Mercurial Mercurial > upstream > oracle > spec-files / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patches/gimp-06-CVE-2010-454x.diff
author rohinis
Tue, 29 Nov 2011 17:32:55 +0000
branchs11express-2010-11
changeset 22234 c23e64da3e06
parent 22124 4322392a11ea
permissions -rw-r--r--
2011-11-29 Rohini S <[email protected]> * patches/Python26-22-audio.diff: Fixes CVE-2010-1634 * specs/SUNWPython26.spec: Fixes CR 7085446
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
22124
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     1
 
--- gimp-2.6.10.orig/plug-ins/common/sphere-designer.c	2011-08-16 11:48:50.451538000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     2
 
+++ gimp-2.6.10/plug-ins/common/sphere-designer.c	2011-08-16 11:53:08.714956000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     3
 
@@ -1992,6 +1992,7 @@ loadit (const gchar * fn)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     4
 
   gchar    endbuf[21 * (G_ASCII_DTOSTR_BUF_SIZE + 1)];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     5
 
   gchar   *end = endbuf;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     6
 
   gchar    line[1024];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     7
 
+  gchar    fmt_str[16];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     8
 
   gint     i;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
     9
 
   texture *t;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    10
 
   gint     majtype, type;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    11
 
@@ -2016,6 +2017,8 @@ loadit (const gchar * fn)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    12
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    13
 
   s.com.numtexture = 0;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    14
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    15
 
+  snprintf (fmt_str, sizeof (fmt_str), "%%d %%d %%%lds", sizeof (endbuf) - 1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    16
 
+
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    17
 
   while (!feof (f))
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    18
 
     {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    19
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    20
 
@@ -2026,7 +2029,7 @@ loadit (const gchar * fn)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    21
 
       t = &s.com.texture[i];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    22
 
       setdefaults (t);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    23
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    24
 
-      if (sscanf (line, "%d %d %s", &t->majtype, &t->type, end) != 3)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    25
 
+      if (sscanf (line, fmt_str, &t->majtype, &t->type, end) != 3)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    26
 
         t->color1.x = g_ascii_strtod (end, &end);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    27
 
       if (end && errno != ERANGE)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    28
 
         t->color1.y = g_ascii_strtod (end, &end);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    29
 
--- gimp-2.6.10.orig/plug-ins/gfig/gfig-style.c	2011-08-16 11:48:42.938675000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    30
 
+++ gimp-2.6.10/plug-ins/gfig/gfig-style.c	2011-08-16 11:57:17.625677000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    31
 
@@ -165,6 +165,7 @@ gfig_read_parameter_gimp_rgb (gchar
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    32
 
   gchar *ptr;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    33
 
   gchar *tmpstr;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    34
 
   gchar *endptr;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    35
 
+  gchar  fmt_str[32];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    36
 
   gchar  colorstr_r[G_ASCII_DTOSTR_BUF_SIZE];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    37
 
   gchar  colorstr_g[G_ASCII_DTOSTR_BUF_SIZE];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    38
 
   gchar  colorstr_b[G_ASCII_DTOSTR_BUF_SIZE];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    39
 
@@ -172,6 +173,8 @@ gfig_read_parameter_gimp_rgb (gchar
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    40
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    41
 
   style_entry->r = style_entry->g = style_entry->b = style_entry->a = 0.;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    42
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    43
 
+  snprintf (fmt_str, sizeof (fmt_str), "%%%lds %%%lds %%%lds %%%lds", sizeof (colorstr_r) - 1, sizeof (colorstr_g) - 1, sizeof (colorstr_b) - 1, sizeof (colorstr_a) - 1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    44
 
+
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    45
 
   while (n < nitems)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    46
 
     {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    47
 
       ptr = strchr (text[n], ':');
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    48
 
@@ -181,7 +184,7 @@ gfig_read_parameter_gimp_rgb (gchar
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    49
 
           ptr++;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    50
 
           if (!strcmp (tmpstr, name))
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    51
 
             {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    52
 
-              sscanf (ptr, "%s %s %s %s", colorstr_r, colorstr_g, colorstr_b, colorstr_a);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    53
 
+              sscanf (ptr, fmt_str, colorstr_r, colorstr_g, colorstr_b, colorstr_a);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    54
 
               style_entry->r = g_ascii_strtod (colorstr_r, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    55
 
               style_entry->g = g_ascii_strtod (colorstr_g, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    56
 
               style_entry->b = g_ascii_strtod (colorstr_b, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    57
 
