$NetBSD: patch-bf,v 1.1 2004/12/18 00:39:31 tron Exp $

--- lib/Xm/Xpmdata.c.orig	2000-04-28 16:05:21.000000000 +0100
+++ lib/Xm/Xpmdata.c	2004-12-17 23:29:37.000000000 +0000
@@ -371,7 +371,7 @@
 {
     if (!mdata->type)
 	*cmt = NULL;
-    else if (mdata->CommentLength) {
+    else if (mdata->CommentLength != 0 && mdata->CommentLength < SIZE_MAX - 1) {
 	*cmt = (char *) XpmMalloc(mdata->CommentLength + 1);
 	strncpy(*cmt, mdata->Comment, mdata->CommentLength);
 	(*cmt)[mdata->CommentLength] = '\0';
