From d60ce20b01a7003208833bb41b3944c00cd0310b Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Fri, 11 Nov 2011 12:36:37 +0100 Subject: [PATCH] update to 10.56.03 --- .gitignore | 2 +- netpbm-CAN-2005-2471.patch | 11 +- netpbm-lz.patch | 12 - netpbm-pnmmontagefix.patch | 832 ---------------------------------- netpbm-security-code.patch | 901 ++++++++++++++++--------------------- netpbm-svgtopam.patch | 14 - netpbm.spec | 20 +- sources | 2 +- 8 files changed, 404 insertions(+), 1390 deletions(-) delete mode 100644 netpbm-lz.patch delete mode 100644 netpbm-pnmmontagefix.patch delete mode 100644 netpbm-svgtopam.patch diff --git a/.gitignore b/.gitignore index 654bc89..6e9d0bc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/netpbm-10.47.32.tar.xz +/netpbm-10.56.03.tar.xz diff --git a/netpbm-CAN-2005-2471.patch b/netpbm-CAN-2005-2471.patch index 8cbbd6d..ee9935f 100644 --- a/netpbm-CAN-2005-2471.patch +++ b/netpbm-CAN-2005-2471.patch @@ -1,9 +1,10 @@ ---- netpbm-10.29/converter/other/pstopnm.c.CAN-2005-2471 2005-08-15 02:39:46.000000000 +0200 -+++ netpbm-10.29/converter/other/pstopnm.c 2005-08-16 15:38:15.000000000 +0200 -@@ -711,11 +711,11 @@ - "'%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s'", +diff -up netpbm-10.56.03/converter/other/pstopnm.c.CAN-2005-2471 netpbm-10.56.03/converter/other/pstopnm.c +--- netpbm-10.56.03/converter/other/pstopnm.c.CAN-2005-2471 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pstopnm.c 2011-11-11 11:43:51.827409226 +0100 +@@ -747,11 +747,11 @@ execGhostscript(int const input ghostscriptProg, arg0, - deviceopt, outfileopt, gopt, ropt, "-q", "-dNOPAUSE", + deviceopt, outfileopt, gopt, ropt, textalphabitsopt, + "-q", "-dNOPAUSE", - "-dSAFER", "-"); + "-dPARANOIDSAFER", "-"); } diff --git a/netpbm-lz.patch b/netpbm-lz.patch deleted file mode 100644 index e39c7a9..0000000 --- a/netpbm-lz.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up netpbm-10.47.19/converter/other/Makefile.lz netpbm-10.47.19/converter/other/Makefile ---- netpbm-10.47.19/converter/other/Makefile.lz 2010-08-30 08:34:55.000000000 +0200 -+++ netpbm-10.47.19/converter/other/Makefile 2010-08-30 08:36:06.854139407 +0200 -@@ -151,7 +151,7 @@ tifftopnm pamtotiff pnmtotiffcmyk: %: %. - ifeq ($(shell libpng$(PNGVER)-config --version),) - PNGLIB_LIBOPTS = $(shell $(LIBOPT) $(LIBOPTR) $(PNGLIB) $(ZLIB)) - else -- PNGLIB_LIBOPTS = $(shell libpng$(PNGVER)-config --ldflags) -+ PNGLIB_LIBOPTS = $(shell libpng$(PNGVER)-config --ldflags) -lz - endif - - pngtopnm pngtopam: %: %.o $(NETPBMLIB) $(LIBOPT) diff --git a/netpbm-pnmmontagefix.patch b/netpbm-pnmmontagefix.patch deleted file mode 100644 index fb715b8..0000000 --- a/netpbm-pnmmontagefix.patch +++ /dev/null @@ -1,832 +0,0 @@ -diff -up netpbm-10.47.05/editor/pnmmontage.c.pnmmontagefix netpbm-10.47.05/editor/pnmmontage.c ---- netpbm-10.47.05/editor/pnmmontage.c.pnmmontagefix 2009-12-10 08:34:32.000000000 +0100 -+++ netpbm-10.47.05/editor/pnmmontage.c 2010-03-16 20:47:38.000000000 +0100 -@@ -10,136 +10,19 @@ - * implied warranty. - */ - --#define _BSD_SOURCE /* Make sure strdup() is in */ --#include - #include - #include - --#include "pm_c_util.h" --#include "mallocvar.h" --#include "nstring.h" --#include "shhopt.h" - #include "pam.h" -+#include "shhopt.h" -+#include "nstring.h" -+#include "mallocvar.h" - -+typedef struct { int f[sizeof(int) * 8 + 1]; } factorset; -+typedef struct { int x; int y; } coord; - -- --struct cmdlineInfo { -- const char * header; -- const char * data; -- const char * prefix; -- unsigned int quality; -- unsigned int quality2; -- unsigned int nFiles; -- const char ** inFileName; --}; -- -- -- --static void --parseCommandLine(int argc, const char ** argv, -- struct cmdlineInfo * const cmdlineP) { --/*---------------------------------------------------------------------------- -- parse program command line described in Unix standard form by argc -- and argv. Return the information in the options as *cmdlineP. -- -- If command line is internally inconsistent (invalid options, etc.), -- issue error message to stderr and abort program. -- -- Note that the strings we return are stored in the storage that -- was passed to us as the argv array. We also trash *argv. -------------------------------------------------------------------------------*/ -- optEntry * option_def; -- /* Instructions to OptParseOptions3 on how to parse our options. */ -- optStruct3 opt; -- unsigned int dataSpec, headerSpec, prefixSpec, qualitySpec; -- unsigned int option_def_index; -- unsigned int i; -- unsigned int q[10]; -- -- MALLOCARRAY_NOFAIL(option_def, 100); -- -- option_def_index = 0; /* incremented by OPTENTRY */ -- OPTENT3( 0, "data", OPT_STRING, &cmdlineP->data, &dataSpec, 0); -- OPTENT3( 0, "header", OPT_STRING, &cmdlineP->header, &headerSpec, 0); -- OPTENT3('q', "quality", OPT_UINT, &cmdlineP->quality, &qualitySpec, 0); -- OPTENT3('p', "prefix", OPT_STRING, &cmdlineP->prefix, &prefixSpec, 0); -- OPTENT3('0', "0", OPT_FLAG, NULL, &q[0], 0); -- OPTENT3('1', "1", OPT_FLAG, NULL, &q[1], 0); -- OPTENT3('2', "2", OPT_FLAG, NULL, &q[2], 0); -- OPTENT3('3', "3", OPT_FLAG, NULL, &q[3], 0); -- OPTENT3('4', "4", OPT_FLAG, NULL, &q[4], 0); -- OPTENT3('5', "5", OPT_FLAG, NULL, &q[5], 0); -- OPTENT3('6', "6", OPT_FLAG, NULL, &q[6], 0); -- OPTENT3('7', "7", OPT_FLAG, NULL, &q[7], 0); -- OPTENT3('8', "8", OPT_FLAG, NULL, &q[8], 0); -- OPTENT3('9', "9", OPT_FLAG, NULL, &q[9], 0); -- -- opt.opt_table = option_def; -- opt.short_allowed = FALSE; -- opt.allowNegNum = FALSE; -- -- optParseOptions3(&argc, (char**)argv, opt, sizeof(opt), 0); -- -- if (!dataSpec) -- cmdlineP->data = NULL; -- if (!headerSpec) -- cmdlineP->header = NULL; -- if (!prefixSpec) -- cmdlineP->prefix = ""; -- if (!qualitySpec) -- cmdlineP->quality = 200; -- -- -- /* cmdlineP->quality2 is the greatest number from the --1, --2, etc. -- options, or 5 if none of those are specified. -- */ -- cmdlineP->quality2 = 5; /* initial value */ -- for (i = 0; i < 10; ++i) { -- if (q[i]) -- cmdlineP->quality2 = i; -- } -- -- cmdlineP->nFiles = argc-1; -- -- MALLOCARRAY_NOFAIL(cmdlineP->inFileName, argc-1); -- -- for (i = 0; i < argc-1; ++i) { -- if (cmdlineP->data && strchr(argv[i+1], ':')) -- pm_error("Filename '%s' contains a \":\", which is forbidden " -- "with -data", argv[i+1]); -- else -- cmdlineP->inFileName[i] = strdup(argv[1+1]); -- } --} -- -- -- --typedef struct { -- int f[sizeof(int) * 8 + 1]; --} factorset; -- --typedef struct { -- int x; int y; --} coord; -- --typedef struct { -- coord ul; -- coord size; --} rectangle; -- --static coord --lr(rectangle const r) { --/*---------------------------------------------------------------------------- -- Return the coordinates of the lower right corner of 'r' -- (i.e. the pixel just beyond the lowest rightmost one). -------------------------------------------------------------------------------*/ -- coord retval; -- -- retval.x = r.ul.x + r.size.x; -- retval.y = r.ul.y + r.size.y; -- -- return retval; --} -+static int qfactor = 200; -+static int quality = 5; - - static factorset - factor(int n) -@@ -180,151 +63,109 @@ gcd(int n, int m) - return (g); - } - -+static __inline__ int imax(int n, int m) { return (n > m ? n : m); } - -- --static bool --overlaps(rectangle const a, -- rectangle const b) { -- -- return -- (a.ul.x < lr(b).x && a.ul.y < lr(b).y) && -- (lr(a).x > b.ul.x && lr(a).y > b.ul.y); --} -- -- -- --static bool --collides(rectangle const test, -- const rectangle * const fieldList, -- unsigned int const n) { --/*---------------------------------------------------------------------------- -- Return true iff the rectangle 'test' overlaps any of the 'n' rectangles -- fieldList[]. -------------------------------------------------------------------------------*/ -- unsigned int i; -- -- for (i = 0; i < n; ++i) -- if (overlaps(fieldList[i], test)) -- return true; -- -- return false; -+static int -+checkcollision(coord *locs, coord *szs, coord *cloc, coord *csz, int n) -+{ -+ int i; -+ for (i = 0; i < n; ++i) -+ { -+ if ((locs[i].x < cloc->x + csz->x) && -+ (locs[i].y < cloc->y + csz->y) && -+ (locs[i].x + szs[i].x > cloc->x) && -+ (locs[i].y + szs[i].y > cloc->y)) -+ return (1); -+ } -+ return (0); - } - -- -- - static void --recursefindpack(rectangle * const current, -- coord const currentsz, -- coord * const best, -- unsigned int const minarea, -- unsigned int * const maxareaP, -- unsigned int const depth, -- unsigned int const n, -- unsigned int const xinc, -- unsigned int const yinc, -- unsigned int const quality, -- unsigned int const qfactor) { -- -- if (depth == n) { -- if (currentsz.x * currentsz.y < *maxareaP) { -- unsigned int i; -- for (i = 0; i < n; ++i) -- best[i] = current[i].ul; -- *maxareaP = currentsz.x * currentsz.y; -- } -- } else { -- unsigned int i; -- -- rectangle * const newP = ¤t[depth]; -+recursefindpack(coord *current, coord currentsz, coord *set, -+ coord *best, int minarea, int *maxarea, -+ int depth, int n, int xinc, int yinc) -+{ -+ coord c; -+ if (depth == n) -+ { -+ if (currentsz.x * currentsz.y < *maxarea) -+ { -+ memcpy(best, current, sizeof(coord) * n); -+ *maxarea = currentsz.x * currentsz.y; -+ } -+ return; -+ } - -- for (i = 0; ; ++i) { -- for (newP->ul.x = 0, newP->ul.y = i * yinc; -- newP->ul.y <= i * yinc;) { -- -- coord c; -- -- c.x = MAX(lr(*newP).x, currentsz.x); -- c.y = MAX(lr(*newP).y, currentsz.y); -- pm_message("current = (%u.%u, %u.%u) new = (%u.%u, %u.%u)", -- current[0].ul.x, current[0].size.x, -- current[0].ul.y, current[0].size.y, -- newP->ul.x, newP->size.x, -- newP->ul.y, newP->size.y); -- if (!collides(*newP, current, depth)) { -- pm_message("Depth %u: Doesn't collide at i=%u", depth,i); -- recursefindpack(current, c, best, minarea, maxareaP, -- depth + 1, n, xinc, yinc, -- quality, qfactor); -- if (*maxareaP <= minarea) -- return; -- } -- if (newP->ul.x == (i - 1) * xinc) -- newP->ul.y = 0; -- if (newP->ul.x < i * xinc) -- newP->ul.x += xinc; -- else -- newP->ul.y += yinc; -- } -- } -+ for (current[depth].x = 0; -+ imax(current[depth].x + set[depth].x, currentsz.x) * -+ imax(currentsz.y, set[depth].y) < *maxarea; -+ current[depth].x += xinc) -+ { -+ for (current[depth].y = 0; -+ imax(current[depth].x + set[depth].x, currentsz.x) * -+ imax(currentsz.y, current[depth].y + set[depth].y) < *maxarea; -+ current[depth].y += yinc) -+ { -+ c.x = imax(current[depth].x + set[depth].x, currentsz.x); -+ c.y = imax(current[depth].y + set[depth].y, currentsz.y); -+ if (!checkcollision(current, set, ¤t[depth], &set[depth], depth)) -+ { -+ recursefindpack(current, c, set, best, minarea, maxarea, -+ depth + 1, n, xinc, yinc); -+ if (*maxarea <= minarea) -+ return; -+ } - } -+ } - } - -- -- - static void --findpack(struct pam * const imgs, -- unsigned int const n, -- coord * const coords, -- unsigned int const quality, -- unsigned int const qfactor) { -+findpack(struct pam *imgs, int n, coord *coords) -+{ -+ int minarea; -+ int i; -+ int rdiv; -+ int cdiv; -+ int minx = -1; -+ int miny = -1; -+ coord *current; -+ coord *set; -+ int z = INT_MAX; -+ coord c = { 0, 0 }; - -- int minarea; -- int i; -- int rdiv; -- int cdiv; -- int minx; -- int miny; -- rectangle * current; -- unsigned int z; -- coord c; -- -- minx = -1; miny = -1; /* initial value */ -- z = UINT_MAX; /* initial value */ -- c.x = 0; c.y = 0; /* initial value */ -- -- if (quality > 1) { -- unsigned int realMinarea; -- for (realMinarea = i = 0; i < n; ++i) -- realMinarea += imgs[i].height * imgs[i].width, -- minx = MAX(minx, imgs[i].width), -- miny = MAX(miny, imgs[i].height); -- -- minarea = realMinarea * qfactor / 100; -- } else { -- minarea = INT_MAX - 1; -- } -+ if (quality > 1) -+ { -+ for (minarea = i = 0; i < n; ++i) -+ minarea += imgs[i].height * imgs[i].width, -+ minx = imax(minx, imgs[i].width), -+ miny = imax(miny, imgs[i].height); - -- /* It's relatively easy to show that, if all the images -- * are multiples of a particular size, then a best -- * packing will always align the images on a grid of -- * that size. -- * -- * This speeds computation immensely. -- */ -- for (rdiv = imgs[0].height, i = 1; i < n; ++i) -- rdiv = gcd(imgs[i].height, rdiv); -- -- for (cdiv = imgs[0].width, i = 1; i < n; ++i) -- cdiv = gcd(imgs[i].width, cdiv); -- -- MALLOCARRAY(current, n); -- -- for (i = 0; i < n; ++i) { -- current[i].size.x = imgs[i].width; -- current[i].size.y = imgs[i].height; -- } -- recursefindpack(current, c, coords, minarea, &z, 0, n, cdiv, rdiv, -- quality, qfactor); -+ minarea = minarea * qfactor / 100; -+ } -+ else -+ { -+ minarea = INT_MAX - 1; -+ } -+ -+ /* It's relatively easy to show that, if all the images -+ * are multiples of a particular size, then a best -+ * packing will always align the images on a grid of -+ * that size. -+ * -+ * This speeds