diff options
| -rwxr-xr-x | buildtools/makepointerman | 10 | ||||
| -rw-r--r-- | converter/other/cameratopam/ljpeg.c | 31 | ||||
| -rw-r--r-- | converter/other/pnmtorle.c | 5 | ||||
| -rw-r--r-- | converter/pbm/pbmtoatk.c | 8 | ||||
| -rw-r--r-- | converter/pbm/pbmtog3.c | 2 | ||||
| -rw-r--r-- | converter/pbm/pbmtopk.c | 12 | ||||
| -rw-r--r-- | converter/pbm/pktopbm.c | 5 | ||||
| -rw-r--r-- | converter/pgm/sbigtopgm.c | 43 | ||||
| -rw-r--r-- | converter/ppm/ppmtoyuvsplit.c | 49 | ||||
| -rw-r--r-- | doc/HISTORY | 43 | ||||
| -rw-r--r-- | lib/util/nstring.c | 2 | ||||
| -rw-r--r-- | version.mk | 2 |
12 files changed, 155 insertions, 57 deletions
diff --git a/buildtools/makepointerman b/buildtools/makepointerman index 8fbb0f49..58d3a64c 100755 --- a/buildtools/makepointerman +++ b/buildtools/makepointerman @@ -74,11 +74,11 @@ print(MANPAGE "If that doesn't work, also try " . print(MANPAGE "emailing Bryan Henderson, bryanh\@giraffe-data.com.\n"); print(MANPAGE "\n"); -print(MANPAGE "Note that making the documentation available this way was\n"); -print(MANPAGE "a choice of the person who installed Netpbm on this system.\n"); -print(MANPAGE "It is also possible to install Netpbm such that you would\n"); -print(MANPAGE "simply see the documentation instead of the message you are\n"); -print(MANPAGE "reading now.\n"); +print(MANPAGE "Note that it is possible to install Netpbm with the\n"); +print(MANPAGE "documentation available differently. For example, you\n"); +print(MANPAGE "could simply see the documentation instead of the message\n"); +print(MANPAGE "you are reading now. The file 'doc/USERDOC' in the Netpbm\n"); +print(MANPAGE "source tree contains details."); print(MANPAGE "\n"); if ($format eq "nroff") { diff --git a/converter/other/cameratopam/ljpeg.c b/converter/other/cameratopam/ljpeg.c index 29e4ff98..d5e21d3b 100644 --- a/converter/other/cameratopam/ljpeg.c +++ b/converter/other/cameratopam/ljpeg.c @@ -33,21 +33,26 @@ ljpeg_start (FILE * ifp, struct jhead *jh) do { fread (data, 2, 2, ifp); tag = data[0] << 8 | data[1]; - len = (data[2] << 8 | data[3]) - 2; - if (tag <= 0xff00 || len > 255) return 0; - fread (data, 1, len, ifp); - switch (tag) { + len = (data[2] << 8 | data[3]); + if (len < 2) + pm_error("Length field is %u; must be at least 2", len); + else { + unsigned int const dataLen = len - 2; + if (tag <= 0xff00 || dataLen > 255) return 0; + fread (data, 1, dataLen, ifp); + switch (tag) { case 0xffc3: - jh->bits = data[0]; - jh->high = data[1] << 8 | data[2]; - jh->wide = data[3] << 8 | data[4]; - jh->clrs = data[5]; - break; + jh->bits = data[0]; + jh->high = data[1] << 8 | data[2]; + jh->wide = data[3] << 8 | data[4]; + jh->clrs = data[5]; + break; case 0xffc4: - for (dp = data; dp < data+len && *dp < 4; ) { - jh->huff[*dp] = free_decode; - dp = make_decoder (++dp, 0); - } + for (dp = data; dp < data+dataLen && *dp < 4; ) { + jh->huff[*dp] = free_decode; + dp = make_decoder (++dp, 0); + } + } } } while (tag != 0xffda); jh->row = calloc (jh->wide*jh->clrs, 2); diff --git a/converter/other/pnmtorle.c b/converter/other/pnmtorle.c index 180b144f..8908c356 100644 --- a/converter/other/pnmtorle.c +++ b/converter/other/pnmtorle.c @@ -212,7 +212,6 @@ main(int argc, char ** argv) { const char * pnmname; const char * outname; - static char filename[BUFSIZ]; int