Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Michał Górny" <mgorny@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/jbig2dec/files/, media-libs/jbig2dec/
Date: Tue, 12 Dec 2017 15:31:05
Message-Id: 1513092648.ef8fc712dc72c1afcf0f57f58ee3726dc93b6204.mgorny@gentoo
1 commit: ef8fc712dc72c1afcf0f57f58ee3726dc93b6204
2 Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
3 AuthorDate: Tue Dec 12 15:29:46 2017 +0000
4 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5 CommitDate: Tue Dec 12 15:30:48 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef8fc712
7
8 media-libs/jbig2dec: [QA] Move patches to a distfile
9
10 Closes: https://bugs.gentoo.org/620588
11
12 media-libs/jbig2dec/Manifest | 1 +
13 .../files/jbig2dec-0.13-CVE-2016-9601.patch | 897 ---------------------
14 .../files/jbig2dec-0.13-CVE-2017-7885.patch | 29 -
15 .../files/jbig2dec-0.13-CVE-2017-7975.patch | 31 -
16 .../files/jbig2dec-0.13-CVE-2017-7976.patch | 29 -
17 .../files/jbig2dec-0.13-CVE-2017-9216.patch | 31 -
18 media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild | 11 +-
19 7 files changed, 7 insertions(+), 1022 deletions(-)
20
21 diff --git a/media-libs/jbig2dec/Manifest b/media-libs/jbig2dec/Manifest
22 index 42cc82a7e76..37d772ed72f 100644
23 --- a/media-libs/jbig2dec/Manifest
24 +++ b/media-libs/jbig2dec/Manifest
25 @@ -1,3 +1,4 @@
26 DIST jb2streams.zip 1285838 BLAKE2B 9a2b6047a7b970439693d6f5fdefb9488019a562e7f831288b27df09bb19dec2f84854cf7fea50b5b041d331e925145f37f2f89848058ecdc074e7d6c238033f SHA512 382890b36345b8aaebb3554e776a53f3276c6d835335ce41f3f41829ff62bba7ae646602544103ba8541a7a824dca92d682b682c254ab2918c7fe45b3e358b45
27 +DIST jbig2dec-0.13-patchset.tar.bz2 8452 BLAKE2B 473a338b460c8a66991fb50e110f4386944c8d1ea557318bf8c249e3ed64d290ace9112ad713f92bb4c933fd187eae7ec9f2358ca904a1e41e003f9f9e8682e5 SHA512 024cb2a9c12f4c1f603b3379bfc0e190006accd484cea124c41d6663e3d094724f53bcf881650edcef80fc86f004e69423bdcaf60a3962e392685bae88375b9d
28 DIST jbig2dec-0.13.tar.gz 442571 BLAKE2B 6a973f91502d8effc00cd49b68bb2f853edd41286fdc5cb159460607db8627c2c959ba1c96e65b2ef1df3d4072c9993ce66c06bc5dc1837c89f87c6da0025550 SHA512 ef64a65c54bec65f61602de7130dc9594aae58aaea7958f7cc987f25d0794511e15a423e86501ace4f40c0364796fb97ceab72edb0b69232926767ba16c1b05d
29 DIST jbig2dec-0.14.tar.gz 463572 BLAKE2B 91351a3879bd1906fabe2620cf5379fbbc32eaae808a8c2754c661d6dc592d3c9da13c558c8f7ced30c48b73fbd9ed4631f2817298f959b59ad4dff5fce9ac1a SHA512 066bd880ac0665fc1e42b0ae0e481008b125aab6e173b7f82d61a2a30e72c90085cbded9b2a68c6836f92dea3d8d8d5c2228dba76e0d99c79c922197d215705b
30
31 diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch
32 deleted file mode 100644
33 index 4ce96ae5d3c..00000000000
34 --- a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch
35 +++ /dev/null
36 @@ -1,897 +0,0 @@
37 -From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001
38 -From: Robin Watts <robin.watts@×××××××.com>
39 -Date: Mon, 12 Dec 2016 17:47:17 +0000
40 -Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build.
41 -
42 -Also rename "new" to "new_dict", because "new" is a bad
43 -variable name.
