apply a patch from xpdf to fix an integer overflow vulnerability

(CVE-2007-3387)
bump PKGREVISION

1 files changed, 30 insertions, 0 deletions

diff --git a/print/poppler/patches/patch-af b/print/poppler/patches/patch-af
new file mode 100644
index 00000000000..757924ba8df
--- /dev/null
+++ b/print/poppler/patches/patch-af
@@ -0,0 +1,30 @@
+$NetBSD: patch-af,v 1.1 2007/08/02 14:41:19 drochner Exp $
+
+--- poppler/Stream.cc.orig	2007-08-02 10:28:59.000000000 +0200
++++ poppler/Stream.cc
+@@ -422,12 +422,6 @@ StreamPredictor::StreamPredictor(Stream 
+   ok = gFalse;
+ 
+   nVals = width * nComps;
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX/nBits ||
+-      width >= INT_MAX/nComps/nBits ||
+-      nVals * nBits + 7 < 0) {
+-    return;
+-  }
+   totalBits = nVals * nBits;
+   if (totalBits == 0 ||
+       (totalBits / nBits) / nComps != width ||
+@@ -436,7 +430,11 @@ StreamPredictor::StreamPredictor(Stream 
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
+   rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0) {
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps > gfxColorMaxComps ||
++      nBits > 16 ||
++      width >= INT_MAX / nComps ||      // check for overflow in nVals
++      nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+     return;
+   }
+   predLine = (Guchar *)gmalloc(rowBytes);