computation immensely. -+ */ -+ for (rdiv = imgs[0].height, i = 1; i < n; ++i) -+ rdiv = gcd(imgs[i].height, rdiv); -+ -+ for (cdiv = imgs[0].width, i = 1; i < n; ++i) -+ cdiv = gcd(imgs[i].width, cdiv); -+ -+ MALLOCARRAY(current, n); -+ MALLOCARRAY(set, n); -+ for (i = 0; i < n; ++i) -+ set[i].x = imgs[i].width, -+ set[i].y = imgs[i].height; -+ recursefindpack(current, c, set, coords, minarea, &z, 0, n, cdiv, rdiv); - } - - -@@ -396,264 +237,204 @@ writePam(struct pam * const outpam - - - --static void --writeData(FILE * const dataFileP, -- unsigned int const width, -- unsigned int const height, -- unsigned int const nfiles, -- const char ** const names, -- const coord * const coords, -- const struct pam * const imgs) { -- -- unsigned int i; -- -- fprintf(dataFileP, ":0:0:%u:%u\n", width, height); -- -- for (i = 0; i < nfiles; ++i) { -- fprintf(dataFileP, "%s:%u:%u:%u:%u\n", names[i], coords[i].x, -- coords[i].y, imgs[i].width, imgs[i].height); -- } --} -- -- -- --static void --writeHeader(FILE * const headerFileP, -- const char * const prefix, -- unsigned int const width, -- unsigned int const height, -- unsigned int const nfiles, -- const char ** const names, -- const coord * const coords, -- const struct pam * imgs) { -- -- unsigned int i; -- -- fprintf(headerFileP, "#define %sOVERALLX %u\n", prefix, width); -- -- fprintf(headerFileP, "#define %sOVERALLY %u\n", prefix, height); -- -- fprintf(headerFileP, "\n"); -- -- for (i = 0; i < nfiles; ++i) { -- char * const buffer = strdup(names[i]); -- coord const coord = coords[i]; -- struct pam const img = imgs[i]; -- -- unsigned int j; -- -- *strchr(buffer, '.') = 0; -- for (j = 0; buffer[j]; ++j) { -- if (ISLOWER(buffer[j])) -- buffer[j] = TOUPPER(buffer[j]); -- } -- fprintf(headerFileP, "#define %s%sX %u\n", -- prefix, buffer, coord.x); -- -- fprintf(headerFileP, "#define %s%sY %u\n", -- prefix, buffer, coord.y); -- -- fprintf(headerFileP, "#define %s%sSZX %u\n", -- prefix, buffer, img.width); -- -- fprintf(headerFileP, "#define %s%sSZY %u\n", -- prefix, buffer, img.height); -- -- fprintf(headerFileP, "\n"); -- } --} -+int -+main(int argc, char **argv) -+{ -+ struct pam *imgs; -+ struct pam outimg; -+ struct pam p; -+ int nfiles; -+ int i, j; -+ unsigned int q[10]; -+ coord *coords; -+ const char *headfname = NULL; -+ const char *datafname = NULL; -+ const char *prefix = ""; -+ FILE *header; -+ FILE *data; -+ char **names; -+ char *c; -+ -+ optEntry *option_def = malloc(100*sizeof(optEntry)); -+ /* Instructions to OptParseOptions3 on how to parse our options. -+ */ -+ optStruct3 opt; -+ -+ unsigned int option_def_index; -+ -+ option_def_index = 0; /* incremented by OPTENTRY */ -+ OPTENT3( 0, "data", OPT_STRING, &datafname, NULL, 0); -+ OPTENT3( 0, "header", OPT_STRING, &headfname, NULL, 0); -+ OPTENT3('q', "quality", OPT_UINT, &qfactor, NULL, 0); -+ OPTENT3('p', "prefix", OPT_STRING, &prefix, NULL, 0); -+ OPTENT3('0', "0", OPT_FLAG, NULL, &q[0], 0); -+ OPTENT3('1', "1", OPT_FLAG, NULL, &q[1], 0); -+ OPTENT3('2', "2", OPT_FLAG, NULL, &q[2], 0); -+ OPTENT3('3', "3", OPT_FLAG, NULL, &q[3], 0); -+ OPTENT3('4', "4", OPT_FLAG, NULL, &q[4], 0); -+ OPTENT3('5', "5", OPT_FLAG, NULL, &q[5], 0); -+ OPTENT3('6', "6", OPT_FLAG, NULL, &q[6], 0); -+ OPTENT3('7', "7", OPT_FLAG, NULL, &q[7], 0); -+ OPTENT3('8', "8", OPT_FLAG, NULL, &q[8], 0); -+ OPTENT3('9', "9", OPT_FLAG, NULL, &q[9], 0); -+ -+ opt.opt_table = option_def; -+ opt.short_allowed = FALSE; -+ opt.allowNegNum = FALSE; -+ -+ pnm_init(&argc, argv); -+ -+ /* Check for flags. */ -+ optParseOptions3(&argc, argv, opt, sizeof(opt), 0); - -+ if (headfname) -+ header = pm_openw(headfname); - -+ if (datafname) -+ data = pm_openw(datafname); - --static void --sortImagesByArea(unsigned int const nfiles, -- struct pam * const imgs, -- const char ** const names) { --/*---------------------------------------------------------------------------- -- Sort the images described by 'imgs' and 'names' in place, from largest -- area to smallest. -------------------------------------------------------------------------------*/ -- /* Bubble sort */ -- -- unsigned int i; -- -- for (i = 0; i < nfiles - 1; ++i) { -- unsigned int j; -- for (j = i + 1; j < nfiles; ++j) { -- if (imgs[j].width * imgs[j].height > -- imgs[i].width * imgs[i].height) { -- -- struct pam p; -- const char * c; -- -- p = imgs[i]; imgs[i] = imgs[j]; imgs[j] = p; -- c = names[i]; names[i] = names[j]; names[j] = c; -- } -- } -+ for (i = 0; i < 10; ++i) -+ { -+ if (q[i]) -+ { -+ quality = i; -+ switch (quality) -+ { -+ case 0: case 1: break; -+ case 2: case 3: case 4: case 5: case 6: -+ qfactor = 100 * (8 - quality); -+ break; -+ case 7: qfactor = 150; break; -+ case 8: qfactor = 125; break; -+ case 9: qfactor = 100; break; -+ } - } --} -- -+ } - -+ if (1 < argc) -+ nfiles = argc - 1; -+ else -+ nfiles = 1; -+ -+ MALLOCARRAY(imgs, nfiles); -+ MALLOCARRAY(coords, nfiles); -+ MALLOCARRAY(names, nfiles); -+ -+ if (!imgs || !coords || !names) -+ pm_error("out of memory"); - --static void --computeOutputType(sample * const maxvalP, -- int * const formatP, -- char * const tupleTypeP, -- unsigned int * const depthP, -- unsigned int const nfiles, -- const struct pam * const imgs) { -- -- unsigned int i; -- -- sample maxval; -- int format; -- const char * tupleType; -- unsigned int depth; -- -- assert(nfiles > 0); -- -- /* initial guesses */ -- maxval = imgs[0].maxval; -- format = imgs[0].format; -- depth = imgs[0].depth; -- tupleType = imgs[0].tuple_type; -- -- for (i = 1; i < nfiles; ++i) { -- if (PAM_FORMAT_TYPE(imgs[i].format) > PAM_FORMAT_TYPE(format)) { -- format = imgs[i].format; -- tupleType = imgs[i].tuple_type; -- } -- maxval = MAX(maxval, imgs[i].maxval); -- depth = MAX(depth, imgs[i].depth); -+ if (1 < argc) -+ { -+ for (i = 0; i < nfiles; ++i) -+ { -+ if (strchr(argv[i+1], ':')) -+ { -+ imgs[i].file = pm_openr(strchr(argv[i+1], ':') + 1); -+ *strchr(argv[i+1], ':') = 0; -+ names[i] = argv[i+1]; -+ } -+ else -+ { -+ imgs[i].file = pm_openr(argv[i+1]); -+ names[i] = argv[i+1]; -+ } - } -+ } -+ else -+ { -+ imgs[0].file = stdin; -+ } - -- *maxvalP = maxval; -- *formatP = format; -- *depthP = depth; -- memcpy(tupleTypeP, tupleType, sizeof(imgs[0].tuple_type)); --} -+ pnm_readpaminit(imgs[0].file, &imgs[0], PAM_STRUCT_SIZE(tuple_type)); -+ memset(&outimg, 0, sizeof(outimg)); -+ outimg.maxval = imgs[0].maxval; -+ outimg.format = imgs[0].format; -+ memcpy(outimg.tuple_type, imgs[0].tuple_type, sizeof(imgs[0].tuple_type)); -+ outimg.depth = imgs[0].depth; - -+ for (i = 1; i < nfiles; ++i) -+ { -+ pnm_readpaminit(imgs[i].file, &imgs[i], PAM_STRUCT_SIZE(tuple_type)); -+ if (PAM_FORMAT_TYPE(imgs[i].format) > PAM_FORMAT_TYPE(outimg.format)) -+ outimg.format = imgs[i].format, -+ memcpy(outimg.tuple_type, imgs[i].tuple_type, -+ sizeof(imgs[i].tuple_type)); -+ outimg.maxval = imax(imgs[i].maxval, outimg.maxval); -+ outimg.depth = imax(imgs[i].depth, outimg.depth); -+ } - -+ for (i = 0; i < nfiles - 1; ++i) -+ for (j = i + 1; j < nfiles; ++j) -+ if (imgs[j].width * imgs[j].height > imgs[i].width * imgs[i].height) -+ p = imgs[i], imgs[i] = imgs[j], imgs[j] = p, -+ c = names[i], names[i] = names[j], names[j] = c; - --static void --computeOutputDimensions(int * const widthP, -- int * const heightP, -- unsigned int const nfiles, -- const struct pam * const imgs, -- const coord * const coords) { -- -- unsigned int widthGuess, heightGuess; -- unsigned int i; -- -- widthGuess = 0; /* initial value */ -- heightGuess = 0; /* initial value */ -- -- for (i = 0; i < nfiles; ++i) { -- widthGuess = MAX(widthGuess, imgs[i].width + coords[i].x); -- heightGuess = MAX(heightGuess, imgs[i].height + coords[i].y); -- } -+ findpack(imgs, nfiles, coords); - -- *widthP = widthGuess; -- *heightP = heightGuess; --} -+ outimg.height = outimg.width = 0; -+ for (i = 0; i < nfiles; ++i) -+ { -+ outimg.width = imax(outimg.width, imgs[i].width + coords[i].x); -+ outimg.height = imax(outimg.height, imgs[i].height + coords[i].y); -+ } - -+ outimg.size = sizeof(outimg); -+ outimg.len = sizeof(outimg); -+ outimg.file = stdout; -+ outimg.bytes_per_sample = 0; -+ for (i = outimg.maxval; i; i >>= 8) -+ ++outimg.bytes_per_sample; - -+ writePam(&outimg, nfiles, coords, imgs); - --int --main(int argc, const char **argv) { -+ if (datafname) -+ { -+ fprintf(data, ":0:0:%u:%u\n", outimg.width, outimg.height); - -- struct cmdlineInfo cmdline; -- struct pam * imgs; -- struct pam outimg; -- unsigned int nfiles; -- coord * coords; -- FILE * header; -- FILE * data; -- const char ** names; -- unsigned int i; -- unsigned int qfactor; /* In per cent */ -- -- pm_proginit(&argc, argv); -- -- parseCommandLine(argc, argv, &cmdline); -- -- header = cmdline.header ? pm_openw(cmdline.header) : NULL; -- data = cmdline.data ? pm_openw(cmdline.data) : NULL; -- -- switch (cmdline.quality2) { -- case 0: case 1: -- qfactor = cmdline.quality; -- break; -- case 2: case 3: case 4: case 5: case 6: -- qfactor = 100 * (8 - cmdline.quality2); -- break; -- case 7: qfactor = 150; break; -- case 8: qfactor = 125; break; -- case 9: qfactor = 100; break; -- default: pm_error("Internal error - impossible value of 'quality2': %u", -- cmdline.quality2); -+ for (i = 0; i < nfiles; ++i) -+ { -+ fprintf(data, "%s:%u:%u:%u:%u\n", names[i], coords[i].x, -+ coords[i].y, imgs[i].width, imgs[i].height); - } -+ } - -- nfiles = cmdline.nFiles > 0 ? cmdline.nFiles : 1; -- -- MALLOCARRAY(imgs, nfiles); -- MALLOCARRAY(coords, nfiles); -- MALLOCARRAY(names, nfiles); -- -- if (!imgs || !coords || !names) -- pm_error("out of memory"); -- -- if (cmdline.nFiles > 0) { -- unsigned int i; -- -- for (i = 0; i < cmdline.nFiles; ++i) { -- imgs[i].file = pm_openr(cmdline.inFileName[i]); -- names[i] = strdup(cmdline.inFileName[i]); -- } -- } else { -- imgs[0].file = stdin; -- names[0] = strdup("stdin"); -- } -+ if (headfname) -+ { -+ fprintf(header, "#define %sOVERALLX %u\n" -+ "#define %sOVERALLY %u\n" -+ "\n", -+ prefix, outimg.width, -+ prefix, outimg.height); - - for (i = 0; i < nfiles; ++i) -- pnm_readpaminit(imgs[i].file, &imgs[i], PAM_STRUCT_SIZE(tuple_type)); -- -- sortImagesByArea(nfiles, imgs, names); -- -- findpack(imgs, nfiles, coords, cmdline.quality2, qfactor); -- -- computeOutputType(&outimg.maxval, &outimg.format, outimg.tuple_type, -- &outimg.depth, nfiles, imgs); -- -- computeOutputDimensions(&outimg.width, &outimg.height, nfiles, -- imgs, coords); -- -- pnm_setminallocationdepth(&outimg, outimg.depth); -- -- outimg.size = sizeof(outimg); -- outimg.len = sizeof(outimg); -- outimg.file = stdout; -- outimg.bytes_per_sample = 0; -- for (i = outimg.maxval; i; i >>= 8) -- ++outimg.bytes_per_sample; -- -- writePam(&outimg, nfiles, coords, imgs); -+ { -+ *strchr(names[i], '.') = 0; -+ for (j = 0; names[i][j]; ++j) -+ { -+ if (ISLOWER(names[i][j])) -+ names[i][j] = TOUPPER(names[i][j]); -+ } -+ fprintf(header, "#define %s%sX %u\n" -+ "#define %s%sY %u\n" -+ "#define %s%sSZX %u\n" -+ "#define %s%sSZY %u\n" -+ "\n", -+ prefix, names[i], coords[i].x, -+ prefix, names[i], coords[i].y, -+ prefix, names[i], imgs[i].width, -+ prefix, names[i], imgs[i].height); -+ } -+ } - -- if (data) -- writeData(data, outimg.width, outimg.height, -- nfiles, names, coords, imgs); -+ for (i = 0; i < nfiles; ++i) -+ pm_close(imgs[i].file); -+ pm_close(stdout); - -- if (header) -- writeHeader(header, cmdline.prefix, outimg.width, outimg.height, -- nfiles, names, coords, imgs); -+ if (headfname) -+ pm_close(header); - -- for (i = 0; i < nfiles; ++i) -- pm_close(imgs[i].file); -- pm_close(stdout); -- if (header) -- pm_close(header); -- if (data) -- pm_close(data); -+ if (datafname) -+ pm_close(data); - -- return 0; -+ return 0; - } diff --git a/netpbm-security-code.patch b/netpbm-security-code.patch index e8fbc29..373c86d 100644 --- a/netpbm-security-code.patch +++ b/netpbm-security-code.patch @@ -1,39 +1,35 @@ -diff -up netpbm-10.47.04/analyzer/pgmtexture.c.security netpbm-10.47.04/analyzer/pgmtexture.c ---- netpbm-10.47.04/analyzer/pgmtexture.c.security 2009-10-21 13:38:55.000000000 +0200 -+++ netpbm-10.47.04/analyzer/pgmtexture.c 2009-10-21 15:09:33.000000000 +0200 -@@ -79,6 +79,9 @@ vector (int nl, int nh) - { - float *v; +diff -up netpbm-10.56.03/analyzer/pgmtexture.c.security-code netpbm-10.56.03/analyzer/pgmtexture.c +--- netpbm-10.56.03/analyzer/pgmtexture.c.security-code 2011-11-09 09:17:48.000000000 +0100 ++++ netpbm-10.56.03/analyzer/pgmtexture.c 2011-11-09 13:34:31.216370336 +0100 +@@ -97,7 +97,7 @@ vector(unsigned int const nl, + float * v; -+ if(nh < nl) -+ pm_error("assert: h < l"); + assert(nh >= nl); +- + overflow_add(nh - nl, 1); MALLOCARRAY(v, (unsigned) (nh - nl + 1)); + if (v == NULL) - pm_error("Unable to allocate memory for a vector."); -@@ -95,6 +98,9 @@ matrix (int nrl, int nrh, int