44 ----
45 - jbig2.c | 4 +--
46 - jbig2.h | 8 +++---
47 - jbig2_generic.c | 2 +-
48 - jbig2_halftone.c | 24 ++++++++----------
49 - jbig2_huffman.c | 10 ++++----
50 - jbig2_huffman.h | 2 +-
51 - jbig2_image.c | 32 +++++++++++------------
52 - jbig2_mmr.c | 66 +++++++++++++++++++++++++-----------------------
53 - jbig2_page.c | 6 ++---
54 - jbig2_priv.h | 4 +--
55 - jbig2_segment.c | 10 ++++----
56 - jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++--------------------------
57 - jbig2_symbol_dict.h | 6 ++---
58 - jbig2_text.c | 16 ++++++------
59 - jbig2_text.h | 2 +-
60 - 15 files changed, 134 insertions(+), 131 deletions(-)
61 -
62 -diff --git a/jbig2.c b/jbig2.c
63 -index f729e29..e51380f 100644
64 ---- a/jbig2.c
65 -+++ b/jbig2.c
66 -@@ -379,7 +379,7 @@ typedef struct {
67 - } Jbig2WordStreamBuf;
68 -
69 - static int
70 --jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word)
71 -+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word)
72 - {
73 - Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
74 - const byte *data = z->data;
75 -@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t
76 - else if (offset > z->size)
77 - return -1;
78 - else {
79 -- int i;
80 -+ size_t i;
81 -
82 - result = 0;
83 - for (i = 0; i < z->size - offset; i++)
84 -diff --git a/jbig2.h b/jbig2.h
85 -index d5aa52f..624e0ed 100644
86 ---- a/jbig2.h
87 -+++ b/jbig2.h
88 -@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary;
89 - */
90 -
91 - struct _Jbig2Image {
92 -- int width, height, stride;
93 -+ uint32_t width;
94 -+ uint32_t height;
95 -+ uint32_t stride;
96 - uint8_t *data;
97 - int refcount;
98 - };
99 -
100 --Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height);
101 -+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height);
102 - Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image);
103 - void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image);
104 - void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image);
105 - void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value);
106 --Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height);
107 -+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height);
108 -
109 - /* errors are returned from the library via a callback. If no callback
110 - is provided (a NULL argument is passed ot jbig2_ctx_new) a default
111 -diff --git a/jbig2_generic.c b/jbig2_generic.c
112 -index 02fdbfb..9656198 100644
113 ---- a/jbig2_generic.c
114 -+++ b/jbig2_generic.c
115 -@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte
116 - byte seg_flags;
117 - int8_t gbat[8];
118 - int offset;
119 -- int gbat_bytes = 0;
120 -+ uint32_t gbat_bytes = 0;
121 - Jbig2GenericRegionParams params;
122 - int code = 0;
123 - Jbig2Image *image = NULL;
124 -diff --git a/jbig2_halftone.c b/jbig2_halftone.c
125 -index aeab576..acfbc56 100644
126 ---- a/jbig2_halftone.c
127 -+++ b/jbig2_halftone.c
128 -@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
129 - {
130 - uint8_t **GSVALS = NULL;
131 - size_t consumed_bytes = 0;
132 -- int i, j, code, stride;
133 -- int x, y;
134 -+ uint32_t i, j, stride, x, y;
135 -+ int code;
136 - Jbig2Image **GSPLANES;
137 - Jbig2GenericRegionParams rparams;
138 - Jbig2WordStream *ws = NULL;
139 -@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
140 - if (GSPLANES[i] == NULL) {
141 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH);
142 - /* free already allocated */
143 -- for (j = i - 1; j >= 0; --j) {
144 -- jbig2_image_release(ctx, GSPLANES[j]);
145 -- }
146 -+ for (j = i; j > 0;)
147 -+ jbig2_image_release(ctx, GSPLANES[--j]);
148 - jbig2_free(ctx->allocator, GSPLANES);
149 - return NULL;
150 - }
151 -@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
152 - }
153 -
154 - /* C.5 step 2. Set j = GSBPP-2 */
155 -- j = GSBPP - 2;
156 -+ j = GSBPP - 1;
157 - /* C.5 step 3. decode loop */
158 -- while (j >= 0) {
159 -+ while (j > 0) {
160 -+ j--;
161 - /* C.5 step 3. (a) */
162 - if (GSMMR) {
163 - code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes);
164 -@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
165 - GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i];
166 -
167 - /* C.5 step 3. (c) */
168 -- --j;
169 - }
170 -
171 - /* allocate GSVALS */
172 -@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
173 - if (GSVALS[i] == NULL) {
174 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW);
175 - /* free already allocated */
176 -- for (j = i - 1; j >= 0; --j) {
177 -- jbig2_free(ctx->allocator, GSVALS[j]);
178 -- }
179 -+ for (j = i; j > 0;)
180 -+ jbig2_free(ctx->allocator, GSVALS[--j]);
181 - jbig2_free(ctx->allocator, GSVALS);
182 - GSVALS = NULL;
183 - goto cleanup;
184 -@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
185 - uint8_t **GI;
186 - Jbig2Image *HSKIP = NULL;
187 - Jbig2PatternDict *HPATS;
188 -- int i;
189 -+ uint32_t i;
190 - uint32_t mg, ng;
191 - int32_t x, y;
192 - uint8_t gray_val;
193 -@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
194 -
195 - /* calculate ceil(log2(HNUMPATS)) */
196 - HBPP = 0;
197 -- while (HNUMPATS > (1 << ++HBPP));
198 -+ while (HNUMPATS > (1U << ++HBPP));
199 -
