Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Alexis Ballier (aballier)" <aballier@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/texlive/2008/texlive-core: 200_all_xpdf-3.02pl3.patch series
Date: Wed, 29 Apr 2009 22:17:22
Message-Id: E1LzI5f-0007Ya-KG@stork.gentoo.org
1 aballier 09/04/29 22:17:19
2
3 Modified: series
4 Added: 200_all_xpdf-3.02pl3.patch
5 Log:
6 add xpdf 3.02pl3 patch for bug #264601
7
8 Revision Changes Path
9 1.7 src/patchsets/texlive/2008/texlive-core/series
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/texlive/2008/texlive-core/series?rev=1.7&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/texlive/2008/texlive-core/series?rev=1.7&content-type=text/plain
13 diff : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/texlive/2008/texlive-core/series?r1=1.6&r2=1.7
14
15 Index: series
16 ===================================================================
17 RCS file: /var/cvsroot/gentoo/src/patchsets/texlive/2008/texlive-core/series,v
18 retrieving revision 1.6
19 retrieving revision 1.7
20 diff -u -r1.6 -r1.7
21 --- series 29 Nov 2008 14:57:17 -0000 1.6
22 +++ series 29 Apr 2009 22:17:19 -0000 1.7
23 @@ -6,3 +6,4 @@
24 160_all_man5.patch
25 160_all_cxxflags_for_cplusplus.patch
26 190_all_xpdf_const_char.patch
27 +200_all_xpdf-3.02pl3.patch
28
29
30
31 1.1 src/patchsets/texlive/2008/texlive-core/200_all_xpdf-3.02pl3.patch
32
33 file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/texlive/2008/texlive-core/200_all_xpdf-3.02pl3.patch?rev=1.1&view=markup
34 plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/texlive/2008/texlive-core/200_all_xpdf-3.02pl3.patch?rev=1.1&content-type=text/plain
35
36 Index: 200_all_xpdf-3.02pl3.patch
37 ===================================================================
38 Index: texlive-20080816-source/libs/xpdf/goo/gmem.cc
39 ===================================================================
40 --- texlive-20080816-source.orig/libs/xpdf/goo/gmem.cc
41 +++ texlive-20080816-source/libs/xpdf/goo/gmem.cc
42 @@ -55,7 +55,15 @@ void *gmalloc(int size) GMEM_EXCEP {
43 void *data;
44 unsigned long *trl, *p;
45
46 - if (size <= 0) {
47 + if (size < 0) {
48 +#if USE_EXCEPTIONS
49 + throw GMemException();
50 +#else
51 + fprintf(stderr, "Invalid memory allocation size\n");
52 + exit(1);
53 +#endif
54 + }
55 + if (size == 0) {
56 return NULL;
57 }
58 size1 = gMemDataSize(size);
59 @@ -91,7 +99,15 @@ void *gmalloc(int size) GMEM_EXCEP {
60 #else
61 void *p;
62
63 - if (size <= 0) {
64 + if (size < 0) {
65 +#if USE_EXCEPTIONS
66 + throw GMemException();
67 +#else
68 + fprintf(stderr, "Invalid memory allocation size\n");
69 + exit(1);
70 +#endif
71 + }
72 + if (size == 0) {
73 return NULL;
74 }
75 if (!(p = malloc(size))) {
76 @@ -112,7 +128,15 @@ void *grealloc(void *p, int size) GMEM_E
77 void *q;
78 int oldSize;
79
80 - if (size <= 0) {
81 + if (size < 0) {
82 +#if USE_EXCEPTIONS
83 + throw GMemException();
84 +#else
85 + fprintf(stderr, "Invalid memory allocation size\n");
86 + exit(1);
87 +#endif
88 + }
89 + if (size == 0) {
90 if (p) {
91 gfree(p);
92 }
93 @@ -131,7 +155,15 @@ void *grealloc(void *p, int size) GMEM_E
94 #else
95 void *q;
96
97 - if (size <= 0) {
98 + if (size < 0) {
99 +#if USE_EXCEPTIONS
100 + throw GMemException();
101 +#else
102 + fprintf(stderr, "Invalid memory allocation size\n");
103 + exit(1);
104 +#endif
105 + }
106 + if (size == 0) {
107 if (p) {
108 free(p);
109 }
110 Index: texlive-20080816-source/libs/xpdf/xpdf/JBIG2Stream.cc
111 ===================================================================
112 --- texlive-20080816-source.orig/libs/xpdf/xpdf/JBIG2Stream.cc