oflag; pnm_init(&argc, argv); @@ -239,11 +238,9 @@ main(int argc, char ** argv) { /* Open the file. */ if (pnmname == NULL) { - strcpy(filename, "stdin"); fp = pm_openr("-"); } else { - strcpy(filename, pnmname); - fp = pm_openr(filename); + fp = pm_openr(pnmname); } hdr.rle_file = rle_open_f( hdr.cmd, outname, "wb" ); diff --git a/converter/pbm/pbmtoatk.c b/converter/pbm/pbmtoatk.c index dd829776..9399f602 100644 --- a/converter/pbm/pbmtoatk.c +++ b/converter/pbm/pbmtoatk.c @@ -125,7 +125,6 @@ main(int argc, char *argv[]) { register bit *bP; int rows, cols, format, row; int col; - char name[100], *cp; unsigned char curbyte, newbyte; int curcount, gather; @@ -136,15 +135,8 @@ main(int argc, char *argv[]) { else if (argc-1 == 1) { ifd = pm_openr( argv[1] ); - strcpy(name, argv[1]); - if (streq( name, "-")) - strcpy(name, "noname"); - - if ((cp = strchr(name, '.')) != 0) - *cp = '\0'; } else { ifd = stdin; - strcpy( name, "noname" ); } pbm_readpbminit(ifd, &cols, &rows, &format); diff --git a/converter/pbm/pbmtog3.c b/converter/pbm/pbmtog3.c index 04ea651f..cd96c9dc 100644 --- a/converter/pbm/pbmtog3.c +++ b/converter/pbm/pbmtog3.c @@ -440,7 +440,7 @@ main(int argc, MALLOCARRAY_NOFAIL(bitrow, pbm_packed_bytes(cols) + sizeof(wordint)); - MALLOCARRAY_NOFAIL(milepost, readcols + 1); + MALLOCARRAY_NOFAIL(milepost, readcols + 2); initOutStream(cmdline.reversebits); puteol(); diff --git a/converter/pbm/pbmtopk.c b/converter/pbm/pbmtopk.c index a9683190..fc94f855 100644 --- a/converter/pbm/pbmtopk.c +++ b/converter/pbm/pbmtopk.c @@ -854,11 +854,17 @@ main(int argc, char *argv[]) { initialize_pk() ; if (--argc < 1) pm_usage(usage) ; - strcpy(pkname, *++argv) ; + ++argv; + if(strlen(*argv) + 4 > NAMELENGTH) + pm_error("pkname is too long"); + strcpy(pkname, *argv) ; pbmtopk_add_suffix(pkname, ".pk") ; - if (--argc < 1) pm_usage(usage) ; - strcpy(tfmname, *++argv) ; + if (--argc < 1) pm_usage(usage); + ++argv; + if(strlen(*argv) + 4 > NAMELENGTH) + pm_error("tfmname is too long"); + strcpy(tfmname, *argv) ; pbmtopk_add_suffix(tfmname, ".tfm") ; if (--argc < 1) pm_usage(usage) ; diff --git a/converter/pbm/pktopbm.c b/converter/pbm/pktopbm.c index a3584ee5..712f339f 100644 --- a/converter/pbm/pktopbm.c +++ b/converter/pbm/pktopbm.c @@ -214,7 +214,10 @@ main(int argc, char *argv[]) { if (--argc < 1) pm_usage(usage) ; - strcpy(pkname, *++argv) ; + ++argv; + if(strlen(*argv) + 4 > NAMELENGTH) + pm_error("pkname is too long"); + strcpy(pkname, *argv) ; pktopbm_add_suffix(pkname, ".pk") ; car = 0 ; diff --git a/converter/pgm/sbigtopgm.c b/converter/pgm/sbigtopgm.c index 2e8b4586..3c223c47 100644 --- a/converter/pgm/sbigtopgm.c +++ b/converter/pgm/sbigtopgm.c @@ -127,8 +127,8 @@ struct SbigHeader { unsigned int cols; unsigned int maxval; bool isCompressed; - bool haveCameraType; - char cameraType[80]; + const char * cameraType; + /* Null means information not in header */ }; @@ -141,15 +141,19 @@ readSbigHeader(FILE * const ifP, bool gotCompression; bool gotWidth; bool gotHeight; - char buffer[SBIG_HEADER_LENGTH]; + char * buffer; /* malloced */ char * cursor; bool endOfHeader; + MALLOCARRAY_NOFAIL(buffer, SBIG_HEADER_LENGTH + 1); + rc = fread(buffer, SBIG_HEADER_LENGTH, 1, ifP); if (rc < 1) pm_error("error reading SBIG file header"); + buffer[SBIG_HEADER_LENGTH] = '\0'; + /* The SBIG