200 - /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */
201 - GI = jbig2_decode_gray_scale_image(ctx, segment, data, size,
202 -diff --git a/jbig2_huffman.c b/jbig2_huffman.c
203 -index 4521b48..f77981b 100644
204 ---- a/jbig2_huffman.c
205 -+++ b/jbig2_huffman.c
206 -@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState {
207 - is (offset + 4) * 8. */
208 - uint32_t this_word;
209 - uint32_t next_word;
210 -- int offset_bits;
211 -- int offset;
212 -- int offset_limit;
213 -+ uint32_t offset_bits;
214 -+ uint32_t offset;
215 -+ uint32_t offset_limit;
216 -
217 - Jbig2WordStream *ws;
218 - Jbig2Ctx *ctx;
219 - };
220 -
221 - static uint32_t
222 --huff_get_next_word(Jbig2HuffmanState *hs, int offset)
223 -+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset)
224 - {
225 - uint32_t word = 0;
226 - Jbig2WordStream *ws = hs->ws;
227 -@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset)
228 - /* return the offset of the huffman decode pointer (in bytes)
229 - * from the beginning of the WordStream
230 - */
231 --int
232 -+uint32_t
233 - jbig2_huffman_offset(Jbig2HuffmanState *hs)
234 - {
235 - return hs->offset + (hs->offset_bits >> 3);
236 -diff --git a/jbig2_huffman.h b/jbig2_huffman.h
237 -index 5d1e6e0..cfda9e0 100644
238 ---- a/jbig2_huffman.h
239 -+++ b/jbig2_huffman.h
240 -@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs);
241 -
242 - void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset);
243 -
244 --int jbig2_huffman_offset(Jbig2HuffmanState *hs);
245 -+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs);
246 -
247 - int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob);
248 -
249 -diff --git a/jbig2_image.c b/jbig2_image.c
250 -index 1ae614e..94e5a4c 100644
251 ---- a/jbig2_image.c
252 -+++ b/jbig2_image.c
253 -@@ -32,10 +32,10 @@
254 -
255 - /* allocate a Jbig2Image structure and its associated bitmap */
256 - Jbig2Image *
257 --jbig2_image_new(Jbig2Ctx *ctx, int width, int height)
258 -+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
259 - {
260 - Jbig2Image *image;
261 -- int stride;
262 -+ uint32_t stride;
263 - int64_t check;
264 -
265 - image = jbig2_new(ctx, Jbig2Image, 1);
266 -@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image)
267 -
268 - /* resize a Jbig2Image */
269 - Jbig2Image *
270 --jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
271 -+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height)
272 - {
273 - if (width == image->width) {
274 - /* check for integer multiplication overflow */
275 -@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
276 - static int
277 - jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
278 - {
279 -- int i, j;
280 -- int sw = src->width;
281 -- int sh = src->height;
282 -- int sx = 0;
283 -- int sy = 0;
284 -+ uint32_t i, j;
285 -+ uint32_t sw = src->width;
286 -+ uint32_t sh = src->height;
287 -+ uint32_t sx = 0;
288 -+ uint32_t sy = 0;
289 -
290 - /* clip to the dst image boundaries */
291 - if (x < 0) {
292 -@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x
293 - int
294 - jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
295 - {
296 -- int i, j;
297 -- int w, h;
298 -- int leftbyte, rightbyte;
299 -- int shift;
300 -+ uint32_t i, j;
301 -+ uint32_t w, h;
302 -+ uint32_t leftbyte, rightbyte;
303 -+ uint32_t shift;
304 - uint8_t *s, *ss;
305 - uint8_t *d, *dd;
306 - uint8_t mask, rightmask;
307 -@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
308 - h += y;
309 - y = 0;
310 - }
311 -- w = (x + w < dst->width) ? w : dst->width - x;
312 -- h = (y + h < dst->height) ? h : dst->height - y;
313 -+ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);
314 -+ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0);
315 - #ifdef JBIG2_DEBUG
316 - jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y);
317 - #endif
318 -@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
319 - }
320 - #endif
321 -
322 -- leftbyte = x >> 3;
323 -- rightbyte = (x + w - 1) >> 3;
324 -+ leftbyte = (uint32_t)x >> 3;
325 -+ rightbyte = ((uint32_t)x + w - 1) >> 3;
326 - shift = x & 7;
327 -
328 - /* general OR case */
329 -diff --git a/jbig2_mmr.c b/jbig2_mmr.c
330 -index d4cd3a2..390e27c 100644
331 ---- a/jbig2_mmr.c
332 -+++ b/jbig2_mmr.c
333 -@@ -38,19 +38,21 @@
334 - #include "jbig2_mmr.h"
335 -
336 - typedef struct {
337 -- int width;
338 -- int height;
339 -+ uint32_t width;
340 -+ uint32_t height;
341 - const byte *data;
342 - size_t size;
343 -- int data_index;
344 -- int bit_index;
345 -+ uint32_t data_index;
346 -+ uint32_t bit_index;
347 - uint32_t word;
348 - } Jbig2MmrCtx;
349 -
350 -+#define MINUS1 ((uint32_t)-1)
351 -+
352 - static void
353 - jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size)
354 - {
355 -- int i;
356 -+ size_t i;
357 - uint32_t word = 0;
358 -
359 - mmr->width = width;
360 -@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = {
361 - #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
362 -
363 - static int
364 --jbig2_find_changing_element(const byte *line, int x, int w)
365 -+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
366 - {
367 - int a, b;
368 -
369 - if (line == 0)