--- gimp-2.6.10.orig/plug-ins/lighting/lighting-ui.c	2011-08-16 11:48:41.292829000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    58
 
+++ gimp-2.6.10/plug-ins/lighting/lighting-ui.c	2011-08-16 12:14:35.185283000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    59
 
@@ -1342,6 +1342,7 @@ load_preset_response (GtkFileChooser *ch
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    60
 
   gchar          buffer3[G_ASCII_DTOSTR_BUF_SIZE];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    61
 
   gchar          type_label[21];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    62
 
   gchar         *endptr;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    63
 
+  gchar          fmt_str[32];
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    64
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    65
 
   if (response_id == GTK_RESPONSE_OK)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    66
 
     {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    67
 
@@ -1381,23 +1382,27 @@ load_preset_response (GtkFileChooser *ch
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    68
 
                   return;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    69
 
                 }
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    70
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    71
 
-              fscanf (fp, " Position: %s %s %s", buffer1, buffer2, buffer3);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    72
 
+              snprintf (fmt_str, sizeof (fmt_str), " Position: %%%lds %%%lds %%%lds", sizeof (buffer1) - 1, sizeof (buffer2) - 1, sizeof (buffer3) - 1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    73
 
+              fscanf (fp, fmt_str, buffer1, buffer2, buffer3);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    74
 
               source->position.x = g_ascii_strtod (buffer1, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    75
 
               source->position.y = g_ascii_strtod (buffer2, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    76
 
               source->position.z = g_ascii_strtod (buffer3, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    77
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    78
 
-              fscanf (fp, " Direction: %s %s %s", buffer1, buffer2, buffer3);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    79
 
+              snprintf (fmt_str, sizeof (fmt_str), " Direction: %%%lds %%%lds %%%lds", sizeof (buffer1) - 1, sizeof (buffer2) - 1, sizeof (buffer3) - 1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    80
 
+              fscanf (fp, fmt_str, buffer1, buffer2, buffer3);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    81
 
               source->direction.x = g_ascii_strtod (buffer1, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    82
 
               source->direction.y = g_ascii_strtod (buffer2, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    83
 
               source->direction.z = g_ascii_strtod (buffer3, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    84
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    85
 
-              fscanf (fp, " Color: %s %s %s", buffer1, buffer2, buffer3);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    86
 
+              snprintf (fmt_str, sizeof (fmt_str), " Color: %%%lds %%%lds %%%lds", sizeof (buffer1) - 1, sizeof (buffer2) - 1, sizeof (buffer3) - 1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    87
 
+              fscanf (fp, fmt_str, buffer1, buffer2, buffer3);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    88
 
               source->color.r = g_ascii_strtod (buffer1, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    89
 
               source->color.g = g_ascii_strtod (buffer2, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    90
 
               source->color.b = g_ascii_strtod (buffer3, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    91
 
               source->color.a = 1.0;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    92
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    93
 
-              fscanf (fp, " Intensity: %s", buffer1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    94
 
+              snprintf (fmt_str, sizeof (fmt_str), " Intensity: %%%lds", sizeof (buffer1) - 1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    95
 
+              fscanf (fp, fmt_str, buffer1);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    96
 
               source->intensity = g_ascii_strtod (buffer1, &endptr);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    97
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    98
 
             }
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
    99
 
--- gimp-2.6.10.orig/plug-ins/common/file-psp.c	2011-08-16 11:48:49.945737000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   100
 
+++ gimp-2.6.10/plug-ins/common/file-psp.c	2011-08-16 12:04:16.278205000 +0530
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   101
 
@@ -1246,13 +1246,14 @@ read_channel_data (FILE       *f,
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   102
 
             fread (buf, runcount, 1, f);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   103
 
           if (bytespp == 1)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   104
 
             {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   105
 
+              runcount = MIN (runcount, endq - q);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   106
 
               memmove (q, buf, runcount);
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   107
 
               q += runcount;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   108
 
             }
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   109
 
           else
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   110
 
             {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   111
 
               p = buf;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   112
 
-              for (i = 0; i < runcount; i++)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   113
 
+              for (i = 0; i < runcount && q < endq; i++)
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   114
 
                 {
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   115
 
                   *q = *p++;
4322392a11ea CR#7075500
an230044
parents:
diff changeset 
   116
 
                   q += bytespp;
upstream/oracle/spec-files