rpms/dia/FC-4 dia-0.94-rh187402.patch,NONE,1.1 dia.spec,1.28,1.29
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Mar 31 11:15:16 UTC 2006
Author: caolanm
Update of /cvs/dist/rpms/dia/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv20691
Modified Files:
dia.spec
Added Files:
dia-0.94-rh187402.patch
Log Message:
rh#187402#
dia-0.94-rh187402.patch:
xfig-import.c | 87 +++++++++++++++++++++++++++++++++++-----------------------
xfig.h | 1
2 files changed, 54 insertions(+), 34 deletions(-)
--- NEW FILE dia-0.94-rh187402.patch ---
diff -ru dia-0.94.xfig/plug-ins/xfig/xfig.h dia-0.94/plug-ins/xfig/xfig.h
--- dia-0.94.xfig/plug-ins/xfig/xfig.h 2004-08-16 03:56:21.000000000 -0400
+++ dia-0.94/plug-ins/xfig/xfig.h 2006-03-31 06:03:00.000000000 -0500
@@ -6,6 +6,7 @@
#define FIG_MAX_DEFAULT_COLORS 32
#define FIG_MAX_USER_COLORS 512
+#define FIG_MAX_DEPTHS 1000
/* 1200 PPI */
#define FIG_UNIT 472.440944881889763779527559055118
/* 1/80 inch */
diff -ru dia-0.94.xfig/plug-ins/xfig/xfig-import.c dia-0.94/plug-ins/xfig/xfig-import.c
--- dia-0.94.xfig/plug-ins/xfig/xfig-import.c 2004-08-16 03:56:21.000000000 -0400
+++ dia-0.94/plug-ins/xfig/xfig-import.c 2006-03-31 06:03:00.000000000 -0500
@@ -441,11 +441,17 @@
static Color
fig_color(int color_index)
{
- if (color_index == -1)
+ if (color_index <= -1)
return color_black; /* Default color */
- if (color_index < FIG_MAX_DEFAULT_COLORS)
+ else if (color_index < FIG_MAX_DEFAULT_COLORS)
return fig_default_colors[color_index];
- else return fig_colors[color_index-FIG_MAX_DEFAULT_COLORS];
+ else if (color_index < FIG_MAX_USER_COLORS)
+ return fig_colors[color_index-FIG_MAX_DEFAULT_COLORS];
+ else {
+ message_error(_("Color index %d too high, only 512 colors allowed. Using black instead."),
+ color_index);
+ return color_black;
+ }
}
static Color
@@ -563,23 +569,25 @@
static int
fig_read_n_points(FILE *file, int n, Point **points) {
int i;
- Point *new_points;
-
- new_points = (Point*)g_malloc(sizeof(Point)*n);
+ GArray *points_list = g_array_sized_new(FALSE, FALSE, sizeof(Point), n);
for (i = 0; i < n; i++) {
int x,y;
+ Point p;
if (fscanf(file, " %d %d ", &x, &y) != 2) {
message_error(_("Error while reading %dth of %d points: %s\n"),
i, n, strerror(errno));
- free(new_points);
+ g_array_free(points_list, TRUE);
return FALSE;
}
- new_points[i].x = x/FIG_UNIT;
- new_points[i].y = y/FIG_UNIT;
+ p.x = x/FIG_UNIT;
+ p.y = y/FIG_UNIT;
+ g_array_append_val(points_list, p);
}
fscanf(file, "\n");
- *points = new_points;
+
+ *points = (Point *)points_list->data;
+ g_array_free(points_list, FALSE);
return TRUE;
}
@@ -683,7 +691,7 @@
return text_buf;
}
-static GList *depths[1000];
+static GList *depths[FIG_MAX_DEPTHS];
/* If there's something in the compound stack, we ignore the depth field,
as it will be determined by the group anyway */
@@ -693,6 +701,26 @@
level. Best we can do now. */
static int compound_depth;
+/** Add an object at a given depth. This function checks for depth limits
+ * and updates the compound depth if needed.
+ *
+ * @param newobj An object to add. If we're inside a compound, this
+ * doesn't really add the object.
