xpdf: 3.02pl4 -> 3.02pl5

This commit is contained in:
Thomas Penteker 2010-11-14 17:00:23 +01:00
parent 9b28ce1f81
commit 2ae4595470
6 changed files with 7 additions and 2294 deletions

View File

@ -3,3 +3,4 @@
3a5cb165ae66781e0b21e6219ae06795 xpdf-3.02pl2.patch
581963ede0fb5715e1a69f01b5b8ce63 xpdf-3.02pl3.patch
70b752716798dd341a4bf890df5f6fdc xpdf-3.02pl4.patch
504902ca5e9d66c67eed03636ec6b163 xpdf-3.02pl5.patch

View File

@ -6,24 +6,19 @@
name=xpdf
version=3.02
release=5
release=6
source=(ftp://ftp.foolabs.com/pub/xpdf/$name-$version.tar.gz
$name-${version}pl1.patch
$name-${version}pl2.patch
$name-${version}pl3.patch
$name-${version}pl4.patch)
ftp://ftp.foolabs.com/pub/xpdf/$name-3.02pl{1,2,3,4,5}.patch)
build() {
cd $name-$version
patch -p1 -i $SRC/$name-${version}pl1.patch
patch -p1 -i $SRC/$name-${version}pl2.patch
patch -p1 -i $SRC/$name-${version}pl3.patch
patch -p1 -i $SRC/$name-${version}pl4.patch
cat $SRC/$name-3.02pl*.patch | patch -p1
./configure \
--prefix=/usr \
--prefix=/usr \
--with-Xm-library=/usr/lib \
--with-Xm-includes=/usr/include/Xm \
--with-freetype2-includes=/usr/include/freetype2 \
--with-freetype2-includes=/usr/include/freetype2 \
--sysconfdir=/etc \
--enable-a4-paper \
--enable-opi

View File

@ -1,33 +0,0 @@
*** xpdf-3.02.orig/xpdf/Stream.cc Tue Feb 27 14:05:52 2007
--- xpdf-3.02/xpdf/Stream.cc Thu Jul 26 14:44:43 2007
***************
*** 410,424 ****
ok = gFalse;
nVals = width * nComps;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits ||
- nVals * nBits + 7 < 0) {
- return;
- }
pixBytes = (nComps * nBits + 7) >> 3;
rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
! if (rowBytes <= 0) {
return;
}
predLine = (Guchar *)gmalloc(rowBytes);
--- 410,422 ----
ok = gFalse;
nVals = width * nComps;
pixBytes = (nComps * nBits + 7) >> 3;
rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
! if (width <= 0 || nComps <= 0 || nBits <= 0 ||
! nComps > gfxColorMaxComps ||
! nBits > 16 ||
! width >= INT_MAX / nComps || // check for overflow in nVals
! nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
return;
}
predLine = (Guchar *)gmalloc(rowBytes);

View File

@ -1,823 +0,0 @@
diff -c -r xpdf-3.02pl1.orig/xpdf/Stream.cc xpdf-3.02/xpdf/Stream.cc
*** xpdf-3.02pl1.orig/xpdf/Stream.cc Thu Oct 25 15:47:38 2007
--- xpdf-3.02/xpdf/Stream.cc Thu Oct 25 15:48:19 2007
***************
*** 1243,1265 ****
columns = columnsA;
if (columns < 1) {
columns = 1;
! }
! if (columns + 4 <= 0) {
! columns = INT_MAX - 4;
}
rows = rowsA;
endOfBlock = endOfBlockA;
black = blackA;
! refLine = (short *)gmallocn(columns + 3, sizeof(short));
! codingLine = (short *)gmallocn(columns + 2, sizeof(short));
eof = gFalse;
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
! codingLine[0] = 0;
! codingLine[1] = refLine[2] = columns;
! a0 = 1;
buf = EOF;
}
--- 1243,1268 ----
columns = columnsA;
if (columns < 1) {
columns = 1;
! } else if (columns > INT_MAX - 2) {
! columns = INT_MAX - 2;
}
rows = rowsA;
endOfBlock = endOfBlockA;
black = blackA;
! // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
! // ---> max codingLine size = columns + 1
! // refLine has one extra guard entry at the end
! // ---> max refLine size = columns + 2
! codingLine = (int *)gmallocn(columns + 1, sizeof(int));
! refLine = (int *)gmallocn(columns + 2, sizeof(int));
eof = gFalse;
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
! codingLine[0] = columns;
! a0i = 0;
! outputBits = 0;
buf = EOF;
}
***************
*** 1278,1286 ****
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