113 +++ texlive-20080816-source/libs/xpdf/xpdf/JBIG2Stream.cc
114 @@ -422,12 +422,14 @@ void JBIG2HuffmanDecoder::buildTable(JBI
115 table[i] = table[len];
116
117 // assign prefixes
118 - i = 0;
119 - prefix = 0;
120 - table[i++].prefix = prefix++;
121 - for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
122 - prefix <<= table[i].prefixLen - table[i-1].prefixLen;
123 - table[i].prefix = prefix++;
124 + if (table[0].rangeLen != jbig2HuffmanEOT) {
125 + i = 0;
126 + prefix = 0;
127 + table[i++].prefix = prefix++;
128 + for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
129 + prefix <<= table[i].prefixLen - table[i-1].prefixLen;
130 + table[i].prefix = prefix++;
131 + }
132 }
133 }
134
135 @@ -491,7 +493,7 @@ int JBIG2MMRDecoder::get2DCode() {
136 }
137 if (p->bits < 0) {
138 error(str->getPos(), "Bad two dim code in JBIG2 MMR stream");
139 - return 0;
140 + return EOF;
141 }
142 bufLen -= p->bits;
143 return p->n;
144 @@ -507,7 +509,7 @@ int JBIG2MMRDecoder::getWhiteCode() {
145 ++nBytesRead;
146 }
147 while (1) {
148 - if (bufLen >= 7 && ((buf >> (bufLen - 7)) & 0x7f) == 0) {
149 + if (bufLen >= 11 && ((buf >> (bufLen - 7)) & 0x7f) == 0) {
150 if (bufLen <= 12) {
151 code = buf << (12 - bufLen);
152 } else {
153 @@ -550,14 +552,15 @@ int JBIG2MMRDecoder::getBlackCode() {
154 ++nBytesRead;
155 }
156 while (1) {
157 - if (bufLen >= 6 && ((buf >> (bufLen - 6)) & 0x3f) == 0) {
158 + if (bufLen >= 10 && ((buf >> (bufLen - 6)) & 0x3f) == 0) {
159 if (bufLen <= 13) {
160 code = buf << (13 - bufLen);
161 } else {
162 code = buf >> (bufLen - 13);
163 }
164 p = &blackTab1[code & 0x7f];
165 - } else if (bufLen >= 4 && ((buf >> (bufLen - 4)) & 0x0f) == 0) {
166 + } else if (bufLen >= 7 && ((buf >> (bufLen - 4)) & 0x0f) == 0 &&
167 + ((buf >> (bufLen - 6)) & 0x03) != 0) {
168 if (bufLen <= 12) {
169 code = buf << (12 - bufLen);
170 } else {
171 @@ -683,8 +686,9 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
172 h = hA;
173 line = (wA + 7) >> 3;
174 if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
175 - data = NULL;
176 - return;
177 + // force a call to gmalloc(-1), which will throw an exception
178 + h = -1;
179 + line = 2;
180 }
181 // need to allocate one extra guard byte for use in combine()
182 data = (Guchar *)gmalloc(h * line + 1);
183 @@ -698,8 +702,9 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
184 h = bitmap->h;
185 line = bitmap->line;
186 if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
187 - data = NULL;
188 - return;
189 + // force a call to gmalloc(-1), which will throw an exception
190 + h = -1;
191 + line = 2;
192 }
193 // need to allocate one extra guard byte for use in combine()
194 data = (Guchar *)gmalloc(h * line + 1);
195 @@ -754,6 +759,8 @@ void JBIG2Bitmap::clearToOne() {
196 inline void JBIG2Bitmap::getPixelPtr(int x, int y, JBIG2BitmapPtr *ptr) {
197 if (y < 0 || y >= h || x >= w) {
198 ptr->p = NULL;
199 + ptr->shift = 0; // make gcc happy
200 + ptr->x = 0; // make gcc happy
201 } else if (x < 0) {
202 ptr->p = &data[y * line];
203 ptr->shift = 7;
204 @@ -798,6 +805,10 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
205 Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
206 GBool oneByte;
207
208 + // check for the pathological case where y = -2^31
209 + if (y < -0x7fffffff) {
210 + return;
211 + }
212 if (y < 0) {
213 y0 = -y;
214 } else {
215 @@ -1011,8 +1022,13 @@ private:
216 JBIG2SymbolDict::JBIG2SymbolDict(Guint segNumA, Guint sizeA):
217 JBIG2Segment(segNumA)
218 {
219 + Guint i;
220 +
221 size = sizeA;
222 bitmaps = (JBIG2Bitmap **)gmallocn(size, sizeof(JBIG2Bitmap *));