370 -- return w;
371 -+ return (int)w;
372 -
373 -- if (x == -1) {
374 -+ if (x == MINUS1) {
375 - a = 0;
376 - x = 0;
377 - } else {
378 -@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w)
379 - }
380 -
381 - static int
382 --jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color)
383 -+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
384 - {
385 - if (line == 0)
386 - return w;
387 -@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 };
388 - static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
389 -
390 - static void
391 --jbig2_set_bits(byte *line, int x0, int x1)
392 -+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1)
393 - {
394 -- int a0, a1, b0, b1, a;
395 -+ uint32_t a0, a1, b0, b1, a;
396 -
397 - a0 = x0 >> 3;
398 - a1 = x1 >> 3;
399 -@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_
400 - static int
401 - jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
402 - {
403 -- int a0 = -1;
404 -- int a1, a2, b1, b2;
405 -+ uint32_t a0 = MINUS1;
406 -+ uint32_t a1, a2, b1, b2;
407 - int c = 0; /* 0 is white, black is 1 */
408 -
409 - while (1) {
410 -@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
411 -
412 - /* printf ("%08x\n", word); */
413 -
414 -- if (a0 >= mmr->width)
415 -+ if (a0 != MINUS1 && a0 >= mmr->width)
416 - break;
417 -
418 - if ((word >> (32 - 3)) == 1) {
419 -@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
420 -
421 - jbig2_decode_mmr_consume(mmr, 3);
422 -
423 -- if (a0 == -1)
424 -+ if (a0 == MINUS1)
425 - a0 = 0;
426 -
427 - if (c == 0) {
428 -@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
429 - a1 = mmr->width;
430 - if (a2 > mmr->width)
431 - a2 = mmr->width;
432 -- if (a2 < a1 || a1 < 0)
433 -+ if (a1 == MINUS1 || a2 < a1)
434 - return -1;
435 - jbig2_set_bits(dst, a1, a2);
436 - a0 = a2;
437 -@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
438 - a1 = mmr->width;
439 - if (a2 > mmr->width)
440 - a2 = mmr->width;
441 -- if (a1 < a0 || a0 < 0)
442 -+ if (a0 == MINUS1 || a1 < a0)
443 - return -1;
444 - jbig2_set_bits(dst, a0, a1);
445 - a0 = a2;
446 -@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
447 - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
448 - b2 = jbig2_find_changing_element(ref, b1, mmr->width);
449 - if (c) {
450 -- if (b2 < a0 || a0 < 0)
451 -+ if (a0 == MINUS1 || b2 < a0)
452 - return -1;
453 - jbig2_set_bits(dst, a0, b2);
454 - }
455 -@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
456 - jbig2_decode_mmr_consume(mmr, 1);
457 - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
458 - if (c) {
459 -- if (b1 < a0 || a0 < 0)
460 -+ if (a0 == MINUS1 || b1 < a0)
461 - return -1;
462 - jbig2_set_bits(dst, a0, b1);
463 - }
464 -@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
465 - if (b1 + 1 > mmr->width)
466 - break;
467 - if (c) {
468 -- if (b1 + 1 < a0 || a0 < 0)
469 -+ if (a0 == MINUS1 || b1 + 1 < a0)
470 - return -1;
471 - jbig2_set_bits(dst, a0, b1 + 1);
472 - }
473 -@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
474 - if (b1 + 2 > mmr->width)
475 - break;
476 - if (c) {
477 -- if (b1 + 2 < a0 || a0 < 0)
478 -+ if (a0 == MINUS1 || b1 + 2 < a0)
479 - return -1;
480 - jbig2_set_bits(dst, a0, b1 + 2);
481 - }
482 -@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
483 - /* printf ("VR(3)\n"); */
484 - jbig2_decode_mmr_consume(mmr, 7);
485 - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
486 -- if (b1 + 3 > mmr->width)
487 -+ if (b1 + 3 > (int)mmr->width)
488 - break;
489 - if (c) {
490 -- if (b1 + 3 < a0 || a0 < 0)
491 -+ if (a0 == MINUS1 || b1 + 3 < a0)
492 - return -1;
493 - jbig2_set_bits(dst, a0, b1 + 3);
494 - }
495 -@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
496 - /* printf ("VL(1)\n"); */
497 - jbig2_decode_mmr_consume(mmr, 3);
498 - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
499 -- if (b1 - 1 < 0)
500 -+ if (b1 < 1)
501 - break;
502 - if (c) {
503 -- if (b1 - 1 < a0 || a0 < 0)
504 -+ if (a0 == MINUS1 || b1 - 1 < a0)
505 - return -1;
506 - jbig2_set_bits(dst, a0, b1 - 1);
507 - }
508 -@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
509 - /* printf ("VL(2)\n"); */
510 - jbig2_decode_mmr_consume(mmr, 6);
511 - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
512 -- if (b1 - 2 < 0)
513 -+ if (b1 < 2)
514 - break;
515 - if (c) {
516 - if (b1 - 2 < a0 || a0 < 0)
517 -@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
518 - /* printf ("VL(3)\n"); */
519 - jbig2_decode_mmr_consume(mmr, 7);
520 - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
521 -- if (b1 - 3 < 0)
522 -+ if (b1 < 3)
523 - break;
524 - if (c) {
525 -- if (b1 - 3 < a0 || a0 < 0)
526 -+ if (a0 == MINUS1 || b1 - 3 < a0)
527 - return -1;
528 - jbig2_set_bits(dst, a0, b1 - 3);
529 - }
530 -@@ -1009,10 +1011,10 @@ int
531 - jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image)
532 - {
533 - Jbig2MmrCtx mmr;
534 -- const int rowstride = image->stride;
535 -+ const uint32_t rowstride = image->stride;
536 - byte *dst = image->data;
537 - byte *ref = NULL;
538 -- int y;
539 -+ uint32_t y;
540 - int code = 0;
541 -
542 - jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size);
543 -@@ -1047,10 +1049,10 @@ int
