$OpenBSD: patch-lib_Xm_Xpmdata_c,v 1.1 2004/09/01 22:57:36 pvalchev Exp $
--- lib/Xm/Xpmdata.c.orig	Fri Apr 28 09:05:21 2000
+++ lib/Xm/Xpmdata.c	Wed Sep  1 01:37:36 2004
@@ -371,7 +371,7 @@ xpmGetCmt(mdata, cmt)
 {
     if (!mdata->type)
 	*cmt = NULL;
-    else if (mdata->CommentLength) {
+    else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
 	*cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
 	strncpy(*cmt, mdata->Comment, mdata->CommentLength);
 	(*cmt)[mdata->CommentLength] = '\0';