223 + for (i = 0; i < size; ++i) {
224 + bitmaps[i] = NULL;
225 + }
226 genericRegionStats = NULL;
227 refinementRegionStats = NULL;
228 }
229 @@ -1021,7 +1037,9 @@ JBIG2SymbolDict::~JBIG2SymbolDict() {
230 Guint i;
231
232 for (i = 0; i < size; ++i) {
233 - delete bitmaps[i];
234 + if (bitmaps[i]) {
235 + delete bitmaps[i];
236 + }
237 }
238 gfree(bitmaps);
239 if (genericRegionStats) {
240 @@ -1296,6 +1314,13 @@ void JBIG2Stream::readSegments() {
241 goto eofError2;
242 }
243
244 + // check for missing page information segment
245 + if (!pageBitmap && ((segType >= 4 && segType <= 7) ||
246 + (segType >= 20 && segType <= 43))) {
247 + error(getPos(), "First JBIG2 segment associated with a page must be a page information segment");
248 + goto syntaxError;
249 + }
250 +
251 // read the segment data
252 switch (segType) {
253 case 0:
254 @@ -1411,6 +1436,8 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
255 Guint i, j, k;
256 Guchar *p;
257
258 + symWidths = NULL;
259 +
260 // symbol dictionary flags
261 if (!readUWord(&flags)) {
262 goto eofError;
263 @@ -1466,20 +1493,32 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
264 codeTables = new GList();
265 numInputSyms = 0;
266 for (i = 0; i < nRefSegs; ++i) {
267 - seg = findSegment(refSegs[i]);
268 - if (seg->getType() == jbig2SegSymbolDict) {
269 - numInputSyms += ((JBIG2SymbolDict *)seg)->getSize();
270 - } else if (seg->getType() == jbig2SegCodeTable) {
271 - codeTables->append(seg);
272 + if ((seg = findSegment(refSegs[i]))) {
273 + if (seg->getType() == jbig2SegSymbolDict) {
274 + j = ((JBIG2SymbolDict *)seg)->getSize();
275 + if (numInputSyms > UINT_MAX - j) {
276 + error(getPos(), "Too many input symbols in JBIG2 symbol dictionary");
277 + delete codeTables;
278 + goto eofError;
279 + }
280 + numInputSyms += j;
281 + } else if (seg->getType() == jbig2SegCodeTable) {
282 + codeTables->append(seg);
283 + }
284 }
285 }
286 + if (numInputSyms > UINT_MAX - numNewSyms) {
287 + error(getPos(), "Too many input symbols in JBIG2 symbol dictionary");
288 + delete codeTables;
289 + goto eofError;
290 + }
291
292 // compute symbol code length
293 - symCodeLen = 0;
294 - i = 1;
295 - while (i < numInputSyms + numNewSyms) {
296 + symCodeLen = 1;
297 + i = (numInputSyms + numNewSyms) >> 1;
298 + while (i) {
299 ++symCodeLen;
300 - i <<= 1;
301 + i >>= 1;
302 }
303
304 // get the input symbol bitmaps
305 @@ -1491,11 +1530,12 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
306 k = 0;
307 inputSymbolDict = NULL;
308 for (i = 0; i < nRefSegs; ++i) {
309 - seg = findSegment(refSegs[i]);
310 - if (seg->getType() == jbig2SegSymbolDict) {
311 - inputSymbolDict = (JBIG2SymbolDict *)seg;
312 - for (j = 0; j < inputSymbolDict->getSize(); ++j) {
313 - bitmaps[k++] = inputSymbolDict->getBitmap(j);
314 + if ((seg = findSegment(refSegs[i]))) {
315 + if (seg->getType() == jbig2SegSymbolDict) {
316 + inputSymbolDict = (JBIG2SymbolDict *)seg;
317 + for (j = 0; j < inputSymbolDict->getSize(); ++j) {
318 + bitmaps[k++] = inputSymbolDict->getBitmap(j);
319 + }
320 }
321 }
322 }
323 @@ -1510,6 +1550,9 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
324 } else if (huffDH == 1) {
325 huffDHTable = huffTableE;
326 } else {
327 + if (i >= (Guint)codeTables->getLength()) {
328 + goto codeTableError;
329 + }
330 huffDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
331 }
332 if (huffDW == 0) {
333 @@ -1517,17 +1560,26 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
334 } else if (huffDW == 1) {
335 huffDWTable = huffTableC;
336 } else {
337 + if (i >= (Guint)codeTables->getLength()) {