544 - jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes)
545 - {
546 - Jbig2MmrCtx mmr;
547 -- const int rowstride = image->stride;
548 -+ const uint32_t rowstride = image->stride;
549 - byte *dst = image->data;
550 - byte *ref = NULL;
551 -- int y;
552 -+ uint32_t y;
553 - int code = 0;
554 - const uint32_t EOFB = 0x001001;
555 -
556 -diff --git a/jbig2_page.c b/jbig2_page.c
557 -index 110ff7c..1ed1c8a 100644
558 ---- a/jbig2_page.c
559 -+++ b/jbig2_page.c
560 -@@ -155,9 +155,9 @@ int
561 - jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data)
562 - {
563 - Jbig2Page page = ctx->pages[ctx->current_page];
564 -- int end_row;
565 -+ uint32_t end_row;
566 -
567 -- end_row = jbig2_get_int32(segment_data);
568 -+ end_row = jbig2_get_uint32(segment_data);
569 - if (end_row < page.end_row) {
570 - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
571 - "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row);
572 -@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x,
573 -
574 - /* grow the page to accomodate a new stripe if necessary */
575 - if (page->striped) {
576 -- int new_height = y + image->height + page->end_row;
577 -+ uint32_t new_height = y + image->height + page->end_row;
578 -
579 - if (page->image->height < new_height) {
580 - jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height);
581 -diff --git a/jbig2_priv.h b/jbig2_priv.h
582 -index 42ba496..3d44b42 100644
583 ---- a/jbig2_priv.h
584 -+++ b/jbig2_priv.h
585 -@@ -132,7 +132,7 @@ struct _Jbig2Page {
586 - uint32_t x_resolution, y_resolution; /* in pixels per meter */
587 - uint16_t stripe_size;
588 - bool striped;
589 -- int end_row;
590 -+ uint32_t end_row;
591 - uint8_t flags;
592 - Jbig2Image *image;
593 - };
594 -@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm
595 - typedef struct _Jbig2WordStream Jbig2WordStream;
596 -
597 - struct _Jbig2WordStream {
598 -- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word);
599 -+ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word);
600 - };
601 -
602 - Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size);
603 -diff --git a/jbig2_segment.c b/jbig2_segment.c
604 -index 2e0db67..5b63706 100644
605 ---- a/jbig2_segment.c
606 -+++ b/jbig2_segment.c
607 -@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
608 - uint8_t rtscarf;
609 - uint32_t rtscarf_long;
610 - uint32_t *referred_to_segments;
611 -- int referred_to_segment_count;
612 -- int referred_to_segment_size;
613 -- int pa_size;
614 -- int offset;
615 -+ uint32_t referred_to_segment_count;
616 -+ uint32_t referred_to_segment_size;
617 -+ uint32_t pa_size;
618 -+ uint32_t offset;
619 -
620 - /* minimum possible size of a jbig2 segment header */
621 - if (buf_size < 11)
622 -@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
623 -
624 - /* 7.2.5 */
625 - if (referred_to_segment_count) {
626 -- int i;
627 -+ uint32_t i;
628 -
629 - referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size);
630 - if (referred_to_segments == NULL) {
631 -diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
632 -index 2c71a4c..11a2252 100644
633 ---- a/jbig2_symbol_dict.c
634 -+++ b/jbig2_symbol_dict.c
635 -@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment)
636 -
637 - /* return a new empty symbol dict */
638 - Jbig2SymbolDict *
639 --jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols)
640 -+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
641 - {
642 -- Jbig2SymbolDict *new = NULL;
643 -+ Jbig2SymbolDict *new_dict = NULL;
644 -
645 - if (n_symbols < 0) {
646 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
647 - return NULL;
648 - }
649 -
650 -- new = jbig2_new(ctx, Jbig2SymbolDict, 1);
651 -- if (new != NULL) {
652 -- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
653 -- new->n_symbols = n_symbols;
654 -+ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
655 -+ if (new_dict != NULL) {
656 -+ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
657 -+ new_dict->n_symbols = n_symbols;
658 - } else {
659 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict");
660 - return NULL;
661 - }
662 -
663 -- if (new->glyphs != NULL) {
664 -- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
665 -+ if (new_dict->glyphs != NULL) {
666 -+ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
667 - } else {
668 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict");
669 -- jbig2_free(ctx->allocator, new);
670 -+ jbig2_free(ctx->allocator, new_dict);
671 - return NULL;
672 - }
673 -
674 -- return new;
675 -+ return new_dict;
676 - }
677 -
678 - /* release the memory associated with a symbol dict */
679 - void
680 - jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict)
681 - {
682 -- int i;
683 -+ uint32_t i;
684 -
685 - if (dict == NULL)
686 - return;
687 -@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id)
688 - }
689 -
690 - /* count the number of dictionary segments referred to by the given segment */
691 --int
692 -+uint32_t
693 - jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
694 - {
695 - int index;
696 - Jbig2Segment *rsegment;
697 -- int n_dicts = 0;
698 -+ uint32_t n_dicts = 0;
699 -
