Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 115851 | Differences between
and this patch

Collapse All | Expand All

(-)filters/kword/pdf/xpdf/xpdf/JBIG2Stream.cc (-1 / +33 lines)
Lines 7-12 Link Here
7
//========================================================================
7
//========================================================================
8
8
9
#include <aconf.h>
9
#include <aconf.h>
10
#include <limits.h>
10
11
11
#ifdef USE_GCC_PRAGMAS
12
#ifdef USE_GCC_PRAGMAS
12
#pragma implementation
13
#pragma implementation
Lines 977-982 JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, Link Here
977
  w = wA;
978
  w = wA;
978
  h = hA;
979
  h = hA;
979
  line = (wA + 7) >> 3;
980
  line = (wA + 7) >> 3;
981
982
  if (h < 0 || line <= 0 || h >= INT_MAX / line) {
983
    error(-1, "invalid width/height");
984
    data = NULL;
985
    return;
986
  }
987
980
  data = (Guchar *)gmalloc(h * line);
988
  data = (Guchar *)gmalloc(h * line);
981
}
989
}
982
990
Lines 986-991 JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, Link Here
986
  w = bitmap->w;
994
  w = bitmap->w;
987
  h = bitmap->h;
995
  h = bitmap->h;
988
  line = bitmap->line;
996
  line = bitmap->line;
997
998
  if (h < 0 || line <= 0 || h >= INT_MAX / line) {
999
    error(-1, "invalid width/height");
1000
    data = NULL;
1001
    return;
1002
  }
1003
989
  data = (Guchar *)gmalloc(h * line);
1004
  data = (Guchar *)gmalloc(h * line);
990
  memcpy(data, bitmap->data, h * line);
1005
  memcpy(data, bitmap->data, h * line);
991
}
1006
}
Lines 1012-1018 JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint Link Here
1012
}
1027
}
1013
1028
1014
void JBIG2Bitmap::expand(int newH, Guint pixel) {
1029
void JBIG2Bitmap::expand(int newH, Guint pixel) {
1015
  if (newH <= h) {
1030
  if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
1031
    error(-1, "invalid width/height");
1032
    gfree(data);
1033
    data = NULL;
1016
    return;
1034
    return;
1017
  }
1035
  }
1018
  data = (Guchar *)grealloc(data, newH * line);
1036
  data = (Guchar *)grealloc(data, newH * line);
Lines 2505-2510 void JBIG2Stream::readHalftoneRegionSeg( Link Here
2505
    error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
2523
    error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
2506
    return;
2524
    return;
2507
  }
2525
  }
2526
  if (gridH == 0 || gridW >= INT_MAX / gridH) {
2527
    error(getPos(), "Bad size in JBIG2 halftone segment");
2528
    return;
2529
  }
2530
  if (w == 0 || h >= INT_MAX / w) {
2531
     error(getPos(), "Bad size in JBIG2 bitmap segment");
2532
    return;
2533
  }
2534
2508
  patternDict = (JBIG2PatternDict *)seg;
2535
  patternDict = (JBIG2PatternDict *)seg;
2509
  bpp = 0;
2536
  bpp = 0;
2510
  i = 1;
2537
  i = 1;
Lines 3078-3083 JBIG2Bitmap *JBIG2Stream::readGenericRef Link Here
3078
  Guint ltpCX, cx, cx0, cx2, cx3, cx4, tpgrCX0, tpgrCX1, tpgrCX2;
3105
  Guint ltpCX, cx, cx0, cx2, cx3, cx4, tpgrCX0, tpgrCX1, tpgrCX2;
3079
  int x, y, pix;
3106
  int x, y, pix;
3080
3107
3108
  if (w < 0 || h <= 0 || w >= INT_MAX / h) {
3109
    error(-1, "invalid width/height");
3110
    return NULL;
3111
  }
3112
3081
  bitmap = new JBIG2Bitmap(0, w, h);
3113
  bitmap = new JBIG2Bitmap(0, w, h);
3082
  bitmap->clearToZero();
3114
  bitmap->clearToZero();
3083
3115
(-)filters/kword/pdf/xpdf/xpdf/Stream.cc (-2 / +48 lines)
Lines 15-20 Link Here
15
#include <stdio.h>
15
#include <stdio.h>
16
#include <stdlib.h>
16
#include <stdlib.h>
