summaryrefslogtreecommitdiff
path: root/print/xpdf/patches/patch-ao
diff options
context:
space:
mode:
Diffstat (limited to 'print/xpdf/patches/patch-ao')
-rw-r--r--print/xpdf/patches/patch-ao79
1 files changed, 79 insertions, 0 deletions
diff --git a/print/xpdf/patches/patch-ao b/print/xpdf/patches/patch-ao
new file mode 100644
index 00000000000..52c236062ab
--- /dev/null
+++ b/print/xpdf/patches/patch-ao
@@ -0,0 +1,79 @@
+$NetBSD: patch-ao,v 1.3 2006/01/22 23:13:33 tron Exp $
+
+--- xpdf/JBIG2Stream.cc.orig 2005-08-17 06:34:31.000000000 +0100
++++ xpdf/JBIG2Stream.cc 2006-01-22 22:48:31.000000000 +0000
+@@ -7,6 +7,7 @@
+ //========================================================================
+
+ #include <aconf.h>
++#include <limits.h>
+
+ #ifdef USE_GCC_PRAGMAS
+ #pragma implementation
+@@ -681,9 +682,15 @@
+ w = wA;
+ h = hA;
+ line = (wA + 7) >> 3;
+- // need to allocate one extra guard byte for use in combine()
+- data = (Guchar *)gmalloc(h * line + 1);
+- data[h * line] = 0;
++
++ if (h < 0 || line <= 0 || h >= INT_MAX / line) {
++ data = NULL;
++ }
++ else {
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
++ data[h * line] = 0;
++ }
+ }
+
+ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap):
+@@ -692,6 +699,12 @@
+ w = bitmap->w;
+ h = bitmap->h;
+ line = bitmap->line;
++
++ if (h < 0 || line <= 0 || h >= INT_MAX / line) {
++ data = NULL;
++ return;
++ }
++
+ // need to allocate one extra guard byte for use in combine()
+ data = (Guchar *)gmalloc(h * line + 1);
+ memcpy(data, bitmap->data, h * line);
+@@ -720,7 +733,7 @@
+ }
+
+ void JBIG2Bitmap::expand(int newH, Guint pixel) {
+- if (newH <= h) {
++ if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
+ return;
+ }
+ // need to allocate one extra guard byte for use in combine()
+@@ -2305,6 +2318,15 @@
+ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
+ return;
+ }
++ if (gridH == 0 || gridW >= INT_MAX / gridH) {
++ error(getPos(), "Bad size in JBIG2 halftone segment");
++ return;
++ }
++ if (w == 0 || h >= INT_MAX / w) {
++ error(getPos(), "Bad size in JBIG2 bitmap segment");
++ return;
++ }
++
+ patternDict = (JBIG2PatternDict *)seg;
+ bpp = 0;
+ i = 1;
+@@ -2936,6 +2958,9 @@
+ JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2;
+ int x, y, pix;
+
++ if (w < 0 || h <= 0 || w >= INT_MAX / h)
++ return NULL;
++
+ bitmap = new JBIG2Bitmap(0, w, h);
+ bitmap->clearToZero();
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-27 18:42:57 +0000