$OpenBSD: patch-src_modules_loaders_loader_xpm_c,v 1.4 2009/01/13 17:43:29 jasper Exp $

Chunk at line 246:
CVE-2008-5187, Buffer overflow in the xpm loader.
Patch from Debian's original bug report, #505714

Chunk at line 284:
Buffer overflow, see: http://secunia.com/secunia_research/2008-25/advisory/

--- src/modules/loaders/loader_xpm.c.orig	Tue Apr 10 00:40:40 2007
+++ src/modules/loaders/loader_xpm.c	Tue Jan 13 18:34:23 2009
@@ -246,8 +246,8 @@ load(ImlibImage * im, ImlibProgressFunction progress, 
                                  return 0;
                               }
                             ptr = im->data;
-                            end = ptr + (sizeof(DATA32) * w * h);
                             pixels = w * h;
+			    end = ptr + pixels;
                          }
                        else
                          {
@@ -284,7 +284,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, 
                                  if (line[k] != ' ')
                                    {
                                       s[0] = 0;
-                                      sscanf(&line[k], "%65535s", s);
+                                      sscanf(&line[k], "%255s", s);
                                       slen = strlen(s);
                                       k += slen;
                                       if (!strcmp(s, "c"))