17
#include <stddef.h>
17
#include <stddef.h>
18
#include <limits.h>
18
#ifndef WIN32
19
#ifndef WIN32
19
#include <unistd.h>
20
#include <unistd.h>
20
#endif
21
#endif
Lines 409-421 StreamPredictor::StreamPredictor(Stream Link Here
409
  width = widthA;
410
  width = widthA;
410
  nComps = nCompsA;
411
  nComps = nCompsA;
411
  nBits = nBitsA;
412
  nBits = nBitsA;
413
  predLine = NULL;
414
  ok = gFalse;
415
416
  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
417
     nComps >= INT_MAX / nBits ||
418
      width >= INT_MAX / nComps / nBits)
419
    return;
412
420
413
  nVals = width * nComps;
421
  nVals = width * nComps;
422
  if (nVals + 7 <= 0)
423
    return;
424
414
  pixBytes = (nComps * nBits + 7) >> 3;
425
  pixBytes = (nComps * nBits + 7) >> 3;
415
  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
426
  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
427
  if (rowBytes < 0)
428
    return;
429
416
  predLine = (Guchar *)gmalloc(rowBytes);
430
  predLine = (Guchar *)gmalloc(rowBytes);
417
  memset(predLine, 0, rowBytes);
431
  memset(predLine, 0, rowBytes);
418
  predIdx = rowBytes;
432
  predIdx = rowBytes;
433
434
  ok = gTrue;
419
}
435
}
420
436
421
StreamPredictor::~StreamPredictor() {
437
StreamPredictor::~StreamPredictor() {
Lines 982-987 LZWStream::LZWStream(Stream *strA, int p Link Here
982
    FilterStream(strA) {
998
    FilterStream(strA) {
983
  if (predictor != 1) {
999
  if (predictor != 1) {
984
    pred = new StreamPredictor(this, predictor, columns, colors, bits);
1000
    pred = new StreamPredictor(this, predictor, columns, colors, bits);
1001
    if ( !pred->isOk()) {
1002
       delete pred;
1003
       pred = NULL;
1004
    }
985
  } else {
1005
  } else {
986
    pred = NULL;
1006
    pred = NULL;
987
  }
1007
  }
Lines 1227-1232 CCITTFaxStream::CCITTFaxStream(Stream *s Link Here
1227
  endOfLine = endOfLineA;
1247
  endOfLine = endOfLineA;
1228
  byteAlign = byteAlignA;
1248
  byteAlign = byteAlignA;
1229
  columns = columnsA;
1249
  columns = columnsA;
1250
  if (columns < 1 || columns + 2 < 0 || columns + 3 < 0 ||
1251
	  (columns + 2) >= INT_MAX / sizeof(short) || (columns + 3) >= INT_MAX / sizeof(short)) {
1252
    error(-1, "invalid number of columns");
1253
    exit(1);
1254
  }
1230
  rows = rowsA;
1255
  rows = rowsA;
1231
  endOfBlock = endOfBlockA;
1256
  endOfBlock = endOfBlockA;
1232
  black = blackA;
1257
  black = blackA;
Lines 2861-2866 GBool DCTStream::readBaselineSOF() { Link Here
2861
  height = read16();
2886
  height = read16();
2862
  width = read16();
2887
  width = read16();
2863
  numComps = str->getChar();
2888
  numComps = str->getChar();
2889
  if (numComps <= 0 || numComps > 4) {
2890
     numComps = 0;
2891
     error(getPos(), "Bad number of components in DCT stream");
2892
     return gFalse;
2893
  }
2864
  if (prec != 8) {
2894
  if (prec != 8) {
2865
    error(getPos(), "Bad DCT precision %d", prec);
2895
    error(getPos(), "Bad DCT precision %d", prec);
2866
    return gFalse;
2896
    return gFalse;
Lines 2887-2892 GBool DCTStream::readProgressiveSOF() { Link Here
2887
  height = read16();
2917
  height = read16();
2888
  width = read16();
2918
  width = read16();
2889
  numComps = str->getChar();
2919
  numComps = str->getChar();
2920
  if (numComps <= 0 || numComps > 4) {
2921
     numComps = 0;
2922
     error(getPos(), "Bad number of components in DCT stream");
2923
     return gFalse;
2924
  }
2890
  if (prec != 8) {
2925
  if (prec != 8) {
