--- imlib2-1.0.5.orig/loaders/loader_xpm.c
+++ imlib2-1.0.5/loaders/loader_xpm.c
@@ -120,6 +120,7 @@
done = 0;
transp = -1;
+ memset(lookup, 0, sizeof(lookup));
/* if immediate_load is 1, then dont delay image laoding as below, or */
/* already data in this image - dont load it again */
@@ -157,6 +158,9 @@
quote = 0;
context = 0;
line = malloc(lsz);
+ if (!line)
+ return NULL;
+
while (!done)
{
pc = c;
@@ -185,7 +189,7 @@
{
/* Header */
sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp);
- if (ncolors > 32766)
+ if (ncolors <= 0 || ncolors > 32766)
{
fprintf(stderr, "IMLIB ERROR: XPM files with colors > 32766 not supported\n");
free(line);
@@ -193,7 +197,7 @@
xpm_parse_done();
return 0;
}
- if (cpp > 5)
+ if (cpp <= 0 || cpp > 5)
{
fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
free(line);
@@ -201,7 +205,7 @@
xpm_parse_done();
return 0;
}
- if (w > 32767)
+ if (w <= 0 || w > 32767)
{
fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
free(line);
@@ -209,7 +213,7 @@
xpm_parse_done();
return 0;
}
- if (h > 32767)
+ if (h <= 0 || h > 32767)
{
fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
free(line);
@@ -244,11 +248,13 @@
{
int slen;
int hascolor, iscolor;
+ int space;
iscolor = 0;
hascolor = 0;
tok[0] = 0;
col[0] = 0;
+ space = sizeof(col) - 1;
s[0] = 0;
len = strlen(line);
strncpy(cmap[j].str, line, cpp);
@@ -271,10 +277,16 @@
{
if (k >= len)
{
- if (col[0])
+ if (col[0] && space > 0)
+ {
strcat(col, " ");
- if (strlen(col) + strlen(s) < sizeof(col))
+ space--;
+ }
+ if (slen <= space)
+ {
strcat(col, s);
+ space -= slen;
+ }
}
if (col[0])
{
@@ -299,14 +311,23 @@
}
}
}
+ if (slen < sizeof(tok))
strcpy(tok, s);
col[0] = 0;
+ space = sizeof(col) - 1;
}
else
{
- if (col[0])
+ if (col[0] && space > 0)
+ {
strcat(col, " ");
+ space--;
+ }
+ if (slen <= space)
+ {
strcat(col, s);
+ space -= slen;
+ }
}
}
}