ncl, int n - float **m; +@@ -129,6 +129,7 @@ matrix (unsigned int const nrl, + assert(nrh >= nrl); /* allocate pointers to rows */ -+ if(nrh < nrl) -+ pm_error("assert: h < l"); + overflow_add(nrh - nrl, 1); MALLOCARRAY(m, (unsigned) (nrh - nrl + 1)); if (m == NULL) pm_error("Unable to allocate memory for a matrix."); -@@ -102,6 +108,9 @@ matrix (int nrl, int nrh, int ncl, int n +@@ -136,7 +137,7 @@ matrix (unsigned int const nrl, m -= ncl; - /* allocate rows and set pointers to them */ -+ if(nch < ncl) -+ pm_error("assert: h < l"); + assert (nch >= ncl); +- + overflow_add(nch - ncl, 1); - for (i = nrl; i <= nrh; i++) - { + /* allocate rows and set pointers to them */ + for (i = nrl; i <= nrh; ++i) { MALLOCARRAY(m[i], (unsigned) (nch - ncl + 1)); -diff -up netpbm-10.47.04/converter/other/gemtopnm.c.security netpbm-10.47.04/converter/other/gemtopnm.c ---- netpbm-10.47.04/converter/other/gemtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/gemtopnm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/other/gemtopnm.c.security-code netpbm-10.56.03/converter/other/gemtopnm.c +--- netpbm-10.56.03/converter/other/gemtopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/gemtopnm.c 2011-11-09 13:11:20.643591439 +0100 @@ -106,6 +106,7 @@ main(argc, argv) pnm_writepnminit( stdout, cols, rows, MAXVAL, type, 0 ); @@ -42,10 +38,10 @@ diff -up netpbm-10.47.04/converter/other/gemtopnm.c.security netpbm-10.47.04/con { /* allocate input row data structure */ int plane; -diff -up netpbm-10.47.04/converter/other/jpegtopnm.c.security netpbm-10.47.04/converter/other/jpegtopnm.c ---- netpbm-10.47.04/converter/other/jpegtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/jpegtopnm.c 2009-10-21 15:54:30.000000000 +0200 -@@ -861,6 +861,8 @@ convertImage(FILE * +diff -up netpbm-10.56.03/converter/other/jpegtopnm.c.security-code netpbm-10.56.03/converter/other/jpegtopnm.c +--- netpbm-10.56.03/converter/other/jpegtopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/jpegtopnm.c 2011-11-09 13:11:20.644591445 +0100 +@@ -861,6 +861,8 @@ convertImage(FILE * /* Calculate output image dimensions so we can allocate space */ jpeg_calc_output_dimensions(cinfoP); @@ -54,9 +50,9 @@ diff -up netpbm-10.47.04/converter/other/jpegtopnm.c.security netpbm-10.47.04/co /* Start decompressor */ jpeg_start_decompress(cinfoP); -diff -up netpbm-10.47.04/converter/other/pbmtopgm.c.security netpbm-10.47.04/converter/other/pbmtopgm.c ---- netpbm-10.47.04/converter/other/pbmtopgm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pbmtopgm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/other/pbmtopgm.c.security-code netpbm-10.56.03/converter/other/pbmtopgm.c +--- netpbm-10.56.03/converter/other/pbmtopgm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pbmtopgm.c 2011-11-09 13:11:20.644591445 +0100 @@ -47,6 +47,7 @@ main(int argc, char *argv[]) { "than the image height (%u rows)", height, rows); @@ -65,10 +61,9 @@ diff -up netpbm-10.47.04/converter/other/pbmtopgm.c.security netpbm-10.47.04/con maxval = MIN(PGM_OVERALLMAXVAL, width*height); pgm_writepgminit(stdout, cols, rows, maxval, 0) ; -diff -up netpbm-10.47.04/converter/other/pngtopnm.c.security netpbm-10.47.04/converter/other/pngtopnm.c -diff -up netpbm-10.47.04/converter/other/pnmtoddif.c.security netpbm-10.47.04/converter/other/pnmtoddif.c ---- netpbm-10.47.04/converter/other/pnmtoddif.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtoddif.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/other/pnmtoddif.c.security-code netpbm-10.56.03/converter/other/pnmtoddif.c +--- netpbm-10.56.03/converter/other/pnmtoddif.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pnmtoddif.c 2011-11-09 13:11:20.645591451 +0100 @@ -632,6 +632,7 @@ main(int argc, char *argv[]) { switch (PNM_FORMAT_TYPE(format)) { case PBM_TYPE: @@ -85,9 +80,9 @@ diff -up netpbm-10.47.04/converter/other/pnmtoddif.c.security netpbm-10.47.04/co ip.bytes_per_line = 3 * cols; ip.bits_per_pixel = 24; ip.spectral = 5; -diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/converter/other/pnmtojpeg.c ---- netpbm-10.47.04/converter/other/pnmtojpeg.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtojpeg.c 2009-10-21 15:56:32.000000000 +0200 +diff -up netpbm-10.56.03/converter/other/pnmtojpeg.c.security-code netpbm-10.56.03/converter/other/pnmtojpeg.c +--- netpbm-10.56.03/converter/other/pnmtojpeg.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pnmtojpeg.c 2011-11-09 13:11:20.646591457 +0100 @@ -605,7 +605,11 @@ read_scan_script(j_compress_ptr const ci want JPOOL_PERMANENT. */ @@ -101,7 +96,7 @@ diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/co (jpeg_scan_info *) (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE, scan_info_size); -@@ -936,6 +940,8 @@ compute_rescaling_array(JSAMPLE ** const +@@ -937,6 +941,8 @@ compute_rescaling_array(JSAMPLE ** const const long half_maxval = maxval / 2; long val; @@ -110,7 +105,7 @@ diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/co *rescale_p = (JSAMPLE *) (cinfo.mem->alloc_small) ((j_common_ptr) &cinfo, JPOOL_IMAGE, (size_t) (((long) maxval + 1L) * -@@ -1014,6 +1020,7 @@ convert_scanlines(struct jpeg_compress_s +@@ -1015,6 +1021,7 @@ convert_scanlines(struct jpeg_compress_s */ /* Allocate the libpnm output and compressor input buffers */ @@ -118,37 +113,35 @@ diff -up netpbm-10.47.04/converter/other/pnmtojpeg.c.security netpbm-10.47.04/co buffer = (*cinfo_p->mem->alloc_sarray) ((j_common_ptr) cinfo_p, JPOOL_IMAGE, (unsigned int) cinfo_p->image_width * cinfo_p->input_components, -diff -up netpbm-10.47.04/converter/other/pnmtops.c.security netpbm-10.47.04/converter/other/pnmtops.c ---- netpbm-10.47.04/converter/other/pnmtops.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtops.c 2009-10-21 15:09:33.000000000 +0200 -@@ -186,16 +186,20 @@ parseCommandLine(int argc, char ** argv, - cmdlineP->canturn = !noturn; - cmdlineP->showpage = !noshowpage; +diff -up netpbm-10.56.03/converter/other/pnmtops.c.security-code netpbm-10.56.03/converter/other/pnmtops.c +--- netpbm-10.56.03/converter/other/pnmtops.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pnmtops.c 2011-11-09 14:27:34.229742326 +0100 +@@ -256,17 +256,21 @@ parseCommandLine(int argc, const char ** + validateCompDimension(width, 72, "-width value"); + validateCompDimension(height, 72, "-height value"); + overflow2(width, 72); cmdlineP->width = width * 72; + overflow2(height, 72); cmdlineP->height = height * 72; -- if (imagewidthSpec) -+ if (imagewidthSpec) { + if (imagewidthSpec) { + validateCompDimension(imagewidth, 72, "-imagewidth value"); + overflow2(imagewidth, 72); cmdlineP->imagewidth = imagewidth * 72; -- else -+ } else + } + else cmdlineP->imagewidth = 0; -- if (imageheightSpec) -+ if (imageheightSpec) { + if (imageheightSpec) { +- validateCompDimension(imagewidth, 72, "-imageheight value"); ++ validateCompDimension(imageheight, 72, "-imageheight value"); + overflow2(imageheight, 72); cmdlineP->imageheight = imageheight * 72; -- else -+ } else - cmdlineP->imageheight = 0; - - if (!cmdlineP->psfilter && -diff -up netpbm-10.47.04/converter/other/pnmtorle.c.security netpbm-10.47.04/converter/other/pnmtorle.c ---- netpbm-10.47.04/converter/other/pnmtorle.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtorle.c 2009-10-21 15:09:33.000000000 +0200 + } + else +diff -up netpbm-10.56.03/converter/other/pnmtorle.c.security-code netpbm-10.56.03/converter/other/pnmtorle.c +--- netpbm-10.56.03/converter/other/pnmtorle.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pnmtorle.c 2011-11-09 13:11:20.648591469 +0100 @@ -19,6 +19,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -158,33 +151,10 @@ diff -up netpbm-10.47.04/converter/other/pnmtorle.c.security netpbm-10.47.04/con */ /* * pnmtorle - A program which will convert pbmplus (ppm or pgm) images -diff -up netpbm-10.47.04/converter/other/pnmtosgi.c.security netpbm-10.47.04/converter/other/pnmtosgi.c ---- netpbm-10.47.04/converter/other/pnmtosgi.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/pnmtosgi.c 2009-10-21 15:09:33.000000000 +0200 -@@ -213,6 +213,22 @@ write_channels(cols, rows, channels, put - } - } - -+static void * -+xmalloc2(int x, int y) -+{ -+ void *mem; -+ -+ overflow2(x,y); -+ if( x * y == 0 ) -+ return NULL; -+ -+ mem = malloc2(x, y); -+ if( mem == NULL ) -+ pm_error("out of memory allocating %d bytes", x * y); -+ return mem; -+} -+ -+ - static void - put_big_short(short s) - { -@@ -250,6 +266,7 @@ build_channels(FILE *ifp, int cols, int +diff -up netpbm-10.56.03/converter/other/pnmtosgi.c.security-code netpbm-10.56.03/converter/other/pnmtosgi.c +--- netpbm-10.56.03/converter/other/pnmtosgi.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/pnmtosgi.c 2011-11-09 13:11:20.648591469 +0100 +@@ -254,6 +254,7 @@ build_channels(FILE * const ifp, int con #endif if( storage != STORAGE_VERBATIM ) { @@ -192,7 +162,7 @@ diff -up netpbm-10.47.04/converter/other/pnmtosgi.c.security netpbm-10.47.04/con MALLOCARRAY_NOFAIL(table, channels * rows); MALLOCARRAY_NOFAIL(rletemp, WORSTCOMPR(cols)); } -@@ -303,6 +320,8 @@ compress(temp, row, rows, cols, chan_no, +@@ -306,6 +307,8 @@ compress(ScanElem * temp, break; case STORAGE_RLE: tabrow = chan_no * rows + row; @@ -201,9 +171,9 @@ diff -up netpbm-10.47.04/converter/other/pnmtosgi.c.security netpbm-10.47.04/con len = rle_compress(temp, cols); /* writes result into rletemp */ channel[chan_no][row].length = len; MALLOCARRAY(p, len); -diff -up netpbm-10.47.04/converter/other/rletopnm.c.security netpbm-10.47.04/converter/other/rletopnm.c ---- netpbm-10.47.04/converter/other/rletopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/rletopnm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/other/rletopnm.c.security-code netpbm-10.56.03/converter/other/rletopnm.c +--- netpbm-10.56.03/converter/other/rletopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/rletopnm.c 2011-11-09 13:11:20.649591475 +0100 @@ -19,6 +19,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -213,31 +183,28 @@ diff -up netpbm-10.47.04/converter/other/rletopnm.c.security netpbm-10.47.04/con */ /* * rletopnm - A conversion program to convert from Utah's "rle" image format -diff -up netpbm-10.47.04/converter/other/sgitopnm.c.security netpbm-10.47.04/converter/other/sgitopnm.c ---- netpbm-10.47.04/converter/other/sgitopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/sgitopnm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -252,13 +252,17 @@ read_channels(ifp, head, table, func, oc - - if (ochan < 0) { - maxchannel = (head->zsize < 3) ? head->zsize : 3; +diff -up netpbm-10.56.03/converter/other/sgitopnm.c.security-code netpbm-10.56.03/converter/other/sgitopnm.c +--- netpbm-10.56.03/converter/other/sgitopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/sgitopnm.c 2011-11-09 14:31:58.849972480 +0100 +@@ -359,10 +359,14 @@ readChannels(FILE * const ifP, + MALLOCARRAY_NOFAIL(image, head->ysize); + } else { + maxchannel = MIN(3, head->zsize); + overflow2(head->ysize, maxchannel); MALLOCARRAY_NOFAIL(image, head->ysize * maxchannel); - } else { - maxchannel = ochan + 1; - MALLOCARRAY_NOFAIL(image, head->ysize); } -- if ( table ) -+ if ( table ) { +- if (table) ++ if (table) { + overflow2(head->xsize, 2); + overflow_add(head->xsize*2, 2); MALLOCARRAY_NOFAIL(temp, WORSTCOMPR(head->xsize)); + } - for( channel = 0; channel < maxchannel; channel++ ) { - #ifdef DEBUG -diff -up netpbm-10.47.04/converter/other/sirtopnm.c.security netpbm-10.47.04/converter/other/sirtopnm.c ---- netpbm-10.47.04/converter/other/sirtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/sirtopnm.c 2009-10-21 15:09:33.000000000 +0200 + for (channel = 0; channel < maxchannel; ++channel) { + unsigned int row; +diff -up netpbm-10.56.03/converter/other/sirtopnm.c.security-code netpbm-10.56.03/converter/other/sirtopnm.c +--- netpbm-10.56.03/converter/other/sirtopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/sirtopnm.c 2011-11-09 13:11:20.650591481 +0100 @@ -69,6 +69,7 @@ char* argv[]; } break; @@ -246,10 +213,10 @@ diff -up netpbm-10.47.04/converter/other/sirtopnm.c.security netpbm-10.47.04/con picsize = cols * rows * 3; planesize = cols * rows; if ( !