[E-devel] Imlib2 patch

[Dariusz Knociński]

Hi All,
I wrote new version of some procedures in Imlib2 library and attached patches 
for that
mail.
 
In file color-helpres procedures :

void __imlib_rgb_to_hsv( int r, int g, int b, float *h, float *s, float *v );
void __imlib_hsv_to_rgb( float h,  float s,  float v,  int *r, int *g, int *b );

I have changed the range of parameters hue from 0-100 to 0-360, and saturation 
and value 
from 0-100 to 0-1. This is correct to last version of documentation on the web 
page.

In file grad.c procedures :

void __imlib_MapRange(  ImlibRange * rg, int len )
void __imlib_MapHsvaRange( ImlibRange * rg, int len )

I have changed internal variable inc 
from:
  inc = ((ll - 1) << 16) / (len);
to:
  inc = ((ll - 1) << 16) / (len-1); 
This patch repair bug for small values of parameter len, for example from 2 to 
16.

And I apply two small screenshots of application imlib2_colorspace befor and 
after patch.

Best Regards 
-- 
Dariusz Knociński
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2 patch

[Dariusz Knociński]

Patch:
diff -u -p -r imlib2-1.4.1.000.old/src/lib/color_helpers.c 
imlib2-1.4.1.000.new/src/lib/color_helpers.c
--- imlib2-1.4.1.000.old/src/lib/color_helpers.c2007-05-21 
00:58:01.0 +0200
+++ imlib2-1.4.1.000.new/src/lib/color_helpers.c2008-04-15 
09:34:36.0 +0200
@@ -5,117 +5,89 @@
  */
 
 void
-__imlib_rgb_to_hsv(int r, int g, int b, float *h, float *s, float *v)
+__imlib_rgb_to_hsv( int r, int g, int b, float *h, float *s, float *v )
 {
-   int min, max;
-   int delta;
+   register float min, max, delta;
 
-   max = (r + g + abs(r - g)) / 2;
-   max = (max + b + abs(max - b)) / 2;
-   min = (r + g - abs(r - g)) / 2;
-   min = (min + b - abs(min - b)) / 2;
+min = ((( r < g ) ? r : g) < b ) ? (( r < g ) ? r : g) : b;
+max = ((( r > g ) ? r : g) > b ) ? (( r > g ) ? r : g) : b;
 
-   delta = max - min;
-   *v = (float)(100 * max) / 255.0;
-
-   if (max != 0)
-  *s = (float)(100 * delta) / (float)max;
-   else
- {
-*s = 0.0;
+*v = max / 255.0;
+   delta = ( max - min );
+if( delta == 0 )
+{
 *h = 0.0;
-*v = 0.0;
- }
-   if (r == max)
- {
-*h = (float)(100 * (g - b)) / (float)(6.0 * delta);
- }
-   else
- {
-if (g == max)
-  {
- *h = (float)(100 * (2 * delta + b - r)) / (float)(6.0 * delta);
-  }
-else
-  {
- *h = (float)(100 * (4 * delta + r - g)) / (float)(6.0 * delta);
-  }
- }
-   if (*h < 0.0)
-  *h += 100.0;
-   if (*h > 100.0)
-  *h -= 100.0;
+*s = 0.0;
+return;
+}
+*s = delta / max;
+   if( r == max )
+   *h = ( g - b ) / delta;
+   else if( g == max )
+   *h = 2.0 + ( b - r ) / delta;
+   else
+   *h = 4.0 + ( r - g ) / delta;
+   *h *= 60.0;
+   if( *h < 0 )
+   *h += 360.0;
 }
 
 void
 __imlib_hsv_to_rgb(float h, float s, float v, int *r, int *g, int *b)
 {
-   float   hh, f;
-   float   p, q, t;
-   int i;
+register float f, vf;
+register int i, p, q, t, vv;
 
-   if (s == 0.0)
- {
-*r = round((v * 255.0) / 100.0);
-*g = round((v * 255.0) / 100.0);
-*b = round((v * 255.0) / 100.0);
+vf = 255.0 * v;
+vv = (int)round( vf );
 
+if( s == 0.0 )
+{
+*r = *g = *b = vv;
 return;
- }
-
-   hh = (h * 6.0) / 100.0;
-   i = floor(hh);
-   f = hh - (float)i;
-
-   p = v * (1.0 - s / 100.0) / 100.0;
-   q = v * (1.0 - (s * f) / 100.0) / 100.0;
-   t = v * (1.0 - s * (1.0 - f) / 100.0) / 100.0;
+}
 
-   switch (i)
- {
- case 0:
-{
-   *r = round(v * 255.0 / 100.0);
-   *g = round(t * 255.0);
-   *b = round(p * 255.0);
-   break;
-}
- case 1:
-{
-   *r = round(q * 255.0);
-   *g = round(v * 255.0 / 100.0);
-   *b = round(p * 255.0);
-   break;
-}
- case 2:
-{
-   *r = round(p * 255.0);
-   *g = round(v * 255.0 / 100.0);
-   *b = round(t * 255.0);
-   break;
-}
- case 3:
-{
-   *r = round(p * 255.0);
-   *g = round(q * 255.0);
-   *b = round(v * 255.0 / 100.0);
-   break;
-}
- case 4:
-{
-   *r = round(t * 255.0);
-   *g = round(p * 255.0);
-   *b = round(v * 255.0 / 100.0);
-   break;
-}
- case 5:
-{
-   *r = round(v * 255.0 / 100.0);
-   *g = round(p * 255.0);
-   *b = round(q * 255.0);
-   break;
-}
- }
+h /= 60.0;
+i = floor(h);
+f = h - (float)i;
+p = (int)round( vf * (1.0 - s ));
+q = (int)round( vf * (1.0 - (s * f)));
+t = (int)round( vf * (1.0 - s * (1.0 - f)));
+
+switch( i % 6 )
+{
+case 0:
+*r = vv;
+*g = t;
+*b = p;
+break;
+case 1:
+*r = q;
+*g = vv;
+*b = p;
+break;
+case 2:
+*r = p;
+*g = vv;
+*b = t;
+break;
+case 3:
+*r = p;
+*g = q;
+*b = vv;
+break;
+case 4:
+*r = t;
+*g = p;
+*b = vv;
+break;
+case 5:
+default:
+*r = vv;
+*g = p;
+*b = q;
+break;
+}
 }
 
 void
diff -u -p -r imlib2-1.4.1.000.old/src/lib/grad.c 
imlib2-1.4.1.000.new/src/lib/grad.c
--- imlib2-1.4.1.000.old/src/lib/grad.c 2007-05-21 00:58:01.0 +0200
+++ imlib2-1.4.1.000.new/src/lib/grad.c 2008-04-15 09:29:32.0 +0200
@@ -112,7 +112,7 @@ __imlib_MapRange(ImlibRange * rg, int le
  pmap[i++] = (a << 24) | (r << 16) | (g << 8) | b;
   }
  }
-   inc = ((ll - 1) << 16) / (len);
+   inc = ((ll - 1) << 16) / (len-1);
l = 0;
for (i = 0; i < len; i++)
  {
@@ -194,7 +194,7 @@ __imlib_MapHsvaRan

Re: [E-devel] Imlib2 patch

[Dariusz Knociński]