700 - for (index = 0; index < segment->referred_to_segment_count; index++) {
701 - rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]);
702 -@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
703 - int index;
704 - Jbig2Segment *rsegment;
705 - Jbig2SymbolDict **dicts;
706 -- int n_dicts = jbig2_sd_count_referred(ctx, segment);
707 -- int dindex = 0;
708 -+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
709 -+ uint32_t dindex = 0;
710 -
711 - dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts);
712 - if (dicts == NULL) {
713 -@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
714 - /* generate a new symbol dictionary by concatenating a list of
715 - existing dictionaries */
716 - Jbig2SymbolDict *
717 --jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
718 -+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts)
719 - {
720 -- int i, j, k, symbols;
721 -- Jbig2SymbolDict *new = NULL;
722 -+ uint32_t i, j, k, symbols;
723 -+ Jbig2SymbolDict *new_dict = NULL;
724 -
725 - /* count the imported symbols and allocate a new array */
726 - symbols = 0;
727 -@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
728 - symbols += dicts[i]->n_symbols;
729 -
730 - /* fill a new array with cloned glyph pointers */
731 -- new = jbig2_sd_new(ctx, symbols);
732 -- if (new != NULL) {
733 -+ new_dict = jbig2_sd_new(ctx, symbols);
734 -+ if (new_dict != NULL) {
735 - k = 0;
736 - for (i = 0; i < n_dicts; i++)
737 - for (j = 0; j < dicts[i]->n_symbols; j++)
738 -- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
739 -+ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
740 - } else {
741 - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary");
742 - }
743 -
744 -- return new;
745 -+ return new_dict;
746 - }
747 -
748 - /* Decoding routines */
749 -@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
750 -
751 - if (REFAGGNINST > 1) {
752 - Jbig2Image *image;
753 -- int i;
754 -+ uint32_t i;
755 -
756 - if (tparams == NULL) {
757 - /* First time through, we need to initialise the */
758 -@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
759 - uint32_t ID;
760 - int32_t RDX, RDY;
761 - int BMSIZE = 0;
762 -- int ninsyms = params->SDNUMINSYMS;
763 -+ uint32_t ninsyms = params->SDNUMINSYMS;
764 - int code1 = 0;
765 - int code2 = 0;
766 - int code3 = 0;
767 -@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
768 - if (params->SDHUFF && !params->SDREFAGG) {
769 - /* 6.5.9 */
770 - Jbig2Image *image;
771 -- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
772 -- int j, x;
773 -+ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
774 -+ uint32_t j;
775 -+ int x;
776 -
777 - if (code || (BMSIZE < 0)) {
778 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
779 -@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
780 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary");
781 - goto cleanup4;
782 - } else {
783 -- int i = 0;
784 -- int j = 0;
785 -- int k;
786 -+ uint32_t i = 0;
787 -+ uint32_t j = 0;
788 -+ uint32_t k;
789 - int exflag = 0;
790 -- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
791 -- int32_t exrunlength;
792 -+ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
793 -+ uint32_t exrunlength;
794 - int zerolength = 0;
795 -
796 - while (i < limit) {
797 - if (params->SDHUFF)
798 - exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code);
799 - else
800 -- code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
801 -+ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
802 - /* prevent infinite loop */
803 - zerolength = exrunlength > 0 ? 0 : zerolength + 1;
804 -- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) {
805 -+ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
806 - if (code)
807 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
808 - else if (exrunlength <= 0)
809 -@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
810 - {
811 - Jbig2SymbolDictParams params;
812 - uint16_t flags;
813 -- int sdat_bytes;
814 -- int offset;
815 -+ uint32_t sdat_bytes;
816 -+ uint32_t offset;
817 - Jbig2ArithCx *GB_stats = NULL;
818 - Jbig2ArithCx *GR_stats = NULL;
819 - int table_index = 0;
820 -@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
821 -
822 - /* 7.4.2.2 (2) */
823 - {
824 -- int n_dicts = jbig2_sd_count_referred(ctx, segment);
825 -+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
826 - Jbig2SymbolDict **dicts = NULL;
827 -
828 - if (n_dicts > 0) {
829 -diff --git a/jbig2_symbol_dict.h b/jbig2_symbol_dict.h
830 -index d56d62d..30211d4 100644
831 ---- a/jbig2_symbol_dict.h
832 -+++ b/jbig2_symbol_dict.h
833 -@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se
834 - Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id);
835 -
836 - /* return a new empty symbol dict */
837 --Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols);
838 -+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols);
839 -
840 - /* release the memory associated with a symbol dict */
841 - void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict);
842 -
843 - /* generate a new symbol dictionary by concatenating a list of
844 - existing dictionaries */