header specification equivalent to maxval is "Sat_level", the saturation level of the image. This specification is optional, and was not included in files @@ -171,6 +175,12 @@ readSbigHeader(FILE * const ifP, converse, pixels having values greater than maxval, results in an invalid file which may cause problems in programs which attempt to process it. + + According to the official specification, the camera type name is the + first item in the header, and may or may not start with "ST-". But + this program has historically had an odd method of detecting camera + type, which allows any string starting with "ST-" anywhere in the + header, and for now we leave that undisturbed. 2015.05.27. */ gotCompression = false; /* initial value */ @@ -178,7 +188,7 @@ readSbigHeader(FILE * const ifP, gotHeight = false; /* initial value */ sbigHeaderP->maxval = 65535; /* initial assumption */ - sbigHeaderP->haveCameraType = false; /* initial assumption */ + sbigHeaderP->cameraType = NULL; /* initial assumption */ for (cursor = &buffer[0], endOfHeader = false; !endOfHeader;) { char * const cp = strchr(cursor, '\n'); @@ -188,13 +198,14 @@ readSbigHeader(FILE * const ifP, (unsigned)(cursor - &buffer[0])); } *cp = '\0'; - if (strneq(cursor, "ST-", 3)) { + if (strneq(cursor, "ST-", 3) || + (cursor == &buffer[0] && strstr(cursor,"Image") != NULL)) { + char * const ep = strchr(cursor + 3, ' '); if (ep != NULL) { *ep = '\0'; - strcpy(sbigHeaderP->cameraType, cursor); - sbigHeaderP->haveCameraType = true; + sbigHeaderP->cameraType = pm_strdup(cursor); *ep = ' '; } } @@ -202,8 +213,9 @@ readSbigHeader(FILE * const ifP, looseCanon(cursor); /* Convert from standard SBIG to an internal format */ - if (strneq(cursor, "st-", 3)) { - sbigHeaderP->isCompressed = (strstr("compressed", cursor) != NULL); + if (strneq(cursor, "st-", 3) || cursor == &buffer[0]) { + sbigHeaderP->isCompressed = + (strstr(cursor, "compressedimage") != NULL); gotCompression = true; } else if (strneq(cursor, "height=", 7)) { sbigHeaderP->rows = atoi(cursor + 7); @@ -233,6 +245,15 @@ readSbigHeader(FILE * const ifP, static void +termSbigHeader(struct SbigHeader const sbigHeader) { + + if (sbigHeader.cameraType) + pm_strfree(sbigHeader.cameraType); +} + + + +static void writeRaster(FILE * const ifP, struct SbigHeader const hdr, FILE * const ofP) { @@ -306,7 +327,7 @@ main(int argc, const char ** argv) { readSbigHeader(ifP, &hdr); pm_message("SBIG '%s' %ux%u %s image, saturation level = %u", - (hdr.haveCameraType ? hdr.cameraType : "ST-?"), + (hdr.cameraType ? hdr.cameraType : "ST-?"), hdr.cols, hdr.rows, hdr.isCompressed ? "compressed" : "uncompressed", hdr.maxval); @@ -320,6 +341,8 @@ main(int argc, const char ** argv) { writeRaster(ifP, hdr, stdout); + termSbigHeader(hdr); + pm_close(ifP); pm_close(stdout); diff --git a/converter/ppm/ppmtoyuvsplit.c b/converter/ppm/ppmtoyuvsplit.c index e4ffaa3a..eb89ad29 100644 --- a/converter/ppm/ppmtoyuvsplit.c +++ b/converter/ppm/ppmtoyuvsplit.c @@ -29,8 +29,40 @@ #endif #include <string.h> +#include "nstring.h" #include "ppm.h" + + +struct FileNameSet { + const char * u; + const char * v; + const char * y; +}; + + + +static void +makeOutputFileName(const char * const baseName, + struct FileNameSet * const fnameP) { + + pm_asprintf(&fnameP->u, "%s.U", baseName); + pm_asprintf(&fnameP->v, "%s.V", baseName); + pm_asprintf(&fnameP->y, "%s.Y", baseName); +} + + + +static