Gentoo Attachment #48627 for bug #75801

View | Details | Raw Unified
Collapse All | Expand All

(-) xpdf-2.02pl1/xpdf/XRef.cc (-4 / +18 lines)

Lines 66-71	Link Here

  start = str->getStart();

  start = str->getStart();

  pos = readTrailer();

  pos = readTrailer();

  entries = NULL;

  // if there was a problem with the trailer,

  // if there was a problem with the trailer,

  // try to reconstruct the xref table

  // try to reconstruct the xref table

  if (pos == 0) {

  if (pos == 0) {

Lines 76-82	Link Here

  // trailer is ok - read the xref table

  // trailer is ok - read the xref table

  } else {

  } else {

    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {

    if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {

      error(-1, "Invalid 'size' inside xref table.");

      error(-1, "Invalid 'size' inside xref table.");

      ok = gFalse;

      ok = gFalse;

      errCode = errDamaged;

      errCode = errDamaged;

Lines 181-187	Link Here

    n = atoi(p);

    n = atoi(p);

    while ('0' <= *p && *p <= '9') ++p;

    while ('0' <= *p && *p <= '9') ++p;

    while (isspace(*p)) ++p;

    while (isspace(*p)) ++p;

    if (p == buf)

    if ((p == buf) || (n < 0)) /* must make progress */

      return 0;

      return 0;

    pos1 += (p - buf) + n * 20;

    pos1 += (p - buf) + n * 20;

Lines 255-260	Link Here

    s[i] = '\0';

    s[i] = '\0';

    first = atoi(s);

    first = atoi(s);

    if (first < 0) {

        error(-1, "Invalid 'first'");

        goto err2;

    while ((c = str->lookChar()) != EOF && isspace(c)) {

    while ((c = str->lookChar()) != EOF && isspace(c)) {

      str->getChar();

      str->getChar();

Lines 266-271	Link Here

    s[i] = '\0';

    s[i] = '\0';

    n = atoi(s);

    n = atoi(s);

    if (n<=0) {

        error(-1, "Invalid 'n'");

        goto err2;

    while ((c = str->lookChar()) != EOF && isspace(c)) {

    while ((c = str->lookChar()) != EOF && isspace(c)) {

      str->getChar();

      str->getChar();

Lines 273-279	Link Here

    // table size

    // table size

    if (first + n > size) {

    if (first + n > size) {

      newSize = size + 256;

      newSize = size + 256;

      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {

      if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {

        error(-1, "Invalid 'newSize'");

        error(-1, "Invalid 'newSize'");

        goto err2;

        goto err2;

Lines 406-411	Link Here

    // look for object

    // look for object

    } else if (isdigit(*p)) {

    } else if (isdigit(*p)) {

      num = atoi(p);

      num = atoi(p);

      if (num < 0) {

	error(-1, "Invalid 'num' parameters.");

	return gFalse;

      do {

      do {

	++p;

	++p;

      } while (*p && isdigit(*p));

      } while (*p && isdigit(*p));

Lines 425-431	Link Here

	    if (!strncmp(p, "obj", 3)) {

	    if (!strncmp(p, "obj", 3)) {

	      if (num >= size) {

	      if (num >= size) {

		newSize = (num + 1 + 255) & ~255;

		newSize = (num + 1 + 255) & ~255;

	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {

	        if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {

	          error(-1, "Invalid 'obj' parameters.");

	          error(-1, "Invalid 'obj' parameters.");

	          return gFalse;

	          return gFalse;

Attachment #48627: xpdf2-underflow.patch for bug #75801