+++ /dev/null
-diff -cr xpdf-3.01.orig/goo/gmem.c xpdf-3.01/goo/gmem.c
-*** xpdf-3.01.orig/goo/gmem.c Tue Aug 16 22:34:30 2005
---- xpdf-3.01/goo/gmem.c Tue Jan 17 17:03:57 2006
-***************
-*** 11,16 ****
---- 11,17 ----
- #include <stdlib.h>
- #include <stddef.h>
- #include <string.h>
-+ #include <limits.h>
- #include "gmem.h"
-
- #ifdef DEBUG_MEM
-***************
-*** 63,69 ****
- int lst;
- unsigned long *trl, *p;
-
-! if (size == 0)
- return NULL;
- size1 = gMemDataSize(size);
- if (!(mem = (char *)malloc(size1 + gMemHdrSize + gMemTrlSize))) {
---- 64,70 ----
- int lst;
- unsigned long *trl, *p;
-
-! if (size <= 0)
- return NULL;
- size1 = gMemDataSize(size);
- if (!(mem = (char *)malloc(size1 + gMemHdrSize + gMemTrlSize))) {
-***************
-*** 86,92 ****
- #else
- void *p;
-
-! if (size == 0)
- return NULL;
- if (!(p = malloc(size))) {
- fprintf(stderr, "Out of memory\n");
---- 87,93 ----
- #else
- void *p;
-
-! if (size <= 0)
- return NULL;
- if (!(p = malloc(size))) {
- fprintf(stderr, "Out of memory\n");
-***************
-*** 102,108 ****
- void *q;
- int oldSize;
-
-! if (size == 0) {
- if (p)
- gfree(p);
- return NULL;
---- 103,109 ----
- void *q;
- int oldSize;
-
-! if (size <= 0) {
- if (p)
- gfree(p);
- return NULL;
-***************
-*** 120,126 ****
- #else
- void *q;
-
-! if (size == 0) {
- if (p)
- free(p);
- return NULL;
---- 121,127 ----
- #else
- void *q;
-
-! if (size <= 0) {
- if (p)
- free(p);
- return NULL;
-***************
-*** 140,147 ****
- void *gmallocn(int nObjs, int objSize) {
- int n;
-
- n = nObjs * objSize;
-! if (objSize == 0 || n / objSize != nObjs) {
- fprintf(stderr, "Bogus memory allocation size\n");
- exit(1);
- }
---- 141,151 ----
- void *gmallocn(int nObjs, int objSize) {
- int n;
-
-+ if (nObjs == 0) {
-+ return NULL;
-+ }
- n = nObjs * objSize;
-! if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) {
- fprintf(stderr, "Bogus memory allocation size\n");
- exit(1);
- }
-***************
-*** 151,158 ****
- void *greallocn(void *p, int nObjs, int objSize) {
- int n;
-
- n = nObjs * objSize;
-! if (objSize == 0 || n / objSize != nObjs) {
- fprintf(stderr, "Bogus memory allocation size\n");
- exit(1);
- }
---- 155,168 ----
- void *greallocn(void *p, int nObjs, int objSize) {
- int n;
-
-+ if (nObjs == 0) {
-+ if (p) {
-+ gfree(p);
-+ }
-+ return NULL;
-+ }
- n = nObjs * objSize;
-! if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) {
- fprintf(stderr, "Bogus memory allocation size\n");
- exit(1);
- }
-diff -cr xpdf-3.01.orig/xpdf/JBIG2Stream.cc xpdf-3.01/xpdf/JBIG2Stream.cc
-*** xpdf-3.01.orig/xpdf/JBIG2Stream.cc Tue Aug 16 22:34:31 2005
---- xpdf-3.01/xpdf/JBIG2Stream.cc Tue Jan 17 17:29:46 2006
-***************
-*** 13,18 ****
---- 13,19 ----
- #endif
-
- #include <stdlib.h>
-+ #include <limits.h>
- #include "GList.h"
- #include "Error.h"
- #include "JArithmeticDecoder.h"
-***************
-*** 681,686 ****
---- 682,691 ----
- w = wA;
- h = hA;
- line = (wA + 7) >> 3;
-+ if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
-+ data = NULL;
-+ return;
-+ }
- // need to allocate one extra guard byte for use in combine()
- data = (Guchar *)gmalloc(h * line + 1);
- data[h * line] = 0;
-***************
-*** 692,697 ****
---- 697,706 ----
- w = bitmap->w;
- h = bitmap->h;
- line = bitmap->line;
-+ if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