void +termFileNameSet(struct FileNameSet const fname) { + + pm_strfree(fname.u); + pm_strfree(fname.v); + pm_strfree(fname.y); +} + + + int main(int argc, const char ** argv) { @@ -42,7 +74,8 @@ main(int argc, const char ** argv) { unsigned int row; pixval maxval; unsigned char *y1buf, *y2buf, *ubuf, *vbuf; - char ufname[256], vfname[256], yfname[256]; + struct FileNameSet fname; + /* Output file names - .U, .V, .Y */ pm_proginit(&argc, argv); @@ -56,17 +89,13 @@ main(int argc, const char ** argv) { else ifP = stdin; - strcpy(ufname,argv[1]); - strcpy(vfname,argv[1]); - strcpy(yfname,argv[1]); + makeOutputFileName(argv[1], &fname); - strcat(ufname,".U"); - strcat(vfname,".V"); - strcat(yfname,".Y"); + uf = pm_openw(fname.u); + vf = pm_openw(fname.v); + yf = pm_openw(fname.y); - uf = pm_openw(ufname); - vf = pm_openw(vfname); - yf = pm_openw(yfname); + termFileNameSet(fname); ppm_readppminit(ifP, &cols, &rows, &maxval, &format); diff --git a/doc/HISTORY b/doc/HISTORY index ff28d250..b07f52b0 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -4,6 +4,49 @@ Netpbm. CHANGE HISTORY -------------- +15.05.27 BJH Release 10.70.06 + + sbigtopgm: fix detection of camera type. Always broken + (sbigtopgm was new in Netpbm 8.3 (March 2000)). + + sbigtopgm: fix recognition of compressed image. Broken in + Netpbm 10.70.00 (March 2015). + + libnetpbm: pm_stripeq: fix bug: wild pointer access when + comparator is shorter than comparand. Doesn't affect function, + but could cause crash or privacy exposure. Affects reading of a + PAM file by any program. Introduced in one of Netpbm 10.27 + (March 2005) through 10.35 (August 2006). + + pbmtog3: Fix buffer overrun. Introduced in Netpbm 10.23 + (July 2004). + + pbmtoatk: Fix crash with very long input file name argument. + Always broken (pbmtoatk was new in 1991). + + cameratopam: Fix arithmetic underflow in JPEG processing; + unknown effect. + + sbigtopgm: fix buffer overrun with invalid input image. Always + present (sbigtopgm was new in Netpbm 8.3 (March 2000)). + + pnmtorle: Fix buffer overrun with long file name. Always + present. (pnmtorle was new to Netpbm in Netpbm 9.0 (April + 2000)). + + pbmtopk: Fix buffer overrun with long file name. Always + present. (pbmtopk was new in Netpbm 1 (March 1991)). + + pktopbm: Fix buffer overrun with long file name. Always + present. (pbmtopk was new in Netpbm 1 (March 1991)). + + ppmtoyuvsplit: Fix buffer overrun with long file name. Always + present. (New in Netpbm 1 (March 1991)). + + pbmtopi3: Fix bug: wrong output when input is higher or wider + than 640 pixels. Always broken (pbmtopi3 was new in September + 1991). + 15.05.18 BJH Release 10.70.05 pbmtoxbm: Fix bug: crash with zero width input. Broken in diff --git a/lib/util/nstring.c b/lib/util/nstring.c index 74618422..039c2b3b 100644 --- a/lib/util/nstring.c +++ b/lib/util/nstring.c @@ -934,7 +934,7 @@ pm_stripeq(const char * const comparand, */ if (px - p != qx - q) equal = 0; - + else while (p <= px) { if (*p != *q) equal = 0; p++; q++; diff --git a/version.mk b/version.mk index 77b77811..d54e67b0 100644 --- a/version.mk +++ b/version.mk @@ -1,3 +1,3 @@ NETPBM_MAJOR_RELEASE = 10 NETPBM_MINOR_RELEASE = 70 -NETPBM_POINT_RELEASE = 5 +NETPBM_POINT_RELEASE = 6 |