summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-02-12parse.c: remove unused function xstrlcpy()Alan Coopersmith
parse.c:74:1: warning: unused function 'xstrlcpy' [-Wunused-function] xstrlcpy(char *dst, const char *src, size_t dstsize) ^ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-02-12parse.c: Wrap FREE_CIDX definition in do { ... } while(0)Alan Coopersmith
Makes it match the definition in create.c and eliminates clang warnings: create.c:2409:13: warning: empty expression statement has no effect; remove unnecessary ';' to silence this warning [-Wextra-semi-stmt] FREE_CIDX; ^ create.c:2440:17: warning: empty expression statement has no effect; remove unnecessary ';' to silence this warning [-Wextra-semi-stmt] FREE_CIDX; ^ create.c:2444:13: warning: empty expression statement has no effect; remove unnecessary ';' to silence this warning [-Wextra-semi-stmt] FREE_CIDX; ^ create.c:2449:15: warning: empty expression statement has no effect; remove unnecessary ';' to silence this warning [-Wextra-semi-stmt] FREE_CIDX; ^ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-02-12XpmCreateDataFromXpmImage: Fix misleading indentationAlan Coopersmith
CrDatFrI.c: In function ‘XpmCreateDataFromXpmImage’: CrDatFrI.c:245:13: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation] 245 | if (header[l]) | ^~ In file included from CrDatFrI.c:40: XpmI.h:80:22: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’ 80 | #define XpmFree(ptr) free(ptr) | ^~~~ CrDatFrI.c:247:17: note: in expansion of macro ‘XpmFree’ 247 | XpmFree(header); | ^~~~~~~ CrDatFrI.c: In function ‘CreateColors’: Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-02-05open-zfile: Make compress & uncompress commands optionalAlan Coopersmith
If compress is not found, we disable writing to .Z files, but leave the rest of the compression code active. If uncompress is not found, we use gzip to read .Z files. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-01-23Fix a memleak in ParsePixels error code pathPeter Hutterer
In this particular error path we have already allocated cidx[0..256] with 256 instances of fresh and juicy memory. Freeing that is annoying, but luckily there's a helpful FREE_CIDX macro that does exactly that. Fixes f80fa6a: Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height Found by covscan Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-01-16Use gzip -d instead of gunzipPeter Hutterer
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call /usr/bin/gunzip with the correct built-in path, the actual gzip call will use whichever gzip it finds first, making our patch pointless. Fix this by explicitly calling gzip -d instead. https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in [Part of the fix for CVE-2022-4883] Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-01-12Prevent a double free in the error code pathMatthieu Herrb
xpmParseDataAndCreate() calls XDestroyImage() in the error path. Reproducible with sxpm "zero-width.xpm", that file is in the test/ directory. The same approach is needed in the bytes_per_line == 0 condition though here it just plugs a memory leak. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-01-12Fix CVE-2022-4883: compression commands depend on $PATHAlan Coopersmith
By default, on all platforms except MinGW, libXpm will detect if a filename ends in .Z or .gz, and will when reading such a file fork off an uncompress or gunzip command to read from via a pipe, and when writing such a file will fork off a compress or gzip command to write to via a pipe. In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH to find the commands. If libXpm is called from a program running with raised privileges, such as via setuid, then a malicious user could set $PATH to include programs of their choosing to be run with those privileges. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-01-12Fix CVE-2022-44617: Runaway loop with width of 0 and enormous heightAlan Coopersmith
When reading XPM images from a file with libXpm 3.5.14 or older, if a image has a width of 0 and a very large height, the ParsePixels() function will loop over the entire height calling getc() and ungetc() repeatedly, or in some circumstances, may loop seemingly forever, which may cause a denial of service to the calling program when given a small crafted XPM file to parse. Closes: #2 Reported-by: Martin Ettl <ettl.martin78@googlemail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-01-12Fix CVE-2022-46285: Infinite loop on unclosed commentsAlan Coopersmith