! codingLine[0] = 0;
! codingLine[1] = columns;
! a0 = 1;
buf = EOF;
// skip any initial zero bits and end-of-line marker, and get the 2D
--- 1281,1289 ----
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
! codingLine[0] = columns;
! a0i = 0;
! outputBits = 0;
buf = EOF;
// skip any initial zero bits and end-of-line marker, and get the 2D
***************
*** 1297,1507 ****
}
}
int CCITTFaxStream::lookChar() {
short code1, code2, code3;
! int a0New;
! GBool err, gotEOL;
! int ret;
! int bits, i;
! // if at eof just return EOF
! if (eof && codingLine[a0] >= columns) {
! return EOF;
}
// read the next row
! err = gFalse;
! if (codingLine[a0] >= columns) {
// 2-D encoding
if (nextLine2D) {
- // state:
- // a0New = current position in coding line (0 <= a0New <= columns)
- // codingLine[a0] = last change in coding line
- // (black-to-white if a0 is even,
- // white-to-black if a0 is odd)
- // refLine[b1] = next change in reference line of opposite color
- // to a0
- // invariants:
- // 0 <= codingLine[a0] <= a0New
- // <= refLine[b1] <= refLine[b1+1] <= columns
- // 0 <= a0 <= columns+1
- // refLine[0] = 0
- // refLine[n] = refLine[n+1] = columns
- // -- for some 1 <= n <= columns+1
- // end condition:
- // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ...
- // < codingLine[n-1] < codingLine[n] = columns
- // -- where 1 <= n <= columns+1
for (i = 0; codingLine[i] < columns; ++i) {
refLine[i] = codingLine[i];
}
! refLine[i] = refLine[i + 1] = columns;
! b1 = 1;
! a0New = codingLine[a0 = 0] = 0;
! do {
code1 = getTwoDimCode();
switch (code1) {
case twoDimPass:
! if (refLine[b1] < columns) {
! a0New = refLine[b1 + 1];
! b1 += 2;
}
break;
case twoDimHoriz:
! if ((a0 & 1) == 0) {
! code1 = code2 = 0;
do {
! code1 += code3 = getWhiteCode();
} while (code3 >= 64);
do {
! code2 += code3 = getBlackCode();
} while (code3 >= 64);
} else {
- code1 = code2 = 0;
do {
! code1 += code3 = getBlackCode();
} while (code3 >= 64);
do {
! code2 += code3 = getWhiteCode();
} while (code3 >= 64);
}
! if (code1 > 0 || code2 > 0) {
! if (a0New + code1 <= columns) {
! codingLine[a0 + 1] = a0New + code1;
! } else {
! codingLine[a0 + 1] = columns;
! }
! ++a0;
! if (codingLine[a0] + code2 <= columns) {
! codingLine[a0 + 1] = codingLine[a0] + code2;
! } else {
! codingLine[a0 + 1] = columns;
! }
! ++a0;
! a0New = codingLine[a0];
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
}
break;
! case twoDimVert0:
! if (refLine[b1] < columns) {
! a0New = codingLine[++a0] = refLine[b1];
! ++b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
- } else {
- a0New = codingLine[++a0] = columns;
}
break;
case twoDimVertR1:
! if (refLine[b1] + 1 < columns) {
! a0New = codingLine[++a0] = refLine[b1] + 1;
! ++b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
- } else {
- a0New = codingLine[++a0] = columns;
}
break;
! case twoDimVertL1:
! if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) {
! a0New = codingLine[++a0] = refLine[b1] - 1;
! --b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
}
break;
! case twoDimVertR2:
! if (refLine[b1] + 2 < columns) {
! a0New = codingLine[++a0] = refLine[b1] + 2;
! ++b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
- } else {
- a0New = codingLine[++a0] = columns;
}
break;
case twoDimVertL2:
! if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) {
! a0New = codingLine[++a0] = refLine[b1] - 2;
! --b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
! }
! break;
! case twoDimVertR3:
! if (refLine[b1] + 3 < columns) {
! a0New = codingLine[++a0] = refLine[b1] + 3;
! ++b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
- } else {
- a0New = codingLine[++a0] = columns;
}
break;
! case twoDimVertL3:
! if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) {
! a0New = codingLine[++a0] = refLine[b1] - 3;
! --b1;
! while (refLine[b1] <= a0New && refLine[b1] < columns) {
! b1 += 2;
}
}
break;
case EOF:
eof = gTrue;
! codingLine[a0 = 0] = columns;
! return EOF;
default:
error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
err = gTrue;
break;
}
! } while (codingLine[a0] < columns);
// 1-D encoding
} else {
! codingLine[a0 = 0] = 0;
! while (1) {
code1 = 0;
! do {
! code1 += code3 = getWhiteCode();
! } while (code3 >= 64);
! codingLine[a0+1] = codingLine[a0] + code1;
! ++a0;
! if (codingLine[a0] >= columns) {
! break;
! }
! code2 = 0;
! do {
! code2 += code3 = getBlackCode();
! } while (code3 >= 64);
! codingLine[a0+1] = codingLine[a0] + code2;
! ++a0;
! if (codingLine[a0] >= columns) {
! break;
}
}
}
- if (codingLine[a0] != columns) {
- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
- // force the row to be the correct length
- while (codingLine[a0] > columns) {
- --a0;
- }
- codingLine[++a0] = columns;
- err = gTrue;
- }
-
// byte-align the row
if (byteAlign) {
inputBits &= ~7;
--- 1300,1529 ----
}
}
+ inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
+ if (a1 > codingLine[a0i]) {
+ if (a1 > columns) {
+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+ err = gTrue;
+ a1 = columns;
+ }
+ if ((a0i & 1) ^ blackPixels) {
+ ++a0i;
+ }
+ codingLine[a0i] = a1;
+ }
+ }
+
+ inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
+ if (a1 > codingLine[a0i]) {
+ if (a1 > columns) {
+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+ err = gTrue;
+ a1 = columns;
+ }
+ if ((a0i & 1) ^ blackPixels) {
+ ++a0i;
+ }
+ codingLine[a0i] = a1;
+ } else if (a1 < codingLine[a0i]) {
+ if (a1 < 0) {
+ error(getPos(), "Invalid CCITTFax code");
+ err = gTrue;
+ a1 = 0;
+ }
+ while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
+ --a0i;
+ }
+ codingLine[a0i] = a1;
+ }
+ }
+
int CCITTFaxStream::lookChar() {
short code1, code2, code3;
! int b1i, blackPixels, i, bits;
! GBool gotEOL;
! if (buf != EOF) {
! return buf;
}
// read the next row
! if (outputBits == 0) {
!
! // if at eof just return EOF
! if (eof) {
! return EOF;
! }
!
! err = gFalse;
// 2-D encoding
if (nextLine2D) {
for (i = 0; codingLine[i] < columns; ++i) {
refLine[i] = codingLine[i];
}
! refLine[i++] = columns;
! refLine[i] = columns;
! codingLine[0] = 0;
! a0i = 0;
! b1i = 0;
! blackPixels = 0;
! // invariant:
! // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
! // <= columns
! // exception at left edge:
! // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
! // exception at right edge:
! // refLine[b1i] = refLine[b1i+1] = columns is possible
! while (codingLine[a0i] < columns) {
code1 = getTwoDimCode();
switch (code1) {
case twoDimPass:
! addPixels(refLine[b1i + 1], blackPixels);
! if (refLine[b1i + 1] < columns) {
! b1i += 2;
}
break;
case twoDimHoriz:
! code1 = code2 = 0;
! if (blackPixels) {
do {
! code1 += code3 = getBlackCode();
} while (code3 >= 64);
do {
! code2 += code3 = getWhiteCode();
} while (code3 >= 64);
} else {
do {
! code1 += code3 = getWhiteCode();
} while (code3 >= 64);
do {
! code2 += code3 = getBlackCode();
} while (code3 >= 64);
}
! addPixels(codingLine[a0i] + code1, blackPixels);
! if (codingLine[a0i] < columns) {
! addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
! }
! break;
! case twoDimVertR3:
! addPixels(refLine[b1i] + 3, blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
! case twoDimVertR2:
! addPixels(refLine[b1i] + 2, blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
case twoDimVertR1:
! addPixels(refLine[b1i] + 1, blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
! case twoDimVert0:
! addPixels(refLine[b1i], blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
! case twoDimVertL3:
! addPixelsNeg(refLine[b1i] - 3, blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! if (b1i > 0) {
! --b1i;
! } else {
! ++b1i;
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
case twoDimVertL2:
! addPixelsNeg(refLine[b1i] - 2, blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! if (b1i > 0) {
! --b1i;
! } else {
! ++b1i;
}
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
! case twoDimVertL1:
! addPixelsNeg(refLine[b1i] - 1, blackPixels);
! blackPixels ^= 1;
! if (codingLine[a0i] < columns) {
! if (b1i > 0) {
! --b1i;
! } else {
! ++b1i;
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
! b1i += 2;
}
}
break;
case EOF:
+ addPixels(columns, 0);
eof = gTrue;
! break;
default:
error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
+ addPixels(columns, 0);
err = gTrue;
break;
}
! }
// 1-D encoding
} else {
! codingLine[0] = 0;
! a0i = 0;
! blackPixels = 0;
! while (codingLine[a0i] < columns) {
code1 = 0;
! if (blackPixels) {
! do {
! code1 += code3 = getBlackCode();
! } while (code3 >= 64);
! } else {
! do {
! code1 += code3 = getWhiteCode();
! } while (code3 >= 64);
}
+ addPixels(codingLine[a0i] + code1, blackPixels);
+ blackPixels ^= 1;
}
}
// byte-align the row
if (byteAlign) {
inputBits &= ~7;
***************
*** 1560,1573 ****
// this if we know the stream contains end-of-line markers because
// the "just plow on" technique tends to work better otherwise
} else if (err && endOfLine) {
! do {
if (code1 == EOF) {
eof = gTrue;
return EOF;
}
eatBits(1);
! code1 = lookBits(13);
! } while ((code1 >> 1) != 0x001);
eatBits(12);
if (encoding > 0) {
eatBits(1);
--- 1582,1598 ----
// this if we know the stream contains end-of-line markers because
// the "just plow on" technique tends to work better otherwise
} else if (err && endOfLine) {
! while (1) {
! code1 = lookBits(13);
if (code1 == EOF) {
eof = gTrue;
return EOF;
}
+ if ((code1 >> 1) == 0x001) {
+ break;
+ }
eatBits(1);
! }
eatBits(12);
if (encoding > 0) {
eatBits(1);
***************
*** 1575,1585 ****
}
}
! a0 = 0;
! outputBits = codingLine[1] - codingLine[0];
! if (outputBits == 0) {
! a0 = 1;
! outputBits = codingLine[2] - codingLine[1];
}
++row;
--- 1600,1610 ----
}
}
! // set up for output
! if (codingLine[0] > 0) {
! outputBits = codingLine[a0i = 0];
! } else {
! outputBits = codingLine[a0i = 1];
}
++row;
***************
*** 1587,1625 ****
// get a byte
if (outputBits >= 8) {
! ret = ((a0 & 1) == 0) ? 0xff : 0x00;
! if ((outputBits -= 8) == 0) {
! ++a0;
! if (codingLine[a0] < columns) {
! outputBits = codingLine[a0 + 1] - codingLine[a0];
! }
}
} else {
bits = 8;
! ret = 0;
do {
if (outputBits > bits) {
! i = bits;
! bits = 0;
! if ((a0 & 1) == 0) {
! ret |= 0xff >> (8 - i);
}
! outputBits -= i;
} else {
! i = outputBits;
! bits -= outputBits;
! if ((a0 & 1) == 0) {
! ret |= (0xff >> (8 - i)) << bits;
}
outputBits = 0;
! ++a0;
! if (codingLine[a0] < columns) {
! outputBits = codingLine[a0 + 1] - codingLine[a0];
}
}
! } while (bits > 0 && codingLine[a0] < columns);