-+ data = NULL;
-+ return;
-+ }
- // need to allocate one extra guard byte for use in combine()
- data = (Guchar *)gmalloc(h * line + 1);
- memcpy(data, bitmap->data, h * line);
-***************
-*** 720,726 ****
- }
-
- void JBIG2Bitmap::expand(int newH, Guint pixel) {
-! if (newH <= h) {
- return;
- }
- // need to allocate one extra guard byte for use in combine()
---- 729,735 ----
- }
-
- void JBIG2Bitmap::expand(int newH, Guint pixel) {
-! if (newH <= h || line <= 0 || newH >= (INT_MAX - 1) / line) {
- return;
- }
- // need to allocate one extra guard byte for use in combine()
-***************
-*** 2294,2299 ****
---- 2303,2316 ----
- !readUWord(&stepX) || !readUWord(&stepY)) {
- goto eofError;
- }
-+ if (w == 0 || h == 0 || w >= INT_MAX / h) {
-+ error(getPos(), "Bad bitmap size in JBIG2 halftone segment");
-+ return;
-+ }
-+ if (gridH == 0 || gridW >= INT_MAX / gridH) {
-+ error(getPos(), "Bad grid size in JBIG2 halftone segment");
-+ return;
-+ }
-
- // get pattern dictionary
- if (nRefSegs != 1) {
-diff -cr xpdf-3.01.orig/xpdf/JPXStream.cc xpdf-3.01/xpdf/JPXStream.cc
-*** xpdf-3.01.orig/xpdf/JPXStream.cc Tue Aug 16 22:34:31 2005
---- xpdf-3.01/xpdf/JPXStream.cc Tue Jan 17 17:14:06 2006
-***************
-*** 12,17 ****
---- 12,18 ----
- #pragma implementation
- #endif
-
-+ #include <limits.h>
- #include "gmem.h"
- #include "Error.h"
- #include "JArithmeticDecoder.h"
-***************
-*** 818,823 ****
---- 819,830 ----
- / img.xTileSize;
- img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
- / img.yTileSize;
-+ // check for overflow before allocating memory
-+ if (img.nXTiles <= 0 || img.nYTiles <= 0 ||
-+ img.nXTiles >= INT_MAX / img.nYTiles) {
-+ error(getPos(), "Bad tile count in JPX SIZ marker segment");
-+ return gFalse;
-+ }
- img.tiles = (JPXTile *)gmallocn(img.nXTiles * img.nYTiles,
- sizeof(JPXTile));
- for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
-diff -cr xpdf-3.01.orig/xpdf/Stream.cc xpdf-3.01/xpdf/Stream.cc
-*** xpdf-3.01.orig/xpdf/Stream.cc Tue Aug 16 22:34:31 2005
---- xpdf-3.01/xpdf/Stream.cc Tue Jan 17 17:31:52 2006
-***************
-*** 15,20 ****
---- 15,21 ----
- #include <stdio.h>
- #include <stdlib.h>
- #include <stddef.h>
-+ #include <limits.h>
- #ifndef WIN32
- #include <unistd.h>
- #endif
-***************
-*** 406,418 ****
---- 407,432 ----
- width = widthA;
- nComps = nCompsA;
- nBits = nBitsA;
-+ predLine = NULL;
-+ ok = gFalse;
-
- nVals = width * nComps;
-+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-+ nComps >= INT_MAX / nBits ||
-+ width >= INT_MAX / nComps / nBits ||
-+ nVals * nBits + 7 < 0) {
-+ return;
-+ }
- pixBytes = (nComps * nBits + 7) >> 3;
- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-+ if (rowBytes <= 0) {
-+ return;
-+ }
- predLine = (Guchar *)gmalloc(rowBytes);
- memset(predLine, 0, rowBytes);
- predIdx = rowBytes;
-+
-+ ok = gTrue;
- }
-
- StreamPredictor::~StreamPredictor() {
-***************
-*** 1004,1009 ****
---- 1018,1027 ----
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
-***************
-*** 1259,1264 ****
---- 1277,1285 ----
- if (columns < 1) {
- columns = 1;
- }
-+ if (columns + 4 <= 0) {
-+ columns = INT_MAX - 4;
-+ }
- rows = rowsA;
- endOfBlock = endOfBlockA;
- black = blackA;
-***************
-*** 2899,2904 ****
---- 2920,2930 ----
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream");
