$NetBSD: patch-ao,v 1.4 2006/03/29 17:20:09 joerg Exp $

--- xpdf/JBIG2Stream.cc.orig	2005-08-17 06:34:31.000000000 +0100
+++ xpdf/JBIG2Stream.cc	2006-01-22 22:48:31.000000000 +0000
@@ -2305,6 +2318,15 @@
     error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
     return;
   }
+  if (gridH == 0 || gridW >= INT_MAX / gridH) {
+    error(getPos(), "Bad size in JBIG2 halftone segment");
+    return;
+  }
+  if (w == 0 || h >= INT_MAX / w) {
+     error(getPos(), "Bad size in JBIG2 bitmap segment");
+    return;
+  }
+
   patternDict = (JBIG2PatternDict *)seg;
   bpp = 0;
   i = 1;
@@ -2936,6 +2958,9 @@
   JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2;
   int x, y, pix;
 
+  if (w < 0 || h <= 0 || w >= INT_MAX / h)
+    return NULL;
+
   bitmap = new JBIG2Bitmap(0, w, h);
   bitmap->clearToZero();