}
- buf = black ? (ret ^ 0xff) : ret;
return buf;
}
--- 1612,1654 ----
// get a byte
if (outputBits >= 8) {
! buf = (a0i & 1) ? 0x00 : 0xff;
! outputBits -= 8;
! if (outputBits == 0 && codingLine[a0i] < columns) {
! ++a0i;
! outputBits = codingLine[a0i] - codingLine[a0i - 1];
}
} else {
bits = 8;
! buf = 0;
do {
if (outputBits > bits) {
! buf <<= bits;
! if (!(a0i & 1)) {
! buf |= 0xff >> (8 - bits);
}
! outputBits -= bits;
! bits = 0;
} else {
! buf <<= outputBits;
! if (!(a0i & 1)) {
! buf |= 0xff >> (8 - outputBits);
}
+ bits -= outputBits;
outputBits = 0;
! if (codingLine[a0i] < columns) {
! ++a0i;
! outputBits = codingLine[a0i] - codingLine[a0i - 1];
! } else if (bits > 0) {
! buf <<= bits;
! bits = 0;
}
}
! } while (bits);
! }
! if (black) {
! buf ^= 0xff;
}
return buf;
}
***************
*** 1661,1666 ****
--- 1690,1698 ----
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(12);
+ if (code == EOF) {
+ return 1;
+ }
if ((code >> 5) == 0) {
p = &whiteTab1[code];
} else {
***************
*** 1673,1678 ****
--- 1705,1713 ----
} else {
for (n = 1; n <= 9; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 9) {
code <<= 9 - n;
}
***************
*** 1684,1689 ****
--- 1719,1727 ----
}
for (n = 11; n <= 12; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 12) {
code <<= 12 - n;
}
***************
*** 1709,1717 ****
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(13);
if ((code >> 7) == 0) {
p = &blackTab1[code];
! } else if ((code >> 9) == 0) {
p = &blackTab2[(code >> 1) - 64];
} else {
p = &blackTab3[code >> 7];
--- 1747,1758 ----
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(13);
+ if (code == EOF) {
+ return 1;
+ }
if ((code >> 7) == 0) {
p = &blackTab1[code];
! } else if ((code >> 9) == 0 && (code >> 7) != 0) {
p = &blackTab2[(code >> 1) - 64];
} else {
p = &blackTab3[code >> 7];
***************
*** 1723,1728 ****
--- 1764,1772 ----
} else {
for (n = 2; n <= 6; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 6) {
code <<= 6 - n;
}
***************
*** 1734,1739 ****
--- 1778,1786 ----
}
for (n = 7; n <= 12; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 12) {
code <<= 12 - n;
}
***************
*** 1747,1752 ****
--- 1794,1802 ----
}
for (n = 10; n <= 13; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 13) {
code <<= 13 - n;
}
***************
*** 1961,1966 ****
--- 2011,2022 ----
// allocate a buffer for the whole image
bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
+ if (bufWidth <= 0 || bufHeight <= 0 ||
+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
+ error(getPos(), "Invalid image size in DCT stream");
+ y = height;
+ return;
+ }
for (i = 0; i < numComps; ++i) {
frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
***************
*** 3036,3041 ****
--- 3092,3102 ----
}
scanInfo.firstCoeff = str->getChar();
scanInfo.lastCoeff = str->getChar();
+ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
+ scanInfo.firstCoeff > scanInfo.lastCoeff) {
+ error(getPos(), "Bad DCT coefficient numbers in scan info block");
+ return gFalse;
+ }
c = str->getChar();
scanInfo.ah = (c >> 4) & 0x0f;
scanInfo.al = c & 0x0f;
diff -c -r xpdf-3.02pl1.orig/xpdf/Stream.h xpdf-3.02/xpdf/Stream.h
*** xpdf-3.02pl1.orig/xpdf/Stream.h Tue Feb 27 14:05:52 2007
--- xpdf-3.02/xpdf/Stream.h Thu Oct 25 15:48:15 2007
***************
*** 528,540 ****
int row; // current row
int inputBuf; // input buffer
int inputBits; // number of bits in input buffer
! short *refLine; // reference line changing elements
