| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Relies on platforms with O_CLOEXEC support following POSIX requirement
to not copy the close-on-exec flag to the new fd in dup2(), but to leave
it unset instead, since that's how fd's are passed to child processes
to handled compressed files.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
| |
parse.c:74:1: warning: unused function 'xstrlcpy' [-Wunused-function]
xstrlcpy(char *dst, const char *src, size_t dstsize)
^
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makes it match the definition in create.c and eliminates
clang warnings:
create.c:2409:13: warning: empty expression statement has no effect;
remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
FREE_CIDX;
^
create.c:2440:17: warning: empty expression statement has no effect;
remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
FREE_CIDX;
^
create.c:2444:13: warning: empty expression statement has no effect;
remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
FREE_CIDX;
^
create.c:2449:15: warning: empty expression statement has no effect;
remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
FREE_CIDX;
^
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CrDatFrI.c: In function ‘XpmCreateDataFromXpmImage’:
CrDatFrI.c:245:13: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
245 | if (header[l])
| ^~
In file included from CrDatFrI.c:40:
XpmI.h:80:22: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
80 | #define XpmFree(ptr) free(ptr)
| ^~~~
CrDatFrI.c:247:17: note: in expansion of macro ‘XpmFree’
247 | XpmFree(header);
| ^~~~~~~
CrDatFrI.c: In function ‘CreateColors’:
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
AC_PROG_LIBTOOL was replaced by LT_INIT in libtool 2 in 2008,
so it's time to rely on it.
configure.ac:14: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
configure.ac:14: You should run autoupdate.
m4/libtool.m4:100: AC_PROG_LIBTOOL is expanded from...
configure.ac:14: the top level
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
| |
If compress is not found, we disable writing to .Z files,
but leave the rest of the compression code active.
If uncompress is not found, we use gzip to read .Z files.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this particular error path we have already allocated cidx[0..256]
with 256 instances of fresh and juicy memory. Freeing that is annoying,
but luckily there's a helpful FREE_CIDX macro that does exactly that.
Fixes f80fa6a:
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
Found by covscan
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
| |
When one of the compression helper programs is not found, the message
suggesting how to compile without it should say --disable-open-zfile,
not --disable-stat-zfile.
Fixes: 515294b ("Fix CVE-2022-4883: compression commands depend on $PATH")
Closes: #4
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
| |
Reported-by: T.J. Townsend
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
/usr/bin/gunzip with the correct built-in path, the actual gzip call
will use whichever gzip it finds first, making our patch pointless.
Fix this by explicitly calling gzip -d instead.
https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
[Part of the fix for CVE-2022-4883]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
| |
xpmParseDataAndCreate() calls XDestroyImage() in the error path.
Reproducible with sxpm "zero-width.xpm", that file is in the test/
directory.
The same approach is needed in the bytes_per_line == 0 condition though
here it just plugs a memory leak.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, on all platforms except MinGW, libXpm will detect if a
filename ends in .Z or .gz, and will when reading such a file fork off
an uncompress or gunzip command to read from via a pipe, and when
writing such a file will fork off a compress or gzip command to write
to via a pipe.
In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
to find the commands. If libXpm is called from a program running with
raised privileges, such as via setuid, then a malicious user could set
$PATH to include programs of their choosing to be run with those
privileges.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When reading XPM images from a file with libXpm 3.5.14 or older, if a
image has a width of 0 and a very large height, the ParsePixels() function
will loop over the entire height calling getc() and ungetc() repeatedly,
or in some circumstances, may loop seemingly forever, which may cause a
denial of service to the calling program when given a small crafted XPM
file to parse.
Closes: #2
Reported-by: Martin Ettl <ettl.martin78@googlemail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When reading XPM images from a file with libXpm 3.5.14 or older, if a
comment in the file is not closed (i.e. a C-style comment starts with
"/*" and is missing the closing "*/"), the ParseComment() function will
loop forever calling getc() to try to read the rest of the comment,
failing to notice that it has returned EOF, which may cause a denial of
service to the calling program.
Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes rudimentary tests for XpmReadFileToXpmImage, XpmReadFileToData,
XpmReadFileToBuffer, XpmCreateXpmImageFromData, XpmCreateXpmImageFromBuffer,
XpmWriteFileFromXpmImage, XpmWriteFileFromData, XpmWriteFileFromBuffer,
XpmAttributesSize, XpmGetErrorString, XpmLibraryVersion
Includes test cases for CVE-2004-0687
Tests .Z and .gz files if --enable-open-zfile is active
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
| |
Documents the two compression options in the README, makes their
configure options reflect the interdependency of their implementation,
and makes the configure script report their configuration.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function & macro names in bold, argument names in italics.
In the man page body, bold function names followed by plain ()
for functions defined in this page, plain (3) for functions defined
in other man pages.
New paragraphs start with .PP, not just a blank line.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
"See Also" entries in man pages should list other man pages to
look at, not the alternate names for the current man page.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
Since the text was copied from doc/xpm.PS.gz, the copyright and license
notices need to be copied from there as well.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
A number of instances of 'The Xpm... function' were missing the word
"function", so read awkwardly.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
Shadow man pages have a .so line that needs to list the file to be
shown, not the name of the shadow page.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
| |
Lets users view the pages using the name displayed on the pages
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
| |
git diff -w shows no changes from this commit
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
Found by using:
codespell --builtin clear,rare,usage,informal,code,names
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
move from k&r to ansi prototypes
improve nroff coding
Signed-off-by: Walter Harms <wharms@bfs.de>
|
|
|
|
|
|
|
| |
More or less hand crafted man pages based on xpm.PS.
Prototypes are still in K&R, see also is a dud
Signed-off-by: Walter Harms <wharms@bfs.de>
|
|
|
|
| |
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
| |
We introduced a new label to handle the errors, we should use it
for the rest of the function.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The original macro might exit the function without freeing `colorTable`.
Move the macros into a slightly less awful helper function and use goto
to clean up in case of error.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When fork() is not available, we need to define NO_ZPIPE so that
libXpm doesn't try to fork/exec to use a pipe to uncompress compressed
.xpm files. There is obviously a loss of functionality, but loading
uncompressed .xpm files should continue to work.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/x11r7/xlib_libXpm/0001-fork-check.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Found by Oracle's Parfait 2.2 static analyzer:
Error: File Leak
File Leak [file-ptr-leak]:
Leaked File fp
at line 94 of lib/libXpm/src/RdFToBuf.c in function 'XpmReadFileToBuffer
'.
fp initialized at line 86 with fdopen
fp leaks when len < 0 at line 92.
Introduced-by: commit 8b3024e6871ce50b34bf2dff924774bd654703bc
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=46475
https://bugs.freedesktop.org/attachment.cgi?id=57479
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
|