BEGIN BASE64 imlib2_colorspace-before.jpg
/9j/4AAQSkZJRgABAQEASABIAAD/4QAWRXhpZgAATU0AKggAAAD/2wBDAAUDBAQEAwUE
BAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/
2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e
Hh4eHh4eHh4eHh7/wAARCAGpAl8DASIAAhEBAxEB/8QAHAABAAICAwEAAAEHBQYC
AwgE/8QAUhAAAQMCAgIMCggEBAQFBQEAAAECAwQFBhESMQcUFhchVFV1lJXR0xNBUVJWk6Gis9IV
IjI1NjhhsnGBtNQjJEKRCFNiZTNDY3KCJbG1wfE3/8QAGwEBAQEBAAMBAAMBAgQF
Bwb/xABHEQACAQECBwsJBgYDAQADAQIRAwQFEyExUXGRBhIVFzRBUlOhsdIUFjJhcpKi0eEH
M0JDVIEiNXODsvDBwvFiI0SC/9oADAMBAAIRAxEAPwC2thbYxsWAsMW6GG1UFTf6ima6vuErUlc9
0iNc5jFc1Mo0ybkmSauHNVVV3ioWKnkVk1voEy4UclI1UX2GQoocrfQ1GXB4GDh/+LUMPiCdEcvC
uo86xhj5/wAR49pJ2Uf4Ttp5qWoRyw0dudou0Xf5VqZL/sduUfELf0VnYY/AkK1MVwfkq5VOXuob
LtBfN9hO2irO0cdBSzk5RTZiso+IW/orOwZR8Qt/RWdhldoL5vsG0F832Eqo7MVlHxC39FZ2DKPi
Fv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv
6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6K
zsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6Kzs
MrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMr
tBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtB
fN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN
9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g
2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2g
vm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm
+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+w
VQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQ
MVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMV
lHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlH
xC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC
39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMVlHxC39FZ2DKPiFv6KzsMrtBfN9g2gvm+wVQMdRwRVFS
sS0tuia1ukqrRtdnw/yPt+i6fzbd1e3tOmVrqWtVGtVznRZo1Na5Z8CHzUl0qJZVZUW2rpE0c0fM
zJq/pn5RSoE0LI65KVKW2uzc1EftNqJkv6fy8onksUEz4Zq2zskYuTmuomIqL/uS9+lOtT4mvYns
cdTXwtknSotckz1nkXTW3ukzRXKqfW0VzTLLxm0BzqtqR08VTTxWyqhkRyo5tG1NX+/kU+eCWB8T
ZJILdGjuDP6ORW5+TSzyz/Q5RNR9M6BsTomtfUOaxWKxUaqvVPqqiKnAqHwWSpiip5pKqRjqXRRr
6dVRXTLlwZJ4kTXpeLxHj2zaaSZ511sozhJtVeQ+uongijSRlLb5GqvB/wDT0ajuHJcnal/kef8A
/i92NLC3CLsfWS3Utsr6Wpay5Nh+oyqbK5cn6CJksmm7hXNOBV15Jlel5nSasidHOyWCTR8C1uTf
BNz+wrU+zl/sus1D/i8gWD/h/vmaZaVTSfGaXuNpJWiy86I4RsYRsk6czNtveOqKywU1mrbY6qY6
ihcvAioqKxNeamvrjXCKrw4Uav8A8U7TB7J/37Sc3U/7DVD9tg7AV0trtC0knVrSevnaNSaLWt2y
bZLdCsNDYX08bnaStYjUzX/c+rfdouS5/d7SnweX5t3HQ9pzjpFwb7tFyXP7vaN92i5Ln93tKfA8
2rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLkuf3e0p8DzauOh7Rj
pFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46HtGOkXBvu0X
Jc/u9o33aLkuf3e0p8DzauOh7RjpFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jf
douS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLkuf3e0p8DzauOh7RjpFwb7tFyXP7vaN92i5Ln93
tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLkuf3e0p8Dzau
Oh7RjpFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46HtGOkX
Bvu0XJc/u9o33aLkuf3e0p8DzauOh7RjpFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz
+72jfdouS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLkuf3e0p8DzauOh7RjpFwb7tFyXP7vaN92i
5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLkuf3e0p
8DzauOh7RjpFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46H
tGOkXBvu0XJc/u9o33aLkuf3e0p8DzauOh7RjpFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+
7Rclz+72jfdouS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLkuf3e0p8DzauOh7RjpFwb7tFyXP7v
aN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwPNq46HtGOkXBvu0XJc/u9o33aLku
f3e0p8DzauOh7RjpFwb7tFyXP7vaN92i5Ln93tKfA82rjoe0Y6RcG+7Rclz+72jfdouS5/d7SnwP
Nq46HtGOkWjdNkm03BzHy22tY5iZI6NzUzTyaz493Nm4pdPWMK6B0tzlyXM9pmNkWazZCsrKGSk+
jK1Wvcjler26WaauHM+fdzZuKXT1jCugPN25aHtGNkWZQ7IVmpZXSJba6VVarf8AEe1URF16lQxy
4qw4qqqUF0amfAiStyQ0QHL3NXGWdPaUherWz9F0N/psXYdhqI5vo65SKxyORr5GqiqnlyML/wAT
GKY8U/8ADtiCoipnQNgrKRmTss1VZWr4jWjr2U/yzYq5xo/iNPX4RwLdLnZK0sk61XP6xaXi0tU9
+65Gbfsn/ftJzdT/ALDVDa9k/wC/aTm6n/Yaoe9wPyGy1ErT0mAYfHM01Ngm+1FPLJDNFbah8ckb
la5jkjcqKipwoqL4yrM6vlm+dbVPeHq8P7p7DAk4RtYOW+rmpzaz9PuZ3I3zdHjfJZxji6V3za9K
tKUT0MusFK/5vli+db1PeD/N8sXzrep7w9CvtHuT/Kl2fM/U8UeGets9svAXUClU23yxfOt6nvCc
qrli+db1PeHS+0W5P8qXZ8xxR4Z62z2y8BdIKWRKrli+db1PeE5VXLF863qe8Ol9oVzf5Uuz5jik
wx1tntl4C6AUvlVcsXzrep7wnRquWL51vU94dLd/dH+VLs+ZnFJhjrbPbLwFzgpnRqeWL51vU94E
bU8sXzrep7w6W726P8qXZ8xxS4Y62z2y8BcwKa0Knli+db1PeDQqeWL51vU94drd3dX+VLsM4pcM
dbZ7ZeAuUFNoyp5XvnW9T3g0Knle+db1PeGrdzdn+VLsHFLhjrbPbLwFyApxI6jle+db1PeDwdRy
vfOt6nvDtbtrs/y5dg4psMdbZ7ZeAuMFOeDqOV751vU94T4Ko5XvnW9T3h0t2d3f5b7DOKbDHW2e
2XgLiBTvgqjle+db1PeEpFPyvfOt6nvDpbsbB/lvsHFNhjrbPbLwFwgp/wAFPyvfOt6nvAkU/K98
63qe8OluvsH+W9qHFPhjrbPbLwFwAqDwM/K1863qu8HgZ+Vr51vVd4drdZYv8t7UZxT4X62z2y8B
b4Kh8BNytfOt6rvB4Cbla+db1XeHS3VWT/Le1Diowv1tntl4C3gVEkE3K1863qu8HgJuVr51xVd4
dLdPZP8ALe0cVGF+ts9svAW6CovAT

Re: [E-devel] Imlib2 patch

[Dariusz Knociński]