! int b1; // index into refLine
! short *codingLine; // coding line changing elements
! int a0; // index into codingLine
int outputBits; // remaining ouput bits
int buf; // character buffer
short getTwoDimCode();
short getWhiteCode();
short getBlackCode();
--- 528,542 ----
int row; // current row
int inputBuf; // input buffer
int inputBits; // number of bits in input buffer
! int *codingLine; // coding line changing elements
! int *refLine; // reference line changing elements
! int a0i; // index into codingLine
! GBool err; // error on current line
int outputBits; // remaining ouput bits
int buf; // character buffer
+ void addPixels(int a1, int black);
+ void addPixelsNeg(int a1, int black);
short getTwoDimCode();
short getWhiteCode();
short getBlackCode();

File diff suppressed because it is too large Load Diff

View File

@ -1,282 +0,0 @@
*** xpdf-3.02.orig/xpdf/Stream.cc Fri Jul 24 14:30:46 2009
--- xpdf-3.02/xpdf/Stream.cc Mon Oct 5 11:07:49 2009
***************
*** 323,328 ****
--- 323,332 ----
} else {
imgLineSize = nVals;
}
+ if (width > INT_MAX / nComps) {
+ // force a call to gmallocn(-1,...), which will throw an exception
+ imgLineSize = -1;
+ }
imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar));
imgIdx = nVals;
}
*** xpdf-3.02.orig/xpdf/PSOutputDev.cc Tue Feb 27 14:05:52 2007
--- xpdf-3.02/xpdf/PSOutputDev.cc Fri Oct 2 12:38:58 2009
***************
*** 4301,4307 ****
width, -height, height);
// allocate a line buffer
! lineBuf = (Guchar *)gmalloc(4 * width);
// set up to process the data stream
imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(),
--- 4301,4307 ----
width, -height, height);
// allocate a line buffer
! lineBuf = (Guchar *)gmallocn(width, 4);
// set up to process the data stream
imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(),
diff -r -c xpdf-3.02.orig/splash/Splash.cc xpdf-3.02/splash/Splash.cc
*** xpdf-3.02.orig/splash/Splash.cc Tue Feb 27 14:05:52 2007
--- xpdf-3.02/splash/Splash.cc Fri Aug 14 14:05:08 2009
***************
*** 12,17 ****
--- 12,18 ----
#include <stdlib.h>
#include <string.h>
+ #include <limits.h>
#include "gmem.h"
#include "SplashErrorCodes.h"
#include "SplashMath.h"
***************
*** 1912,1918 ****
xq = w % scaledWidth;
// allocate pixel buffer
! pixBuf = (SplashColorPtr)gmalloc((yp + 1) * w);
// initialize the pixel pipe
pipeInit(&pipe, 0, 0, state->fillPattern, NULL, state->fillAlpha,
--- 1913,1922 ----
xq = w % scaledWidth;
// allocate pixel buffer
! if (yp < 0 || yp > INT_MAX - 1) {
! return splashErrBadArg;
! }
! pixBuf = (SplashColorPtr)gmallocn(yp + 1, w);
// initialize the pixel pipe
pipeInit(&pipe, 0, 0, state->fillPattern, NULL, state->fillAlpha,
***************
*** 2208,2216 ****
xq = w % scaledWidth;
// allocate pixel buffers
! colorBuf = (SplashColorPtr)gmalloc((yp + 1) * w * nComps);
if (srcAlpha) {
! alphaBuf = (Guchar *)gmalloc((yp + 1) * w);
} else {
alphaBuf = NULL;
}
--- 2212,2223 ----
xq = w % scaledWidth;
// allocate pixel buffers
! if (yp < 0 || yp > INT_MAX - 1 || w > INT_MAX / nComps) {
! return splashErrBadArg;
! }
! colorBuf = (SplashColorPtr)gmallocn(yp + 1, w * nComps);
if (srcAlpha) {
! alphaBuf = (Guchar *)gmallocn(yp + 1, w);
} else {
alphaBuf = NULL;
}
diff -r -c xpdf-3.02.orig/splash/SplashErrorCodes.h xpdf-3.02/splash/SplashErrorCodes.h
*** xpdf-3.02.orig/splash/SplashErrorCodes.h Tue Feb 27 14:05:52 2007
--- xpdf-3.02/splash/SplashErrorCodes.h Fri Aug 14 14:03:46 2009
***************
*** 29,32 ****
--- 29,34 ----