-+ numComps = 0;
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-***************
-*** 2925,2930 ****
---- 2951,2961 ----
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream");
-+ numComps = 0;
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-***************
-*** 2947,2952 ****
---- 2978,2988 ----
-
- length = read16() - 2;
- scanInfo.numComps = str->getChar();
-+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream");
-+ scanInfo.numComps = 0;
-+ return gFalse;
-+ }
- --length;
- if (length != 2 * scanInfo.numComps + 3) {
- error(getPos(), "Bad DCT scan info block");
-***************
-*** 3041,3046 ****
---- 3077,3083 ----
- numACHuffTables = index+1;
- tbl = &acHuffTables[index];
- } else {
-+ index &= 0x0f;
- if (index >= numDCHuffTables)
- numDCHuffTables = index+1;
- tbl = &dcHuffTables[index];
-***************
-*** 3827,3832 ****
---- 3864,3873 ----
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
-diff -cr xpdf-3.01.orig/xpdf/Stream.h xpdf-3.01/xpdf/Stream.h
-*** xpdf-3.01.orig/xpdf/Stream.h Tue Aug 16 22:34:31 2005
---- xpdf-3.01/xpdf/Stream.h Tue Jan 17 17:19:54 2006
-***************
-*** 232,237 ****
---- 232,239 ----
-
- ~StreamPredictor();
-
-+ GBool isOk() { return ok; }
-+
- int lookChar();
- int getChar();
-
-***************
-*** 249,254 ****
---- 251,257 ----
- int rowBytes; // bytes per line
- Guchar *predLine; // line buffer
- int predIdx; // current index in predLine
-+ GBool ok;
- };
-
- //------------------------------------------------------------------------
-***************
-*** 527,533 ****
- short getWhiteCode();
- short getBlackCode();
- short lookBits(int n);
-! void eatBits(int n) { inputBits -= n; }
- };
-
- //------------------------------------------------------------------------
---- 530,536 ----
- short getWhiteCode();
- short getBlackCode();
- short lookBits(int n);
-! void eatBits(int n) { if ((inputBits -= n) < 0) inputBits = 0; }
- };
-
- //------------------------------------------------------------------------
-diff -cr xpdf-3.01.orig/splash/SplashXPathScanner.cc xpdf-3.01/splash/SplashXPathScanner.cc
-*** xpdf-3.01.orig/splash/SplashXPathScanner.cc Tue Aug 16 22:34:31 2005
---- xpdf-3.01/splash/SplashXPathScanner.cc Wed Feb 1 17:01:14 2006
-***************
-*** 186,192 ****
- }
-
- void SplashXPathScanner::computeIntersections(int y) {
-! SplashCoord ySegMin, ySegMax, xx0, xx1;
- SplashXPathSeg *seg;
- int i, j;
-
---- 186,192 ----
- }
-
- void SplashXPathScanner::computeIntersections(int y) {
-! SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
- SplashXPathSeg *seg;
- int i, j;
-
-***************
-*** 236,254 ****
- } else if (seg->flags & splashXPathVert) {
- xx0 = xx1 = seg->x0;
- } else {
-! if (ySegMin <= y) {
-! // intersection with top edge
-! xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
- } else {
-! // x coord of segment endpoint with min y coord
-! xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
- }
-! if (ySegMax >= y + 1) {
-! // intersection with bottom edge
-! xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
-! } else {
-! // x coord of segment endpoint with max y coord
-! xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
- }
- }
- if (xx0 < xx1) {
---- 236,262 ----
- } else if (seg->flags & splashXPathVert) {
- xx0 = xx1 = seg->x0;
- } else {
-! if (seg->x0 < seg->x1) {
-! xSegMin = seg->x0;