( sirarray = (unsigned char*) malloc( picsize ) ) ) -diff -up netpbm-10.47.04/converter/other/tifftopnm.c.security netpbm-10.47.04/converter/other/tifftopnm.c ---- netpbm-10.47.04/converter/other/tifftopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/tifftopnm.c 2009-10-21 15:49:29.000000000 +0200 -@@ -1291,7 +1291,9 @@ convertRasterByRows(pnmOut * const +diff -up netpbm-10.56.03/converter/other/tifftopnm.c.security-code netpbm-10.56.03/converter/other/tifftopnm.c +--- netpbm-10.56.03/converter/other/tifftopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/tifftopnm.c 2011-11-09 13:11:20.651591487 +0100 +@@ -1279,7 +1279,9 @@ convertRasterByRows(pnmOut * const if (scanbuf == NULL) pm_error("can't allocate memory for scanline buffer"); @@ -260,9 +227,9 @@ diff -up netpbm-10.47.04/converter/other/tifftopnm.c.security netpbm-10.47.04/co if (samplebuf == NULL) pm_error("can't allocate memory for row buffer"); -diff -up netpbm-10.47.04/converter/other/xwdtopnm.c.security netpbm-10.47.04/converter/other/xwdtopnm.c ---- netpbm-10.47.04/converter/other/xwdtopnm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/other/xwdtopnm.c 2009-10-21 15:53:27.000000000 +0200 +diff -up netpbm-10.56.03/converter/other/xwdtopnm.c.security-code netpbm-10.56.03/converter/other/xwdtopnm.c +--- netpbm-10.56.03/converter/other/xwdtopnm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/other/xwdtopnm.c 2011-11-09 13:11:20.653591497 +0100 @@ -209,6 +209,10 @@ processX10Header(X10WDFileHeader * cons *colorsP = pnm_allocrow(2); PNM_ASSIGN1((*colorsP)[0], 0); @@ -282,32 +249,9 @@ diff -up netpbm-10.47.04/converter/other/xwdtopnm.c.security netpbm-10.47.04/con *padrightP = h11FixedP->bytes_per_line * 8 - h11FixedP->pixmap_width * h11FixedP->bits_per_pixel; -diff -up netpbm-10.47.04/converter/pbm/icontopbm.c.security netpbm-10.47.04/converter/pbm/icontopbm.c ---- netpbm-10.47.04/converter/pbm/icontopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/icontopbm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -11,6 +11,7 @@ - */ - - #include -+#include - - #include "nstring.h" - #include "pbm.h" -@@ -87,6 +88,11 @@ ReadIconFile(FILE * const - if ( *heightP <= 0 ) - pm_error( "invalid height (must be positive): %d", *heightP ); - -+ if ( *widthP > INT_MAX - 16 || *widthP < 0) -+ pm_error( "invalid width: %d", *widthP); -+ -+ overflow2(*widthP + 16, *heightP); -+ - data_length = BitmapSize( *widthP, *heightP ); - *dataP = (short unsigned int *) malloc( data_length ); - if ( *dataP == NULL ) -diff -up netpbm-10.47.04/converter/pbm/mdatopbm.c.security netpbm-10.47.04/converter/pbm/mdatopbm.c ---- netpbm-10.47.04/converter/pbm/mdatopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/mdatopbm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/mdatopbm.c.security-code netpbm-10.56.03/converter/pbm/mdatopbm.c +--- netpbm-10.56.03/converter/pbm/mdatopbm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/mdatopbm.c 2011-11-09 13:11:20.654591503 +0100 @@ -245,10 +245,13 @@ main(int argc, char **argv) { pm_readlittleshort(infile, &yy); nInCols = yy; } @@ -323,9 +267,9 @@ diff -up netpbm-10.47.04/converter/pbm/mdatopbm.c.security netpbm-10.47.04/conve data = pbm_allocarray(nOutCols, nOutRows); -diff -up netpbm-10.47.04/converter/pbm/mgrtopbm.c.security netpbm-10.47.04/converter/pbm/mgrtopbm.c ---- netpbm-10.47.04/converter/pbm/mgrtopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/mgrtopbm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/mgrtopbm.c.security-code netpbm-10.56.03/converter/pbm/mgrtopbm.c +--- netpbm-10.56.03/converter/pbm/mgrtopbm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/mgrtopbm.c 2011-11-09 13:11:20.655591509 +0100 @@ -65,6 +65,8 @@ readMgrHeader(FILE * const ifP, if (head.h_high < ' ' || head.l_high < ' ') pm_error("Invalid width field in MGR header"); @@ -335,58 +279,11 @@ diff -up netpbm-10.47.04/converter/pbm/mgrtopbm.c.security netpbm-10.47.04/conve *colsP = (((int)head.h_wide - ' ') << 6) + ((int)head.l_wide - ' '); *rowsP = (((int)head.h_high - ' ') << 6) + ((int) head.l_high - ' '); *padrightP = ( ( *colsP + pad - 1 ) / pad ) * pad - *colsP; -diff -up netpbm-10.47.04/converter/pbm/pbmto10x.c.security netpbm-10.47.04/converter/pbm/pbmto10x.c ---- netpbm-10.47.04/converter/pbm/pbmto10x.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmto10x.c 2009-10-21 15:09:33.000000000 +0200 -@@ -162,7 +162,7 @@ main(int argc, char * argv[]) { - res_60x72(); - - pm_close(ifp); -- exit(0); -+ return 0; - } - - -diff -up netpbm-10.47.04/converter/pbm/pbmto4425.c.security netpbm-10.47.04/converter/pbm/pbmto4425.c ---- netpbm-10.47.04/converter/pbm/pbmto4425.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmto4425.c 2009-10-21 15:09:33.000000000 +0200 -@@ -2,6 +2,7 @@ - - #include "nstring.h" - #include "pbm.h" -+#include - - static char bit_table[2][3] = { - {1, 4, 0x10}, -@@ -160,7 +161,7 @@ main(int argc, char * argv[]) { - xres = vmap_width * 2; - yres = vmap_height * 3; - -- vmap = malloc(vmap_width * vmap_height * sizeof(char)); -+ vmap = malloc3(vmap_width, vmap_height, sizeof(char)); - if(vmap == NULL) - { - pm_error( "Cannot allocate memory" ); -diff -up netpbm-10.47.04/converter/pbm/pbmtoascii.c.security netpbm-10.47.04/converter/pbm/pbmtoascii.c ---- netpbm-10.47.04/converter/pbm/pbmtoascii.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoascii.c 2009-10-21 15:09:33.000000000 +0200 -@@ -115,9 +115,11 @@ char* argv[]; - pm_usage( usage ); - - pbm_readpbminit( ifp, &cols, &rows, &format ); -+ overflow_add(cols, gridx); - ccols = ( cols + gridx - 1 ) / gridx; - bitrow = pbm_allocrow( cols ); - sig = (int*) pm_allocrow( ccols, sizeof(int) ); -+ overflow_add(ccols, 1); - line = (char*) pm_allocrow( ccols + 1, sizeof(char) ); - - for ( row = 0; row < rows; row += gridy ) -diff -up netpbm-10.47.04/converter/pbm/pbmtocmuwm.c.security netpbm-10.47.04/converter/pbm/pbmtocmuwm.c -diff -up netpbm-10.47.04/converter/pbm/pbmtogem.c.security netpbm-10.47.04/converter/pbm/pbmtogem.c ---- netpbm-10.47.04/converter/pbm/pbmtogem.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtogem.c 2009-10-21 15:09:33.000000000 +0200 -@@ -123,6 +123,7 @@ putinit (rows, cols) +diff -up netpbm-10.56.03/converter/pbm/pbmtoascii.c.security-code netpbm-10.56.03/converter/pbm/pbmtoascii.c +diff -up netpbm-10.56.03/converter/pbm/pbmtogem.c.security-code netpbm-10.56.03/converter/pbm/pbmtogem.c +--- netpbm-10.56.03/converter/pbm/pbmtogem.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtogem.c 2011-11-09 13:11:20.657591521 +0100 +@@ -79,6 +79,7 @@ putinit (int const rows, int const cols) bitsperitem = 0; bitshift = 7; outcol = 0; @@ -394,9 +291,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtogem.c.security netpbm-10.47.04/conve outmax = (cols + 7) / 8; outrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char)); lastrow = (unsigned char *) pm_allocrow (outmax, sizeof (unsigned char)); -diff -up netpbm-10.47.04/converter/pbm/pbmtogo.c.security netpbm-10.47.04/converter/pbm/pbmtogo.c ---- netpbm-10.47.04/converter/pbm/pbmtogo.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtogo.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmtogo.c.security-code netpbm-10.56.03/converter/pbm/pbmtogo.c +--- netpbm-10.56.03/converter/pbm/pbmtogo.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtogo.c 2011-11-09 13:11:20.657591521 +0100 @@ -158,6 +158,7 @@ main(int argc, bitrow = pbm_allocrow(cols); @@ -405,20 +302,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtogo.c.security netpbm-10.47.04/conver rucols = ( cols + 7 ) / 8; bytesperrow = rucols; /* GraphOn uses bytes */ rucols = rucols * 8; -diff -up netpbm-10.47.04/converter/pbm/pbmtoicon.c.security netpbm-10.47.04/converter/pbm/pbmtoicon.c ---- netpbm-10.47.04/converter/pbm/pbmtoicon.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoicon.c 2009-10-21 15:38:55.000000000 +0200 -@@ -114,6 +114,7 @@ writeIcon(FILE * const ifP, - unsigned char * bitrow; - unsigned int row; - -+ overflow_add(cols, 15); - bitbuffer = pbm_allocrow_packed(cols + wordintSize); - bitrow = &bitbuffer[1]; - bitbuffer[0] = 0; -diff -up netpbm-10.47.04/converter/pbm/pbmtolj.c.security netpbm-10.47.04/converter/pbm/pbmtolj.c ---- netpbm-10.47.04/converter/pbm/pbmtolj.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtolj.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmtolj.c.security-code netpbm-10.56.03/converter/pbm/pbmtolj.c +--- netpbm-10.56.03/converter/pbm/pbmtolj.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtolj.c 2011-11-09 13:11:20.658591527 +0100 @@ -120,7 +120,11 @@ parseCommandLine(int argc, char ** argv, static void allocateBuffers(unsigned int const cols) { @@ -431,9 +317,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtolj.c.security netpbm-10.47.04/conver packBufferSize = rowBufferSize + (rowBufferSize + 127) / 128 + 1; deltaBufferSize = rowBufferSize + rowBufferSize / 8 + 10; -diff -up netpbm-10.47.04/converter/pbm/pbmtomacp.c.security netpbm-10.47.04/converter/pbm/pbmtomacp.c ---- netpbm-10.47.04/converter/pbm/pbmtomacp.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtomacp.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmtomacp.c.security-code netpbm-10.56.03/converter/pbm/pbmtomacp.c +--- netpbm-10.56.03/converter/pbm/pbmtomacp.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtomacp.c 2011-11-09 13:11:20.658591527 +0100 @@ -101,6 +101,7 @@ char *argv[]; if( !lflg ) left = 0; @@ -451,9 +337,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtomacp.c.security netpbm-10.47.04/conv if( bflg ) { if( bottom - top >= MAX_LINES ) bottom = top + MAX_LINES - 1; -diff -up netpbm-10.47.04/converter/pbm/pbmtomda.c.security netpbm-10.47.04/converter/pbm/pbmtomda.c ---- netpbm-10.47.04/converter/pbm/pbmtomda.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtomda.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmtomda.c.security-code netpbm-10.56.03/converter/pbm/pbmtomda.c +--- netpbm-10.56.03/converter/pbm/pbmtomda.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtomda.c 2011-11-09 13:11:20.659591533 +0100 @@ -179,6 +179,7 @@ int main(int argc, char **argv) nOutRowsUnrounded = bScale ? nInRows/2 : nInRows; @@ -462,11 +348,10 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtomda.c.security netpbm-10.47.04/conve nOutRows = ((nOutRowsUnrounded + 3) / 4) * 4; /* MDA wants rows a multiple of 4 */ nOutCols = nInCols / 8; -diff -up netpbm-10.47.04/converter/pbm/pbmtomgr.c.security netpbm-10.47.04/converter/pbm/pbmtomgr.c -diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c.security netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c ---- netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -105,6 +105,7 @@ int pbm_readline(pbm_stat* pbm,unsigned +diff -up netpbm-10.56.03/converter/pbm/pbmtoppa/pbm.c.security-code netpbm-10.56.03/converter/pbm/pbmtoppa/pbm.c +--- netpbm-10.56.03/converter/pbm/pbmtoppa/pbm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtoppa/pbm.c 2011-11-09 13:11:20.659591533 +0100 +@@ -105,6 +105,7 @@ int pbm_readline(pbm_stat* pbm,unsigned return 0; case P4: @@ -484,9 +369,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbm.c.security netpbm-10.47.04/c memcpy (pbm->revdata, data, (pbm->width+7)/8); pbm->current_line--; } -diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c.security netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c ---- netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmtoppa/pbmtoppa.c.security-code netpbm-10.56.03/converter/pbm/pbmtoppa/pbmtoppa.c +--- netpbm-10.56.03/converter/pbm/pbmtoppa/pbmtoppa.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtoppa/pbmtoppa.c 2011-11-09 13:11:20.660591539 +0100 @@ -441,6 +441,7 @@ main(int argc, char *argv[]) { pm_error("main(): unrecognized parameter '%s'", argv[argn]); } @@ -495,9 +380,9 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoppa/pbmtoppa.c.security netpbm-10.47 Pwidth=(Width+7)/8; printer.fptr=out; -diff -up netpbm-10.47.04/converter/pbm/pbmtoxbm.c.security netpbm-10.47.04/converter/pbm/pbmtoxbm.c ---- netpbm-10.47.04/converter/pbm/pbmtoxbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoxbm.c 2009-10-21 15:36:54.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmtoxbm.c.security-code netpbm-10.56.03/converter/pbm/pbmtoxbm.c +--- netpbm-10.56.03/converter/pbm/pbmtoxbm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtoxbm.c 2011-11-09 13:11:20.660591539 +0100 @@ -335,6 +335,8 @@ convertRaster(FILE * const ifP, unsigned char * bitrow; @@ -507,20 +392,20 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtoxbm.c.security netpbm-10.47.04/conve putinit(xbmVersion); -diff -up netpbm-10.47.04/converter/pbm/pbmtoybm.c.security netpbm-10.47.04/converter/pbm/pbmtoybm.c ---- netpbm-10.47.04/converter/pbm/pbmtoybm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtoybm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -45,6 +45,7 @@ main( argc, argv ) - bitrow = pbm_allocrow( cols ); +diff -up netpbm-10.56.03/converter/pbm/pbmtoybm.c.security-code netpbm-10.56.03/converter/pbm/pbmtoybm.c +--- netpbm-10.56.03/converter/pbm/pbmtoybm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtoybm.c 2011-11-09 13:36:51.894456270 +0100 +@@ -113,6 +113,7 @@ main(int argc, const char *argv[]) { + bitrow = pbm_allocrow(cols); /* Compute padding to round cols up to the nearest multiple of 16. */ + overflow_add(cols, 16); - padright = ( ( cols + 15 ) / 16 ) * 16 - cols; + padright = ((cols + 15) / 16) * 16 - cols; - putinit( cols, rows ); -diff -up netpbm-10.47.04/converter/pbm/pbmtozinc.c.security netpbm-10.47.04/converter/pbm/pbmtozinc.c ---- netpbm-10.47.04/converter/pbm/pbmtozinc.