When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed (i.e. a C-style comment starts with "/*" and is missing the closing "*/"), the ParseComment() function will loop forever calling getc() to try to read the rest of the comment, failing to notice that it has returned EOF, which may cause a denial of service to the calling program. Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2022-07-17Fix spelling/wording issuesAlan Coopersmith
Found by using: codespell --builtin clear,rare,usage,informal,code,names Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2019-12-06parse: simplify error paths in xpmParseColors()Benjamin Tissoires
We introduced a new label to handle the errors, we should use it for the rest of the function. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
2019-12-06parse: avoid memleak on error with STRLCAT/STRLCPYPeter Hutterer
The original macro might exit the function without freeing `colorTable`. Move the macros into a slightly less awful helper function and use goto to clean up in case of error. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2018-10-06After fdopen(), use fclose() instead of close() in error pathAlan Coopersmith
Found by Oracle's Parfait 2.2 static analyzer: Error: File Leak File Leak [file-ptr-leak]: Leaked File fp at line 94 of lib/libXpm/src/RdFToBuf.c in function 'XpmReadFileToBuffer '. fp initialized at line 86 with fdopen fp leaks when len < 0 at line 92. Introduced-by: commit 8b3024e6871ce50b34bf2dff924774bd654703bc Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2018-09-22Windows build fixesDave Bodenstab
https://bugs.freedesktop.org/show_bug.cgi?id=46475 https://bugs.freedesktop.org/attachment.cgi?id=57479 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2016-12-12Handle size_t in file/buffer lengthTobias Stoeckmann
The values of file sizes and buffer sizes can exceed current limits. Therefore, use proper variable types for these operations. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
2016-12-12Avoid OOB write when handling malicious XPM files.Tobias Stoeckmann
libXpm uses unsigned int to store sizes, which fits size_t on 32 bit systems, but leads to issues on 64 bit systems. On 64 bit systems, it is possible to overflow 32 bit integers while parsing XPM extensions in a file. At first, it looks like a rather unimportant detail, because nobody will seriously open a 4 GB file. But unfortunately XPM has support for gzip compression out of the box. An attacker can therefore craft a compressed file which is merely 4 MB in size, which makes an attack much for feasable. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
2016-12-12Gracefully handle EOF while parsing files.Tobias Stoeckmann
libXpm does not properly handle EOF conditions when xpmGetC is called multiple times in a row to construct a string. Instead of checking its return value for EOF, the result is automatically casted into a char and attached to a string. By carefully crafting the color table in an XPM file, it is possible to send a libXpm program like gimp into a very long lasting loop and massive memory allocations. Otherwise no memory issues arise, therefore this is just a purely functional patch to dismiss invalid input. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Matthieu Herrb <Matthieu@herrb.eu>
2016-12-12Fix out out boundary read on unknown colorsTobias Stoeckmann
libXpm is vulnerable to an out of boundary read if an XPM file contains a color with a symbolic name but without any default color value. A caller must set XpmColorSymbols and a color with a NULL name in the supplied XpmAttributes to XpmReadFileToImage (or other functions of this type) in order to trigger this issue. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
2014-03-19Fix abs() usage.Jörg Sonnenberger
For long arguments, use labs(). Reviewed-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
2013-05-31Fix libXpm build with NO_ZPIPEClaudio Bley
When NO_ZPIPE is defined, fcntl.h is not included in WrFFrI.c although OpenWriteFile uses open, O_WRONLY, O_CREAT and O_TRUNC. * src/WrFFrI.c: unconditionally include fcntl.h regardless of NO_ZPIPE being defined or not. Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-31Added 'const' attribute to all filename arguments in the APIChristophe CURIS
The filename is always a read-only argument, so it is a good idea to let the caller now about it. This patch does not change active code; the place where the attribute is added will not break source-level compatibility because it adds no restriction on caller side, just adds information; because the lib code behaved the same way it will not break the binary interface either. Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-31Added 'const' qualifier to the filename argument to internal functionsChristophe CURIS