+ * @param depth A depth as in the Fig format, max 999
+ */
+static void
+add_at_depth(DiaObject *newobj, int depth) {
+ if (depth < 0 || depth >= FIG_MAX_DEPTHS) {
+ message_error(_("Depth %d of of range, only 0-%d allowed.\n"),
+ depth, FIG_MAX_DEPTHS-1);
+ depth = FIG_MAX_DEPTHS - 1;
+ }
+ if (compound_stack == NULL)
+ depths[depth] = g_list_append(depths[depth], newobj);
+ else
+ if (compound_depth > depth) compound_depth = depth;
+}
+
static DiaObject *
fig_read_ellipse(FILE *file, DiagramData *dia) {
int sub_type;
@@ -749,10 +777,7 @@
/* Angle -- can't rotate yet */
/* Depth field */
- if (compound_stack == NULL)
- depths[depth] = g_list_append(depths[depth], newobj);
- else
- if (compound_depth > depth) compound_depth = depth;
+ add_at_depth(newobj, depth);
return newobj;
}
@@ -885,10 +910,7 @@
/* Cap style */
/* Depth field */
- if (compound_stack == NULL)
- depths[depth] = g_list_append(depths[depth], newobj);
- else
- if (compound_depth > depth) compound_depth = depth;
+ add_at_depth(newobj, depth);
exit:
prop_list_free(props);
g_free(forward_arrow_info);
@@ -1111,10 +1133,7 @@
/* Cap style */
/* Depth field */
- if (compound_stack == NULL)
- depths[depth] = g_list_append(depths[depth], newobj);
- else
- if (compound_depth > depth) compound_depth = depth;
+ add_at_depth(newobj, depth);
exit:
prop_list_free(props);
g_free(forward_arrow_info);
@@ -1202,10 +1221,7 @@
/* Cap style */
/* Depth field */
- if (compound_stack == NULL)
- depths[depth] = g_list_append(depths[depth], newobj);
- else
- if (compound_depth > depth) compound_depth = depth;
+ add_at_depth(newobj, depth);
exit:
g_free(forward_arrow_info);
@@ -1298,10 +1314,7 @@
newobj->ops->set_props(newobj, props);
/* Depth field */
- if (compound_stack == NULL)
- depths[depth] = g_list_append(depths[depth], newobj);
- else
- if (compound_depth > depth) compound_depth = depth;
+ add_at_depth(newobj, depth);
exit:
if (text_buf != NULL) free(text_buf);
@@ -1347,6 +1360,12 @@
return FALSE;
}
+ if (colornumber < 32 || colornumber > FIG_MAX_USER_COLORS) {
+ message_error(_("Color number %d out of range 0..%d. Discarding color.\n"),
+ colornumber, FIG_MAX_USER_COLORS);
+ return FALSE;
+ }
+
color.red = ((colorvalues & 0x00ff0000)>>16) / 255.0;
color.green = ((colorvalues & 0x0000ff00)>>8) / 255.0;
color.blue = (colorvalues & 0x000000ff) / 255.0;
@@ -1393,7 +1412,7 @@
}
/* Group extends don't really matter */
if (compound_stack == NULL)
- compound_depth = 999;
+ compound_depth = FIG_MAX_DEPTHS - 1;
compound_stack = g_slist_append(compound_stack, NULL);
return TRUE;
break;
@@ -1551,7 +1570,7 @@
for (i = 0; i < FIG_MAX_USER_COLORS; i++) {
fig_colors[i] = color_black;
}
- for (i = 0; i < 1000; i++) {
+ for (i = 0; i < FIG_MAX_DEPTHS; i++) {
depths[i] = NULL;
}
@@ -1606,7 +1625,7 @@
} while (TRUE);
/* Now we can reorder for the depth fields */
- for (i = 0; i < 1000; i++) {
+ for (i = 0; i < FIG_MAX_DEPTHS; i++) {
if (depths[i] != NULL)
layer_add_objects_first(dia->active_layer, depths[i]);
}
Index: dia.spec
===================================================================
RCS file: /cvs/dist/rpms/dia/FC-4/dia.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- dia.spec 16 Sep 2005 07:05:41 -0000 1.28
+++ dia.spec 31 Mar 2006 11:15:14 -0000 1.29
@@ -5,7 +5,7 @@
Name: dia
Summary: A diagram drawing program.
Version: 0.94
-Release: 12.fc4
+Release: 12.1.fc4
Epoch: 1
Source: ftp://ftp.gnome.org/pub/GNOME/stable/sources/dia/%{name}-%{version}.tar.bz2
Group: Applications/Multimedia
@@ -32,6 +32,7 @@
Patch3: dia-0.94-gcc4.patch
Patch4: dia-0.94-fallbacktoxpmicons.patch
Patch5: dia-0.94-rh165337.patch
+Patch6: dia-0.94-rh187402.patch
%description
The Dia drawing program is designed to be like the Windows(TM) Visio
@@ -50,6 +51,7 @@
%patch3 -p1 -b .gcc4
%patch4 -p1 -b .fallbacktoxpmicons
%patch5 -p1 -b .rh165337
+%patch6 -p1 -b .rh187402
%build
aclocal-1.7
@@ -116,6 +118,9 @@
%{_datadir}/pixmaps/*
%changelog
+* Fri Mar 31 2006 Caolan McNamara <caolanm at redhat.com>
+- rh#187402# buffer overflow fix
+
* Mon Apr 8 2005 Caolan McNamara <caolanm at redhat.com>
- rh#165337# crash on >= 1000% xoom
More information about the fedora-cvs-commits
mailing list