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pbmtozinc.c 2009-10-21 15:09:33.000000000 +0200 + putinit(cols, rows); +diff -up netpbm-10.56.03/converter/pbm/pbmtozinc.c.security-code netpbm-10.56.03/converter/pbm/pbmtozinc.c +--- netpbm-10.56.03/converter/pbm/pbmtozinc.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmtozinc.c 2011-11-09 13:11:20.661591545 +0100 @@ -65,6 +65,7 @@ main(int argc, char * argv[]) { bitrow = pbm_allocrow( cols ); @@ -529,9 +414,41 @@ diff -up netpbm-10.47.04/converter/pbm/pbmtozinc.c.security netpbm-10.47.04/conv padright = ( ( cols + 15 ) / 16 ) * 16 - cols; printf( "USHORT %s[] = {\n",name); -diff -up netpbm-10.47.04/converter/pbm/pktopbm.c.security netpbm-10.47.04/converter/pbm/pktopbm.c ---- netpbm-10.47.04/converter/pbm/pktopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/pktopbm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pbm/pbmto10x.c.security-code netpbm-10.56.03/converter/pbm/pbmto10x.c +--- netpbm-10.56.03/converter/pbm/pbmto10x.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmto10x.c 2011-11-09 13:11:20.655591509 +0100 +@@ -162,7 +162,7 @@ main(int argc, char * argv[]) { + res_60x72(); + + pm_close(ifp); +- exit(0); ++ return 0; + } + + +diff -up netpbm-10.56.03/converter/pbm/pbmto4425.c.security-code netpbm-10.56.03/converter/pbm/pbmto4425.c +--- netpbm-10.56.03/converter/pbm/pbmto4425.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pbmto4425.c 2011-11-09 13:11:20.656591515 +0100 +@@ -2,6 +2,7 @@ + + #include "nstring.h" + #include "pbm.h" ++#include + + static char bit_table[2][3] = { + {1, 4, 0x10}, +@@ -160,7 +161,7 @@ main(int argc, char * argv[]) { + xres = vmap_width * 2; + yres = vmap_height * 3; + +- vmap = malloc(vmap_width * vmap_height * sizeof(char)); ++ vmap = malloc3(vmap_width, vmap_height, sizeof(char)); + if(vmap == NULL) + { + pm_error( "Cannot allocate memory" ); +diff -up netpbm-10.56.03/converter/pbm/pktopbm.c.security-code netpbm-10.56.03/converter/pbm/pktopbm.c +--- netpbm-10.56.03/converter/pbm/pktopbm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/pktopbm.c 2011-11-09 13:11:20.661591545 +0100 @@ -277,6 +277,7 @@ main(int argc, char *argv[]) { if (flagbyte == 7) { /* long form preamble */ integer packetlength = get32() ; /* character packet length */ @@ -540,10 +457,10 @@ diff -up netpbm-10.47.04/converter/pbm/pktopbm.c.security netpbm-10.47.04/conver endofpacket = packetlength + pktopbm_pkloc; /* calculate end of packet */ if ((car >= MAXPKCHAR) || !filename[car]) { -diff -up netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security netpbm-10.47.04/converter/pbm/thinkjettopbm.l ---- netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/thinkjettopbm.l 2009-10-21 15:09:33.000000000 +0200 -@@ -107,7 +107,9 @@ DIG [0-9] +diff -up netpbm-10.56.03/converter/pbm/thinkjettopbm.l.security-code netpbm-10.56.03/converter/pbm/thinkjettopbm.l +--- netpbm-10.56.03/converter/pbm/thinkjettopbm.l.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/thinkjettopbm.l 2011-11-09 13:11:20.662591551 +0100 +@@ -114,7 +114,9 @@ DIG [0-9] \033\*b{DIG}+W { int l; if (rowCount >= rowCapacity) { @@ -553,7 +470,7 @@ diff -up netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security netpbm-10.47.04/ rows = realloc (rows, rowCapacity * sizeof *rows); if (rows == NULL) pm_error ("Out of memory."); -@@ -217,6 +219,8 @@ yywrap (void) +@@ -226,6 +228,8 @@ yywrap (void) /* * Quite simple since ThinkJet bit arrangement matches PBM */ @@ -562,20 +479,20 @@ diff -up netpbm-10.47.04/converter/pbm/thinkjettopbm.l.security netpbm-10.47.04/ pbm_writepbminit(stdout, maxRowLength*8, rowCount, 0); packed_bitrow = malloc(maxRowLength); -diff -up netpbm-10.47.04/converter/pbm/ybmtopbm.c.security netpbm-10.47.04/converter/pbm/ybmtopbm.c ---- netpbm-10.47.04/converter/pbm/ybmtopbm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/pbm/ybmtopbm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -88,6 +88,7 @@ getinit( file, colsP, rowsP, depthP, pad - pm_error( "EOF / read error" ); +diff -up netpbm-10.56.03/converter/pbm/ybmtopbm.c.security-code netpbm-10.56.03/converter/pbm/ybmtopbm.c +--- netpbm-10.56.03/converter/pbm/ybmtopbm.c.security-code 2011-11-09 09:18:07.000000000 +0100 ++++ netpbm-10.56.03/converter/pbm/ybmtopbm.c 2011-11-09 13:37:27.308618676 +0100 +@@ -49,6 +49,7 @@ getinit(FILE * const ifP, + pm_error("EOF / read error"); *depthP = 1; + overflow_add(*colsP, 15); - *padrightP = ( ( *colsP + 15 ) / 16 ) * 16 - *colsP; - bitsperitem = 0; - } -diff -up netpbm-10.47.04/converter/pgm/lispmtopgm.c.security netpbm-10.47.04/converter/pgm/lispmtopgm.c ---- netpbm-10.47.04/converter/pgm/lispmtopgm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/pgm/lispmtopgm.c 2009-10-21 15:09:33.000000000 +0200 + *padrightP = ((*colsP + 15) / 16) * 16 - *colsP; + } + +diff -up netpbm-10.56.03/converter/pgm/lispmtopgm.c.security-code netpbm-10.56.03/converter/pgm/lispmtopgm.c +--- netpbm-10.56.03/converter/pgm/lispmtopgm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/pgm/lispmtopgm.c 2011-11-09 13:11:20.663591557 +0100 @@ -58,6 +58,7 @@ main( argc, argv ) pm_error( "depth (%d bits) is too large", depth); @@ -595,9 +512,9 @@ diff -up netpbm-10.47.04/converter/pgm/lispmtopgm.c.security netpbm-10.47.04/con *padrightP = ( ( *colsP + 31 ) / 32 ) * 32 - *colsP; if ( *colsP != (cols_32 - *padrightP) ) { -diff -up netpbm-10.47.04/converter/pgm/psidtopgm.c.security netpbm-10.47.04/converter/pgm/psidtopgm.c ---- netpbm-10.47.04/converter/pgm/psidtopgm.c.security 2009-10-21 13:39:06.000000000 +0200 -+++ netpbm-10.47.04/converter/pgm/psidtopgm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/pgm/psidtopgm.c.security-code netpbm-10.56.03/converter/pgm/psidtopgm.c +--- netpbm-10.56.03/converter/pgm/psidtopgm.c.security-code 2011-11-09 09:18:00.000000000 +0100 ++++ netpbm-10.56.03/converter/pgm/psidtopgm.c 2011-11-09 13:11:20.663591557 +0100 @@ -78,6 +78,7 @@ main(int argc, pm_error("bits/sample (%d) is too large.", bitspersample); @@ -606,10 +523,10 @@ diff -up netpbm-10.47.04/converter/pgm/psidtopgm.c.security netpbm-10.47.04/conv grayrow = pgm_allocrow((cols + 7) / 8 * 8); for (row = 0; row < rows; ++row) { unsigned int col; -diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/converter/ppm/ilbmtoppm.c ---- netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ilbmtoppm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -594,6 +594,7 @@ decode_row(FILE * const ifP, +diff -up netpbm-10.56.03/converter/ppm/ilbmtoppm.c.security-code netpbm-10.56.03/converter/ppm/ilbmtoppm.c +--- netpbm-10.56.03/converter/ppm/ilbmtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/ilbmtoppm.c 2011-11-09 13:11:20.664591563 +0100 +@@ -592,6 +592,7 @@ decode_row(FILE * const ifP, rawtype *chp; cols = bmhdP->w; @@ -617,7 +534,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv bytes = RowBytes(cols); for( plane = 0; plane < nPlanes; plane++ ) { int mask; -@@ -681,6 +682,23 @@ decode_mask(FILE * const ifP, +@@ -679,6 +680,23 @@ decode_mask(FILE * const ifP, Multipalette handling ****************************************************************************/ @@ -641,7 +558,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv static void multi_adjust(cmap, row, palchange) -@@ -1300,6 +1318,9 @@ dcol_to_ppm(FILE * const ifP, +@@ -1341,6 +1359,9 @@ dcol_to_ppm(FILE * const ifP, if( redmaxval != maxval || greenmaxval != maxval || bluemaxval != maxval ) pm_message("scaling colors to %d bits", pm_maxvaltobits(maxval)); @@ -651,7 +568,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(redtable, redmaxval +1); MALLOCARRAY_NOFAIL(greentable, greenmaxval +1); MALLOCARRAY_NOFAIL(bluetable, bluemaxval +1); -@@ -1729,7 +1750,9 @@ PCHG_ConvertSmall(PCHG, cmap, mask, data +@@ -1763,7 +1784,9 @@ PCHG_ConvertSmall(PCHG, cmap, mask, data ChangeCount32 = *data++; datasize -= 2; @@ -661,7 +578,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv for( i = 0; i < changes; i++ ) { if( totalchanges >= PCHG->TotalChanges ) goto fail; if( datasize < 2 ) goto fail; -@@ -1994,6 +2017,9 @@ read_pchg(FILE * const ifp, +@@ -2028,6 +2051,9 @@ read_pchg(FILE * const ifp, cmap->mp_change[i] = NULL; if( PCHG.StartLine < 0 ) { int nch; @@ -671,7 +588,7 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv nch = PCHG.MaxReg - PCHG.MinReg +1; MALLOCARRAY_NOFAIL(cmap->mp_init, nch + 1); for( i = 0; i < nch; i++ ) -@@ -2070,6 +2096,7 @@ process_body( FILE * const ifp, +@@ -2104,6 +2130,7 @@ process_body( FILE * const ifp, if( typeid == ID_ILBM ) { int isdeep; @@ -679,9 +596,9 @@ diff -up netpbm-10.47.04/converter/ppm/ilbmtoppm.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(ilbmrow, RowBytes(bmhdP->w)); *viewportmodesP |= fakeviewport; /* -isham/-isehb */ -diff -up netpbm-10.47.04/converter/ppm/imgtoppm.c.security netpbm-10.47.04/converter/ppm/imgtoppm.c ---- netpbm-10.47.04/converter/ppm/imgtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/imgtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/imgtoppm.c.security-code netpbm-10.56.03/converter/ppm/imgtoppm.c +--- netpbm-10.56.03/converter/ppm/imgtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/imgtoppm.c 2011-11-09 13:11:20.665591569 +0100 @@ -84,6 +84,7 @@ main(int argc, char ** argv) { len = atoi((char*) buf ); if ( fread( buf, len, 1, ifp ) != 1 ) @@ -698,22 +615,22 @@ diff -up netpbm-10.47.04/converter/ppm/imgtoppm.c.security netpbm-10.47.04/conve if ( len != cols * rows ) pm_message( "pixel data length (%d) does not match image size (%d)", -diff -up netpbm-10.47.04/converter/ppm/Makefile.security netpbm-10.47.04/converter/ppm/Makefile ---- netpbm-10.47.04/converter/ppm/Makefile.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/Makefile 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/Makefile.security-code netpbm-10.56.03/converter/ppm/Makefile +--- netpbm-10.56.03/converter/ppm/Makefile.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/Makefile 2011-11-09 14:33:40.386198300 +0100 @@ -11,7 +11,7 @@ SUBDIRS = hpcdtoppm ppmtompeg PORTBINARIES = 411toppm eyuvtoppm gouldtoppm ilbmtoppm imgtoppm \ leaftoppm mtvtoppm neotoppm \ - pcxtoppm pc1toppm pi1toppm picttoppm pjtoppm \ + pcxtoppm pc1toppm pi1toppm pjtoppm \ - ppmtoacad ppmtoarbtxt \ + ppmtoacad ppmtoapplevol ppmtoarbtxt ppmtoascii \ ppmtobmp ppmtoeyuv ppmtogif ppmtoicr ppmtoilbm \ ppmtoleaf ppmtolj ppmtomitsu ppmtoneo \ -diff -up netpbm-10.47.04/converter/ppm/pcxtoppm.c.security netpbm-10.47.04/converter/ppm/pcxtoppm.c ---- netpbm-10.47.04/converter/ppm/pcxtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/pcxtoppm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes, +diff -up netpbm-10.56.03/converter/ppm/pcxtoppm.c.security-code netpbm-10.56.03/converter/ppm/pcxtoppm.c +--- netpbm-10.56.03/converter/ppm/pcxtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/pcxtoppm.c 2011-11-09 13:11:20.666591575 +0100 +@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes, /* * clear the pixel buffer */ @@ -729,18 +646,18 @@ diff -up netpbm-10.47.04/converter/ppm/pcxtoppm.c.security netpbm-10.47.04/conve rawcols = BytesPerLine * 8 / BitsPerPixel; if (headerCols > rawcols) { pm_message("warning - BytesPerLine = %d, " -diff -up netpbm-10.47.04/converter/ppm/picttoppm.c.security netpbm-10.47.04/converter/ppm/picttoppm.c ---- netpbm-10.47.04/converter/ppm/picttoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/picttoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/picttoppm.c.security-code netpbm-10.56.03/converter/ppm/picttoppm.c +--- netpbm-10.56.03/converter/ppm/picttoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/picttoppm.c 2011-11-09 13:11:20.668591585 +0100 @@ -1,3 +1,5 @@ +#error "Unfixable. Don't ship me" + /* * picttoppm.c -- convert a MacIntosh PICT file to PPM format. * -diff -up netpbm-10.47.04/converter/ppm/pjtoppm.c.security netpbm-10.47.04/converter/ppm/pjtoppm.c ---- netpbm-10.47.04/converter/ppm/pjtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/pjtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/pjtoppm.c.security-code netpbm-10.56.03/converter/ppm/pjtoppm.c +--- netpbm-10.56.03/converter/ppm/pjtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/pjtoppm.c 2011-11-09 13:11:20.669591591 +0100 @@ -127,19 +127,21 @@ main(argc, argv) case 'V': /* send plane */ case 'W': /* send last plane */ @@ -790,9 +707,9 @@ diff -up netpbm-10.47.04/converter/ppm/pjtoppm.c.security netpbm-10.47.04/conver cols *= 8; } -diff -up netpbm-10.47.04/converter/ppm/ppmtoeyuv.c.security netpbm-10.47.04/converter/ppm/ppmtoeyuv.c ---- netpbm-10.47.04/converter/ppm/ppmtoeyuv.