2891
    error(getPos(), "Bad DCT precision %d", prec);
2926
    error(getPos(), "Bad DCT precision %d", prec);
2892
    return gFalse;
2927
    return gFalse;
Lines 2909-2914 GBool DCTStream::readScanInfo() { Link Here
2909
2944
2910
  length = read16() - 2;
2945
  length = read16() - 2;
2911
  scanInfo.numComps = str->getChar();
2946
  scanInfo.numComps = str->getChar();
2947
  if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
2948
     scanInfo.numComps = 0;
2949
     error(getPos(), "Bad number of components in DCT stream");
2950
     return gFalse;
2951
  }
2912
  --length;
2952
  --length;
2913
  if (length != 2 * scanInfo.numComps + 3) {
2953
  if (length != 2 * scanInfo.numComps + 3) {
2914
    error(getPos(), "Bad DCT scan info block");
2954
    error(getPos(), "Bad DCT scan info block");
Lines 2976-2987 GBool DCTStream::readHuffmanTables() { Link Here
2976
  while (length > 0) {
3016
  while (length > 0) {
2977
    index = str->getChar();
3017
    index = str->getChar();
2978
    --length;
3018
    --length;
2979
    if ((index & 0x0f) >= 4) {
3019
    if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
2980
      error(getPos(), "Bad DCT Huffman table");
3020
      error(getPos(), "Bad DCT Huffman table");
2981
      return gFalse;
3021
      return gFalse;
2982
    }
3022
    }
2983
    if (index & 0x10) {
3023
    if (index & 0x10) {
2984
      index &= 0x0f;
3024
      index &= 0x03;
2985
      if (index >= numACHuffTables)
3025
      if (index >= numACHuffTables)
2986
	numACHuffTables = index+1;
3026
	numACHuffTables = index+1;
2987
      tbl = &acHuffTables[index];
3027
      tbl = &acHuffTables[index];
Lines 3069-3077 int DCTStream::readMarker() { Link Here
3069
  do {
3109
  do {
3070
    do {
3110
    do {
3071
      c = str->getChar();
3111
      c = str->getChar();
3112
      if(c == EOF) return EOF;
3072
    } while (c != 0xff);
3113
    } while (c != 0xff);
3073
    do {
3114
    do {
3074
      c = str->getChar();
3115
      c = str->getChar();
3116
      if(c == EOF) return EOF;
3075
    } while (c == 0xff);
3117
    } while (c == 0xff);
3076
  } while (c == 0x00);
3118
  } while (c == 0x00);
3077
  return c;
3119
  return c;
Lines 3179-3184 FlateStream::FlateStream(Stream *strA, i Link Here
3179
    FilterStream(strA) {
3221
    FilterStream(strA) {
3180
  if (predictor != 1) {
3222
  if (predictor != 1) {
3181
    pred = new StreamPredictor(this, predictor, columns, colors, bits);
3223
    pred = new StreamPredictor(this, predictor, columns, colors, bits);
3224
    if ( !pred->isOk()) {
3225
        delete pred;
3226
        pred = NULL;
3227
    }
3182
  } else {
3228
  } else {
3183
    pred = NULL;
3229
    pred = NULL;
3184
  }
3230
  }
(-)filters/kword/pdf/xpdf/xpdf/Stream.h (+2 lines)
Lines 227-232 public: Link Here
227
227
228
  int lookChar();
228
  int lookChar();
229
  int getChar();
229
  int getChar();
230
  GBool isOk() { return ok; }
230
231
231
private:
232
private:
232
233
Lines 242-247 private: Link Here
242
  int rowBytes;			// bytes per line
243
  int rowBytes;			// bytes per line
243
  Guchar *predLine;		// line buffer
244
  Guchar *predLine;		// line buffer
244
  int predIdx;			// current index in predLine
245
  int predIdx;			// current index in predLine
246
  GBool ok;
245
};
247
};
246
248
247
//------------------------------------------------------------------------
249
//------------------------------------------------------------------------

Return to bug 115851