BEGIN BASE64 imlib2_colorspace-after.jpg 
/9j/4AAQSkZJRgABAQEASABIAAD/4QAWRXhpZgAATU0AKggAAAD/2wBDAAUDBAQEAwUE
BAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/
2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e
Hh4eHh4eHh4eHh7/wAARCAGoAl4DASIAAhEBAxEB/8QAGwAAAQUBAQEEBQYH
AgP/xABWEAABAwICAwoJCQQIBAQHAQAAAQIDBAUGERIxQQcUIVRVdZSV0dMTFjI2UVKhorMVFyI1
RmGFstRCcYG0I0NERVORltIkYmWGM3KChAglY5OxwfFW/8QAGwEAAgMBAQEAAAUB
AwQCBwb/xABIEQABAgMCBwwFCwQDAAMAAQIDBBEFMQYhUXGR0dIHEhMWFzI0QVOSoaJCVGGB
sSIzNUNyc4OywuHwFEST8RVSwSNigv/aAAwDAQACEQMRAD8A1rcW3MbFgLDFuhhtVBU3+opmur7h
K1JXPdIjXOYxXNTKNMm5JkmrhzVVVbxULFTyKya30CZcKOSkaqL7CQoocrfQ1GXB4GDh/wDS1CHx
BOiOXhXUboLOHf8AKM8Rywm/JPWnmpahHLDR252i7Rd/wrUyX/I9co+IW/orOwj8CQrUxXB+SrlU
5e6hZd4L6vsK4zUhxFbkLIblc1FUiso+IW/orOwMo+IW/orOwld4L6vsDeC+r7CqqHZFZR8Qt/RW
dgZR8Qt/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWd
gZR8Qt/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdg
ZR8Qt/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZ
R8Qt/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR
8Qt/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8
Qt/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Q
t/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt
/RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/
RWdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/R
WdhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/RW
dhK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/RWd
hK7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/RWdh
K7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/RWdhK
7wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/RWdhK7
wX1fYG8F9X2BVAIrKPiFv6KzsDKPiFv6KzsJXeC+r7A3gvq+wKoBFZR8Qt/RWdgZR8Qt/RWdhK7w
X1fYG8F9X2BVAI6jgiqKlYlpbdE1rdJVWja7Ph/gPfkun9W3dXt7Txla6lrVRrVc50WaNTWuWfAg
2pLpUSyqyottXSJo5o+ZmTV+7P0hSoBNCyOuSlSltrs3NRH7zaiZL938PSE8ligmfDNW2dkjFyc1
1ExFRf8AMV79KdanY17E9jjya+Fsk6VFrkmes8i6a290maK5VT6WiuaZZbSaAd1W9I6eKpp4rZVQ
yI5Uc2jamr/P0KN4JYHxNkkgt0aO4M/k5Fbn6NLPLP7jqJqPpnQNidE1r6hzWKxWKjVV6p9FURU4
FQYWSpiip5pKqRjqXRRr6dVRXTLlwZJsRNels2GeMqoqIim6VhNexyqlVxDuongijSRlLb5GqvB/
8vRqO4clydqX+Bi//wARO4lb8U09NfsJ0dss943yrK5Vc6KCpa9Hv01a1jv6TSz4eDgXhzyTLXLz
Ok1ZE6OdksEmj4Frcm+Cbn5CtTycv8l1kljGBYLI3NMtKpZ+V5ZKxnsVVRSudgM3rUpeRd7x1RWW
Cms1bbHVTHUULl4EVFRWJrzUr641wiq8OFGr/wClO0g90/69pObqf8hVD7mzrClI0syI5FqqZRa+
IqOVDVrdum2S3QrDQ2F9PG52krWI1M1/zHXzu0XJc/u9pj4Gvi3I5F0nPDONg+d2i5Ln93tD53aL
kuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjYPndouS5/d7Q+d2i5Ln93
tMfAOLUjkXSHDONg+d2i5Ln93tD53aLkuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7THwD
i1I5F0hwzjYPndouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDONg+d2i5Ln93tD53aLkuf3e0x8A4tSOR
dIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjYPndouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDO
Ng+d2i5Ln93tD53aLkuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjYPnd
ouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDONg+d2i5Ln93tD53aLkuf3e0x8A4tSORdIcM42D53aLkuf
3e0PndouS5/d7THwDi1I5F0hwzjYPndouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDONg+d2i5Ln93tD5
3aLkuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjYPndouS5/d7Q+d2i5L
n93tMfAOLUjkXSHDONg+d2i5Ln93tD53aLkuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7T
HwDi1I5F0hwzjYPndouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDONg+d2i5Ln93tD53aLkuf3e0x8A4t
SORdIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjYPndouS5/d7Q+d2i5Ln93tMfAOLUjkXS
HDONg+d2i5Ln93tD53aLkuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjY
PndouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDONg+d2i5Ln93tD53aLkuf3e0x8A4tSORdIcM42D53aL
kuf3e0PndouS5/d7THwDi1I5F0hwzjYPndouS5/d7Q+d2i5Ln93tMfAOLUjkXSHDONg+d2i5Ln93
tD53aLkuf3e0x8A4tSORdIcM42D53aLkuf3e0PndouS5/d7THwDi1I5F0hwzjUbpuk2m4OY+W21r
HMTJHRuamaejWM/HmzcUun/3GGdAdJg5JJ1LpI4VxprN0KysoZKT5MrVa9yOV6vbpZpq4cxv482b
il0/+4wzoA4uyWRdIcK40yh3QrNSyukS210qq1W/0j2qiIuvUqEcuKsOKqqlBdGpnwIkrckKIByu
DUi69F0ljJqLD5q0L/TYuw7DURzfJ1ykVjkcjXyNVFVPTkWetxTHinDT6iKmdA2CsYzJ2WaqrHrs
MZL7gfzKrecY/huFVr2LKScssSEi1qnWdpMRIrvlrUjd0/69pObqf8hVC17p/wBe0nN1P+Qqh9FY
/QYWYzxOcoAQ+OZpqbBN9qKeWSGaK21D45I3K1zHJG5UVFThRUXaZZnV8s3zrap7wV2/hPAsR7Gx
WK7fVup1Zz6fBnBGcwj4X+le1vB0rvlVOdWlKIuRTawMV/4vli+db1PeB/xfLF863qe8EKbo8kv1
TvDWfU8kds9rD0u2DagMVTffLF863qe8FyquWL51vU94dJuiyS/VO8NYckds9rD0u2DaQMWRKrli
+db1PeC5VXLF863qe8Ok3QpNfqneGsOSS2O1h6XbBtAGL5VXLF863qe8F0arli+db1PeHSYfyi/V
O8NZHJJbHaw9Ltg2cDGdGp5YvnW9T3gI2p5YvnW9T3h0mHsov1TvDWHJLbHaw9Ltg2YDGtCp5Yvn
W9T3gaFTyxfOt6nvDtMO5VfqneBHJLbHaw9Ltg2UDG0ZU8r3zrep7wNCp5XvnW9T3hKYcyy/VO8A
5JbY7WHpdsGyAY4kdRyvfOt6nvA8HUcr3zrep7w7TDaWX6t3gHJNbHaw9Ltg2MDHPB1HK9863qe8
F8FUcr3zrep7w6TDOXX6tfAjkmtjtYel2wbEBjvgqjle+db1PeCpFPyvfOt6nvDpMMYC/Vr4ByTW
x2sPS7YNhAx/wU/K9863qe8BIp+V751vU94dJhfAX6tdKByT2x2sPS7YNgAyDwM/K1863qu8DwM/
K1863qu8O0wsgr9WulCOSe1+1h6XbBr4GQ+Am5WvnW9V3geAm5WvnW9V3h0mFUJfq10oHJRa/aw9
Ltg14DIkgm5WvnW9V3geAm5WvnXFV

Re: [E-devel] Imlib2 patch

[Kim Woelders]

Dariusz Knociński wrote:
> Hi All,
> I wrote new version of some procedures in Imlib2 library and attached patches 
> for that
> mail.
>  
> In file color-helpres procedures :
> 
> void __imlib_rgb_to_hsv( int r, int g, int b, float *h, float *s, float *v );
> void __imlib_hsv_to_rgb( float h,  float s,  float v,  int *r, int *g, int *b 
> );
> 
> I have changed the range of parameters hue from 0-100 to 0-360, and 
> saturation and value 
> from 0-100 to 0-1. This is correct to last version of documentation on the 
> web page.
> 
> In file grad.c procedures :
> 
> void __imlib_MapRange(  ImlibRange * rg, int len )
> void __imlib_MapHsvaRange( ImlibRange * rg, int len )
> 
> I have changed internal variable inc 
> from:
>   inc = ((ll - 1) << 16) / (len);
> to:
>   inc = ((ll - 1) << 16) / (len-1); 
> This patch repair bug for small values of parameter len, for example from 2 
> to 16.
> 
> And I apply two small screenshots of application imlib2_colorspace befor and 
> after patch.
> 
The patch applies/compiles cleanly and seems to fix the problem in 
imlib2_colorspace - haven't checked beyond that.
I'll commit this if there are no objections and noone beats me to it :)

/Kim


-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2 patch

[Jose Gonzalez]

Dariusz Knociński wrote:
> Patch:
> diff -u -p -r imlib2-1.4.1.000.old/src/lib/color_helpers.c 
> imlib2-1.4.1.000.new/src/lib/color_helpers.c
> --- imlib2-1.4.1.000.old/src/lib/color_helpers.c  2007-05-21 
> 00:58:01.0 +0200
> +++ imlib2-1.4.1.000.new/src/lib/color_helpers.c  2008-04-15 
> 09:34:36.0 +0200
> @@ -5,117 +5,89 @@
>   */
>  
>  void
> -__imlib_rgb_to_hsv(int r, int g, int b, float *h, float *s, float *v)
> +__imlib_rgb_to_hsv( int r, int g, int b, float *h, float *s, float *v )
>  {
> -   int min, max;
> -   int delta;
> + register float min, max, delta;
>  
> -   max = (r + g + abs(r - g)) / 2;
> -   max = (max + b + abs(max - b)) / 2;
> -   min = (r + g - abs(r - g)) / 2;
> -   min = (min + b - abs(min - b)) / 2;
> +min = ((( r < g ) ? r : g) < b ) ? (( r < g ) ? r : g) : b;
> +max = ((( r > g ) ? r : g) > b ) ? (( r > g ) ? r : g) : b;
>  
> -   delta = max - min;
> -   *v = (float)(100 * max) / 255.0;
> -
> -   if (max != 0)
> -  *s = (float)(100 * delta) / (float)max;
> -   else
> - {
> -*s = 0.0;
> +*v = max / 255.0;
> + delta = ( max - min );
> +if( delta == 0 )
> +{
>  *h = 0.0;
> -*v = 0.0;
> - }
> -   if (r == max)
> - {
> -*h = (float)(100 * (g - b)) / (float)(6.0 * delta);
> - }
> -   else
> - {
> -if (g == max)
> -  {
> - *h = (float)(100 * (2 * delta + b - r)) / (float)(6.0 * delta);
> -  }
> -else
> -  {
> - *h = (float)(100 * (4 * delta + r - g)) / (float)(6.0 * delta);
> -  }
> - }
> -   if (*h < 0.0)
> -  *h += 100.0;
> -   if (*h > 100.0)
> -  *h -= 100.0;
> +*s = 0.0;
> +return;
> +}
> +*s = delta / max;
> + if( r == max )
> + *h = ( g - b ) / delta;
> + else if( g == max )
> + *h = 2.0 + ( b - r ) / delta;
> + else
> + *h = 4.0 + ( r - g ) / delta;
> + *h *= 60.0;
> + if( *h < 0 )
> + *h += 360.0;
>  }
>  
>  void
>  __imlib_hsv_to_rgb(float h, float s, float v, int *r, int *g, int *b)
>  {
> -   float   hh, f;
> -   float   p, q, t;
> -   int i;
> +register float f, vf;
> +register int i, p, q, t, vv;
>  
> -   if (s == 0.0)
> - {
> -*r = round((v * 255.0) / 100.0);
> -*g = round((v * 255.0) / 100.0);
> -*b = round((v * 255.0) / 100.0);
> +vf = 255.0 * v;
> +vv = (int)round( vf );
>  
> +if( s == 0.0 )
> +{
> +*r = *g = *b = vv;
>  return;
> - }
> -
> -   hh = (h * 6.0) / 100.0;
> -   i = floor(hh);
> -   f = hh - (float)i;
> -
> -   p = v * (1.0 - s / 100.0) / 100.0;
> -   q = v * (1.0 - (s * f) / 100.0) / 100.0;
> -   t = v * (1.0 - s * (1.0 - f) / 100.0) / 100.0;
> +}
>  
> -   switch (i)
> - {
> - case 0:
> -{
> -   *r = round(v * 255.0 / 100.0);
> -   *g = round(t * 255.0);
> -   *b = round(p * 255.0);
> -   break;
> -}
> - case 1:
> -{
> -   *r = round(q * 255.0);
> -   *g = round(v * 255.0 / 100.0);
> -   *b = round(p * 255.0);
> -   break;
> -}
> - case 2:
> -{
> -   *r = round(p * 255.0);
> -   *g = round(v * 255.0 / 100.0);
> -   *b = round(t * 255.0);
> -   break;
> -}
> - case 3:
> -{
> -   *r = round(p * 255.0);
> -   *g = round(q * 255.0);
> -   *b = round(v * 255.0 / 100.0);
> -   break;
> -}
> - case 4:
> -{
> -   *r = round(t * 255.0);
> -   *g = round(p * 255.0);
> -   *b = round(v * 255.0 / 100.0);
> -   break;
> -}
> - case 5:
> -{
> -   *r = round(v * 255.0 / 100.0);
> -   *g = round(p * 255.0);
> -   *b = round(q * 255.0);
> -   break;
> -}
> - }
> +h /= 60.0;
> +i = floor(h);
> +f = h - (float)i;
> +p = (int)round( vf * (1.0 - s ));
> +q = (int)round( vf * (1.0 - (s * f)));
> +t = (int)round( vf * (1.0 - s * (1.0 - f)));
> +
> +switch( i % 6 )
> +{
> +case 0:
> +*r = vv;
> +*g = t;
> +*b = p;
> +break;
> +case 1:
> +*r = q;
> +*g = vv;
> +*b = p;
> +break;
> +case 2:
> +*r = p;
> +*g = vv;
> +*b = t;
> +break;
> +case 3:
> +*r = p;
> +*g = q;
> +*b = vv;
> +break;
> +case 4:
> +*r = t;
> +*g = p;
> +*b = vv;
> +break;
> +case 5:
> +default:
> +*r = vv;
> +*g = p;
> +*b = q;
> +break;
> +}
>  }
>  
>  void
> diff -u -p -r imlib2-1.4.1.000.old/src/lib/grad.c 
> imlib2-1.4.1.000.new/src/lib/grad.c
> --- imlib2-1.4.1.000.old/src/lib/grad.c   2007-05-21 00:58:0