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoeyuv.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/ppmtoeyuv.c.security-code netpbm-10.56.03/converter/ppm/ppmtoeyuv.c +--- netpbm-10.56.03/converter/ppm/ppmtoeyuv.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/ppmtoeyuv.c 2011-11-09 13:11:20.670591597 +0100 @@ -114,6 +114,7 @@ create_multiplication_tables(const pixva int index; @@ -801,9 +718,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoeyuv.c.security netpbm-10.47.04/conv MALLOCARRAY_NOFAIL(mult299 , maxval+1); MALLOCARRAY_NOFAIL(mult587 , maxval+1); MALLOCARRAY_NOFAIL(mult114 , maxval+1); -diff -up netpbm-10.47.04/converter/ppm/ppmtoicr.c.security netpbm-10.47.04/converter/ppm/ppmtoicr.c ---- netpbm-10.47.04/converter/ppm/ppmtoicr.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoicr.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/ppmtoicr.c.security-code netpbm-10.56.03/converter/ppm/ppmtoicr.c +--- netpbm-10.56.03/converter/ppm/ppmtoicr.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/ppmtoicr.c 2011-11-09 13:11:20.670591597 +0100 @@ -169,7 +169,7 @@ char* argv[]; if (rleflag) { @@ -813,10 +730,10 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoicr.c.security netpbm-10.47.04/conve p = testimage; for (i=0; i PCL_MAXVAL) @@ -948,9 +865,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtopjxl.c.security netpbm-10.47.04/conv inrow = (char *)malloc((unsigned)bpp); outrow = (char *)malloc((unsigned)bpp*2); runcnt = (signed char *)malloc((unsigned)bpp); -diff -up netpbm-10.47.04/converter/ppm/ppmtowinicon.c.security netpbm-10.47.04/converter/ppm/ppmtowinicon.c ---- netpbm-10.47.04/converter/ppm/ppmtowinicon.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtowinicon.c 2009-10-21 15:44:54.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/ppmtowinicon.c.security-code netpbm-10.56.03/converter/ppm/ppmtowinicon.c +--- netpbm-10.56.03/converter/ppm/ppmtowinicon.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/ppmtowinicon.c 2011-11-09 13:11:20.678591645 +0100 @@ -12,6 +12,7 @@ #include @@ -994,10 +911,10 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtowinicon.c.security netpbm-10.47.04/c entry->size_in_bytes = xorBitmap->size + andBitmap->size + 40 + (4 * entry->color_count); if (verbose) -diff -up netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security netpbm-10.47.04/converter/ppm/ppmtoxpm.c ---- netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ppmtoxpm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -197,6 +197,7 @@ genNumstr(unsigned int const input, int +diff -up netpbm-10.56.03/converter/ppm/ppmtoxpm.c.security-code netpbm-10.56.03/converter/ppm/ppmtoxpm.c +--- netpbm-10.56.03/converter/ppm/ppmtoxpm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/ppmtoxpm.c 2011-11-09 13:11:20.679591651 +0100 +@@ -197,6 +197,7 @@ genNumstr(unsigned int const input, int unsigned int i; /* Allocate memory for printed number. Abort if error. */ @@ -1005,7 +922,7 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security netpbm-10.47.04/conve if (!(str = (char *) malloc(digits + 1))) pm_error("out of memory"); -@@ -314,6 +315,7 @@ genCmap(colorhist_vector const chv, +@@ -314,6 +315,7 @@ genCmap(colorhist_vector const chv, unsigned int charsPerPixel; unsigned int xpmMaxval; @@ -1013,9 +930,9 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtoxpm.c.security netpbm-10.47.04/conve MALLOCARRAY(cmap, cmapSize); if (cmapP == NULL) pm_error("Out of memory allocating %u bytes for a color map.", -diff -up netpbm-10.47.04/converter/ppm/qrttoppm.c.security netpbm-10.47.04/converter/ppm/qrttoppm.c ---- netpbm-10.47.04/converter/ppm/qrttoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/qrttoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/qrttoppm.c.security-code netpbm-10.56.03/converter/ppm/qrttoppm.c +--- netpbm-10.56.03/converter/ppm/qrttoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/qrttoppm.c 2011-11-09 13:11:20.679591651 +0100 @@ -46,7 +46,7 @@ main( argc, argv ) ppm_writeppminit( stdout, cols, rows, maxval, 0 ); @@ -1025,9 +942,9 @@ diff -up netpbm-10.47.04/converter/ppm/qrttoppm.c.security netpbm-10.47.04/conve if ( buf == (unsigned char *) 0 ) pm_error( "out of memory" ); -diff -up netpbm-10.47.04/converter/ppm/sldtoppm.c.security netpbm-10.47.04/converter/ppm/sldtoppm.c ---- netpbm-10.47.04/converter/ppm/sldtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/sldtoppm.c 2009-10-21 15:44:11.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/sldtoppm.c.security-code netpbm-10.56.03/converter/ppm/sldtoppm.c +--- netpbm-10.56.03/converter/ppm/sldtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/sldtoppm.c 2011-11-09 13:11:20.680591657 +0100 @@ -455,6 +455,8 @@ slider(slvecfn slvec, /* Allocate image buffer and clear it to black. */ @@ -1037,9 +954,9 @@ diff -up netpbm-10.47.04/converter/ppm/sldtoppm.c.security netpbm-10.47.04/conve pixels = ppm_allocarray(pixcols = ixdots + 1, pixrows = iydots + 1); PPM_ASSIGN(rgbcolor, 0, 0, 0); ppmd_filledrectangle(pixels, pixcols, pixrows, pixmaxval, 0, 0, -diff -up netpbm-10.47.04/converter/ppm/ximtoppm.c.security netpbm-10.47.04/converter/ppm/ximtoppm.c ---- netpbm-10.47.04/converter/ppm/ximtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/ximtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/ximtoppm.c.security-code netpbm-10.56.03/converter/ppm/ximtoppm.c +--- netpbm-10.56.03/converter/ppm/ximtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/ximtoppm.c 2011-11-09 13:11:20.681591662 +0100 @@ -117,6 +117,7 @@ ReadXimHeader(FILE * const in_fp, header->bits_channel = atoi(a_head.bits_per_channel); header->alpha_flag = atoi(a_head.alpha_channel); @@ -1072,10 +989,10 @@ diff -up netpbm-10.47.04/converter/ppm/ximtoppm.c.security netpbm-10.47.04/conve header->colors = (Color *)calloc((unsigned int)header->ncolors, sizeof(Color)); if (header->colors == NULL) { -diff -up netpbm-10.47.04/converter/ppm/xpmtoppm.c.security netpbm-10.47.04/converter/ppm/xpmtoppm.c ---- netpbm-10.47.04/converter/ppm/xpmtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/xpmtoppm.c 2009-10-21 15:09:33.000000000 +0200 -@@ -701,6 +701,7 @@ ReadXPMFile(FILE * const stream, int * c +diff -up netpbm-10.56.03/converter/ppm/xpmtoppm.c.security-code netpbm-10.56.03/converter/ppm/xpmtoppm.c +--- netpbm-10.56.03/converter/ppm/xpmtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/xpmtoppm.c 2011-11-09 13:11:20.682591667 +0100 +@@ -759,6 +759,7 @@ ReadXPMFile(FILE * const stream, int * c &ncolors, colorsP, &ptab); *transparentP = -1; /* No transparency in version 1 */ } @@ -1083,9 +1000,9 @@ diff -up netpbm-10.47.04/converter/ppm/xpmtoppm.c.security netpbm-10.47.04/conve totalpixels = *widthP * *heightP; MALLOCARRAY(*dataP, totalpixels); if (*dataP == NULL) -diff -up netpbm-10.47.04/converter/ppm/yuvtoppm.c.security netpbm-10.47.04/converter/ppm/yuvtoppm.c ---- netpbm-10.47.04/converter/ppm/yuvtoppm.c.security 2009-10-21 13:39:10.000000000 +0200 -+++ netpbm-10.47.04/converter/ppm/yuvtoppm.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/converter/ppm/yuvtoppm.c.security-code netpbm-10.56.03/converter/ppm/yuvtoppm.c +--- netpbm-10.56.03/converter/ppm/yuvtoppm.c.security-code 2011-11-09 09:18:06.000000000 +0100 ++++ netpbm-10.56.03/converter/ppm/yuvtoppm.c 2011-11-09 13:11:20.682591667 +0100 @@ -72,6 +72,7 @@ main(argc, argv) ppm_writeppminit(stdout, cols, rows, (pixval) 255, 0); @@ -1094,9 +1011,9 @@ diff -up netpbm-10.47.04/converter/ppm/yuvtoppm.c.security netpbm-10.47.04/conve MALLOCARRAY(yuvbuf, (cols+1)/2); if (yuvbuf == NULL) pm_error("Unable to allocate YUV buffer for %d columns.", cols); -diff -up netpbm-10.47.04/editor/pamcut.c.security netpbm-10.47.04/editor/pamcut.c ---- netpbm-10.47.04/editor/pamcut.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pamcut.c 2009-10-21 15:29:36.000000000 +0200 +diff -up netpbm-10.56.03/editor/pamcut.c.security-code netpbm-10.56.03/editor/pamcut.c +--- netpbm-10.56.03/editor/pamcut.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pamcut.c 2011-11-09 13:11:20.683591673 +0100 @@ -655,6 +655,8 @@ cutOneImage(FILE * const ifP outpam = inpam; /* Initial value -- most fields should be same */ @@ -1106,20 +1023,10 @@ diff -up netpbm-10.47.04/editor/pamcut.c.security netpbm-10.47.04/editor/pamcut. outpam.width = rightcol - leftcol + 1; outpam.height = bottomrow - toprow + 1; -diff -up netpbm-10.47.04/editor/pbmpscale.c.security netpbm-10.47.04/editor/pbmpscale.c ---- netpbm-10.47.04/editor/pbmpscale.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pbmpscale.c 2009-10-21 15:27:21.000000000 +0200 -@@ -110,6 +110,7 @@ main(int argc, char ** argv) { - inrow[0] = inrow[1] = inrow[2] = NULL; - pbm_readpbminit(ifP, &columns, &rows, &format) ; - -+ overflow2(columns, scale); - outrow = pbm_allocrow(columns*scale) ; - MALLOCARRAY(flags, columns); - if (flags == NULL) -diff -up netpbm-10.47.04/editor/pbmreduce.c.security netpbm-10.47.04/editor/pbmreduce.c ---- netpbm-10.47.04/editor/pbmreduce.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pbmreduce.c 2009-10-21 15:26:13.000000000 +0200 +diff -up netpbm-10.56.03/editor/pbmpscale.c.security-code netpbm-10.56.03/editor/pbmpscale.c +diff -up netpbm-10.56.03/editor/pbmreduce.c.security-code netpbm-10.56.03/editor/pbmreduce.c +--- netpbm-10.56.03/editor/pbmreduce.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pbmreduce.c 2011-11-09 13:11:20.685591685 +0100 @@ -94,6 +94,7 @@ main( argc, argv ) if (halftone == QT_FS) { unsigned int col; @@ -1128,10 +1035,10 @@ diff -up netpbm-10.47.04/editor/pbmreduce.c.security netpbm-10.47.04/editor/pbmr MALLOCARRAY(thiserr, newcols + 2); MALLOCARRAY(nexterr, newcols + 2); if (thiserr == NULL || nexterr == NULL) -diff -up netpbm-10.47.04/editor/pnmgamma.c.security netpbm-10.47.04/editor/pnmgamma.c ---- netpbm-10.47.04/editor/pnmgamma.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmgamma.c 2009-10-21 15:09:34.000000000 +0200 -@@ -586,6 +586,7 @@ createGammaTables(enum transferFunction +diff -up netpbm-10.56.03/editor/pnmgamma.c.security-code netpbm-10.56.03/editor/pnmgamma.c +--- netpbm-10.56.03/editor/pnmgamma.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmgamma.c 2011-11-09 13:11:20.685591685 +0100 +@@ -586,6 +586,7 @@ createGammaTables(enum transferFunction xelval ** const btableP) { /* Allocate space for the tables. */ @@ -1139,9 +1046,9 @@ diff -up netpbm-10.47.04/editor/pnmgamma.c.security netpbm-10.47.04/editor/pnmga MALLOCARRAY(*rtableP, maxval+1); MALLOCARRAY(*gtableP, maxval+1); MALLOCARRAY(*btableP, maxval+1); -diff -up netpbm-10.47.04/editor/pnmhisteq.c.security netpbm-10.47.04/editor/pnmhisteq.c ---- netpbm-10.47.04/editor/pnmhisteq.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmhisteq.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/editor/pnmhisteq.c.security-code netpbm-10.56.03/editor/pnmhisteq.c +--- netpbm-10.56.03/editor/pnmhisteq.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmhisteq.c 2011-11-09 13:11:20.686591691 +0100 @@ -103,6 +103,7 @@ computeLuminosityHistogram(xel * const * unsigned int pixelCount; unsigned int * lumahist; @@ -1150,9 +1057,9 @@ diff -up netpbm-10.47.04/editor/pnmhisteq.c.security netpbm-10.47.04/editor/pnmh MALLOCARRAY(lumahist, maxval + 1); if (lumahist == NULL) pm_error("Out of storage allocating array for %u histogram elements", -diff -up netpbm-10.47.04/editor/pnmindex.csh.security netpbm-10.47.04/editor/pnmindex.csh ---- netpbm-10.47.04/editor/pnmindex.csh.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmindex.csh 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/editor/pnmindex.csh.security-code netpbm-10.56.03/editor/pnmindex.csh +--- netpbm-10.56.03/editor/pnmindex.csh.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmindex.csh 2011-11-09 13:11:20.686591691 +0100 @@ -1,5 +1,8 @@ #!/bin/csh -f # @@ -1162,9 +1069,9 @@ diff -up netpbm-10.47.04/editor/pnmindex.csh.security netpbm-10.47.04/editor/pnm # pnmindex - build a visual index of a bunch of anymaps # # Copyright (C) 1991 by Jef Poskanzer. -diff -up netpbm-10.47.04/editor/pnmpad.c.security netpbm-10.47.04/editor/pnmpad.c ---- netpbm-10.47.04/editor/pnmpad.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmpad.c 2009-10-21 15:33:51.000000000 +0200 +diff -up netpbm-10.56.03/editor/pnmpad.c.security-code netpbm-10.56.03/editor/pnmpad.c +--- netpbm-10.56.03/editor/pnmpad.