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-04-23Close fd if fdopen() or xpmPipeThrough() fails in OpenWriteFile()Alan Coopersmith
Fixes leak found by parfait 1.1 bug checking tool: File Descriptor Leak: Leaked File Descriptor fd at line 350 of lib/libXpm/src/WrFFrI.c in function 'OpenWriteFile'. fd initialized at line 332 with open fd leaks when strcmp(".Z", (filename + (len - 2))) != 0 at line 337 and strcmp(".gz", (filename + (len - 3))) != 0 at line 340. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2011-11-18closeness_cmp: maintain constness when casting pointersAlan Coopersmith
create.c: In function 'closeness_cmp': create.c:224:5: warning: cast discards qualifiers from pointer target type create.c:224:5: warning: cast discards qualifiers from pointer target type Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-11-11Include missing headersJeremy Huddleston
This fixes implicit declarations for strdup and strcasecmp. Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-11-10Fix gcc -Wwrite-strings warnings that don't require public API changesAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-11-10Assume C89 and just use const, not local Const macroAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-09-16Strip trailing whitespaceAlan Coopersmith
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' git diff -w & git diff -b show no diffs from this change Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-10-24config: provide a Makefile for the include directoryGaetan Nadon
Reduce some complexity in the src makefile as it should not handle sibling directories. Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
2010-10-24libXpm make: remove redundant -I.Gaetan Nadon
It is always included by Automake Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
2010-10-07Missing end comment in libXpm/src/parse.cColin Harrison
CVS tag removal chopped too much out in this case... Signed-off-by: Julien Cristau <jcristau@debian.org>
2010-10-06Purge cvs tags.Jesse Adkins
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2009-10-08Migrate to xorg macros 1.3 & XORG_DEFAULT_OPTIONSAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-01-30Janitor: ansification, make distcheck, .gitignorePaulo Cesar Pereira de Andrade
The ansification code is minor edit of the patch (by me) at https://bugs.freedesktop.org/show_bug.cgi?id=14727 as it would not apply cleanly anymore.
2007-08-22Replace strcpy with strncpy to match previous code blockAlan Coopersmith
2007-08-06Replace index/rindex with C89 standard strchr/strrchrAlan Coopersmith
2007-08-06X.Org Bug #11863: Build libXpm on MS Windows (with MinGW)Jason Rumney
* src/XpmI.h [FOR_MSW]: Include simx.h instead of real X headers. * src/simx.h (_XFUNCPROTOBEGIN, _XFUNCPROTOEND, NO_ZPIPE): Define. (XAllocColor): Fix arg list in prototype. (bzero, close, fdopen, index, rindex, open, strdup, O_RDONLY): Map to W32 equivalents. * src/RdFToI.c [FOR_MSW]: Include fcntl.h.
2007-06-27Use AM_CFLAGS & AM_CPPFLAGS to replace per-program and obsolete macrosAlan Coopersmith
Clears some warnings from automake-1.10
2006-07-13renamed: .cvsignore -> .gitignoreAlan Coopersmith
2006-06-03Always initialize atomTable to NULL, so xpmHashTableFree() doesn't try toAlan Coopersmith
free a random value from the stack if xpmHashTableInit returns an error.
2006-06-02Coverity #1432: Returned without freeing storage "hints_cmt" (in error caseAlan Coopersmith
when xpmHashTableInit failed)
2006-06-02Coverity #1415: Returned without freeing storage "hints_cmt" (in error caseAlan Coopersmith
when xpmHashTableInit failed)
2006-03-18doublecheck that a pointer is not NULL before dereferencing it. (CoverityXORG-7_0_99_901Matthieu Herrb
CID 121).
2005-10-05Add missing files to EXTRA_DISTKevin E Martin
Fix man page installation
2005-10-03Last argument of variable parameter list needs to be casted to a pointerXORG-6_8_99_903XORG-6_8_99_902XORG-6_8_99_901Matthieu Herrb
type.
2005-07-16Accept autoconf HAVE_STRLCPY as alias for HAS_STRLCATXORG-6_8_99_900XORG-6_8_99_16Alan Coopersmith
2005-07-16Set soversion to 4.11.0 with -version-number.Daniel Stone
2005-07-09Add .cvsignore filesKeith Packard
2005-05-19- Add build system for lib/XpmXORG-6_8_99_9XORG-6_8_99_8XORG-6_8_99_15XORG-6_8_99_14XORG-6_8_99_13XORG-6_8_99_12XORG-6_8_99_11XORG-6_8_99_10Søren Sandmann Pedersen
- Add Xpm to symlink.sh - Conditionally include config.h in xc/extras/Xpm