Re: [E-devel] Imlib2 patch

[Dariusz Knociński]

On Wed, 16 Apr 2008 19:50:24 -0400
Jose Gonzalez <[EMAIL PROTECTED]> wrote:

> Dariusz Knociński wrote:
[...]
> >   
> 
>   Strictly speaking, this is still incorrect. The reason being
> that the map-range functions are doing an initial interpolation in
> rgb colorspace. It should be doing all of the interpolation in hsv
> color space, not partly in rgb space then the rest in hsv one.
> 
> 
Yes. I know, function MapHsvaRange working very not efficient, but I have not
spare time for corect this, at the current time I think :-)
Regards
-- 
Dariusz Knociński

-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2 patch

[Kim Woelders]

Kim Woelders wrote:
> Dariusz Knociński wrote:
>> Hi All,
>> I wrote new version of some procedures in Imlib2 library and attached 
>> patches for that
>> mail.
>>  
>> In file color-helpres procedures :
>>
>> void __imlib_rgb_to_hsv( int r, int g, int b, float *h, float *s, float *v );
>> void __imlib_hsv_to_rgb( float h,  float s,  float v,  int *r, int *g, int 
>> *b );
>>
>> I have changed the range of parameters hue from 0-100 to 0-360, and 
>> saturation and value 
>> from 0-100 to 0-1. This is correct to last version of documentation on the 
>> web page.
>>
>> In file grad.c procedures :
>>
>> void __imlib_MapRange(  ImlibRange * rg, int len )
>> void __imlib_MapHsvaRange( ImlibRange * rg, int len )
>>
>> I have changed internal variable inc 
>> from:
>>   inc = ((ll - 1) << 16) / (len);
>> to:
>>   inc = ((ll - 1) << 16) / (len-1); 
>> This patch repair bug for small values of parameter len, for example from 2 
>> to 16.
>>
>> And I apply two small screenshots of application imlib2_colorspace befor and 
>> after patch.
>>
> The patch applies/compiles cleanly and seems to fix the problem in 
> imlib2_colorspace - haven't checked beyond that.
> I'll commit this if there are no objections and noone beats me to it :)
> 
On second thought - This might break stuff that relies on the old 
behavior. Maybe the documentation should be changed in stead?

raster?

/Kim

-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2 patch

[Kim Woelders]

Kim Woelders wrote:
> Kim Woelders wrote:
>> Dariusz Knociński wrote:
>>> Hi All,
>>> I wrote new version of some procedures in Imlib2 library and attached 
>>> patches for that
>>> mail.
>>>  
>>> In file color-helpres procedures :
>>>
>>> void __imlib_rgb_to_hsv( int r, int g, int b, float *h, float *s, float *v 
>>> );
>>> void __imlib_hsv_to_rgb( float h,  float s,  float v,  int *r, int *g, int 
>>> *b );
>>>
>>> I have changed the range of parameters hue from 0-100 to 0-360, and 
>>> saturation and value 
>>> from 0-100 to 0-1. This is correct to last version of documentation on the 
>>> web page.
>>>
>>> In file grad.c procedures :
>>>
>>> void __imlib_MapRange(  ImlibRange * rg, int len )
>>> void __imlib_MapHsvaRange( ImlibRange * rg, int len )
>>>
>>> I have changed internal variable inc 
>>> from:
>>>   inc = ((ll - 1) << 16) / (len);
>>> to:
>>>   inc = ((ll - 1) << 16) / (len-1); 
>>> This patch repair bug for small values of parameter len, for example from 2 
>>> to 16.
>>>
>>> And I apply two small screenshots of application imlib2_colorspace befor 
>>> and after patch.
>>>
>> The patch applies/compiles cleanly and seems to fix the problem in 
>> imlib2_colorspace - haven't checked beyond that.
>> I'll commit this if there are no objections and noone beats me to it :)
>>
> On second thought - This might break stuff that relies on the old 
> behavior. Maybe the documentation should be changed in stead?
> 
> raster?
> 
Ok'ed by raster - committed. You are of course welcome to address 
correctness/speed issues  :)

I have corrected formatting and removed use of the register keyword, as
it doesn't make sense to me to use it here when it isn't used anywhere
else in imlib2 and I doubt it has any impact on performance (in this
case, anyway).

/Kim

-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

[E-devel] [imlib2][PATCH] loader_gif: fix OOB read

[Yuriy M. Kaminskiy]

As reported on http://bugs.debian.org/734425, when ColorCount is less
than 256, it is possible that image loading will trigger out of bound
read.
Security imlications: DoS (application crash), potentially host memory
exposure.
Attached patch(es) gracefully handles out-of-range image data, out-of-range
background and transparent colors, and make code a bit simplier and
faster.

Description: Fixes out-of-bound reads from colormap
Bug-Debian: http://bugs.debian.org/734425
Note: removes all special-casing from the inner loop, optimize for common case.
Author: Yuriy M. Kaminskiy 
Reported-By: Jakub Wilk 

Thanks to Bernhard U:belacker  for analysis.

Index: imlib2-1.4.7/src/modules/loaders/loader_gif.c
===
--- imlib2-1.4.7.orig/src/modules/loaders/loader_gif.c
+++ imlib2-1.4.7/src/modules/loaders/loader_gif.c
@@ -141,8 +141,24 @@ load(ImlibImage * im, ImlibProgressFunct
 
if (im->loader || immediate_load || progress)
  {
+DATA32 colormap[256];
+
 bg = gif->SBackGroundColor;
 cmap = (gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap);
+memset (colormap, 0, sizeof(colormap));
+if (cmap != NULL)
+   {
+  for (i = cmap->ColorCount > 256 ? 256 : cmap->ColorCount; i-- > 0;)
+ {
+r = cmap->Colors[i].Red;
+g = cmap->Colors[i].Green;
+b = cmap->Colors[i].Blue;
+colormap[i] = (0xff << 24) | (r << 16) | (g << 8) | b;
+ }
+  /* if bg > cmap->ColorCount, it is transparent black already */
+  if (transp >= 0 && transp < 256)
+ colormap[transp] = bg >= 0 && bg < 256 ? colormap[bg] & 0x00ff : 0x;
+   }
 im->data = (DATA32 *) malloc(sizeof(DATA32) * w * h);
 if (!im->data)
goto quit;
@@ -161,20 +177,7 @@ load(ImlibImage * im, ImlibProgressFunct
   {
  for (j = 0; j < w; j++)
{
-  if (rows[i][j] == transp)
-{
-   r = cmap->Colors[bg].Red;
-   g = cmap->Colors[bg].Green;
-   b = cmap->Colors[bg].Blue;
-   *ptr++ = 0x00ff & ((r << 16) | (g << 8) | b);
-}
-  else
-{
-   r = cmap->Colors[rows[i][j]].Red;
-   g = cmap->Colors[rows[i][j]].Green;
-   b = cmap->Colors[rows[i][j]].Blue;
-   *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b;
-}
+  *ptr++ = colormap[rows[i][j]];
   per += per_inc;
   if (progress && (((int)per) != last_per)
   && (((int)per) % progress_granularity == 0))
Description: cleanup: remove check redundant by fix-bug-785369.patch