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmpad.c 2011-11-09 13:11:20.687591697 +0100 @@ -527,6 +527,8 @@ main(int argc, const char ** argv) { computePadSizes(cmdline, cols, rows, &lpad, &rpad, &tpad, &bpad); @@ -1174,11 +1081,10 @@ diff -up netpbm-10.47.04/editor/pnmpad.c.security netpbm-10.47.04/editor/pnmpad. newcols = cols + lpad + rpad; if (PNM_FORMAT_TYPE(format) == PBM_TYPE) -diff -up netpbm-10.47.04/editor/pnmpaste.c.security netpbm-10.47.04/editor/pnmpaste.c -diff -up netpbm-10.47.04/editor/pnmremap.c.security netpbm-10.47.04/editor/pnmremap.c ---- netpbm-10.47.04/editor/pnmremap.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmremap.c 2009-10-21 15:28:20.000000000 +0200 -@@ -408,7 +408,7 @@ initFserr(struct pam * const pamP, +diff -up netpbm-10.56.03/editor/pnmremap.c.security-code netpbm-10.56.03/editor/pnmremap.c +--- netpbm-10.56.03/editor/pnmremap.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmremap.c 2011-11-09 13:11:20.688591703 +0100 +@@ -409,7 +409,7 @@ initFserr(struct pam * const pamP, unsigned int plane; unsigned int const fserrSize = pamP->width + 2; @@ -1187,7 +1093,7 @@ diff -up netpbm-10.47.04/editor/pnmremap.c.security netpbm-10.47.04/editor/pnmre fserrP->width = pamP->width; MALLOCARRAY(fserrP->thiserr, pamP->depth); -@@ -444,6 +444,7 @@ floydInitRow(struct pam * const pamP, st +@@ -445,6 +445,7 @@ floydInitRow(struct pam * const pamP, st int col; @@ -1195,10 +1101,10 @@ diff -up netpbm-10.47.04/editor/pnmremap.c.security netpbm-10.47.04/editor/pnmre for (col = 0; col < pamP->width + 2; ++col) { unsigned int plane; for (plane = 0; plane < pamP->depth; ++plane) -diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/pnmscalefixed.c ---- netpbm-10.47.04/editor/pnmscalefixed.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmscalefixed.c 2009-10-21 15:09:34.000000000 +0200 -@@ -211,6 +211,8 @@ compute_output_dimensions(const struct c +diff -up netpbm-10.56.03/editor/pnmscalefixed.c.security-code netpbm-10.56.03/editor/pnmscalefixed.c +--- netpbm-10.56.03/editor/pnmscalefixed.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmscalefixed.c 2011-11-09 13:11:20.689591709 +0100 +@@ -214,6 +214,8 @@ compute_output_dimensions(const struct c const int rows, const int cols, int * newrowsP, int * newcolsP) { @@ -1207,7 +1113,7 @@ diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/ if (cmdline.pixels) { if (rows * cols <= cmdline.pixels) { *newrowsP = rows; -@@ -262,6 +264,8 @@ compute_output_dimensions(const struct c +@@ -265,6 +267,8 @@ compute_output_dimensions(const struct c if (*newcolsP < 1) *newcolsP = 1; if (*newrowsP < 1) *newrowsP = 1; @@ -1216,7 +1122,7 @@ diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/ } -@@ -443,6 +447,9 @@ main(int argc, char **argv ) { +@@ -446,6 +450,9 @@ main(int argc, char **argv ) { unfilled. We can address that by stretching, whereas the other case would require throwing away some of the input. */ @@ -1226,9 +1132,9 @@ diff -up netpbm-10.47.04/editor/pnmscalefixed.c.security netpbm-10.47.04/editor/ sxscale = SCALE * newcols / cols; syscale = SCALE * newrows / rows; -diff -up netpbm-10.47.04/editor/pnmshear.c.security netpbm-10.47.04/editor/pnmshear.c ---- netpbm-10.47.04/editor/pnmshear.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/pnmshear.c 2009-10-21 15:31:26.000000000 +0200 +diff -up netpbm-10.56.03/editor/pnmshear.c.security-code netpbm-10.56.03/editor/pnmshear.c +--- netpbm-10.56.03/editor/pnmshear.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/pnmshear.c 2011-11-09 13:11:20.689591709 +0100 @@ -15,6 +15,7 @@ #include #include @@ -1249,32 +1155,25 @@ diff -up netpbm-10.47.04/editor/pnmshear.c.security netpbm-10.47.04/editor/pnmsh newcols = rows * shearfac + cols + 0.999999; pnm_writepnminit(stdout, newcols, rows, newmaxval, newformat, 0); -diff -up netpbm-10.47.04/editor/ppmdither.c.security netpbm-10.47.04/editor/ppmdither.c ---- netpbm-10.47.04/editor/ppmdither.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/editor/ppmdither.c 2009-10-21 15:09:34.000000000 +0200 -@@ -111,6 +111,9 @@ dith_matrix(unsigned int const dith_dim) - (dith_dim * sizeof(int *)) + /* pointers */ - (dith_dim * dith_dim * sizeof(int)); /* data */ - -+ overflow2(dith_dim, sizeof(int *)); -+ overflow3(dith_dim, dith_dim, sizeof(int)); -+ overflow_add(dith_dim * sizeof(int *), dith_dim * dith_dim * sizeof(int)); - dith_mat = (unsigned int **) malloc(dith_mat_sz); - - if (dith_mat == NULL) -@@ -165,7 +168,8 @@ dith_setup(const unsigned int dith_power - if (dith_nb < 2) - pm_error("too few shades for blue, minimum of 2"); - -- MALLOCARRAY(*colormapP, dith_nr * dith_ng * dith_nb); -+ overflow2(dith_nr, dith_ng); -+ *colormapP = malloc3(dith_nr * dith_ng, dith_nb, sizeof(pixel)); - if (*colormapP == NULL) - pm_error("Unable to allocate space for the color lookup table " - "(%d by %d by %d pixels).", dith_nr, dith_ng, dith_nb); -diff -up netpbm-10.47.04/editor/specialty/pamoil.c.security netpbm-10.47.04/editor/specialty/pamoil.c ---- netpbm-10.47.04/editor/specialty/pamoil.c.security 2009-10-21 13:38:56.000000000 +0200 -+++ netpbm-10.47.04/editor/specialty/pamoil.c 2009-10-21 15:09:33.000000000 +0200 +diff -up netpbm-10.56.03/editor/ppmdither.c.security-code netpbm-10.56.03/editor/ppmdither.c +--- netpbm-10.56.03/editor/ppmdither.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/ppmdither.c 2011-11-09 13:28:52.043380984 +0100 +@@ -355,7 +355,11 @@ dithMatrix(unsigned int const dithPower) + unsigned int const dithMatSize = + (dithDim * sizeof(*dithMat)) + /* pointers */ + (dithDim * dithDim * sizeof(**dithMat)); /* data */ +- ++ ++ overflow2(dithDim, sizeof(*dithMat)); ++ overflow3(dithDim, dithDim, sizeof(**dithMat)); ++ overflow_add(dithDim * sizeof(*dithMat), dithDim * dithDim * sizeof(**dithMat)); ++ + dithMat = malloc(dithMatSize); + + if (dithMat == NULL) +diff -up netpbm-10.56.03/editor/specialty/pamoil.c.security-code netpbm-10.56.03/editor/specialty/pamoil.c +--- netpbm-10.56.03/editor/specialty/pamoil.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/editor/specialty/pamoil.c 2011-11-09 13:11:20.690591715 +0100 @@ -112,6 +112,7 @@ main(int argc, char *argv[] ) { tuples = pnm_readpam(ifp, &inpam, PAM_STRUCT_SIZE(tuple_type)); pm_close(ifp); @@ -1283,22 +1182,10 @@ diff -up netpbm-10.47.04/editor/specialty/pamoil.c.security netpbm-10.47.04/edit MALLOCARRAY(hist, inpam.maxval + 1); if (hist == NULL) pm_error("Unable to allocate memory for histogram."); -diff -up netpbm-10.47.04/generator/pbmpage.c.security netpbm-10.47.04/generator/pbmpage.c ---- netpbm-10.47.04/generator/pbmpage.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pbmpage.c 2009-10-21 15:09:34.000000000 +0200 -@@ -170,6 +170,9 @@ outputPbm(FILE * const file, - /* We round the allocated row space up to a multiple of 8 so the ugly - fast code below can work. - */ -+ -+ overflow_add(bitmap.Width, 7); -+ - pbmrow = pbm_allocrow(((bitmap.Width+7)/8)*8); - - bitmap_cursor = 0; -diff -up netpbm-10.47.04/generator/pbmtext.c.security netpbm-10.47.04/generator/pbmtext.c ---- netpbm-10.47.04/generator/pbmtext.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pbmtext.c 2009-10-21 15:23:15.000000000 +0200 +diff -up netpbm-10.56.03/generator/pbmpage.c.security-code netpbm-10.56.03/generator/pbmpage.c +diff -up netpbm-10.56.03/generator/pbmtext.c.security-code netpbm-10.56.03/generator/pbmtext.c +--- netpbm-10.56.03/generator/pbmtext.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/generator/pbmtext.c 2011-11-09 13:18:31.716118581 +0100 @@ -96,12 +96,14 @@ parseCommandLine(int argc, const char ** for (i = 1; i < argc; ++i) { @@ -1314,15 +1201,15 @@ diff -up netpbm-10.47.04/generator/pbmtext.c.security netpbm-10.47.04/generator/ totaltextsize += strlen(argv[i]); text = realloc(text, totaltextsize); if (text == NULL) -@@ -711,6 +713,7 @@ getText(const char cmdline_text +@@ -712,6 +714,7 @@ getText(const char cmdline_text pm_error("A line of input text is longer than %u characters." - "Cannot process.", sizeof(buf)-1); + "Cannot process.", (unsigned)sizeof(buf)-1); if (lineCount >= maxlines) { -+ overflow2(maxlines, 2); ++ overflow2(maxlines, 2); maxlines *= 2; REALLOCARRAY(text_array, maxlines); if (text_array == NULL) -@@ -831,6 +834,7 @@ main(int argc, const char *argv[]) { +@@ -832,6 +835,7 @@ main(int argc, const char *argv[]) { hmargin = fontP->maxwidth; } else { vmargin = fontP->maxheight; @@ -1330,9 +1217,9 @@ diff -up netpbm-10.47.04/generator/pbmtext.c.security netpbm-10.47.04/generator/ hmargin = 2 * fontP->maxwidth; } } -diff -up netpbm-10.47.04/generator/pgmcrater.c.security netpbm-10.47.04/generator/pgmcrater.c ---- netpbm-10.47.04/generator/pgmcrater.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pgmcrater.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/generator/pgmcrater.c.security-code netpbm-10.56.03/generator/pgmcrater.c +--- netpbm-10.56.03/generator/pgmcrater.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/generator/pgmcrater.c 2011-11-09 13:11:20.692591727 +0100 @@ -130,7 +130,7 @@ static void gencraters() /* Acquire the elevation array and initialize it to mean surface elevation. */ @@ -1342,9 +1229,9 @@ diff -up netpbm-10.47.04/generator/pgmcrater.c.security netpbm-10.47.04/generato if (aux == NULL) pm_error("out of memory allocating elevation array"); -diff -up netpbm-10.47.04/generator/pgmkernel.c.security netpbm-10.47.04/generator/pgmkernel.c ---- netpbm-10.47.04/generator/pgmkernel.c.security 2009-10-21 13:38:57.000000000 +0200 -+++ netpbm-10.47.04/generator/pgmkernel.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/generator/pgmkernel.c.security-code netpbm-10.56.03/generator/pgmkernel.c +--- netpbm-10.56.03/generator/pgmkernel.c.security-code 2011-11-09 09:17:50.000000000 +0100 ++++ netpbm-10.56.03/generator/pgmkernel.c 2011-11-09 13:11:20.692591727 +0100 @@ -68,7 +68,7 @@ main ( argc, argv ) kycenter = (fysize - 1) / 2.0; ixsize = fxsize + 0.999; @@ -1354,22 +1241,22 @@ diff -up netpbm-10.47.04/generator/pgmkernel.c.security netpbm-10.47.04/generato for (i = 0; i < iysize; i++) for (j = 0; j < ixsize; j++) { fkernel[i*ixsize+j] = 1.0 / (1.0 + w * sqrt((double) -diff -up netpbm-10.47.04/lib/libpam.c.security netpbm-10.47.04/lib/libpam.c ---- netpbm-10.47.04/lib/libpam.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpam.c 2009-10-21 15:09:34.000000000 +0200 -@@ -235,7 +235,8 @@ allocPamRow(const struct pam * const pam - int const bytesPerTuple = allocationDepth(pamP) * sizeof(sample); +diff -up netpbm-10.56.03/lib/libpam.c.security-code netpbm-10.56.03/lib/libpam.c +--- netpbm-10.56.03/lib/libpam.c.security-code 2011-11-09 09:17:53.000000000 +0100 ++++ netpbm-10.56.03/lib/libpam.c 2011-11-09 13:36:03.778913243 +0100 +@@ -220,7 +220,8 @@ allocPamRow(const struct pam * const pam + unsigned int const bytesPerTuple = allocationDepth(pamP) * sizeof(sample); tuple * tuplerow; - tuplerow = malloc(pamP->width * (sizeof(tuple *) + bytesPerTuple)); + overflow_add(sizeof(tuple *), bytesPerTuple); -+ tuplerow = malloc2(pamP->width, sizeof(tuple *) + bytesPerTuple); ++ tuplerow = malloc2(pamP->width, (sizeof(tuple *) + bytesPerTuple)); if (tuplerow != NULL) { /* Now we initialize the pointers to the individual tuples -diff -up netpbm-10.47.04/lib/libpammap.c.security netpbm-10.47.04/lib/libpammap.c ---- netpbm-10.47.04/lib/libpammap.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpammap.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/lib/libpammap.c.security-code netpbm-10.56.03/lib/libpammap.c +--- netpbm-10.56.03/lib/libpammap.c.security-code 2011-11-09 09:17:53.000000000 +0100 ++++ netpbm-10.56.03/lib/libpammap.c 2011-11-09 13:11:20.694591739 +0100 @@ -104,6 +104,8 @@ allocTupleIntListItem(struct pam * const */ struct tupleint_list_item * retval; @@ -1379,9 +1266,9 @@ diff -up netpbm-10.47.04/lib/libpammap.c.security netpbm-10.47.04/lib/libpammap. unsigned int const size = sizeof(*retval) - sizeof(retval->tupleint.tuple) + pamP->depth * sizeof(sample); -diff -up netpbm-10.47.04/lib/libpbm1.c.security netpbm-10.47.04/lib/libpbm1.c ---- netpbm-10.47.04/lib/libpbm1.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpbm1.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/lib/libpbm1.c.security-code netpbm-10.56.03/lib/libpbm1.c +--- netpbm-10.56.03/lib/libpbm1.c.security-code 2011-11-09 09:17:53.000000000 +0100 ++++ netpbm-10.56.03/lib/libpbm1.c 2011-11-09 13:11:20.695591745 +0100 @@ -77,6 +77,7 @@ pbm_check(FILE * file, const enum pm_che pm_message("pm_filepos passed to pm_check() is %u bytes", sizeof(pm_filepos)); @@ -1390,19 +1277,10 @@ diff -up netpbm-10.47.04/lib/libpbm1.c.security netpbm-10.47.04/lib/libpbm1.c pm_check(file, check_type, need_raster_size, retval_p); } } -diff -up netpbm-10.47.04/lib/libpbmvms.c.security netpbm-10.47.04/lib/libpbmvms.c ---- netpbm-10.47.04/lib/libpbmvms.