338 + goto codeTableError;
339 + }
340 huffDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
341 }
342 if (huffBMSize == 0) {
343 huffBMSizeTable = huffTableA;
344 } else {
345 + if (i >= (Guint)codeTables->getLength()) {
346 + goto codeTableError;
347 + }
348 huffBMSizeTable =
349 ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
350 }
351 if (huffAggInst == 0) {
352 huffAggInstTable = huffTableA;
353 } else {
354 + if (i >= (Guint)codeTables->getLength()) {
355 + goto codeTableError;
356 + }
357 huffAggInstTable =
358 ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
359 }
360 @@ -1560,7 +1612,6 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
361 }
362
363 // allocate symbol widths storage
364 - symWidths = NULL;
365 if (huff && !refAgg) {
366 symWidths = (Guint *)gmallocn(numNewSyms, sizeof(Guint));
367 }
368 @@ -1602,6 +1653,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
369 goto syntaxError;
370 }
371 symWidth += dw;
372 + if (i >= numNewSyms) {
373 + error(getPos(), "Too many symbols in JBIG2 symbol dictionary");
374 + goto syntaxError;
375 + }
376
377 // using a collective bitmap, so don't read a bitmap here
378 if (huff && !refAgg) {
379 @@ -1638,6 +1693,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
380 arithDecoder->decodeInt(&refDX, iardxStats);
381 arithDecoder->decodeInt(&refDY, iardyStats);
382 }
383 + if (symID >= numInputSyms + i) {
384 + error(getPos(), "Invalid symbol ID in JBIG2 symbol dictionary");
385 + goto syntaxError;
386 + }
387 refBitmap = bitmaps[symID];
388 bitmaps[numInputSyms + i] =
389 readGenericRefinementRegion(symWidth, symHeight,
390 @@ -1704,6 +1763,12 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
391 } else {
392 arithDecoder->decodeInt(&run, iaexStats);
393 }
394 + if (i + run > numInputSyms + numNewSyms ||
395 + (ex && j + run > numExSyms)) {
396 + error(getPos(), "Too many exported symbols in JBIG2 symbol dictionary");
397 + delete symbolDict;
398 + goto syntaxError;
399 + }
400 if (ex) {
401 for (cnt = 0; cnt < run; ++cnt) {
402 symbolDict->setBitmap(j++, bitmaps[i++]->copy());
403 @@ -1713,6 +1778,11 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
404 }
405 ex = !ex;
406 }
407 + if (j != numExSyms) {
408 + error(getPos(), "Too few symbols in JBIG2 symbol dictionary");
409 + delete symbolDict;
410 + goto syntaxError;
411 + }
412
413 for (i = 0; i < numNewSyms; ++i) {
414 delete bitmaps[numInputSyms + i];
415 @@ -1735,6 +1805,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui
416
417 return gTrue;
418
419 + codeTableError:
420 + error(getPos(), "Missing code table in JBIG2 symbol dictionary");
421 + delete codeTables;
422 +
423 syntaxError:
424 for (i = 0; i < numNewSyms; ++i) {
425 if (bitmaps[numInputSyms + i]) {
426 @@ -1837,6 +1911,8 @@ void JBIG2Stream::readTextRegionSeg(Guin
427 }
428 } else {
429 error(getPos(), "Invalid segment reference in JBIG2 text region");
430 + delete codeTables;
431 + return;
432 }
433 }
434 symCodeLen = 0;
435 @@ -1871,6 +1947,9 @@ void JBIG2Stream::readTextRegionSeg(Guin
436 } else if (huffFS == 1) {
437 huffFSTable = huffTableG;
438 } else {
439 + if (i >= (Guint)codeTables->getLength()) {
440 + goto codeTableError;
441 + }
442 huffFSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
443 }
444 if (huffDS == 0) {
445 @@ -1880,6 +1959,9 @@ void JBIG2Stream::readTextRegionSeg(Guin
446 } else if (huffDS == 2) {
447 huffDSTable = huffTableJ;
448 } else {
449 + if (i >= (Guint)codeTables->getLength()) {
450 + goto codeTableError;
451 + }
452 huffDSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
453 }
454 if (huffDT == 0) {