Index: imlib2-1.4.7/src/modules/loaders/loader_gif.c
===
--- imlib2-1.4.7.orig/src/modules/loaders/loader_gif.c
+++ imlib2-1.4.7/src/modules/loaders/loader_gif.c
@@ -163,14 +163,6 @@ load(ImlibImage * im, ImlibProgressFunct
 if (!im->data)
goto quit;
 
-if (!cmap)
-  {
- /* No colormap? Now what?? Let's clear the image (and not segv) */
- memset(im->data, 0, sizeof(DATA32) * w * h);
- rc = 1;
- goto finish;
-  }
-
 ptr = im->data;
 per_inc = 100.0 / (((float)w) * h);
 for (i = 0; i < h; i++)
Description: reduce progress checks from per-pixel to per-row

Index: imlib2-1.4.7/src/modules/loaders/loader_gif.c
===
--- imlib2-1.4.7.orig/src/modules/loaders/loader_gif.c
+++ imlib2-1.4.7/src/modules/loaders/loader_gif.c
@@ -164,12 +164,13 @@ load(ImlibImage * im, ImlibProgressFunct
goto quit;
 
 ptr = im->data;
-per_inc = 100.0 / (((float)w) * h);
+per_inc = 100.0 / (float)h;
 for (i = 0; i < h; i++)
   {
  for (j = 0; j < w; j++)
{
   *ptr++ = colormap[rows[i][j]];
+   }
   per += per_inc;
   if (progress && (((int)per) != last_per)
   && (((int)per) % progress_granularity == 0))
@@ -182,7 +183,6 @@ load(ImlibImage * im, ImlibProgressFunct
  }
last_y = i;
 }
-   }
   }
 
   finish:
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140___

[E-devel] imlib2 patch, configure.in X header detection

[Laurence J. Lane]

Stuff broke with the X header detection in imlib2's
configure script. (See http://bugs.debian.org/295350
for details.)

Steven Langasek provided a patch.


--- imlib2-1.2.0.orig/configure.in
+++ imlib2-1.2.0/configure.in
@@ -139,35 +139,28 @@
 freetype_cflags=`$FREETYPE_CONFIG --cflags`
 freetype_libs=`$FREETYPE_CONFIG --libs`
 
-x11=no
-AC_ARG_ENABLE(x11,[  --disable-x11   attempt to build with X11 support 
[default=yes]],
-[
-  if test x$enableval = xyes; then
-have_x=yes
-  else
-have_x=no
-  fi
-],
-[
-  AC_CHECK_HEADER(X11/X.h,
-[ have_x="yes" ],
-[ have_x="no" ]
-  )
-]
-)
-AC_MSG_CHECKING(whether X11 support is to be enabled)
+AC_PATH_X([X], [X11/Xlib.h], [XOpenDisplay(NULL)])
+
+if test "x$have_x" = "xno"; then
+   # If --without-x was passed, this will be "disabled" instead of "no" --
+   # so always treat "no" as an error
+   AC_MSG_ERROR(
+[no X support found.  Use --x-includes and --x-libraries to specify the X
+path on your system, or --without-x to disable X support.])
+fi
+
 if test "x$have_x" = "xyes"; then
-  x_dir="/usr/X11R6";
-  x_cflags="-I"$x_dir"/include"
-  x_libs="-L"$x_dir"/lib -lX11 -lXext"
-  AC_MSG_RESULT(enabling X11 support)
+  if test "x$x_includes" != "x"; then
+x_cflags="-I$x_includes"
+  fi
+  if test "x$x_libraries" != "x"; then
+x_libs="-L$x_libraries -lX11 -lXext"
+  fi
   AM_CONDITIONAL(BUILD_X11, true)
   AC_DEFINE(BUILD_X11, 1, [enabling X11 support])
 else
-  x_dir=""
   x_cflags=""
   x_libs=""
-  AC_MSG_RESULT(disabling X11 support)
   AM_CONDITIONAL(BUILD_X11, false)
 fi
 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [imlib2][PATCH] loader_gif: fix OOB read

[The Rasterman]

On Sat, 02 Apr 2016 04:49:08 +0300 yum...@gmail.com (Yuriy M. Kaminskiy) said:

> As reported on http://bugs.debian.org/734425, when ColorCount is less
> than 256, it is possible that image loading will trigger out of bound
> read.
> Security imlications: DoS (application crash), potentially host memory
> exposure.
> Attached patch(es) gracefully handles out-of-range image data, out-of-range
> background and transparent colors, and make code a bit simplier and
> faster.

ummm can you explain how this actually CAN happen?

and the debian bugzilla entry you point it is just discussing patches  to
imlib2-config etc. - not this patch or security issues that i can see... so red
herring? wrong link?

so i and j are defined by code so are always >= 0.

rows[i][j] does a fetch of pixel value at that row i and x  position (j) and
this is with giflib headers an unsigned char. so it can never be < 0. bg comes
from SBackGroundColor which is an int in giflib api, but if you check the gif
format specs, the background color index is a byte - and it's obviously an
unsigned byte otherwise indexes >= 128 would be impossible to access...

now ColorCount ... how can this be > 256 or < 0? gifg specs allocate 3 bits to
color table size. this defines the numebr of BITS for the color table, so can
contain values 0 to 7 or mapping really to # of buts being 1 to 8 bitss for
color table. so 2, 4, 8, 16, 32, 64, 128 or 256. this colorcount should never
be < 2 or > 256 by specifications of the file format and giflib handling of it.

are you saying giflib has bugs where it sometimes provides junk for the bg
color or colorcount since the c type allows values outside the range? give the
actual file format itself there simply is no space in the format to create an
exploit. at least not what i'm reading from your patch and from giflib headers
and from gif file format specs.

so if there is an issue that i am not looking at - can you point it out? this
almost smells of someone having uses static analysis tools finding variables
that allow negatives (ints) where usage only uses a subset (0 to 255 or 2 to
256) and going "ooh bug bug bug bug! security issue" and not digging a little
deeper. :) if this is the case - bravo on actually using tools and doing this.
these are possible bug vectors, but given all the other constraints, this is
not an issue. you'd be RIGHT if a gif format file used an int for the
colorcount and the parser didn't specifically check ranges (giflib would be the
place to put this). :)

see:

https://www.w3.org/Graphics/GIF/spec-gif89a.txt
http://giflib.sourceforge.net/gif_lib.html
http://giflib.sourceforge.net/gif_lib.html

-- 
- Codito, ergo sum - "I code, therefore I am" --
The Rasterman (Carsten Haitzler)ras...@rasterman.com


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [imlib2][PATCH] loader_gif: fix OOB read

[The Rasterman]

On Sat, 02 Apr 2016 04:49:08 +0300 yum...@gmail.com (Yuriy M. Kaminskiy) said:

> As reported on http://bugs.debian.org/734425, when ColorCount is less
> than 256, it is possible that image loading will trigger out of bound
> read.
> Security imlications: DoS (application crash), potentially host memory
> exposure.
> Attached patch(es) gracefully handles out-of-range image data, out-of-range
> background and transparent colors, and make code a bit simplier and
> faster.

oh wait... i wass reading the patch looking for < 0 .. sorry < 256 but intex
values can be greater. (up to 255) eg colormap is 32 entriess but you have
pixels with > 31 value.

btw the debian bug you link to is not disscussing that - imlib2 config thing. :)


-- 
- Codito, ergo sum - "I code, therefore I am" --
The Rasterman (Carsten Haitzler)ras...@rasterman.com


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [imlib2][PATCH] loader_gif: fix OOB read

[The Rasterman]

On Sat, 2 Apr 2016 06:48:54 +0300 "Yuriy M. Kaminskiy"  said:

> On 02.04.2016 06:21, Yuriy M. Kaminskiy wrote:
> > On 02.04.2016 06:12, Carsten Haitzler (The Rasterman) wrote:
> >> On Sat, 02 Apr 2016 04:49:08 +0300 yum...@gmail.com (Yuriy M. 
> >> Kaminskiy) said:
> >>
> >>> As reported on http://bugs.debian.org/734425, when ColorCount is less
> >>> than 256, it is possible that image loading will trigger out of bound
> >>> read.
> >>> Security imlications: DoS (application crash), potentially host memory
> >>> exposure.
> >>> Attached patch(es) gracefully handles out-of-range image data, 
> >>> out-of-range
> >>> background and transparent colors, and make code a bit simplier and
> >>> faster.
> >> ummm can you explain how this actually CAN happen?
> >>
> >> and the debian bugzilla entry you point it is just discussing 
> >> patches  to
> >> imlib2-config etc. - not this patch or security issues that i can 
> >> see... so red
> >> herring? wrong link?
> > Sorry, bug link is wrong. 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
> >
> >>
> >> so i and j are defined by code so are always >= 0.
> >
> > It is not about i and j. It is about row[i][j]. Which might be more 
> > than ColorCount, and *not* verified by giflib. Same applies to 
> > SBackGroundColor, it can also trigger out-of-bound reads from cmap.
> > Checks for more than 256 and less than 0 is pure paranoia, but won't 
> > harm anyway.
> (... except for `transp`, which *can* be -1, legitimately [and that case 
> was *not* broken in current code]).

see my other reply - i was looking at < 0 cases or for color values to be
beyond 255 etc. as the patch removed a lot of the pixel lookups. it was the <=
255 > max palette index gap. small and just a dos but

i wanted to know the core issue because ... i actually don't care about
imlib2 :) that has been dropped from my radar like back in 2003/4 or so... :)
but evas has a gif loader and it does suffer the same issue. i just fixed it
and pushed a patch.

but i'm alsso distracted by giflib seemingly behaving erratically. i think.
like an image (gif image) had parse errors if you load it off the bat - run the
app for a while then load and it loads FINE later... giflib itself is
complaining of gif errors in the file decode... it seems.. i think i may have
hit on a libgif issue - buty i am not sure. i am certain our gif loader worked
fine the last time i heavily checked it and it hasnt changed in years really...
so why would it fail now? something else is up.

