ifndef VMS /* we don't delete directories in VMS */ >+ char *x, *y, *name; >+ >+ x = (char *) malloc((5 * strlen(dst))+3);*x++ = 0x27; >+ if (!x) >+ FatalError("malloc failure in xvbrowse.c moveFile"); >+ name = x; >+ *x++ = 0x27; >+ for (y = dst; *y; ++y) { >+ if (0x27 == *y) { >+ strcpy(x, "'\"'\"'"); >+ x += strlen(x); >+ } else *x++ = *y; >+ } > sprintf(buf, "rm -rf %s", dst); >+ free(name); > if (system(buf)) { /* okay, so it's cheating... */ > SetISTR(ISTR_WARNING, "Unable to remove directory %s", dst); > return 1; >diff -ruN xv-3.10a.orig/xvpds.c xv-3.10a/xvpds.c >--- xv-3.10a.orig/xvpds.c 2005-04-13 14:15:41.000000000 +0100 >+++ xv-3.10a/xvpds.c 2005-04-13 14:16:16.000000000 +0100 >@@ -77,8 +77,7 @@ > * Huffman-encoded, and the encoding histogram follows the ASCII headers. > * To decode these, we use a slightly modified version of "vdcomp.c" from the > * NASA Viking CD-ROMS. For xv to work, you need to have vdcomp compiled >- * and in your search path. vdcomp.c should be included with this >-distribution. >+ * and in your search path. vdcomp.c should be included with this distribution. > * > * I've heard that newer discs have FITS images on them. If they do, support > * for them will be added when I get one. Until then, you can use fitstopgm. >@@ -129,27 +128,32 @@ > > /* This is arbitrary. Everything I've seen so far fits in 50 chars */ > #define COMMENTSIZE 50 >+#define INOTESIZE 1000 > > > static int lastwasinote = FALSE; >-static char scanbuff [MAX_SIZE], >- rtbuff [RTBUFFSIZE], >- inote [20*COMMENTSIZE], >- infobuff [COMMENTSIZE], >- spacecraft [COMMENTSIZE], >- target [COMMENTSIZE], >- filtname [COMMENTSIZE], >- gainmode [COMMENTSIZE], >- editmode [COMMENTSIZE], >- scanmode [COMMENTSIZE], >- exposure [COMMENTSIZE], >- shuttermode [COMMENTSIZE], >- mphase [COMMENTSIZE], >- iname [COMMENTSIZE], >- itime [COMMENTSIZE], >- garbage [1020], >+static char scanbuff [MAX_SIZE+1], >+ rtbuff [RTBUFFSIZE+1], >+ inote [INOTESIZE+1], >+ infobuff [COMMENTSIZE+1], >+ spacecraft [COMMENTSIZE+1], >+ target [COMMENTSIZE+1], >+ filtname [COMMENTSIZE+1], >+ gainmode [COMMENTSIZE+1], >+ editmode [COMMENTSIZE+1], >+ scanmode [COMMENTSIZE+1], >+ exposure [COMMENTSIZE+1], >+ shuttermode [COMMENTSIZE+1], >+ mphase [COMMENTSIZE+1], >+ iname [COMMENTSIZE+1], >+ itime [COMMENTSIZE+1], >+ garbage [1024], > *tmptmp, > pdsuncompfname[FNAMESIZE]; >+ >+#define SSTR(l) "%" #l "s" >+#define S(l) SSTR(l) >+ > byte *image; > static int elaphe; > >@@ -397,7 +401,7 @@ > > if (strcmp(scanbuff,"END") == 0) { > break; >- } else if (sscanf(scanbuff," RECORD_TYPE = %s",rtbuff) == 1) { >+ } else if (sscanf(scanbuff, " RECORD_TYPE = " S(RTBUFFSIZE), rtbuff) == 1) { > if (strncmp(rtbuff,"VARIABLE_LENGTH", (size_t) 15) == 0) { > /* itype=PDSVARIABLE; */ > } else if (strncmp(rtbuff,"FIXED_LENGTH", (size_t) 12) == 0) { >@@ -416,7 +420,7 @@ > if (irecsize == 0) irecsize=recsize; > lastwasinote=FALSE; > continue; >- } else if (sscanf(scanbuff," FILE_TYPE = %s", rtbuff) != 0) { >+ } else if (sscanf(scanbuff, " FILE_TYPE = " S(RTBUFFSIZE), rtbuff) != 0) { > lastwasinote=FALSE; > if (strncmp(rtbuff,"IMAGE", (size_t) 5) == 0) { > isimage=TRUE; >@@ -445,74 +449,74 @@ > lastwasinote=FALSE; continue; > } else if (sscanf(scanbuff," SAMPLE_BITS = %d", &samplesize) == 1) { > lastwasinote=FALSE; continue; >- } else if (sscanf(scanbuff," SAMPLE_TYPE = %s", sampletype) == 1) { >+ } else if (sscanf(scanbuff, " SAMPLE_TYPE = " S(64), sampletype) == 1) { > lastwasinote=FALSE; continue; >- } else if (sscanf(scanbuff," SPACECRAFT_NAME = %s %s", >+ } else if (sscanf(scanbuff," SPACECRAFT_NAME = " S(COMMENTSIZE) " " S(1023), > spacecraft,garbage) == 2 ) { >- strcat(spacecraft,xv_strstr(scanbuff, spacecraft)+strlen(spacecraft)); >+ const char *tmp = xv_strstr(scanbuff, spacecraft) + strlen(spacecraft); >+ strncat(spacecraft, tmp, COMMENTSIZE - strlen(spacecraft)); > lastwasinote=FALSE; continue; >- } else if (sscanf(scanbuff," SPACECRAFT_NAME = %s", spacecraft) == 1) { >+ } else if (sscanf(scanbuff, " SPACECRAFT_NAME = " S(COMMENTSIZE), spacecraft) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," TARGET_NAME = %s", target) == 1) { >+ } else if (sscanf(scanbuff, " TARGET_NAME = " S(COMMENTSIZE), target) == 1) { > lastwasinote=FALSE; continue; >- } else if (sscanf(scanbuff," TARGET_BODY = %s", target) == 1) { >+ } else if (sscanf(scanbuff, " TARGET_BODY = " S(COMMENTSIZE), target) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," MISSION_PHASE_NAME = %s", mphase) == 1) { >+ } else if (sscanf(scanbuff, " MISSION_PHASE_NAME = " S(COMMENTSIZE), mphase) == 1) { > lastwasinote=FALSE; continue; >- } else if (sscanf(scanbuff," MISSION_PHASE = %s", mphase) == 1) { >+ } else if (sscanf(scanbuff, " MISSION_PHASE = " S(COMMENTSIZE), mphase) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_NAME = %s", iname) == 1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_NAME = " S(COMMENTSIZE), iname) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," GAIN_MODE_ID = %s", gainmode) == 1) { >+ } else if (sscanf(scanbuff, " GAIN_MODE_ID = " S(COMMENTSIZE), gainmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_GAIN_STATE = %s",gainmode)==1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_GAIN_STATE = " S(COMMENTSIZE), gainmode) ==1 ) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," EDIT_MODE_ID = %s", editmode) == 1) { >+ } else if (sscanf(scanbuff, " EDIT_MODE_ID = " S(COMMENTSIZE), editmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_EDIT_MODE = %s", editmode)==1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_EDIT_MODE = " S(COMMENTSIZE), editmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," SCAN_MODE_ID = %s", scanmode) == 1) { >+ } else if (sscanf(scanbuff, " SCAN_MODE_ID = " S(COMMENTSIZE), scanmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_SCAN_RATE = %s", scanmode)==1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_SCAN_RATE = " S(COMMENTSIZE), scanmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," SHUTTER_MODE_ID = %s", shuttermode) == 1) { >+ } else if (sscanf(scanbuff, " SHUTTER_MODE_ID = " S(COMMENTSIZE), shuttermode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_SHUTTER_MODE = %s", >- shuttermode) == 1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_SHUTTER_MODE = " S(COMMENTSIZE), shuttermode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," SCAN_MODE_ID = %s", scanmode) == 1) { >+ } else if (sscanf(scanbuff, " SCAN_MODE_ID = " S(COMMENTSIZE), scanmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_SCAN_RATE = %s", scanmode)==1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_SCAN_RATE = " S(COMMENTSIZE), scanmode) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," SPACECRAFT_EVENT_TIME = %s", itime) == 1) { >+ } else if (sscanf(scanbuff, " SPACECRAFT_EVENT_TIME = " S(COMMENTSIZE), itime) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," IMAGE_TIME = %s", itime) == 1) { >+ } else if (sscanf(scanbuff, " IMAGE_TIME = " S(COMMENTSIZE), itime) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," FILTER_NAME = %s", filtname) == 1) { >+ } else if (sscanf(scanbuff, " FILTER_NAME = " S(COMMENTSIZE), filtname) == 1) { > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff," INSTRUMENT_FILTER_NAME = %s",filtname)==1) { >+ } else if (sscanf(scanbuff, " INSTRUMENT_FILTER_NAME = " S(COMMENTSIZE), filtname) == 1) { > lastwasinote=FALSE; continue; > >- } else if ((sscanf(scanbuff," EXPOSURE_DURATION = %s", exposure) == 1) >- || (sscanf(scanbuff," INSTRUMENT_EXPOSURE_DURATION = %s", >- exposure) == 1)) { >+ } else if ((sscanf(scanbuff, " EXPOSURE_DURATION = " S(COMMENTSIZE), exposure) == 1) >+ || (sscanf(scanbuff, " INSTRUMENT_EXPOSURE_DURATION = " S(COMMENTSIZE), >+ exposure)) == 1) { > tmptmp = (char *) index(scanbuff,'='); > tmptmp++; > while((*tmptmp) == ' ') >@@ -520,10 +524,10 @@ > strcpy(exposure,tmptmp); > lastwasinote=FALSE; continue; > >- } else if (sscanf(scanbuff, "NOTE = %s", inote) == 1) { >+ } else if (sscanf(scanbuff, "NOTE = " S(INOTESIZE), inote) == 1) { > tmptmp = (char *) index(scanbuff,'='); tmptmp++; > while (((*tmptmp) == ' ') || ((*tmptmp) == '"')) tmptmp++; >- strcpy(inote,tmptmp); >+ strncpy(inote, tmptmp, INOTESIZE - 1); > strcat(inote," "); > > /* evil and somewhat risky: A "note" (really, any textual >@@ -548,7 +552,7 @@ > } else if (lastwasinote) { > tmptmp=scanbuff; > while (((*tmptmp) == ' ') || ((*tmptmp) == '"')) tmptmp++; >- strcat(inote,tmptmp); >+ strncat(inote, tmptmp, INOTESIZE - strlen(inote) - 1); > strcat(inote," "); > if (index(tmptmp,'"') != NULL) > lastwasinote=FALSE; >@@ -647,27 +651,27 @@ > > *infobuff='\0'; > if (*spacecraft) { >- strcat(infobuff,spacecraft); >+ strncat(infobuff, spacecraft, sizeof(infobuff) - 1); > } > > if (*target) { >- strcat(infobuff,", "); >- strcat(infobuff,target); >+ strncat(infobuff, ", ", sizeof(infobuff) - strlen(infobuff) - 1); >+ strncat(infobuff, target, sizeof(infobuff) - strlen(infobuff) - 1); > } > > if (*filtname) { >- strcat(infobuff,", "); >- strcat(infobuff,filtname); >+ strncat(infobuff, ", ", sizeof(infobuff) - strlen(infobuff) - 1); >+ strncat(infobuff, filtname, sizeof(infobuff) - strlen(infobuff) - 1); > } > > if (*itime) { >- strcat(infobuff,", "); >- strcat(infobuff,itime); >+ strncat(infobuff, ", ", sizeof(infobuff) - strlen(infobuff) - 1); >+ strncat(infobuff, itime, sizeof(infobuff) - strlen(infobuff) - 1); > } > >- SetISTR(ISTR_WARNING,infobuff); >+ SetISTR(ISTR_WARNING, "%s", infobuff); > >- strcpy(pdsuncompfname,fname); >+ strncpy(pdsuncompfname,fname,sizeof(pdsuncompfname) - 1); > ftypstr = ""; > > switch (itype) { >@@ -695,7 +699,7 @@ > fclose(zf); > > #ifndef VMS >- sprintf(pdsuncompfname,"%s/xvhuffXXXXXX", tmpdir); >+ snprintf(pdsuncompfname, sizeof(pdsuncompfname) - 1, "%s/xvhuffXXXXXX", tmpdir); > #else > strcpy(pdsuncompfname,"sys$disk:[]xvhuffXXXXXX"); > #endif >@@ -707,7 +711,7 @@ > #endif > > #ifndef VMS >- sprintf(scanbuff,"%s %s - 4 >%s",PDSUNCOMP,fname,pdsuncompfname); >+ sprintf(scanbuff,"%s '%s' - 4 > %s", PDSUNCOMP, fname, pdsuncompfname); > #else > sprintf(scanbuff,"%s %s %s 4",PDSUNCOMP,fname,pdsuncompfname); > #endif >@@ -824,25 +828,25 @@ > *(pinfo->comment) = '\0'; > > sprintf(tmp, "Spacecraft: %-28sTarget: %-32s\n", spacecraft, target); >- strcat(pinfo->comment, tmp); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > > sprintf(tmp, "Filter: %-32sMission phase: %-24s\n", filtname, mphase); >- strcat(pinfo->comment, tmp); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > > sprintf(tmp, "Image time: %-28sGain mode: %-29s\n", itime, gainmode); >- strcat(pinfo->comment, tmp); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > > sprintf(tmp, "Edit mode: %-29sScan mode: %-29s\n", editmode, scanmode); >- strcat(pinfo->comment, tmp); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > > sprintf(tmp, "Exposure: %-30sShutter mode: %-25s\n", exposure,shuttermode); >- strcat(pinfo->comment, tmp); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > > sprintf(tmp, "Instrument: %-28sImage time: %-28s\n", iname, itime); >- strcat(pinfo->comment, tmp); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > >- sprintf(tmp, "Image Note: %-28s", inote); >- strcat(pinfo->comment, tmp); >+ sprintf(tmp, "Image Note: %-28.28s", inote); >+ strncat(pinfo->comment, tmp, 2000 - strlen(pinfo->comment) - 1); > } > > if (LoadPDSPalette(fname, pinfo)) return 1; >diff -ruN xv-3.10a.orig/xvps.c xv-3.10a/xvps.c >--- xv-3.10a.orig/xvps.c 2005-04-13 14:15:46.000000000 +0100 >+++ xv-3.10a/xvps.c 2005-04-13 14:16:16.000000000 +0100 >@@ -1561,7 +1561,8 @@ > the first one is loaded (but not deleted) */ > > #ifdef GS_PATH >- char tmp[512], gscmd[512], cmdstr[512], tmpname[64]; >+ #define CMDSIZE 1024 >+ char tmp[512], gscmd[512], cmdstr[CMDSIZE], tmpname[64]; > int gsresult, nump, i, filetype, doalert, epsf; > #endif > >@@ -1733,32 +1734,48 @@ > > /******************************************************************/ > #ifdef GS_PATH >-void buildCmdStr(str, gscmd, fname, quick, epsf) >- char *str, *gscmd, *fname; >+void buildCmdStr(str, gscmd, xname, quick, epsf) >+ char *str, *gscmd, *xname; > int quick, epsf; > { > /* note 'epsf' set only on files that don't have a showpage cmd */ >+ char *x, *y, *fname; >+ >+ x = (char *) malloc((5 * strlen(xname))+3); >+ if (!x) >+ FatalError("malloc failure in xvps.c buildCmdStr"); >+ fname = x; >+ *x++ = 0x27; >+ >+ for (y = xname; *y; ++y) { >+ if (0x27 == *y) { >+ strcpy(x, "'\"'\"'"); >+ x += strlen(x); >+ } else *x++ = *y; >+ } >+ strcpy (x, "'"); > > #ifndef VMS > >- if (epsf) sprintf(str, "echo '\n showpage ' | cat '%s' - | %s -", >+ if (epsf) snprintf(str, CMDSIZE, "echo '\n showpage ' | cat %s - | %s -", > fname, gscmd); > >- else if (quick) sprintf(str, "echo '%s' | cat - '%s' | %s -", >+ else if (quick) snprintf(str, CMDSIZE, "echo %s | cat - %s | %s -", > "/showpage { showpage quit } bind def", > fname, gscmd); > >- else sprintf(str, "%s -- %s", gscmd, fname); >+ else snprintf(str, CMDSIZE, "%s -- %s", gscmd, fname); > > #else /* VMS */ > /* VMS doesn't have pipes or an 'echo' command and GS doesn't like >- Unix-style file names as input files in the VMS version */ >+ Unix-style file fnames as input files in the VMS version */ > strcat(tmp, " -- "); > rld = strrchr(fname, '/'); /* Pointer to last '/' */ > if (rld) rld++; /* Pointer to filename */ > else rld = fname; /* No path - use original string */ > strcat(tmp, rld); > #endif /* VMS */ >+ free(fname); > } > #endif /* GS_PATH */ > >diff -ruN xv-3.10a.orig/xvtiff.c xv-3.10a/xvtiff.c >--- xv-3.10a.orig/xvtiff.c 2005-04-13 14:15:46.000000000 +0100 >+++ xv-3.10a/xvtiff.c 2005-04-13 14:16:16.000000000 +0100 >@@ -512,7 +512,7 @@ > vsprintf(cp, fmt, ap); > strcat(cp, "."); > >- SetISTR(ISTR_WARNING,buf); >+ SetISTR(ISTR_WARNING, "%s", buf); > > error_occurred = 1; > } >@@ -536,7 +536,7 @@ > vsprintf(cp, fmt, ap); > strcat(cp, "."); > >- SetISTR(ISTR_WARNING,buf); >+ SetISTR(ISTR_WARNING, "%s", buf); > } > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=56161">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 88742
:
56036
| 56161