845 --Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts);
846 -+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts);
847 -
848 - /* count the number of dictionary segments referred
849 - to by the given segment */
850 --int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
851 -+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
852 -
853 - /* return an array of pointers to symbol dictionaries referred
854 - to by a segment */
855 -diff --git a/jbig2_text.c b/jbig2_text.c
856 -index 5c99640..e77460f 100644
857 ---- a/jbig2_text.c
858 -+++ b/jbig2_text.c
859 -@@ -55,7 +55,7 @@
860 - int
861 - jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
862 - const Jbig2TextRegionParams *params,
863 -- const Jbig2SymbolDict *const *dicts, const int n_dicts,
864 -+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
865 - Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws)
866 - {
867 - /* relevent bits of 6.4.4 */
868 -@@ -476,19 +476,19 @@ cleanup2:
869 - int
870 - jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data)
871 - {
872 -- int offset = 0;
873 -+ uint32_t offset = 0;
874 - Jbig2RegionSegmentInfo region_info;
875 - Jbig2TextRegionParams params;
876 - Jbig2Image *image = NULL;
877 - Jbig2SymbolDict **dicts = NULL;
878 -- int n_dicts = 0;
879 -+ uint32_t n_dicts = 0;
880 - uint16_t flags = 0;
881 - uint16_t huffman_flags = 0;
882 - Jbig2ArithCx *GR_stats = NULL;
883 - int code = 0;
884 - Jbig2WordStream *ws = NULL;
885 - Jbig2ArithState *as = NULL;
886 -- int table_index = 0;
887 -+ uint32_t table_index = 0;
888 - const Jbig2HuffmanParams *huffman_params = NULL;
889 -
890 - /* 7.4.1 */
891 -@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
892 - code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?");
893 - goto cleanup1;
894 - } else {
895 -- int index;
896 -+ uint32_t index;
897 -
898 - if (dicts[0] == NULL) {
899 - code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!");
900 -@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
901 - }
902 -
903 - if (!params.SBHUFF) {
904 -- int SBSYMCODELEN, index;
905 -- int SBNUMSYMS = 0;
906 -+ uint32_t SBSYMCODELEN, index;
907 -+ uint32_t SBNUMSYMS = 0;
908 -
909 - for (index = 0; index < n_dicts; index++) {
910 - SBNUMSYMS += dicts[index]->n_symbols;
911 -@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
912 - }
913 -
914 - /* Table 31 */
915 -- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
916 -+ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
917 - }
918 - params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
919 - params.IARI = jbig2_arith_int_ctx_new(ctx);
920 -diff --git a/jbig2_text.h b/jbig2_text.h
921 -index aec2732..51d242e 100644
922 ---- a/jbig2_text.h
923 -+++ b/jbig2_text.h
924 -@@ -70,5 +70,5 @@ typedef struct {
925 - int
926 - jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
927 - const Jbig2TextRegionParams *params,
928 -- const Jbig2SymbolDict *const *dicts, const int n_dicts,
929 -+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
930 - Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws);
931 ---
932 -2.11.1
933 -
934
935 diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch
936 deleted file mode 100644
937 index e8ffccd4534..00000000000
938 --- a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch
939 +++ /dev/null
940 @@ -1,29 +0,0 @@
941 -From b184e783702246e154294326d03d9abda669fcfa Mon Sep 17 00:00:00 2001
942 -From: Shailesh Mistry <shailesh.mistry@××××××××××.uk>
943 -Date: Wed, 3 May 2017 22:06:01 +0100
944 -Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability.
945 -
946 -Add extra check for the offset being greater than the size
947 -of the image and hence reading off the end of the buffer.
948 -
949 -Thank you to Dai Ge for finding this issue and suggesting a patch.
950 ----
951 - jbig2dec/jbig2_symbol_dict.c | 2 +-
952 - 1 file changed, 1 insertion(+), 1 deletion(-)
953 -
954 -diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
955 -index 4acaba9d0..36225cb1f 100644
956 ---- a/jbig2_symbol_dict.c
957 -+++ b/jbig2_symbol_dict.c
958 -@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
959 - byte *dst = image->data;
960 -
961 - /* SumatraPDF: prevent read access violation */
962 -- if (size - jbig2_huffman_offset(hs) < image->height * stride) {
963 -+ if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
964 - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
965 - size - jbig2_huffman_offset(hs));
966 - jbig2_image_release(ctx, image);
967 ---
968 -2.13.1
969 -
970
971 diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch
972 deleted file mode 100644
973 index d5e62762b9a..00000000000
974 --- a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch
975 +++ /dev/null
976 @@ -1,31 +0,0 @@
977 -From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001
978 -From: Shailesh Mistry <shailesh.mistry@××××××××××.uk>
979 -Date: Wed, 26 Apr 2017 22:12:14 +0100
980 -Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
981 -
982 -While building a Huffman table, the start and end points were susceptible
983 -to integer overflow.
984 -
985 -Thank you to Jiaqi for finding this issue and suggesting a patch.
