Patch for CVE-2009-3606 and CVE-2009-3609, adopted to kword, Gentoo bug 290470. -a3li@g.o

diff -Naur koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc
--- koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc	2009-02-04 17:36:28.000000000 +0100
+++ koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc	2009-11-05 14:59:50.824849320 +0100
@@ -2322,7 +2322,7 @@
 	     width, -height, height);
 
   // allocate a line buffer
-  lineBuf = (Guchar *)gmalloc(4 * width);
+  lineBuf = (Guchar *)gmallocn(width, 4);
 
   // set up to process the data stream
   imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(),
diff -Naur koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/Stream.cc koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/Stream.cc
--- koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/Stream.cc	2009-02-04 17:36:28.000000000 +0100
+++ koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/Stream.cc	2009-11-05 15:10:20.680847015 +0100
@@ -327,7 +327,11 @@
   } else {
     imgLineSize = nVals;
   }
-  imgLine = (Guchar *)gmalloc(imgLineSize * sizeof(Guchar));
+  if (width > INT_MAX / nComps) {
+    // force a call to gmallocn(-1,...), which will throw an exception
+    imgLineSize = -1;
+  }
+  imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar));
   imgIdx = nVals;
 }