> [...]
> >> so if there is an issue that i am not looking at - can you point it 
> >> out? this
> >> almost smells of someone having uses static analysis tools finding 
> >> variables
> 
> No, it is the case someone (not me, fwiw) using valgrind to detect how 
> libraries handles fuzzied files, and found real bugs.
> 
> >> that allow negatives (ints) where usage only uses a subset (0 to 255 
> >> or 2 to
> >> 256) and going "ooh bug bug bug bug! security issue" and not digging 
> >> a little
> >> deeper. :) if this is the case - bravo on actually using tools and 
> >> doing this.
> >> these are possible bug vectors, but given all the other constraints, 
> >> this is
> >> not an issue. you'd be RIGHT if a gif format file used an int for the
> >> colorcount and the parser didn't specifically check ranges (giflib 
> >> would be the
> >> place to put this). :)
> >>
> >> see:
> >>
> >> https://www.w3.org/Graphics/GIF/spec-gif89a.txt
> >> http://giflib.sourceforge.net/gif_lib.html
> >> http://giflib.sourceforge.net/gif_lib.html
> >>
> >
> 


-- 
- Codito, ergo sum - "I code, therefore I am" --
The Rasterman (Carsten Haitzler)ras...@rasterman.com


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [imlib2][PATCH] loader_gif: fix OOB read

[The Rasterman]

On Sat, 2 Apr 2016 13:39:53 +0900 Carsten Haitzler (The Rasterman)
 said:

> On Sat, 2 Apr 2016 06:48:54 +0300 "Yuriy M. Kaminskiy" 
> said:
> 
> > On 02.04.2016 06:21, Yuriy M. Kaminskiy wrote:
> > > On 02.04.2016 06:12, Carsten Haitzler (The Rasterman) wrote:
> > >> On Sat, 02 Apr 2016 04:49:08 +0300 yum...@gmail.com (Yuriy M. 
> > >> Kaminskiy) said:
> > >>
> > >>> As reported on http://bugs.debian.org/734425, when ColorCount is less
> > >>> than 256, it is possible that image loading will trigger out of bound
> > >>> read.
> > >>> Security imlications: DoS (application crash), potentially host memory
> > >>> exposure.
> > >>> Attached patch(es) gracefully handles out-of-range image data, 
> > >>> out-of-range
> > >>> background and transparent colors, and make code a bit simplier and
> > >>> faster.
> > >> ummm can you explain how this actually CAN happen?
> > >>
> > >> and the debian bugzilla entry you point it is just discussing 
> > >> patches  to
> > >> imlib2-config etc. - not this patch or security issues that i can 
> > >> see... so red
> > >> herring? wrong link?
> > > Sorry, bug link is wrong. 
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
> > >
> > >>
> > >> so i and j are defined by code so are always >= 0.
> > >
> > > It is not about i and j. It is about row[i][j]. Which might be more 
> > > than ColorCount, and *not* verified by giflib. Same applies to 
> > > SBackGroundColor, it can also trigger out-of-bound reads from cmap.
> > > Checks for more than 256 and less than 0 is pure paranoia, but won't 
> > > harm anyway.
> > (... except for `transp`, which *can* be -1, legitimately [and that case 
> > was *not* broken in current code]).
> 
> see my other reply - i was looking at < 0 cases or for color values to be
> beyond 255 etc. as the patch removed a lot of the pixel lookups. it was the <=
> 255 > max palette index gap. small and just a dos but
> 
> i wanted to know the core issue because ... i actually don't care about
> imlib2 :) that has been dropped from my radar like back in 2003/4 or so... :)
> but evas has a gif loader and it does suffer the same issue. i just fixed it
> and pushed a patch.
> 
> but i'm alsso distracted by giflib seemingly behaving erratically. i think.
> like an image (gif image) had parse errors if you load it off the bat - run
> the app for a while then load and it loads FINE later... giflib itself is
> complaining of gif errors in the file decode... it seems.. i think i may have
> hit on a libgif issue - buty i am not sure. i am certain our gif loader worked
> fine the last time i heavily checked it and it hasnt changed in years
> really... so why would it fail now? something else is up.

yup. giflib 5 bug.  found. fixed (or at least reported with patch fix). :)

https://sourceforge.net/p/giflib/bugs/94/

> > [...]
> > >> so if there is an issue that i am not looking at - can you point it 
> > >> out? this
> > >> almost smells of someone having uses static analysis tools finding 
> > >> variables
> > 
> > No, it is the case someone (not me, fwiw) using valgrind to detect how 
> > libraries handles fuzzied files, and found real bugs.
> > 
> > >> that allow negatives (ints) where usage only uses a subset (0 to 255 
> > >> or 2 to
> > >> 256) and going "ooh bug bug bug bug! security issue" and not digging 
> > >> a little
> > >> deeper. :) if this is the case - bravo on actually using tools and 
> > >> doing this.
> > >> these are possible bug vectors, but given all the other constraints, 
> > >> this is
> > >> not an issue. you'd be RIGHT if a gif format file used an int for the
> > >> colorcount and the parser didn't specifically check ranges (giflib 
> > >> would be the
> > >> place to put this). :)
> > >>
> > >> see:
> > >>
> > >> https://www.w3.org/Graphics/GIF/spec-gif89a.txt
> > >> http://giflib.sourceforge.net/gif_lib.html
> > >> http://giflib.sourceforge.net/gif_lib.html
> > >>
> > >
> > 
> 
> 
> -- 
> - Codito, ergo sum - "I code, therefore I am" --
> The Rasterman (Carsten Haitzler)ras...@rasterman.com
> 
> 
> --
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
> ___
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> 


-- 
- Codito, ergo sum - "I code, therefore I am" --
The Rasterman (Carsten Haitzler)ras...@rasterman.com


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278

Re: [E-devel] imlib2 patch, configure.in X header detection

[The Rasterman]

On Thu, 17 Feb 2005 20:36:20 -0600 "Laurence J. Lane" <[EMAIL PROTECTED]>
(Bbabbled:
(B
(B> Stuff broke with the X header detection in imlib2's
(B> configure script. (See http://bugs.debian.org/295350
(B> for details.)
(B
(Bthanks for the info :) fixed :)
(B
(B> Steven Langasek provided a patch.
(B> 
(B> 
(B> --- imlib2-1.2.0.orig/configure.in
(B> +++ imlib2-1.2.0/configure.in
(B> @@ -139,35 +139,28 @@
(B>  freetype_cflags=`$FREETYPE_CONFIG --cflags`
(B>  freetype_libs=`$FREETYPE_CONFIG --libs`
(B>  
(B> -x11=no
(B> -AC_ARG_ENABLE(x11,[  --disable-x11   attempt to build with X11
(Bsupport [default=yes]],
(B> -[
(B> -  if test x$enableval = xyes; then
(B> -have_x=yes
(B> -  else
(B> -have_x=no
(B> -  fi
(B> -],
(B> -[
(B> -  AC_CHECK_HEADER(X11/X.h,
(B> -[ have_x="yes" ],
(B> -[ have_x="no" ]
(B> -  )
(B> -]
(B> -)
(B> -AC_MSG_CHECKING(whether X11 support is to be enabled)
(B> +AC_PATH_X([X], [X11/Xlib.h], [XOpenDisplay(NULL)])
(B> +
(B> +if test "x$have_x" = "xno"; then
(B> +   # If --without-x was passed, this will be "disabled" instead of "no" --
(B> +   # so always treat "no" as an error
(B> +   AC_MSG_ERROR(
(B> +[no X support found.  Use --x-includes and --x-libraries to specify the X
(B> +path on your system, or --without-x to disable X support.])
(B> +fi
(B> +
(B>  if test "x$have_x" = "xyes"; then
(B> -  x_dir="/usr/X11R6";
(B> -  x_cflags="-I"$x_dir"/include"
(B> -  x_libs="-L"$x_dir"/lib -lX11 -lXext"
(B> -  AC_MSG_RESULT(enabling X11 support)
(B> +  if test "x$x_includes" != "x"; then
(B> +x_cflags="-I$x_includes"
(B> +  fi
(B> +  if test "x$x_libraries" != "x"; then
(B> +x_libs="-L$x_libraries -lX11 -lXext"
(B> +  fi
(B>AM_CONDITIONAL(BUILD_X11, true)
(B>AC_DEFINE(BUILD_X11, 1, [enabling X11 support])
(B>  else
(B> -  x_dir=""
(B>x_cflags=""
(B>x_libs=""
(B> -  AC_MSG_RESULT(disabling X11 support)
(B>AM_CONDITIONAL(BUILD_X11, false)
(B>  fi
(B>  
(B> 
(B> 
(B> ---
(B> SF email is sponsored by - The IT Product Guide
(B> Read honest & candid reviews on hundreds of IT Products from real users.
(B> Discover which products truly live up to the hype. Start reading now.
(B> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
(B> ___
(B> enlightenment-devel mailing list
(B> enlightenment-devel@lists.sourceforge.net
(B> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
(B> 
(B
(B
(B-- 
(B- Codito, ergo sum - "I code, therefore I am" --
(BThe Rasterman (Carsten Haitzler)[EMAIL PROTECTED]
$BMg9%B?(B  [EMAIL PROTECTED]
(BTokyo, Japan ($BEl5~(B $BF|K\(B)
(B
(B
(B---
(BSF email is sponsored by - The IT Product Guide
(BRead honest & candid reviews on hundreds of IT Products from real users.
(BDiscover which products truly live up to the hype. Start reading now.
(Bhttp://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
(B___
(Benlightenment-devel mailing list
(Benlightenment-devel@lists.sourceforge.net
(Bhttps://lists.sourceforge.net/lists/listinfo/enlightenment-devel