-! xSegMax = seg->x1;
- } else {
-! xSegMin = seg->x1;
-! xSegMax = seg->x0;
- }
-! // intersection with top edge
-! xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
-! // intersection with bottom edge
-! xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
-! // the segment may not actually extend to the top and/or bottom edges
-! if (xx0 < xSegMin) {
-! xx0 = xSegMin;
-! } else if (xx0 > xSegMax) {
-! xx0 = xSegMax;
-! }
-! if (xx1 < xSegMin) {
-! xx1 = xSegMin;
-! } else if (xx1 > xSegMax) {
-! xx1 = xSegMax;
- }
- }
- if (xx0 < xx1) {
+++ /dev/null
-diff -urN xpdf-3.01-org/splash/SplashFTFont.cc xpdf-3.01/splash/SplashFTFont.cc
---- xpdf-3.01-org/splash/SplashFTFont.cc 2005-12-23 16:57:18.076514614 +0100
-+++ xpdf-3.01/splash/SplashFTFont.cc 2005-12-23 17:33:42.731318339 +0100
-@@ -14,7 +14,8 @@
-
- #include <ft2build.h>
- #include FT_OUTLINE_H
--#include FT_INTERNAL_OBJECTS_H // needed for FT_New_Size decl
-+#include FT_SIZES_H // needed for FT_New_Size decl
-+#include FT_GLYPH_H
- #include "gmem.h"
- #include "SplashMath.h"
- #include "SplashGlyphBitmap.h"
-@@ -25,11 +26,12 @@
-
- //------------------------------------------------------------------------
-
--static int glyphPathMoveTo(FT_Vector *pt, void *path);
--static int glyphPathLineTo(FT_Vector *pt, void *path);
--static int glyphPathConicTo(FT_Vector *ctrl, FT_Vector *pt, void *path);
--static int glyphPathCubicTo(FT_Vector *ctrl1, FT_Vector *ctrl2,
-- FT_Vector *pt, void *path);
-+static int glyphPathMoveTo( const FT_Vector *pt, void *path);
-+static int glyphPathLineTo( const FT_Vector *pt, void *path);
-+static int glyphPathConicTo( const FT_Vector *ctrl, const FT_Vector *pt,
-+ void* path );
-+static int glyphPathCubicTo( const FT_Vector *ctrl1, const FT_Vector *ctrl2,
-+ const FT_Vector *pt, void *path);
-
- //------------------------------------------------------------------------
- // SplashFTFont
-@@ -210,7 +212,7 @@
- };
-
- SplashPath *SplashFTFont::getGlyphPath(int c) {
-- static FT_Outline_Funcs outlineFuncs = {
-+ static const FT_Outline_Funcs outlineFuncs = {
- &glyphPathMoveTo,
- &glyphPathLineTo,
- &glyphPathConicTo,
-@@ -249,7 +251,7 @@
- return path.path;
- }
-
--static int glyphPathMoveTo(FT_Vector *pt, void *path) {
-+static int glyphPathMoveTo( const FT_Vector *pt, void *path) {
- SplashFTFontPath *p = (SplashFTFontPath *)path;
-
- if (p->needClose) {
-@@ -260,7 +262,7 @@
- return 0;
- }
-
--static int glyphPathLineTo(FT_Vector *pt, void *path) {
-+static int glyphPathLineTo(const FT_Vector *pt, void *path) {
- SplashFTFontPath *p = (SplashFTFontPath *)path;
-
- p->path->lineTo(pt->x / 64.0, -pt->y / 64.0);
-@@ -268,7 +270,7 @@
- return 0;
- }
-
--static int glyphPathConicTo(FT_Vector *ctrl, FT_Vector *pt, void *path) {
-+static int glyphPathConicTo(const FT_Vector *ctrl, const FT_Vector *pt, void *path) {
- SplashFTFontPath *p = (SplashFTFontPath *)path;
- SplashCoord x0, y0, x1, y1, x2, y2, x3, y3, xc, yc;
-
-@@ -306,8 +308,8 @@
- return 0;
- }
-
--static int glyphPathCubicTo(FT_Vector *ctrl1, FT_Vector *ctrl2,
-- FT_Vector *pt, void *path) {
-+static int glyphPathCubicTo(const FT_Vector *ctrl1, const FT_Vector *ctrl2,
-+ const FT_Vector *pt, void *path) {
- SplashFTFontPath *p = (SplashFTFontPath *)path;
-
- p->path->curveTo(ctrl1->x / 64.0, -ctrl1->y / 64.0,
projects / packages / xpdf.git / commitdiff