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpbmvms.c 2009-10-21 15:09:34.000000000 +0200 -@@ -1,3 +1,5 @@ -+#warning "NOT AUDITED" -+ - /*************************************************************************** - This file contains library routines needed to build Netpbm for VMS. - However, as of 2000.05.26, when these were split out of libpbm1.c -diff -up netpbm-10.47.04/lib/libpm.c.security netpbm-10.47.04/lib/libpm.c ---- netpbm-10.47.04/lib/libpm.c.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/libpm.c 2009-10-21 15:09:34.000000000 +0200 -@@ -827,4 +827,53 @@ pm_parse_height(const char * const arg) +diff -up netpbm-10.56.03/lib/libpm.c.security-code netpbm-10.56.03/lib/libpm.c +--- netpbm-10.56.03/lib/libpm.c.security-code 2011-11-09 09:17:53.000000000 +0100 ++++ netpbm-10.56.03/lib/libpm.c 2011-11-09 13:11:20.695591745 +0100 +@@ -787,4 +787,53 @@ pm_parse_height(const char * const arg) } @@ -1456,10 +1334,10 @@ diff -up netpbm-10.47.04/lib/libpm.c.security netpbm-10.47.04/lib/libpm.c + return realloc(a, b*c); +} -diff -up netpbm-10.47.04/lib/pm.h.security netpbm-10.47.04/lib/pm.h ---- netpbm-10.47.04/lib/pm.h.security 2009-10-21 13:39:00.000000000 +0200 -+++ netpbm-10.47.04/lib/pm.h 2009-10-21 15:09:34.000000000 +0200 -@@ -377,4 +377,11 @@ pm_parse_height(const char * const arg); +diff -up netpbm-10.56.03/lib/pm.h.security-code netpbm-10.56.03/lib/pm.h +--- netpbm-10.56.03/lib/pm.h.security-code 2011-11-09 09:17:53.000000000 +0100 ++++ netpbm-10.56.03/lib/pm.h 2011-11-09 13:11:20.696591750 +0100 +@@ -411,4 +411,11 @@ pm_parse_height(const char * const arg); #endif @@ -1471,9 +1349,9 @@ diff -up netpbm-10.47.04/lib/pm.h.security netpbm-10.47.04/lib/pm.h +void overflow_add(int, int); + #endif -diff -up netpbm-10.47.04/other/pnmcolormap.c.security netpbm-10.47.04/other/pnmcolormap.c ---- netpbm-10.47.04/other/pnmcolormap.c.security 2009-10-21 13:38:54.000000000 +0200 -+++ netpbm-10.47.04/other/pnmcolormap.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/other/pnmcolormap.c.security-code netpbm-10.56.03/other/pnmcolormap.c +--- netpbm-10.56.03/other/pnmcolormap.c.security-code 2011-11-09 09:17:48.000000000 +0100 ++++ netpbm-10.56.03/other/pnmcolormap.c 2011-11-09 13:11:20.696591750 +0100 @@ -840,6 +840,7 @@ colormapToSquare(struct pam * const pamP pamP->width = intsqrt; else @@ -1482,9 +1360,9 @@ diff -up netpbm-10.47.04/other/pnmcolormap.c.security netpbm-10.47.04/other/pnmc } { unsigned int const intQuotient = colormap.size / pamP->width; -diff -up netpbm-10.47.04/urt/README.security netpbm-10.47.04/urt/README ---- netpbm-10.47.04/urt/README.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/README 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/README.security-code netpbm-10.56.03/urt/README +--- netpbm-10.56.03/urt/README.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/README 2011-11-09 13:11:20.697591755 +0100 @@ -18,3 +18,8 @@ in its initializer in the original. But defines stdout as a variable, so that wouldn't compile. So I changed it to NULL and added a line to rle_hdr_init to set that field to @@ -1494,9 +1372,9 @@ diff -up netpbm-10.47.04/urt/README.security netpbm-10.47.04/urt/README +Removed pipe through and compress support (unsafe) + +Alan Cox -diff -up netpbm-10.47.04/urt/rle_addhist.c.security netpbm-10.47.04/urt/rle_addhist.c ---- netpbm-10.47.04/urt/rle_addhist.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_addhist.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/rle_addhist.c.security-code netpbm-10.56.03/urt/rle_addhist.c +--- netpbm-10.56.03/urt/rle_addhist.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/rle_addhist.c 2011-11-09 13:11:20.697591755 +0100 @@ -14,6 +14,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1541,9 +1419,9 @@ diff -up netpbm-10.47.04/urt/rle_addhist.c.security netpbm-10.47.04/urt/rle_addh ++length; /*Cater for the null. */ MALLOCARRAY(newc, length); -diff -up netpbm-10.47.04/urt/rle_getrow.c.security netpbm-10.47.04/urt/rle_getrow.c ---- netpbm-10.47.04/urt/rle_getrow.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_getrow.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/rle_getrow.c.security-code netpbm-10.56.03/urt/rle_getrow.c +--- netpbm-10.56.03/urt/rle_getrow.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/rle_getrow.c 2011-11-09 13:11:20.698591761 +0100 @@ -17,6 +17,8 @@ * * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire @@ -1561,9 +1439,9 @@ diff -up netpbm-10.47.04/urt/rle_getrow.c.security netpbm-10.47.04/urt/rle_getro evenlen = (comlen + 1) & ~1; /* make it even */ if ( evenlen ) { -diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c ---- netpbm-10.47.04/urt/rle_hdr.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_hdr.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/rle_hdr.c.security-code netpbm-10.56.03/urt/rle_hdr.c +--- netpbm-10.56.03/urt/rle_hdr.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/rle_hdr.c 2011-11-09 13:11:20.699591767 +0100 @@ -14,6 +14,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1630,9 +1508,9 @@ diff -up netpbm-10.47.04/urt/rle_hdr.c.security netpbm-10.47.04/urt/rle_hdr.c size *= sizeof(char *); to_hdr->comments = (CONST_DECL char **)malloc( size ); RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->comments, "comments" ); -diff -up netpbm-10.47.04/urt/rle.h.security netpbm-10.47.04/urt/rle.h ---- netpbm-10.47.04/urt/rle.h.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle.h 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/rle.h.security-code netpbm-10.56.03/urt/rle.h +--- netpbm-10.56.03/urt/rle.h.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/rle.h 2011-11-09 13:11:20.699591767 +0100 @@ -14,6 +14,9 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1661,13 +1539,14 @@ diff -up netpbm-10.47.04/urt/rle.h.security netpbm-10.47.04/urt/rle.h /* Declare RLE library routines. */ -diff -up netpbm-10.47.04/urt/rle_open_f.c.security netpbm-10.47.04/urt/rle_open_f.c ---- netpbm-10.47.04/urt/rle_open_f.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_open_f.c 2009-10-21 15:15:38.000000000 +0200 -@@ -163,64 +163,7 @@ dealWithSubprocess(const char * const f +diff -up netpbm-10.56.03/urt/rle_open_f.c.security-code netpbm-10.56.03/urt/rle_open_f.c +--- netpbm-10.56.03/urt/rle_open_f.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/rle_open_f.c 2011-11-09 13:32:23.239619714 +0100 +@@ -162,65 +162,7 @@ dealWithSubprocess(const char * const f + FILE ** const fpP, bool * const noSubprocessP, const char ** const errorP) { - +- -#ifdef NO_OPEN_PIPES *noSubprocessP = TRUE; -#else @@ -1704,11 +1583,11 @@ diff -up netpbm-10.47.04/urt/rle_open_f.c.security netpbm-10.47.04/urt/rle_open_ - *noSubprocessP = FALSE; - - if (*mode == 'w') -- asprintfN(&command, "compress > %s", file_name); +- pm_asprintf(&command, "compress > %s", file_name); - else if (*mode == 'a') -- asprintfN(&command, "compress >> %s", file_name); +- pm_asprintf(&command, "compress >> %s", file_name); - else -- asprintfN(&command, "compress -d < %s", file_name); +- pm_asprintf(&command, "compress -d < %s", file_name); - - *fpP = my_popen(command, mode, &thepid); - @@ -1720,7 +1599,7 @@ diff -up netpbm-10.47.04/urt/rle_open_f.c.security netpbm-10.47.04/urt/rle_open_ - if (*catchingChildrenP < MAX_CHILDREN) - pids[(*catchingChildrenP)++] = thepid; - } -- strfree(command); +- pm_strfree(command); - } else { - *noSubprocessP = TRUE; - *errorP = NULL; @@ -1729,9 +1608,9 @@ diff -up netpbm-10.47.04/urt/rle_open_f.c.security netpbm-10.47.04/urt/rle_open_ } -diff -up netpbm-10.47.04/urt/rle_putcom.c.security netpbm-10.47.04/urt/rle_putcom.c ---- netpbm-10.47.04/urt/rle_putcom.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/rle_putcom.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/rle_putcom.c.security-code netpbm-10.56.03/urt/rle_putcom.c +--- netpbm-10.56.03/urt/rle_putcom.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/rle_putcom.c 2011-11-09 13:11:20.701591779 +0100 @@ -14,6 +14,8 @@ * If you modify this software, you should include a notice giving the * name of the person performing the modification, the date of modification, @@ -1757,9 +1636,9 @@ diff -up netpbm-10.47.04/urt/rle_putcom.c.security netpbm-10.47.04/urt/rle_putco /* Not found */ /* Can't realloc because somebody else might be pointing to this * comments block. Of course, if this were true, then the -diff -up netpbm-10.47.04/urt/Runput.c.security netpbm-10.47.04/urt/Runput.c ---- netpbm-10.47.04/urt/Runput.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/Runput.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/Runput.c.security-code netpbm-10.56.03/urt/Runput.c +--- netpbm-10.56.03/urt/Runput.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/Runput.c 2011-11-09 13:11:20.701591779 +0100 @@ -17,6 +17,8 @@ * * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire @@ -1792,9 +1671,9 @@ diff -up netpbm-10.47.04/urt/Runput.c.security netpbm-10.47.04/urt/Runput.c if ( h_cmap == NULL ) { fprintf( stderr, -diff -up netpbm-10.47.04/urt/scanargs.c.security netpbm-10.47.04/urt/scanargs.c ---- netpbm-10.47.04/urt/scanargs.c.security 2009-10-21 13:39:11.000000000 +0200 -+++ netpbm-10.47.04/urt/scanargs.c 2009-10-21 15:09:34.000000000 +0200 +diff -up netpbm-10.56.03/urt/scanargs.c.security-code netpbm-10.56.03/urt/scanargs.c +--- netpbm-10.56.03/urt/scanargs.c.security-code 2011-11-09 09:18:08.000000000 +0100 ++++ netpbm-10.56.03/urt/scanargs.c 2011-11-09 13:11:20.702591785 +0100 @@ -38,6 +38,8 @@ * * Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire diff --git a/netpbm-svgtopam.patch b/netpbm-svgtopam.patch deleted file mode 100644 index bd03f55..0000000 --- a/netpbm-svgtopam.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up netpbm-10.35.67/converter/other/Makefile.svgtopam netpbm-10.35.67/converter/other/Makefile ---- netpbm-10.35.67/converter/other/Makefile.svgtopam 2009-09-04 13:57:06.000000000 +0200 -+++ netpbm-10.35.67/converter/other/Makefile 2009-09-04 14:09:00.000000000 +0200 -@@ -107,10 +107,6 @@ ifneq ($(ZLIB),NONE) - BINARIES += pnmtops - endif - --ifneq ($(XML2_LIBS),NONE) -- BINARIES += svgtopam --endif -- - MERGEBINARIES = $(BINARIES) - - EXTRA_OBJECTS = exif.o rast.o bmepsoe.o diff --git a/netpbm.spec b/netpbm.spec index f5614b2..e360c88 100644 --- a/netpbm.spec +++ b/netpbm.spec @@ -1,13 +1,13 @@ Summary: A library for handling different graphics file formats Name: netpbm -Version: 10.47.32 +Version: 10.56.03 Release: 1%{?dist} # See copyright_summary for details License: BSD and GPLv2 and IJG and MIT and Public Domain Group: System Environment/Libraries URL: http://netpbm.sourceforge.net/ # Source0 is prepared by -# svn checkout https://netpbm.svn.sourceforge.net/svnroot/netpbm/stable netpbm-%{version} +# svn checkout https://netpbm.svn.sourceforge.net/svnroot/netpbm/advanced netpbm-%{version} # svn checkout https://netpbm.svn.sourceforge.net/svnroot/netpbm/userguide netpbm-%{version}/userguide # and removing the .svn directories ( find -name "\.svn" -type d -print0 | xargs -0 rm -rf ) # and removing the ppmtompeg code, due to patents ( rm -rf netpbm-%{version}/converter/ppm/ppmtompeg/ ) @@ -24,19 +24,15 @@ Patch9: netpbm-xwdfix.patch Patch11: netpbm-multilib.patch Patch12: netpbm-pamscale.patch Patch13: netpbm-glibc.patch -Patch14: netpbm-svgtopam.patch Patch15: netpbm-docfix.patch Patch16: netpbm-ppmfadeusage.patch Patch17: netpbm-fiasco-overflow.patch -Patch18: netpbm-lz.patch -Patch19: netpbm-pnmmontagefix.patch Patch20: netpbm-noppmtompeg.patch Patch21: netpbm-cmuwtopbm.patch Patch22: netpbm-pamtojpeg2k.patch Patch23: netpbm-manfix.patch -Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex -BuildRequires: libX11-devel, python, jasper-devel +BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel %description The netpbm package contains a library of functions which support @@ -98,14 +94,10 @@ netpbm-doc. You'll also need to install the netpbm-progs package. %patch8 -p1 -b .CAN-2005-2471 %patch9 -p1 -b .xwdfix %patch11 -p1 -b .multilib -%patch12 -p1 -b .pamscale %patch13 -p1 -b .glibc -%patch14 -p1 -b .svgtopam %patch15 -p1 %patch16 -p1 -b .ppmfadeusage %patch17 -p1 -b .fiasco-overflow -%patch18 -p1 -b .lz -%patch19 -p1 -b .pnmmmontagefix %patch20 -p1 -b .noppmtompeg %patch21 -p1 -b .cmuwtopbmfix %patch22 -p1 -b .pamtojpeg2kfix @@ -253,9 +245,9 @@ rm -rf $RPM_BUILD_ROOT %doc userguide/* %changelog -* Wed Nov 09 2011 Jindrich Novy 10.47.32-1 -- update to 10.47.32 -- fixes -multiply option of pamarith +* Fri Nov 11 2011 Jindrich Novy 10.56.03-1 +- update to 10.56.03 +- fixes compilation against new libpng * Tue Sep 27 2011 Jindrich Novy 10.47.31-1 - update to 10.47.31 diff --git a/sources b/sources index f6824f2..550a8f7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6fb3d194731ac93f18a3929af1e31109 netpbm-10.47.32.tar.xz +da157502bc0d2469391fceed0779634a netpbm-10.56.03.tar.xz