455 @@ -1889,6 +1971,9 @@ void JBIG2Stream::readTextRegionSeg(Guin
456 } else if (huffDT == 2) {
457 huffDTTable = huffTableM;
458 } else {
459 + if (i >= (Guint)codeTables->getLength()) {
460 + goto codeTableError;
461 + }
462 huffDTTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
463 }
464 if (huffRDW == 0) {
465 @@ -1896,6 +1981,9 @@ void JBIG2Stream::readTextRegionSeg(Guin
466 } else if (huffRDW == 1) {
467 huffRDWTable = huffTableO;
468 } else {
469 + if (i >= (Guint)codeTables->getLength()) {
470 + goto codeTableError;
471 + }
472 huffRDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
473 }
474 if (huffRDH == 0) {
475 @@ -1903,6 +1991,9 @@ void JBIG2Stream::readTextRegionSeg(Guin
476 } else if (huffRDH == 1) {
477 huffRDHTable = huffTableO;
478 } else {
479 + if (i >= (Guint)codeTables->getLength()) {
480 + goto codeTableError;
481 + }
482 huffRDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
483 }
484 if (huffRDX == 0) {
485 @@ -1910,6 +2001,9 @@ void JBIG2Stream::readTextRegionSeg(Guin
486 } else if (huffRDX == 1) {
487 huffRDXTable = huffTableO;
488 } else {
489 + if (i >= (Guint)codeTables->getLength()) {
490 + goto codeTableError;
491 + }
492 huffRDXTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
493 }
494 if (huffRDY == 0) {
495 @@ -1917,11 +2011,17 @@ void JBIG2Stream::readTextRegionSeg(Guin
496 } else if (huffRDY == 1) {
497 huffRDYTable = huffTableO;
498 } else {
499 + if (i >= (Guint)codeTables->getLength()) {
500 + goto codeTableError;
501 + }
502 huffRDYTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
503 }
504 if (huffRSize == 0) {
505 huffRSizeTable = huffTableA;
506 } else {
507 + if (i >= (Guint)codeTables->getLength()) {
508 + goto codeTableError;
509 + }
510 huffRSizeTable =
511 ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
512 }
513 @@ -2016,8 +2116,15 @@ void JBIG2Stream::readTextRegionSeg(Guin
514
515 return;
516
517 + codeTableError:
518 + error(getPos(), "Missing code table in JBIG2 text region");
519 + gfree(codeTables);
520 + delete syms;
521 + return;
522 +
523 eofError:
524 error(getPos(), "Unexpected EOF in JBIG2 stream");
525 + return;
526 }
527
528 JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine,
529 @@ -2324,8 +2431,8 @@ void JBIG2Stream::readHalftoneRegionSeg(
530 error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
531 return;
532 }
533 - seg = findSegment(refSegs[0]);
534 - if (seg->getType() != jbig2SegPatternDict) {
535 + if (!(seg = findSegment(refSegs[0])) ||
536 + seg->getType() != jbig2SegPatternDict) {
537 error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
538 return;
539 }
540 @@ -2483,7 +2590,7 @@ void JBIG2Stream::readGenericRegionSeg(G
541
542 // read the bitmap
543 bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse,
544 - NULL, atx, aty, mmr ? 0 : length - 18);
545 + NULL, atx, aty, mmr ? length - 18 : 0);
546
547 // combine the region bitmap into the page bitmap
548 if (imm) {
549 @@ -2505,6 +2612,43 @@ void JBIG2Stream::readGenericRegionSeg(G
550 error(getPos(), "Unexpected EOF in JBIG2 stream");
551 }
552
553 +inline void JBIG2Stream::mmrAddPixels(int a1, int blackPixels,
554 + int *codingLine, int *a0i, int w) {
555 + if (a1 > codingLine[*a0i]) {
556 + if (a1 > w) {
557 + error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
558 + a1 = w;
559 + }
560 + if ((*a0i & 1) ^ blackPixels) {
561 + ++*a0i;
562 + }
563 + codingLine[*a0i] = a1;
564 + }
565 +}
566 +
567 +inline void JBIG2Stream::mmrAddPixelsNeg(int a1, int blackPixels,
568 + int *codingLine, int *a0i, int w) {
569 + if (a1 > codingLine[*a0i]) {