[E-devel] Imlib2 PATCH: Check for rgb.txt in /ust/share/X11

[Hans de Goede]

Hi,

Short intro: I'm the Fedora imlib2 package maintainer.

Most modern Linux distro's now have rgb.txt as
/ust/share/X11/rgb.txt

The attached patch fixes loading xpm files on these distro's.

Regards,

Hans

p.s.

Please keep me CC-ed, I'm not on the list.
diff -up imlib2-1.4.1/src/modules/loaders/loader_xpm.c~ 
imlib2-1.4.1/src/modules/loaders/loader_xpm.c
--- imlib2-1.4.1/src/modules/loaders/loader_xpm.c~  2008-06-12 
20:45:41.0 +0200
+++ imlib2-1.4.1/src/modules/loaders/loader_xpm.c   2008-06-12 
20:45:41.0 +0200
@@ -52,6 +52,8 @@ xpm_parse_color(char *color, int *r, int
/* look in rgb txt database */
if (!rgb_txt)
 #ifndef __EMX__
+ rgb_txt = fopen("/usr/share/X11/rgb.txt", "r");
+   if (!rgb_txt)
  rgb_txt = fopen("/usr/X11R6/lib/X11/rgb.txt", "r");
if (!rgb_txt)
  rgb_txt = fopen("/usr/openwin/lib/X11/rgb.txt", "r");
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

[E-devel] Imlib2: Patch: add various checks to various image loaders

[Hans de Goede]

Hi,

Short intro: I'm the Fedora imlib2 package maintainer.

Some time ago there was a bunch of security advisories for various imlib2 image 
loaders. Some of the fixes which were circulating then never seem to have been 
applied to imlib2, the attached patch includes these fixes.


Regards,

Hans

p.s.

Please keep me CC-ed, I'm not on the list.
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_argb.c 
imlib2-1.2.1.new/src/modules/loaders/loader_argb.c
--- imlib2-1.2.1/src/modules/loaders/loader_argb.c  2006-11-06 
01:27:59.0 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_argb.c  2006-11-06 
01:30:41.0 -0800
@@ -23,7 +23,7 @@
 load(ImlibImage * im, ImlibProgressFunction progress,
  char progress_granularity, char immediate_load)
 {
-   int w, h, alpha;
+   int w=0, h=0, alpha=0;
FILE   *f;
 
if (im->data)
@@ -36,6 +36,8 @@
{
   charbuf[256], buf2[256];
 
+  memset(buf, 0, sizeof(buf));
+  memset(buf2, 0, sizeof(buf));
   if (!fgets(buf, 255, f))
 {
fclose(f);
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c 
imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c
--- imlib2-1.2.1/src/modules/loaders/loader_jpeg.c  2006-11-06 
01:27:59.0 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c  2006-11-06 
01:33:01.0 -0800
@@ -104,8 +104,9 @@
 im->w = w = cinfo.output_width;
 im->h = h = cinfo.output_height;
 
-if (cinfo.rec_outbuf_height > 16)
+if (cinfo.rec_outbuf_height > 16 || w < 1 || h < 1 || w > 16383 || h > 
16383)
   {
+im->w = im->h = 0;
  jpeg_destroy_decompress(&cinfo);
  fclose(f);
  return 0;
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c 
imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c
--- imlib2-1.2.1/src/modules/loaders/loader_lbm.c   2006-11-06 
01:27:59.0 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c   2006-11-06 
01:30:41.0 -0800
@@ -453,6 +453,7 @@
 }
 }
 if (!full || !ok) {
+im->w = im->h = 0;
 freeilbm(&ilbm);
 return ok;
 }
@@ -467,12 +468,13 @@
 cancel = 0;
 plane[0] = NULL;
 
+n = ilbm.depth;
+if (ilbm.mask == 1) n++;
+
 im->data = malloc(im->w * im->h * sizeof(DATA32));
-if (im->data) {
-n = ilbm.depth;
-if (ilbm.mask == 1) n++;
+plane[0] = malloc(((im->w + 15) / 16) * 2 * n);
+if (im->data && plane[0]) {
 
-plane[0] = malloc(((im->w + 15) / 16) * 2 * n);
 for (i = 1; i < n; i++) plane[i] = plane[i - 1] + ((im->w + 15) / 16) 
* 2;
 
 z = ((im->w + 15) / 16) * 2 * n;
@@ -511,6 +513,7 @@
* the memory for im->data.
*--*/
 if (!ok) {
+im->w = im->h = 0;
 if (im->data) free(im->data);
 im->data = NULL;
 }
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c 
imlib2-1.2.1.new/src/modules/loaders/loader_tga.c
--- imlib2-1.2.1/src/modules/loaders/loader_tga.c   2006-11-06 
01:27:59.0 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_tga.c   2006-11-06 
01:30:41.0 -0800
@@ -365,7 +369,9 @@
   else
  dataptr = im->data + (y * im->w);
 
-  for (x = 0; x < im->w; x++)   /* for each pixel in the row */
+  for (x = 0;
+   x < im->w && bufptr+bpp/8 < bufend;
+   x++)   /* for each pixel in the row */
 {
switch (bpp)
  {
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

[E-devel] [imlib2] [PATCH] off-by-one OOB read in __imlib_MergeUpdate

[Yuriy M. Kaminskiy]

Run `valgrind imlib2_test`, move mouse to right lower corner, got
==16086== Invalid read of size 1
==16086==at 0x4E79C4E: __imlib_MergeUpdate (in 
/usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6)
==16086==by 0x401773: main (in /usr/bin/imlib2_test)
==16086==  Address 0x9d20360 is 0 bytes after a block of size 1,200
alloc'd
==16086==at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==16086==by 0x4E798E3: __imlib_MergeUpdate (in 
/usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6)
==16086==by 0x401773: main (in /usr/bin/imlib2_test)

It is at src/lib/updates.c:
   |113|   for (xx = x + 1, ww = 1; 
|
  >|114|(T(xx, y).used & T_USED) && (xx < tw); 
xx++,|
   |115|   for (yy = y + 1, hh = 1, ok = 1; 
|

xx is 20 and tw is 20, so T(xx, y) addresses one byte out of buffer.

Two *alternative* patches attached (apply only *one* of them).
TODO: I have not tried to search for similar pattern over codebase (yet).

Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818

Description: off-by-one out-of-bound read due to reversed condtion
Author: Yuriy M. Kaminksiy 
Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818

Note: you need *either* off-by-one-alternative.patch, *or* this patch;
DO NOT APPLY BOTH! (it won't break, but would unnecessarily clutter code)

Index: imlib2-1.4.6/src/lib/updates.c
===
--- imlib2-1.4.6.orig/src/lib/updates.c
+++ imlib2-1.4.6/src/lib/updates.c
@@ -111,7 +111,7 @@ __imlib_MergeUpdate(ImlibUpdate * u, int
   int xx, yy, ww, hh, ok;
 
   for (xx = x + 1, ww = 1;
-   (T(xx, y).used & T_USED) && (xx < tw); xx++, ww++);
+   (xx < tw) && (T(xx, y).used & T_USED); xx++, ww++);
   for (yy = y + 1, hh = 1, ok = 1;
(yy < th) && (ok); yy++, hh++)
 {
Description: off-by-one out-of-bound read due to reversed condtion, alternative solution (allocates one more guard cell).
Author: Yuriy M. Kaminksiy 
Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818

Note: you need *either* off-by-one-reversed-condition.patch, *or* this patch;
DO NOT APPLY BOTH! (it won't break, but would unnecessarily clutter code)

