Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
View | Details | Raw Unified | Return to bug 69662 | Differences between
and this patch

Collapse All | Expand All

(-)xpdf-2.02pl1/xpdf/XRef.cc (-4 / +18 lines)
Lines 66-71 Link Here
66
  start = str->getStart();
66
  start = str->getStart();
67
  pos = readTrailer();
67
  pos = readTrailer();
68
68
69
  entries = NULL;
70
69
  // if there was a problem with the trailer,
71
  // if there was a problem with the trailer,
70
  // try to reconstruct the xref table
72
  // try to reconstruct the xref table
71
  if (pos == 0) {
73
  if (pos == 0) {
Lines 76-82 Link Here
76
78
77
  // trailer is ok - read the xref table
79
  // trailer is ok - read the xref table
78
  } else {
80
  } else {
79
    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
81
    if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {
80
      error(-1, "Invalid 'size' inside xref table.");
82
      error(-1, "Invalid 'size' inside xref table.");
81
      ok = gFalse;
83
      ok = gFalse;
82
      errCode = errDamaged;
84
      errCode = errDamaged;
Lines 181-187 Link Here
181
    n = atoi(p);
183
    n = atoi(p);
182
    while ('0' <= *p && *p <= '9') ++p;
184
    while ('0' <= *p && *p <= '9') ++p;
183
    while (isspace(*p)) ++p;
185
    while (isspace(*p)) ++p;
184
    if (p == buf)
186
    if ((p == buf) || (n < 0)) /* must make progress */
185
      return 0;
187
      return 0;
186
    pos1 += (p - buf) + n * 20;
188
    pos1 += (p - buf) + n * 20;
187
  }
189
  }
Lines 255-260 Link Here
255
    }
257
    }
256
    s[i] = '\0';
258
    s[i] = '\0';
257
    first = atoi(s);
259
    first = atoi(s);
260
    if (first < 0) {
261
        error(-1, "Invalid 'first'");
262
        goto err2;
263
    }
258
    while ((c = str->lookChar()) != EOF && isspace(c)) {
264
    while ((c = str->lookChar()) != EOF && isspace(c)) {
259
      str->getChar();
265
      str->getChar();
260
    }
266
    }
Lines 266-271 Link Here
266
    }
272
    }
267
    s[i] = '\0';
273
    s[i] = '\0';
268
    n = atoi(s);
274
    n = atoi(s);
275
    if (n<=0) {
276
        error(-1, "Invalid 'n'");
277
        goto err2;
278
    }
269
    while ((c = str->lookChar()) != EOF && isspace(c)) {
279
    while ((c = str->lookChar()) != EOF && isspace(c)) {
270
      str->getChar();
280
      str->getChar();
271
    }
281
    }
Lines 273-279 Link Here
273
    // table size
283
    // table size
274
    if (first + n > size) {
284
    if (first + n > size) {
275
      newSize = size + 256;
285
      newSize = size + 256;
276
      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
286
      if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
277
        error(-1, "Invalid 'newSize'");
287
        error(-1, "Invalid 'newSize'");
278
        goto err2;
288
        goto err2;
279
      }
289
      }
Lines 406-411 Link Here
406
    // look for object
416
    // look for object
407
    } else if (isdigit(*p)) {
417
    } else if (isdigit(*p)) {
408
      num = atoi(p);
418
      num = atoi(p);
419
      if (num < 0) {
420
	error(-1, "Invalid 'num' parameters.");
421
	return gFalse;
422
      }
409
      do {
423
      do {
410
	++p;
424
	++p;
411
      } while (*p && isdigit(*p));
425
      } while (*p && isdigit(*p));
Lines 425-431 Link Here
425
	    if (!strncmp(p, "obj", 3)) {
439
	    if (!strncmp(p, "obj", 3)) {
426
	      if (num >= size) {
440
	      if (num >= size) {
427
		newSize = (num + 1 + 255) & ~255;
441
		newSize = (num + 1 + 255) & ~255;
428
	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
442
	        if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
429
	          error(-1, "Invalid 'obj' parameters.");
443
	          error(-1, "Invalid 'obj' parameters.");
430
	          return gFalse;
444
	          return gFalse;
431
	        }
445
	        }

Return to bug 69662