570 + if (a1 > w) {
571 + error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
572 + a1 = w;
573 + }
574 + if ((*a0i & 1) ^ blackPixels) {
575 + ++*a0i;
576 + }
577 + codingLine[*a0i] = a1;
578 + } else if (a1 < codingLine[*a0i]) {
579 + if (a1 < 0) {
580 + error(getPos(), "Invalid JBIG2 MMR code");
581 + a1 = 0;
582 + }
583 + while (*a0i > 0 && a1 <= codingLine[*a0i - 1]) {
584 + --*a0i;
585 + }
586 + codingLine[*a0i] = a1;
587 + }
588 +}
589 +
590 JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h,
591 int templ, GBool tpgdOn,
592 GBool useSkip, JBIG2Bitmap *skip,
593 @@ -2517,7 +2661,7 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit
594 JBIG2BitmapPtr atPtr0, atPtr1, atPtr2, atPtr3;
595 int *refLine, *codingLine;
596 int code1, code2, code3;
597 - int x, y, a0, pix, i, refI, codingI;
598 + int x, y, a0i, b1i, blackPixels, pix, i;
599
600 bitmap = new JBIG2Bitmap(0, w, h);
601 bitmap->clearToZero();
602 @@ -2527,9 +2671,18 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit
603 if (mmr) {
604
605 mmrDecoder->reset();
606 + if (w > INT_MAX - 2) {
607 + error(getPos(), "Bad width in JBIG2 generic bitmap");
608 + // force a call to gmalloc(-1), which will throw an exception
609 + w = -3;
610 + }
611 + // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = w
612 + // ---> max codingLine size = w + 1
613 + // refLine has one extra guard entry at the end
614 + // ---> max refLine size = w + 2
615 + codingLine = (int *)gmallocn(w + 1, sizeof(int));
616 refLine = (int *)gmallocn(w + 2, sizeof(int));
617 - codingLine = (int *)gmallocn(w + 2, sizeof(int));
618 - codingLine[0] = codingLine[1] = w;
619 + codingLine[0] = w;
620
621 for (y = 0; y < h; ++y) {
622
623 @@ -2537,128 +2690,157 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit
624 for (i = 0; codingLine[i] < w; ++i) {
625 refLine[i] = codingLine[i];
626 }
627 - refLine[i] = refLine[i + 1] = w;
628 + refLine[i++] = w;
629 + refLine[i] = w;
630
631 // decode a line
632 - refI = 0; // b1 = refLine[refI]
633 - codingI = 0; // a1 = codingLine[codingI]
634 - a0 = 0;
635 - do {
636 + codingLine[0] = 0;
637 + a0i = 0;
638 + b1i = 0;
639 + blackPixels = 0;
640 + // invariant:
641 + // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] <= w
642 + // exception at left edge:
643 + // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
644 + // exception at right edge:
645 + // refLine[b1i] = refLine[b1i+1] = w is possible
646 + while (codingLine[a0i] < w) {
647 code1 = mmrDecoder->get2DCode();
648 switch (code1) {
649 case twoDimPass:
650 - if (refLine[refI] < w) {
651 - a0 = refLine[refI + 1];
652 - refI += 2;
653 - }
654 - break;
655 + mmrAddPixels(refLine[b1i + 1], blackPixels, codingLine, &a0i, w);
656 + if (refLine[b1i + 1] < w) {
657 + b1i += 2;
658 + }
659 + break;
660 case twoDimHoriz:
661 - if (codingI & 1) {
662 - code1 = 0;
663 - do {
664 - code1 += code3 = mmrDecoder->getBlackCode();
665 - } while (code3 >= 64);
666 - code2 = 0;
667 - do {
668 - code2 += code3 = mmrDecoder->getWhiteCode();
669 - } while (code3 >= 64);
670 - } else {
671 - code1 = 0;
672 - do {
673 - code1 += code3 = mmrDecoder->getWhiteCode();
674 - } while (code3 >= 64);
675 - code2 = 0;
676 - do {
677 - code2 += code3 = mmrDecoder->getBlackCode();
678 - } while (code3 >= 64);
679 - }
680 - if (code1 > 0 || code2 > 0) {
681 - a0 = codingLine[codingI++] = a0 + code1;
682 - a0 = codingLine[codingI++] = a0 + code2;
683 - while (refLine[refI] <= a0 && refLine[refI] < w) {
684 - refI += 2;
685 - }
686 - }
687 - break;
688 - case twoDimVert0:
689 - a0 = codingLine[codingI++] = refLine[refI];