986 ----
987 - jbig2dec/jbig2_huffman.c | 4 ++--
988 - 1 file changed, 2 insertions(+), 2 deletions(-)
989 -
990 -diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c
991 -index 511e46170..b4189a12c 100644
992 ---- a/jbig2_huffman.c
993 -+++ b/jbig2_huffman.c
994 -@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
995 -
996 - if (PREFLEN == CURLEN) {
997 - int RANGELEN = lines[CURTEMP].RANGELEN;
998 -- int start_j = CURCODE << shift;
999 -- int end_j = (CURCODE + 1) << shift;
1000 -+ uint32_t start_j = CURCODE << shift;
1001 -+ uint32_t end_j = (CURCODE + 1) << shift;
1002 - byte eflags = 0;
1003 -
1004 - if (end_j > max_j) {
1005 ---
1006 -2.13.1
1007 -
1008
1009 diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch
1010 deleted file mode 100644
1011 index c6dbd182c61..00000000000
1012 --- a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch
1013 +++ /dev/null
1014 @@ -1,29 +0,0 @@
1015 -From ed6c5133a1004ce8d38f1b44de85a7186feda95e Mon Sep 17 00:00:00 2001
1016 -From: Shailesh Mistry <shailesh.mistry@××××××××××.uk>
1017 -Date: Wed, 10 May 2017 17:50:39 +0100
1018 -Subject: [PATCH] Bug 697683: Bounds check before reading from image source
1019 - data.
1020 -
1021 -Add extra check to prevent reading off the end of the image source
1022 -data buffer.
1023 -
1024 -Thank you to Dai Ge for finding this issue and suggesting a patch.
1025 ----
1026 - jbig2dec/jbig2_image.c | 3 ++-
1027 - 1 file changed, 2 insertions(+), 1 deletion(-)
1028 -
1029 -Backported dilfridge@g.o
1030 -
1031 -diff -ruN jbig2dec-0.13.orig/jbig2_image.c jbig2dec-0.13/jbig2_image.c
1032 ---- jbig2dec-0.13.orig/jbig2_image.c 2017-06-10 01:41:16.207939489 +0200
1033 -+++ jbig2dec-0.13/jbig2_image.c 2017-06-10 01:46:28.009952461 +0200
1034 -@@ -256,7 +256,8 @@
1035 - /* general OR case */
1036 - s = ss;
1037 - d = dd = dst->data + y * dst->stride + leftbyte;
1038 -- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
1039 -+ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
1040 -+ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
1041 - return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
1042 - }
1043 - if (leftbyte == rightbyte) {
1044
1045 diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch
1046 deleted file mode 100644
1047 index 789ed6c9656..00000000000
1048 --- a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch
1049 +++ /dev/null
1050 @@ -1,31 +0,0 @@
1051 -From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
1052 -From: Shailesh Mistry <shailesh.mistry@××××××××××.uk>
1053 -Date: Wed, 24 May 2017 19:29:57 +0100
1054 -Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
1055 -
1056 -The return code from jbig2_decode_text_region was being ignored so the
1057 -code continued to try and parse the invalid file using incomplete/empty
1058 -structures.
1059 ----
1060 - jbig2dec/jbig2_symbol_dict.c | 4 +++-
1061 - 1 file changed, 3 insertions(+), 1 deletion(-)
1062 -
1063 -diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
1064 -index 3cc1731..672425d 100644
1065 ---- a/jbig2_symbol_dict.c
1066 -+++ b/jbig2_symbol_dict.c
1067 -@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
1068 - }
1069 -
1070 - /* multiple symbols are handled as a text region */
1071 -- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
1072 -+ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
1073 - n_refagg_dicts, image, data, size, GR_stats, as, ws);
1074 -+ if (code < 0)
1075 -+ goto cleanup4;
1076 -
1077 - SDNEWSYMS->glyphs[NSYMSDECODED] = image;
1078 - refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
1079 ---
1080 -2.9.1
1081 -
1082
1083 diff --git a/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild b/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild
1084 index 38e94e73b33..387218d0d0f 100644
1085 --- a/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild
1086 +++ b/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild
1087 @@ -6,6 +6,7 @@ EAPI=6
1088 DESCRIPTION="A decoder implementation of the JBIG2 image compression format"
1089 HOMEPAGE="http://ghostscript.com/jbig2dec.html"
1090 SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz
1091 + https://dev.gentoo.org/~mgorny/dist/${P}-patchset.tar.bz2
1092 test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )"
1093
1094 LICENSE="AGPL-3"
1095 @@ -23,11 +24,11 @@ RESTRICT="test"
1096 DOCS="CHANGES README"
1097
1098 PATCHES=(
1099 - "${FILESDIR}/${P}-CVE-2016-9601.patch"
1100 - "${FILESDIR}/${P}-CVE-2017-9216.patch"
1101 - "${FILESDIR}/${P}-CVE-2017-7885.patch"
1102 - "${FILESDIR}/${P}-CVE-2017-7975.patch"
1103 - "${FILESDIR}/${P}-CVE-2017-7976.patch"
1104 + "${WORKDIR}/${P}-patchset/${P}-CVE-2016-9601.patch"
1105 + "${WORKDIR}/${P}-patchset/${P}-CVE-2017-9216.patch"
1106 + "${WORKDIR}/${P}-patchset/${P}-CVE-2017-7885.patch"
1107 + "${WORKDIR}/${P}-patchset/${P}-CVE-2017-7975.patch"
1108 + "${WORKDIR}/${P}-patchset/${P}-CVE-2017-7976.patch"
1109 )
1110
1111 src_prepare() {
Report Message
Find on MARC Find on Google Groups