#define splashErrSingularMatrix 8 // matrix is singular
+ #define splashErrBadArg 9 // bad argument
+
#endif
*** xpdf-3.02.orig/splash/SplashBitmap.cc Tue Feb 27 14:05:52 2007
--- xpdf-3.02/splash/SplashBitmap.cc Wed Aug 19 14:55:39 2009
***************
*** 11,16 ****
--- 11,17 ----
#endif
#include <stdio.h>
+ #include <limits.h>
#include "gmem.h"
#include "SplashErrorCodes.h"
#include "SplashBitmap.h"
***************
*** 27,56 ****
mode = modeA;
switch (mode) {
case splashModeMono1:
! rowSize = (width + 7) >> 3;
break;
case splashModeMono8:
! rowSize = width;
break;
case splashModeRGB8:
case splashModeBGR8:
! rowSize = width * 3;
break;
#if SPLASH_CMYK
case splashModeCMYK8:
! rowSize = width * 4;
break;
#endif
}
! rowSize += rowPad - 1;
! rowSize -= rowSize % rowPad;
! data = (SplashColorPtr)gmalloc(rowSize * height);
if (!topDown) {
data += (height - 1) * rowSize;
rowSize = -rowSize;
}
if (alphaA) {
! alpha = (Guchar *)gmalloc(width * height);
} else {
alpha = NULL;
}
--- 28,75 ----
mode = modeA;
switch (mode) {
case splashModeMono1:
! if (width > 0) {
! rowSize = (width + 7) >> 3;
! } else {
! rowSize = -1;
! }
break;
case splashModeMono8:
! if (width > 0) {
! rowSize = width;
! } else {
! rowSize = -1;
! }
break;
case splashModeRGB8:
case splashModeBGR8:
! if (width > 0 && width <= INT_MAX / 3) {
! rowSize = width * 3;
! } else {
! rowSize = -1;
! }
break;
#if SPLASH_CMYK
case splashModeCMYK8:
! if (width > 0 && width <= INT_MAX / 4) {
! rowSize = width * 4;
! } else {
! rowSize = -1;
! }
break;
#endif
}
! if (rowSize > 0) {
! rowSize += rowPad - 1;
! rowSize -= rowSize % rowPad;
! }
! data = (SplashColorPtr)gmallocn(height, rowSize);
if (!topDown) {
data += (height - 1) * rowSize;
rowSize = -rowSize;
}
if (alphaA) {
! alpha = (Guchar *)gmallocn(width, height);
} else {
alpha = NULL;
}
*** xpdf-3.02.orig/xpdf/XRef.cc Tue Feb 27 14:05:52 2007
--- xpdf-3.02/xpdf/XRef.cc Tue Oct 13 11:57:24 2009
***************
*** 52,57 ****
--- 52,59 ----
// generation 0.
ObjectStream(XRef *xref, int objStrNumA);
+ GBool isOk() { return ok; }
+
~ObjectStream();
// Return the object number of this object stream.
***************
*** 67,72 ****
--- 69,75 ----
int nObjects; // number of objects in the stream
Object *objs; // the objects (length = nObjects)
int *objNums; // the object numbers (length = nObjects)
+ GBool ok;
};
ObjectStream::ObjectStream(XRef *xref, int objStrNumA) {
***************
*** 80,85 ****
--- 83,89 ----
nObjects = 0;
objs = NULL;
objNums = NULL;
+ ok = gFalse;
if (!xref->fetch(objStrNum, 0, &objStr)->isStream()) {
goto err1;
***************
*** 105,110 ****
--- 109,121 ----
goto err1;
}
+ // this is an arbitrary limit to avoid integer overflow problems
+ // in the 'new Object[nObjects]' call (Acrobat apparently limits
+ // object streams to 100-200 objects)
+ if (nObjects > 1000000) {
+ error(-1, "Too many objects in an object stream");
+ goto err1;
+ }
objs = new Object[nObjects];
objNums = (int *)gmallocn(nObjects, sizeof(int));
offsets = (int *)gmallocn(nObjects, sizeof(int));
***************
*** 161,170 ****
}
gfree(offsets);
err1:
objStr.free();
- return;
}
ObjectStream::~ObjectStream() {
--- 172,181 ----
}
gfree(offsets);
+ ok = gTrue;
err1:
objStr.free();
}
ObjectStream::~ObjectStream() {
***************
*** 837,842 ****
--- 848,858 ----
delete objStr;
}
objStr = new ObjectStream(this, e->offset);
+ if (!objStr->isOk()) {
+ delete objStr;
+ objStr = NULL;
+ goto err;
+ }
}
objStr->getObject(e->gen, num, obj);
break;