690 - if (refLine[refI] < w) {
691 - ++refI;
692 - }
693 - break;
694 - case twoDimVertR1:
695 - a0 = codingLine[codingI++] = refLine[refI] + 1;
696 - if (refLine[refI] < w) {
697 - ++refI;
698 - while (refLine[refI] <= a0 && refLine[refI] < w) {
699 - refI += 2;
700 - }
701 - }
702 - break;
703 - case twoDimVertR2:
704 - a0 = codingLine[codingI++] = refLine[refI] + 2;
705 - if (refLine[refI] < w) {
706 - ++refI;
707 - while (refLine[refI] <= a0 && refLine[refI] < w) {
708 - refI += 2;
709 - }
710 - }
711 - break;
712 + code1 = code2 = 0;
713 + if (blackPixels) {
714 + do {
715 + code1 += code3 = mmrDecoder->getBlackCode();
716 + } while (code3 >= 64);
717 + do {
718 + code2 += code3 = mmrDecoder->getWhiteCode();
719 + } while (code3 >= 64);
720 + } else {
721 + do {
722 + code1 += code3 = mmrDecoder->getWhiteCode();
723 + } while (code3 >= 64);
724 + do {
725 + code2 += code3 = mmrDecoder->getBlackCode();
726 + } while (code3 >= 64);
727 + }
728 + mmrAddPixels(codingLine[a0i] + code1, blackPixels,
729 + codingLine, &a0i, w);
730 + if (codingLine[a0i] < w) {
731 + mmrAddPixels(codingLine[a0i] + code2, blackPixels ^ 1,
732 + codingLine, &a0i, w);
733 + }
734 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
735 + b1i += 2;
736 + }
737 + break;
738 case twoDimVertR3:
739 - a0 = codingLine[codingI++] = refLine[refI] + 3;
740 - if (refLine[refI] < w) {
741 - ++refI;
742 - while (refLine[refI] <= a0 && refLine[refI] < w) {
743 - refI += 2;
744 - }
745 - }
746 - break;
747 - case twoDimVertL1:
748 - a0 = codingLine[codingI++] = refLine[refI] - 1;
749 - if (refI > 0) {
750 - --refI;
751 - } else {
752 - ++refI;
753 - }
754 - while (refLine[refI] <= a0 && refLine[refI] < w) {
755 - refI += 2;
756 - }
757 - break;
758 - case twoDimVertL2:
759 - a0 = codingLine[codingI++] = refLine[refI] - 2;
760 - if (refI > 0) {
761 - --refI;
762 - } else {
763 - ++refI;
764 - }
765 - while (refLine[refI] <= a0 && refLine[refI] < w) {
766 - refI += 2;
767 - }
768 - break;
769 + mmrAddPixels(refLine[b1i] + 3, blackPixels, codingLine, &a0i, w);
770 + blackPixels ^= 1;
771 + if (codingLine[a0i] < w) {
772 + ++b1i;
773 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
774 + b1i += 2;
775 + }
776 + }
777 + break;
778 + case twoDimVertR2:
779 + mmrAddPixels(refLine[b1i] + 2, blackPixels, codingLine, &a0i, w);
780 + blackPixels ^= 1;
781 + if (codingLine[a0i] < w) {
782 + ++b1i;
783 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
784 + b1i += 2;
785 + }
786 + }
787 + break;
788 + case twoDimVertR1:
789 + mmrAddPixels(refLine[b1i] + 1, blackPixels, codingLine, &a0i, w);
790 + blackPixels ^= 1;
791 + if (codingLine[a0i] < w) {
792 + ++b1i;
793 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
794 + b1i += 2;
795 + }
796 + }
797 + break;
798 + case twoDimVert0:
799 + mmrAddPixels(refLine[b1i], blackPixels, codingLine, &a0i, w);
800 + blackPixels ^= 1;
801 + if (codingLine[a0i] < w) {
802 + ++b1i;
803 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
804 + b1i += 2;
805 + }
806 + }
807 + break;
808 case twoDimVertL3:
809 - a0 = codingLine[codingI++] = refLine[refI] - 3;
810 - if (refI > 0) {
811 - --refI;
812 - } else {
813 - ++refI;
814 - }
815 - while (refLine[refI] <= a0 && refLine[refI] < w) {
816 - refI += 2;
817 - }
818 - break;
819 + mmrAddPixelsNeg(refLine[b1i] - 3, blackPixels, codingLine, &a0i, w);
820 + blackPixels ^= 1;
821 + if (codingLine[a0i] < w) {
822 + if (b1i > 0) {
823 + --b1i;
824 + } else {
825 + ++b1i;
826 + }
827 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
828 + b1i += 2;
829 + }
830 + }
831 + break;
832 + case twoDimVertL2:
833 + mmrAddPixelsNeg(refLine[b1i] - 2, blackPixels, codingLine, &a0i, w);
834 + blackPixels ^= 1;
835 + if (codingLine[a0i] < w) {
836 + if (b1i > 0) {
837 + --b1i;
838 + } else {
839 + ++b1i;
840 + }
841 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
842 + b1i += 2;
843 + }
844 + }
845 + break;
846 + case twoDimVertL1:
847 + mmrAddPixelsNeg(refLine[b1i] - 1, blackPixels, codingLine, &a0i, w);
848 + blackPixels ^= 1;
849 + if (codingLine[a0i] < w) {
850 + if (b1i > 0) {
851 + --b1i;
852 + } else {
853 + ++b1i;
854 + }
855 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
856 + b1i += 2;
857 + }
858 + }
859 + break;
860 + case EOF:
861 + mmrAddPixels(w, 0, codingLine, &a0i, w);
862 + break;
863 default:
864 error(getPos(), "Illegal code in JBIG2 MMR bitmap data");
865 + mmrAddPixels(w, 0, codingLine, &a0i, w);
866 break;
867 }
868 - } while (a0 < w);
869 - codingLine[codingI++] = w;
870 + }
871
872 // convert the run lengths to a bitmap line
873 i = 0;
874 - while (codingLine[i] < w) {
875 + while (1) {
876 for (x = codingLine[i]; x < codingLine[i+1]; ++x) {
877 bitmap->setPixel(x, y);
878 }
879 + if (codingLine[i+1] >= w || codingLine[i+2] >= w) {
880 + break;
881 + }
882 i += 2;
883 }
884 }
885 @@ -2706,7 +2888,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit
886 ltp = !ltp;
887 }
888 if (ltp) {
889 - bitmap->duplicateRow(y, y-1);
890 + if (y > 0) {
891 + bitmap->duplicateRow(y, y-1);
892 + }
893 continue;
894 }
895 }
896 @@ -2909,8 +3093,8 @@ void JBIG2Stream::readGenericRefinementR
897 return;
898 }
899 if (nRefSegs == 1) {
900 - seg = findSegment(refSegs[0]);
901 - if (seg->getType() != jbig2SegBitmap) {
902 + if (!(seg = findSegment(refSegs[0])) ||
903 + seg->getType() != jbig2SegBitmap) {
904 error(getPos(), "Bad bitmap reference in JBIG2 generic refinement segment");
905 return;
906 }
907 @@ -3004,6 +3188,10 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef
908 tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2);
909 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
910 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
911 + } else {
912 + tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy
913 + tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0;
914 + tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0;
915 }
916
917 for (x = 0; x < w; ++x) {
918 @@ -3075,6 +3263,10 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef
919 tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2);
920 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
921 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
922 + } else {
923 + tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy
924 + tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0;
925 + tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0;
926 }
927
928 for (x = 0; x < w; ++x) {
929 Index: texlive-20080816-source/libs/xpdf/xpdf/JBIG2Stream.h
930 ===================================================================
931 --- texlive-20080816-source.orig/libs/xpdf/xpdf/JBIG2Stream.h
932 +++ texlive-20080816-source/libs/xpdf/xpdf/JBIG2Stream.h
933 @@ -78,6 +78,10 @@ private:
934 Guint *refSegs, Guint nRefSegs);
935 void readGenericRegionSeg(Guint segNum, GBool imm,
936 GBool lossless, Guint length);
937 + void mmrAddPixels(int a1, int blackPixels,
938 + int *codingLine, int *a0i, int w);
939 + void mmrAddPixelsNeg(int a1, int blackPixels,
940 + int *codingLine, int *a0i, int w);
941 JBIG2Bitmap *readGenericBitmap(GBool mmr, int w, int h,
942 int templ, GBool tpgdOn,
943 GBool useSkip, JBIG2Bitmap *skip,
Report Message
Find on MARC Find on Google Groups