Index: imlib2-1.4.6/src/lib/updates.c
===
--- imlib2-1.4.6.orig/src/lib/updates.c
+++ imlib2-1.4.6/src/lib/updates.c
@@ -34,13 +34,14 @@ __imlib_MergeUpdate(ImlibUpdate * u, int
th = h >> TB;
if (h & TM)
   th++;
-   t = malloc(tw * th * sizeof(struct _tile));
+   t = malloc((tw * th + 1) * sizeof(struct _tile));
/* fill in tiles to be all not used */
for (i = 0, y = 0; y < th; y++)
  {
 for (x = 0; x < tw; x++)
t[i++].used = T_UNUSED;
  }
+   t[i].used = T_UNUSED;
/* fill in all tiles */
for (uu = u; uu; uu = uu->next)
  {
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2 PATCH: Check for rgb.txt in /ust/share/X11

[Mike Frysinger]

On Thursday 12 June 2008, Hans de Goede wrote:
> Most modern Linux distro's now have rgb.txt as
> /ust/share/X11/rgb.txt
>
> The attached patch fixes loading xpm files on these distro's.

thanks, added to cvs
-mike


signature.asc
Description: This is a digitally signed message part.
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2: Patch: add various checks to various image loaders

[Mike Frysinger]

On Thursday 12 June 2008, Hans de Goede wrote:
> Some time ago there was a bunch of security advisories for various imlib2
> image loaders. Some of the fixes which were circulating then never seem to
> have been applied to imlib2, the attached patch includes these fixes.

i'm pretty sure these were posted & rejected and things were fixed another way
-mike


signature.asc
Description: This is a digitally signed message part.
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2: Patch: add various checks to various image loaders

[Hans de Goede]

Mike Frysinger wrote:
> On Thursday 12 June 2008, Hans de Goede wrote:
>> Some time ago there was a bunch of security advisories for various imlib2
>> image loaders. Some of the fixes which were circulating then never seem to
>> have been applied to imlib2, the attached patch includes these fixes.
> 
> i'm pretty sure these were posted & rejected and things were fixed another way
> -mike

It would be prudent to check again, I've been carying this patch for 
some time (should have submitted it earlier, sorry) and one of the 2 
security issues that were fixed in 1.4.1, was already fixed in the 
Fedora packages through this patch (I removed this part of the patch 
before sumitting it).


Regards,

Hans

-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2: Patch: add various checks to various image loaders

[Mike Frysinger]

On Saturday 14 June 2008, Hans de Goede wrote:
> Mike Frysinger wrote:
> > On Thursday 12 June 2008, Hans de Goede wrote:
> >> Some time ago there was a bunch of security advisories for various
> >> imlib2 image loaders. Some of the fixes which were circulating then
> >> never seem to have been applied to imlib2, the attached patch includes
> >> these fixes.
> >
> > i'm pretty sure these were posted & rejected and things were fixed
> > another way
>
> It would be prudent to check again, I've been carying this patch for
> some time (should have submitted it earlier, sorry) and one of the 2
> security issues that were fixed in 1.4.1, was already fixed in the
> Fedora packages through this patch (I removed this part of the patch
> before sumitting it).

you'd have to document/elaborate on what each change fixes exactly
-mike


signature.asc
Description: This is a digitally signed message part.
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2: Patch: add various checks to various image loaders

[Hans de Goede]

Mike Frysinger wrote:
> On Saturday 14 June 2008, Hans de Goede wrote:
>> Mike Frysinger wrote:
>>> On Thursday 12 June 2008, Hans de Goede wrote:
 Some time ago there was a bunch of security advisories for various
 imlib2 image loaders. Some of the fixes which were circulating then
 never seem to have been applied to imlib2, the attached patch includes
 these fixes.
>>> i'm pretty sure these were posted & rejected and things were fixed
>>> another way
>> It would be prudent to check again, I've been carying this patch for
>> some time (should have submitted it earlier, sorry) and one of the 2
>> security issues that were fixed in 1.4.1, was already fixed in the
>> Fedora packages through this patch (I removed this part of the patch
>> before sumitting it).
> 
> you'd have to document/elaborate on what each change fixes exactly

I didn't write those patches, as you said you've already seen them, they are 
the result from a previous audit of imlibs loaders. You claim all issues from 
thisn patch set have been fixed, I content that as one of the 2 security issues 
fixed in the latest imlib2 release was already fixed in this patch set, see:
http://cvs.fedoraproject.org/viewcvs/rpms/imlib2/F-9/imlib2-1.3.0-loader_overflows.patch?rev=1.2

Which is this patch against 1.4.0 and notice how it already has the pnm issues 
fixed. So there might be merit in the other parts too.

Regards,

Hans


-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] Imlib2: Patch: add various checks to various image loaders

[Kim Woelders]

Hans de Goede wrote:
> Mike Frysinger wrote:
>> On Saturday 14 June 2008, Hans de Goede wrote:
>>> Mike Frysinger wrote:
 On Thursday 12 June 2008, Hans de Goede wrote:
> Some time ago there was a bunch of security advisories for various
> imlib2 image loaders. Some of the fixes which were circulating then
> never seem to have been applied to imlib2, the attached patch includes
> these fixes.
 i'm pretty sure these were posted & rejected and things were fixed
 another way
>>> It would be prudent to check again, I've been carying this patch for
>>> some time (should have submitted it earlier, sorry) and one of the 2
>>> security issues that were fixed in 1.4.1, was already fixed in the
>>> Fedora packages through this patch (I removed this part of the patch
>>> before sumitting it).
>> you'd have to document/elaborate on what each change fixes exactly
> 
> I didn't write those patches, as you said you've already seen them, they are 
> the result from a previous audit of imlibs loaders. You claim all issues from 
> thisn patch set have been fixed, I content that as one of the 2 security 
> issues 
> fixed in the latest imlib2 release was already fixed in this patch set, see:
> http://cvs.fedoraproject.org/viewcvs/rpms/imlib2/F-9/imlib2-1.3.0-loader_overflows.patch?rev=1.2
> 
> Which is this patch against 1.4.0 and notice how it already has the pnm 
> issues 
> fixed. So there might be merit in the other parts too.
> 
I think this is now taken care of.

/Kim


-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [imlib2] [PATCH] off-by-one OOB read in __imlib_MergeUpdate

[Kim Woelders]

On 04/02/2016 08:37 PM, Yuriy M. Kaminskiy wrote:
> Run `valgrind imlib2_test`, move mouse to right lower corner, got
> ==16086== Invalid read of size 1
> ==16086==at 0x4E79C4E: __imlib_MergeUpdate (in 
> /usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6)
> ==16086==by 0x401773: main (in /usr/bin/imlib2_test)
> ==16086==  Address 0x9d20360 is 0 bytes after a block of size 1,200
> alloc'd
> ==16086==at 0x4C28C20: malloc (vg_replace_malloc.c:296)
> ==16086==by 0x4E798E3: __imlib_MergeUpdate (in 
> /usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6)
> ==16086==by 0x401773: main (in /usr/bin/imlib2_test)
>
> It is at src/lib/updates.c:
> |113|   for (xx = x + 1, ww = 1;  
>|
>>|114|(T(xx, y).used & T_USED) && (xx < tw); 
> xx++,|
> |115|   for (yy = y + 1, hh = 1, ok = 1;  
>|
>
> xx is 20 and tw is 20, so T(xx, y) addresses one byte out of buffer.
>
> Two *alternative* patches attached (apply only *one* of them).
> TODO: I have not tried to search for similar pattern over codebase (yet).
>
> Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818
>
>
First patch (reversed condition) looks good to me - committed.

Thanks :)

/Kim



--
___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [imlib2] [PATCH] off-by-one OOB read in __imlib_MergeUpdate

[Simon Lees]

On 04/06/2016 10:44 AM, Kim Woelders wrote:
> On 04/02/2016 08:37 PM, Yuriy M. Kaminskiy wrote:
>> Run `valgrind imlib2_test`, move mouse to right lower corner, got
>> ==16086== Invalid read of size 1
>> ==16086==at 0x4E79C4E: __imlib_MergeUpdate (in 
>> /usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6)
>> ==16086==by 0x401773: main (in /usr/bin/imlib2_test)
>> ==16086==  Address 0x9d20360 is 0 bytes after a block of size 1,200
>> alloc'd
>> ==16086==at 0x4C28C20: malloc (vg_replace_malloc.c:296)
>> ==16086==by 0x4E798E3: __imlib_MergeUpdate (in 
>> /usr/lib/x86_64-linux-gnu/libImlib2.so.1.4.6)
>> ==16086==by 0x401773: main (in /usr/bin/imlib2_test)
>>
>> It is at src/lib/updates.c:
>> |113|   for (xx = x + 1, ww = 1; 
>> |
>>>|114|(T(xx, y).used & T_USED) && (xx < tw); 
>> xx++,|
>> |115|   for (yy = y + 1, hh = 1, ok = 1; 
>> |
>>
>> xx is 20 and tw is 20, so T(xx, y) addresses one byte out of buffer.
>>
>> Two *alternative* patches attached (apply only *one* of them).
>> TODO: I have not tried to search for similar pattern over codebase (yet).
>>
>> Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818
>>
>>
> First patch (reversed condition) looks good to me - committed.
> 
> Thanks :)
> 
> /Kim
> 
> 
> 
> --
> ___
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> 

Someone decided to assign this  CVE-2016-3993

-- 

Simon Lees (Simotek)http://simotek.net

Emergency Update Team   keybase.io/simotek
SUSE LinuxAdeliade Australia, UTC+9:30
GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B



signature.asc
Description: OpenPGP digital signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532___
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel