rpms/xpdf/EL-5 02_permissions.dpatch, NONE, 1.1 10_add_accelerators.dpatch, NONE, 1.1 fix-437725.dpatch, NONE, 1.1 fix-444648.dpatch, NONE, 1.1 fix-462544.dpatch, NONE, 1.1 fix-479467.dpatch, NONE, 1.1 xpdf-3.02-crash.patch, NONE, 1.1 xpdf-3.02-mousebuttons_view.patch, NONE, 1.1 xpdf-3.02pl3.patch, NONE, 1.1 xpdf.spec, 1.8, 1.9
Tom Callaway
spot at fedoraproject.org
Tue May 5 13:35:56 UTC 2009
- Previous message: rpms/audio-entropyd/devel .cvsignore, 1.4, 1.5 audio-entropyd.spec, 1.15, 1.16 sources, 1.4, 1.5
- Next message: rpms/openoffice.org/F-11 openoffice.org-3.1.0.ooo101567.i18npool.mailocaledata.patch, NONE, 1.1 openoffice.org.spec, 1.1906, 1.1907
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: spot
Update of /cvs/extras/rpms/xpdf/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1354
Modified Files:
xpdf.spec
Added Files:
02_permissions.dpatch 10_add_accelerators.dpatch
fix-437725.dpatch fix-444648.dpatch fix-462544.dpatch
fix-479467.dpatch xpdf-3.02-crash.patch
xpdf-3.02-mousebuttons_view.patch xpdf-3.02pl3.patch
Log Message:
update to 3.02pl3, inherit changes from devel
--- NEW FILE 02_permissions.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## permissions.dpatch by <hamish at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Remove PDF file permission checks
@DPATCH@
diff -urNad xpdf-3.02~/xpdf/PDFCore.cc xpdf-3.02/xpdf/PDFCore.cc
--- xpdf-3.02~/xpdf/PDFCore.cc 2007-02-28 09:05:52.000000000 +1100
+++ xpdf-3.02/xpdf/PDFCore.cc 2007-04-24 23:43:59.000000000 +1000
@@ -4,6 +4,8 @@
//
// Copyright 2004 Glyph & Cog, LLC
//
+// Modified for Debian by Hamish Moffatt, 18 August 2005.
+//
//========================================================================
#include <aconf.h>
@@ -1563,9 +1565,11 @@
int x0, y0, x1, y1, t;
GString *s;
+#ifdef ENFORCE_PERMISSIONS
if (!doc->okToCopy()) {
return NULL;
}
+#endif
if ((page = findPage(pg))) {
cvtUserToDev(pg, xMin, yMin, &x0, &y0);
cvtUserToDev(pg, xMax, yMax, &x1, &y1);
diff -urNad xpdf-3.02~/xpdf/XPDFCore.cc xpdf-3.02/xpdf/XPDFCore.cc
--- xpdf-3.02~/xpdf/XPDFCore.cc 2007-02-28 09:05:52.000000000 +1100
+++ xpdf-3.02/xpdf/XPDFCore.cc 2007-04-24 23:46:39.000000000 +1000
@@ -4,6 +4,8 @@
//
// Copyright 2002-2003 Glyph & Cog, LLC
//
+// Modified for Debian by Hamish Moffatt, 22 May 2002.
+//
//========================================================================
#include <aconf.h>
@@ -384,11 +386,15 @@
#ifndef NO_TEXT_SELECT
if (selectULX != selectLRX &&
selectULY != selectLRY) {
+#ifdef ENFORCE_PERMISSIONS
if (doc->okToCopy()) {
copySelection();
} else {
error(-1, "Copying of text from this document is not allowed.");
}
+#else
+ copySelection();
+#endif
}
#endif
}
@@ -407,9 +413,11 @@
int pg;
double ulx, uly, lrx, lry;
+#ifdef ENFORCE_PERMISSIONS
if (!doc->okToCopy()) {
return;
}
+#endif
if (getSelection(&pg, &ulx, &uly, &lrx, &lry)) {
//~ for multithreading: need a mutex here
if (currentSelection) {
diff -urNad xpdf-3.02~/xpdf/XPDFViewer.cc xpdf-3.02/xpdf/XPDFViewer.cc
--- xpdf-3.02~/xpdf/XPDFViewer.cc 2007-02-28 09:05:52.000000000 +1100
+++ xpdf-3.02/xpdf/XPDFViewer.cc 2007-04-24 23:43:59.000000000 +1000
@@ -4,6 +4,8 @@
//
// Copyright 2002-2003 Glyph & Cog, LLC
//
+// Modified for Debian by Hamish Moffatt, 22 May 2002.
+//
//========================================================================
#include <aconf.h>
@@ -3406,10 +3408,12 @@
PSOutputDev *psOut;
doc = viewer->core->getDoc();
+#ifdef ENFORCE_PERMISSIONS
if (!doc->okToPrint()) {
error(-1, "Printing this document is not allowed.");
return;
}
+#endif
viewer->core->setBusyCursor(gTrue);
diff -urNad xpdf-3.02~/xpdf/pdfimages.cc xpdf-3.02/xpdf/pdfimages.cc
--- xpdf-3.02~/xpdf/pdfimages.cc 2007-02-28 09:05:52.000000000 +1100
+++ xpdf-3.02/xpdf/pdfimages.cc 2007-04-24 23:43:59.000000000 +1000
@@ -4,6 +4,8 @@
//
// Copyright 1998-2003 Glyph & Cog, LLC
//
+// Modified for Debian by Hamish Moffatt, 22 May 2002.
+//
//========================================================================
#include <aconf.h>
@@ -119,11 +121,13 @@
}
// check for copy permission
+#ifdef ENFORCE_PERMISSIONS
if (!doc->okToCopy()) {
error(-1, "Copying of images from this document is not allowed.");
exitCode = 3;
goto err1;
}
+#endif
// get page range
if (firstPage < 1)
diff -urNad xpdf-3.02~/xpdf/pdftops.cc xpdf-3.02/xpdf/pdftops.cc
--- xpdf-3.02~/xpdf/pdftops.cc 2007-02-28 09:05:52.000000000 +1100
+++ xpdf-3.02/xpdf/pdftops.cc 2007-04-24 23:43:59.000000000 +1000
@@ -4,6 +4,8 @@
//
// Copyright 1996-2003 Glyph & Cog, LLC
//
+// Modified for Debian by Hamish Moffatt, 22 May 2002.
+//
//========================================================================
#include <aconf.h>
@@ -278,12 +280,14 @@
goto err1;
}
+#ifdef ENFORCE_PERMISSIONS
// check for print permission
if (!doc->okToPrint()) {
error(-1, "Printing this document is not allowed.");
exitCode = 3;
goto err1;
}
+#endif
// construct PostScript file name
if (argc == 3) {
diff -urNad xpdf-3.02~/xpdf/pdftotext.cc xpdf-3.02/xpdf/pdftotext.cc
--- xpdf-3.02~/xpdf/pdftotext.cc 2007-02-28 09:05:52.000000000 +1100
+++ xpdf-3.02/xpdf/pdftotext.cc 2007-04-24 23:43:59.000000000 +1000
@@ -4,6 +4,8 @@
//
// Copyright 1997-2003 Glyph & Cog, LLC
//
+// Modified for Debian by Hamish Moffatt, 22 May 2002.
+//
//========================================================================
#include <aconf.h>
@@ -160,12 +162,14 @@
goto err2;
}
+#ifdef ENFORCE_PERMISSIONS
// check for copy permission
if (!doc->okToCopy()) {
error(-1, "Copying of text from this document is not allowed.");
exitCode = 3;
goto err2;
}
+#endif
// construct text file name
if (argc == 3) {
--- NEW FILE 10_add_accelerators.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_add_accelerators.dpatch by <hamish at noddy.cloud.net.au>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Add keyboard accelerators for rotate (#385962)
@DPATCH@
diff -urNad xpdf-3.02~/xpdf/XPDFViewer.cc xpdf-3.02/xpdf/XPDFViewer.cc
--- xpdf-3.02~/xpdf/XPDFViewer.cc 2007-04-25 01:40:50.000000000 +1000
+++ xpdf-3.02/xpdf/XPDFViewer.cc 2007-04-25 01:42:13.000000000 +1000
@@ -1958,16 +1958,22 @@
n = 0;
s = XmStringCreateLocalized("Rotate counterclockwise");
XtSetArg(args[n], XmNlabelString, s); ++n;
+ s2 = XmStringCreateLocalized("[");
+ XtSetArg(args[n], XmNacceleratorText, s2); ++n;
btn = XmCreatePushButton(popupMenu, "rotateCCW", args, n);
XmStringFree(s);
+ XmStringFree(s2);
XtManageChild(btn);
XtAddCallback(btn, XmNactivateCallback,
&rotateCCWCbk, (XtPointer)this);
n = 0;
s = XmStringCreateLocalized("Rotate clockwise");
XtSetArg(args[n], XmNlabelString, s); ++n;
+ s2 = XmStringCreateLocalized("]");
+ XtSetArg(args[n], XmNacceleratorText, s2); ++n;
btn = XmCreatePushButton(popupMenu, "rotateCW", args, n);
XmStringFree(s);
+ XmStringFree(s2);
XtManageChild(btn);
XtAddCallback(btn, XmNactivateCallback,
&rotateCWCbk, (XtPointer)this);
--- NEW FILE fix-437725.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## fix-437725.dpatch from Arno Renevier <arenevier at fdn.fr>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix segmentation fault when pressing Ctrl-W in full screen mode
@DPATCH@
--- a/xpdf/XPDFViewer.cc 2007-08-13 22:41:36.000000000 +0200
+++ b/xpdf/XPDFViewer.cc 2007-08-13 23:01:07.000000000 +0200
@@ -400,18 +400,21 @@ void XPDFViewer::clear() {
title = app->getTitle() ? app->getTitle()->getCString()
: (char *)xpdfAppName;
XtVaSetValues(win, XmNtitle, title, XmNiconName, title, NULL);
- s = XmStringCreateLocalized("");
- XtVaSetValues(pageNumText, XmNlabelString, s, NULL);
- XmStringFree(s);
- s = XmStringCreateLocalized(" of 0");
- XtVaSetValues(pageCountLabel, XmNlabelString, s, NULL);
- XmStringFree(s);
- // disable buttons
- XtVaSetValues(prevTenPageBtn, XmNsensitive, False, NULL);
- XtVaSetValues(prevPageBtn, XmNsensitive, False, NULL);
- XtVaSetValues(nextTenPageBtn, XmNsensitive, False, NULL);
- XtVaSetValues(nextPageBtn, XmNsensitive, False, NULL);
+ if (toolBar != None) {
+ s = XmStringCreateLocalized("");
+ XtVaSetValues(pageNumText, XmNlabelString, s, NULL);
+ XmStringFree(s);
+ s = XmStringCreateLocalized(" of 0");
+ XtVaSetValues(pageCountLabel, XmNlabelString, s, NULL);
+ XmStringFree(s);
+
+ // disable buttons
+ XtVaSetValues(prevTenPageBtn, XmNsensitive, False, NULL);
+ XtVaSetValues(prevPageBtn, XmNsensitive, False, NULL);
+ XtVaSetValues(nextTenPageBtn, XmNsensitive, False, NULL);
+ XtVaSetValues(nextPageBtn, XmNsensitive, False, NULL);
+ }
// remove the old outline
#ifndef DISABLE_OUTLINE
--- NEW FILE fix-444648.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## fix-444648.dpatch by Bernhard R. Link <brlink at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Do proper PS stream encoding on 64 bit architectures
@DPATCH@
--- xpdf-3.02/xpdf/Stream.cc.BAD 2008-12-10 12:16:16.000000000 -0500
+++ xpdf-3.02/xpdf/Stream.cc 2008-12-10 12:16:21.000000000 -0500
@@ -4514,7 +4514,7 @@ void ASCII85Encoder::reset() {
GBool ASCII85Encoder::fillBuf() {
Guint t;
char buf1[5];
- int c0, c1, c2, c3;
+ unsigned int c0, c1, c2, c3;
int n, i;
if (eof) {
--- NEW FILE fix-462544.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## fix-462544.dpatch from Jiri Palecek <jpalecek at web.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix segmentation fault in image handling
@DPATCH@
--- xpdf-3.02/xpdf/SplashOutputDev.cc 2007-02-27 23:05:52.000000000 +0100
+++ xpdf-3.02.new/xpdf/SplashOutputDev.cc 2008-02-17 17:28:46.000000000 +0100
@@ -2475,14 +2461,14 @@
tx = (int)floor(xMin);
if (tx < 0) {
tx = 0;
- } else if (tx > bitmap->getWidth()) {
- tx = bitmap->getWidth();
+ } else if (tx >= bitmap->getWidth()) {
+ tx = bitmap->getWidth()-1;
}
ty = (int)floor(yMin);
if (ty < 0) {
ty = 0;
- } else if (ty > bitmap->getHeight()) {
- ty = bitmap->getHeight();
+ } else if (ty >= bitmap->getHeight()) {
+ ty = bitmap->getHeight()-1;
}
w = (int)ceil(xMax) - tx + 1;
if (tx + w > bitmap->getWidth()) {
--- NEW FILE fix-479467.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## fix-479467.dpatch from Stephan Beyer <s-beyer at gmx.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix segmentation fault when pressing g in full screen mode
@DPATCH@
diff -ruN xpdf-3.02.old/xpdf/XPDFViewer.cc xpdf-3.02.fix/xpdf/XPDFViewer.cc
--- xpdf-3.02.old/xpdf/XPDFViewer.cc 2007-02-27 23:05:52.000000000 +0100
+++ xpdf-3.02.fix/xpdf/XPDFViewer.cc 2008-05-04 21:29:34.000000000 +0200
@@ -834,6 +834,9 @@
void XPDFViewer::cmdFocusToPageNum(GString *args[], int nArgs,
XEvent *event) {
+ if (core->getFullScreen()) {
+ return;
+ }
XmTextFieldSetSelection(pageNumText, 0,
strlen(XmTextFieldGetString(pageNumText)),
XtLastTimestampProcessed(display));
xpdf-3.02-crash.patch:
--- NEW FILE xpdf-3.02-crash.patch ---
diff -up xpdf-3.02/fofi/FoFiType1.cc.crash xpdf-3.02/fofi/FoFiType1.cc
--- xpdf-3.02/fofi/FoFiType1.cc.crash 2007-02-27 17:05:51.000000000 -0500
+++ xpdf-3.02/fofi/FoFiType1.cc 2009-02-11 11:31:04.000000000 -0500
@@ -235,9 +235,14 @@ void FoFiType1::parse() {
}
}
} else {
- if (strtok(buf, " \t") &&
- (p = strtok(NULL, " \t\n\r")) && !strcmp(p, "def")) {
- break;
+ p = strtok(buf, " \t\n\r");
+ if (p)
+ {
+ if (!strcmp(p, "def")) break;
+ if (!strcmp(p, "readonly")) break;
+ // the spec does not says this but i'm mantaining old xpdf behaviour that accepts "foo def" as end of the encoding array
+ p = strtok(buf, " \t\n\r");
+ if (p && !strcmp(p, "def")) break;
}
}
}
diff -up xpdf-3.02/splash/Splash.cc.crash xpdf-3.02/splash/Splash.cc
--- xpdf-3.02/splash/Splash.cc.crash 2007-02-27 17:05:52.000000000 -0500
+++ xpdf-3.02/splash/Splash.cc 2009-02-11 11:34:45.000000000 -0500
@@ -1501,6 +1501,11 @@ SplashError Splash::fillWithPattern(Spla
xPath->aaScale();
}
xPath->sort();
+ if (!&xPath->segs[0])
+ {
+ delete xPath;
+ return splashErrEmptyPath;
+ }
scanner = new SplashXPathScanner(xPath, eo);
// get the min and max x and y values
@@ -1573,6 +1578,11 @@ SplashError Splash::xorFill(SplashPath *
}
xPath = new SplashXPath(path, state->matrix, state->flatness, gTrue);
xPath->sort();
+ if (!&xPath->segs[0])
+ {
+ delete xPath;
+ return splashErrEmptyPath;
+ }
scanner = new SplashXPathScanner(xPath, eo);
// get the min and max x and y values
xpdf-3.02-mousebuttons_view.patch:
--- NEW FILE xpdf-3.02-mousebuttons_view.patch ---
--- xpdf-3.02/xpdf/XPDFViewer.cc~ 2009-02-02 01:58:55.000000000 -0700
+++ xpdf-3.02/xpdf/XPDFViewer.cc 2009-02-02 02:27:04.000000000 -0700
@@ -592,13 +592,13 @@ void XPDFViewer::mouseCbk(void *data, XE
int i;
if (event->type == ButtonPress) {
- if (event->xbutton.button >= 1 && event->xbutton.button <= 7) {
+ if (event->xbutton.button >= 1 && event->xbutton.button <= 9) {
keyCode = xpdfKeyCodeMousePress1 + event->xbutton.button - 1;
} else {
return;
}
} else if (event->type == ButtonRelease) {
- if (event->xbutton.button >= 1 && event->xbutton.button <= 7) {
+ if (event->xbutton.button >= 1 && event->xbutton.button <= 9) {
keyCode = xpdfKeyCodeMouseRelease1 + event->xbutton.button - 1;
} else {
return;
xpdf-3.02pl3.patch:
--- NEW FILE xpdf-3.02pl3.patch ---
diff -r -c xpdf-3.02.orig/goo/gmem.cc xpdf-3.02/goo/gmem.cc
*** xpdf-3.02.orig/goo/gmem.cc Tue Feb 27 14:05:51 2007
--- xpdf-3.02/goo/gmem.cc Thu Mar 19 15:47:25 2009
***************
*** 55,61 ****
void *data;
unsigned long *trl, *p;
! if (size <= 0) {
return NULL;
}
size1 = gMemDataSize(size);
--- 55,69 ----
void *data;
unsigned long *trl, *p;
! if (size < 0) {
! #if USE_EXCEPTIONS
! throw GMemException();
! #else
! fprintf(stderr, "Invalid memory allocation size\n");
! exit(1);
! #endif
! }
! if (size == 0) {
return NULL;
}
size1 = gMemDataSize(size);
***************
*** 91,97 ****
#else
void *p;
! if (size <= 0) {
return NULL;
}
if (!(p = malloc(size))) {
--- 99,113 ----
#else
void *p;
! if (size < 0) {
! #if USE_EXCEPTIONS
! throw GMemException();
! #else
! fprintf(stderr, "Invalid memory allocation size\n");
! exit(1);
! #endif
! }
! if (size == 0) {
return NULL;
}
if (!(p = malloc(size))) {
***************
*** 112,118 ****
void *q;
size_t oldSize;
! if (size <= 0) {
if (p) {
gfree(p);
}
--- 128,142 ----
void *q;
size_t oldSize;
! if (size < 0) {
! #if USE_EXCEPTIONS
! throw GMemException();
! #else
! fprintf(stderr, "Invalid memory allocation size\n");
! exit(1);
! #endif
! }
! if (size == 0) {
if (p) {
gfree(p);
}
***************
*** 131,137 ****
#else
void *q;
! if (size <= 0) {
if (p) {
free(p);
}
--- 155,169 ----
#else
void *q;
! if (size < 0) {
! #if USE_EXCEPTIONS
! throw GMemException();
! #else
! fprintf(stderr, "Invalid memory allocation size\n");
! exit(1);
! #endif
! }
! if (size == 0) {
if (p) {
free(p);
}
diff -r -c xpdf-3.02.orig/xpdf/JBIG2Stream.cc xpdf-3.02/xpdf/JBIG2Stream.cc
*** xpdf-3.02.orig/xpdf/JBIG2Stream.cc Tue Feb 27 14:05:52 2007
--- xpdf-3.02/xpdf/JBIG2Stream.cc Tue Mar 31 10:55:23 2009
***************
*** 422,433 ****
table[i] = table[len];
// assign prefixes
! i = 0;
! prefix = 0;
! table[i++].prefix = prefix++;
! for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
! prefix <<= table[i].prefixLen - table[i-1].prefixLen;
! table[i].prefix = prefix++;
}
}
--- 422,435 ----
table[i] = table[len];
// assign prefixes
! if (table[0].rangeLen != jbig2HuffmanEOT) {
! i = 0;
! prefix = 0;
! table[i++].prefix = prefix++;
! for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
! prefix <<= table[i].prefixLen - table[i-1].prefixLen;
! table[i].prefix = prefix++;
! }
}
}
***************
*** 491,497 ****
}
if (p->bits < 0) {
error(str->getPos(), "Bad two dim code in JBIG2 MMR stream");
! return 0;
}
bufLen -= p->bits;
return p->n;
--- 493,499 ----
}
if (p->bits < 0) {
error(str->getPos(), "Bad two dim code in JBIG2 MMR stream");
! return EOF;
}
bufLen -= p->bits;
return p->n;
***************
*** 507,513 ****
++nBytesRead;
}
while (1) {
! if (bufLen >= 7 && ((buf >> (bufLen - 7)) & 0x7f) == 0) {
if (bufLen <= 12) {
code = buf << (12 - bufLen);
} else {
--- 509,515 ----
++nBytesRead;
}
while (1) {
! if (bufLen >= 11 && ((buf >> (bufLen - 7)) & 0x7f) == 0) {
if (bufLen <= 12) {
code = buf << (12 - bufLen);
} else {
***************
*** 550,563 ****
++nBytesRead;
}
while (1) {
! if (bufLen >= 6 && ((buf >> (bufLen - 6)) & 0x3f) == 0) {
if (bufLen <= 13) {
code = buf << (13 - bufLen);
} else {
code = buf >> (bufLen - 13);
}
p = &blackTab1[code & 0x7f];
! } else if (bufLen >= 4 && ((buf >> (bufLen - 4)) & 0x0f) == 0) {
if (bufLen <= 12) {
code = buf << (12 - bufLen);
} else {
--- 552,566 ----
++nBytesRead;
}
while (1) {
! if (bufLen >= 10 && ((buf >> (bufLen - 6)) & 0x3f) == 0) {
if (bufLen <= 13) {
code = buf << (13 - bufLen);
} else {
code = buf >> (bufLen - 13);
}
p = &blackTab1[code & 0x7f];
! } else if (bufLen >= 7 && ((buf >> (bufLen - 4)) & 0x0f) == 0 &&
! ((buf >> (bufLen - 6)) & 0x03) != 0) {
if (bufLen <= 12) {
code = buf << (12 - bufLen);
} else {
***************
*** 683,690 ****
h = hA;
line = (wA + 7) >> 3;
if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
! data = NULL;
! return;
}
// need to allocate one extra guard byte for use in combine()
data = (Guchar *)gmalloc(h * line + 1);
--- 686,694 ----
h = hA;
line = (wA + 7) >> 3;
if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
! // force a call to gmalloc(-1), which will throw an exception
! h = -1;
! line = 2;
}
// need to allocate one extra guard byte for use in combine()
data = (Guchar *)gmalloc(h * line + 1);
***************
*** 698,705 ****
h = bitmap->h;
line = bitmap->line;
if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
! data = NULL;
! return;
}
// need to allocate one extra guard byte for use in combine()
data = (Guchar *)gmalloc(h * line + 1);
--- 702,710 ----
h = bitmap->h;
line = bitmap->line;
if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
! // force a call to gmalloc(-1), which will throw an exception
! h = -1;
! line = 2;
}
// need to allocate one extra guard byte for use in combine()
data = (Guchar *)gmalloc(h * line + 1);
***************
*** 754,759 ****
--- 759,766 ----
inline void JBIG2Bitmap::getPixelPtr(int x, int y, JBIG2BitmapPtr *ptr) {
if (y < 0 || y >= h || x >= w) {
ptr->p = NULL;
+ ptr->shift = 0; // make gcc happy
+ ptr->x = 0; // make gcc happy
} else if (x < 0) {
ptr->p = &data[y * line];
ptr->shift = 7;
***************
*** 798,803 ****
--- 805,814 ----
Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
GBool oneByte;
+ // check for the pathological case where y = -2^31
+ if (y < -0x7fffffff) {
+ return;
+ }
if (y < 0) {
y0 = -y;
} else {
***************
*** 1011,1018 ****
--- 1022,1034 ----
JBIG2SymbolDict::JBIG2SymbolDict(Guint segNumA, Guint sizeA):
JBIG2Segment(segNumA)
{
+ Guint i;
+
size = sizeA;
bitmaps = (JBIG2Bitmap **)gmallocn(size, sizeof(JBIG2Bitmap *));
+ for (i = 0; i < size; ++i) {
+ bitmaps[i] = NULL;
+ }
genericRegionStats = NULL;
refinementRegionStats = NULL;
}
***************
*** 1021,1027 ****
Guint i;
for (i = 0; i < size; ++i) {
! delete bitmaps[i];
}
gfree(bitmaps);
if (genericRegionStats) {
--- 1037,1045 ----
Guint i;
for (i = 0; i < size; ++i) {
! if (bitmaps[i]) {
! delete bitmaps[i];
! }
}
gfree(bitmaps);
if (genericRegionStats) {
***************
*** 1296,1301 ****
--- 1314,1326 ----
goto eofError2;
}
+ // check for missing page information segment
+ if (!pageBitmap && ((segType >= 4 && segType <= 7) ||
+ (segType >= 20 && segType <= 43))) {
+ error(getPos(), "First JBIG2 segment associated with a page must be a page information segment");
+ goto syntaxError;
+ }
+
// read the segment data
switch (segType) {
case 0:
***************
*** 1411,1416 ****
--- 1436,1443 ----
Guint i, j, k;
Guchar *p;
+ symWidths = NULL;
+
// symbol dictionary flags
if (!readUWord(&flags)) {
goto eofError;
***************
*** 1466,1485 ****
codeTables = new GList();
numInputSyms = 0;
for (i = 0; i < nRefSegs; ++i) {
! seg = findSegment(refSegs[i]);
! if (seg->getType() == jbig2SegSymbolDict) {
! numInputSyms += ((JBIG2SymbolDict *)seg)->getSize();
! } else if (seg->getType() == jbig2SegCodeTable) {
! codeTables->append(seg);
}
}
// compute symbol code length
! symCodeLen = 0;
! i = 1;
! while (i < numInputSyms + numNewSyms) {
++symCodeLen;
! i <<= 1;
}
// get the input symbol bitmaps
--- 1493,1524 ----
codeTables = new GList();
numInputSyms = 0;
for (i = 0; i < nRefSegs; ++i) {
! if ((seg = findSegment(refSegs[i]))) {
! if (seg->getType() == jbig2SegSymbolDict) {
! j = ((JBIG2SymbolDict *)seg)->getSize();
! if (numInputSyms > UINT_MAX - j) {
! error(getPos(), "Too many input symbols in JBIG2 symbol dictionary");
! delete codeTables;
! goto eofError;
! }
! numInputSyms += j;
! } else if (seg->getType() == jbig2SegCodeTable) {
! codeTables->append(seg);
! }
}
}
+ if (numInputSyms > UINT_MAX - numNewSyms) {
+ error(getPos(), "Too many input symbols in JBIG2 symbol dictionary");
+ delete codeTables;
+ goto eofError;
+ }
// compute symbol code length
! symCodeLen = 1;
! i = (numInputSyms + numNewSyms) >> 1;
! while (i) {
++symCodeLen;
! i >>= 1;
}
// get the input symbol bitmaps
***************
*** 1491,1501 ****
k = 0;
inputSymbolDict = NULL;
for (i = 0; i < nRefSegs; ++i) {
! seg = findSegment(refSegs[i]);
! if (seg->getType() == jbig2SegSymbolDict) {
! inputSymbolDict = (JBIG2SymbolDict *)seg;
! for (j = 0; j < inputSymbolDict->getSize(); ++j) {
! bitmaps[k++] = inputSymbolDict->getBitmap(j);
}
}
}
--- 1530,1541 ----
k = 0;
inputSymbolDict = NULL;
for (i = 0; i < nRefSegs; ++i) {
! if ((seg = findSegment(refSegs[i]))) {
! if (seg->getType() == jbig2SegSymbolDict) {
! inputSymbolDict = (JBIG2SymbolDict *)seg;
! for (j = 0; j < inputSymbolDict->getSize(); ++j) {
! bitmaps[k++] = inputSymbolDict->getBitmap(j);
! }
}
}
}
***************
*** 1510,1515 ****
--- 1550,1558 ----
} else if (huffDH == 1) {
huffDHTable = huffTableE;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffDW == 0) {
***************
*** 1517,1533 ****
--- 1560,1585 ----
} else if (huffDW == 1) {
huffDWTable = huffTableC;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffBMSize == 0) {
huffBMSizeTable = huffTableA;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffBMSizeTable =
((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffAggInst == 0) {
huffAggInstTable = huffTableA;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffAggInstTable =
((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
***************
*** 1560,1566 ****
}
// allocate symbol widths storage
- symWidths = NULL;
if (huff && !refAgg) {
symWidths = (Guint *)gmallocn(numNewSyms, sizeof(Guint));
}
--- 1612,1617 ----
***************
*** 1602,1607 ****
--- 1653,1662 ----
goto syntaxError;
}
symWidth += dw;
+ if (i >= numNewSyms) {
+ error(getPos(), "Too many symbols in JBIG2 symbol dictionary");
+ goto syntaxError;
+ }
// using a collective bitmap, so don't read a bitmap here
if (huff && !refAgg) {
***************
*** 1638,1643 ****
--- 1693,1702 ----
arithDecoder->decodeInt(&refDX, iardxStats);
arithDecoder->decodeInt(&refDY, iardyStats);
}
+ if (symID >= numInputSyms + i) {
+ error(getPos(), "Invalid symbol ID in JBIG2 symbol dictionary");
+ goto syntaxError;
+ }
refBitmap = bitmaps[symID];
bitmaps[numInputSyms + i] =
readGenericRefinementRegion(symWidth, symHeight,
***************
*** 1704,1709 ****
--- 1763,1774 ----
} else {
arithDecoder->decodeInt(&run, iaexStats);
}
+ if (i + run > numInputSyms + numNewSyms ||
+ (ex && j + run > numExSyms)) {
+ error(getPos(), "Too many exported symbols in JBIG2 symbol dictionary");
+ delete symbolDict;
+ goto syntaxError;
+ }
if (ex) {
for (cnt = 0; cnt < run; ++cnt) {
symbolDict->setBitmap(j++, bitmaps[i++]->copy());
***************
*** 1713,1718 ****
--- 1778,1788 ----
}
ex = !ex;
}
+ if (j != numExSyms) {
+ error(getPos(), "Too few symbols in JBIG2 symbol dictionary");
+ delete symbolDict;
+ goto syntaxError;
+ }
for (i = 0; i < numNewSyms; ++i) {
delete bitmaps[numInputSyms + i];
***************
*** 1735,1740 ****
--- 1805,1814 ----
return gTrue;
+ codeTableError:
+ error(getPos(), "Missing code table in JBIG2 symbol dictionary");
+ delete codeTables;
+
syntaxError:
for (i = 0; i < numNewSyms; ++i) {
if (bitmaps[numInputSyms + i]) {
***************
*** 1837,1842 ****
--- 1911,1918 ----
}
} else {
error(getPos(), "Invalid segment reference in JBIG2 text region");
+ delete codeTables;
+ return;
}
}
symCodeLen = 0;
***************
*** 1871,1876 ****
--- 1947,1955 ----
} else if (huffFS == 1) {
huffFSTable = huffTableG;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffFSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffDS == 0) {
***************
*** 1880,1885 ****
--- 1959,1967 ----
} else if (huffDS == 2) {
huffDSTable = huffTableJ;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffDSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffDT == 0) {
***************
*** 1889,1894 ****
--- 1971,1979 ----
} else if (huffDT == 2) {
huffDTTable = huffTableM;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffDTTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffRDW == 0) {
***************
*** 1896,1901 ****
--- 1981,1989 ----
} else if (huffRDW == 1) {
huffRDWTable = huffTableO;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffRDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffRDH == 0) {
***************
*** 1903,1908 ****
--- 1991,1999 ----
} else if (huffRDH == 1) {
huffRDHTable = huffTableO;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffRDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffRDX == 0) {
***************
*** 1910,1915 ****
--- 2001,2009 ----
} else if (huffRDX == 1) {
huffRDXTable = huffTableO;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffRDXTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffRDY == 0) {
***************
*** 1917,1927 ****
--- 2011,2027 ----
} else if (huffRDY == 1) {
huffRDYTable = huffTableO;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffRDYTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
if (huffRSize == 0) {
huffRSizeTable = huffTableA;
} else {
+ if (i >= (Guint)codeTables->getLength()) {
+ goto codeTableError;
+ }
huffRSizeTable =
((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
}
***************
*** 2016,2023 ****
--- 2116,2130 ----
return;
+ codeTableError:
+ error(getPos(), "Missing code table in JBIG2 text region");
+ gfree(codeTables);
+ delete syms;
+ return;
+
eofError:
error(getPos(), "Unexpected EOF in JBIG2 stream");
+ return;
}
JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine,
***************
*** 2324,2331 ****
error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
return;
}
! seg = findSegment(refSegs[0]);
! if (seg->getType() != jbig2SegPatternDict) {
error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
return;
}
--- 2431,2438 ----
error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
return;
}
! if (!(seg = findSegment(refSegs[0])) ||
! seg->getType() != jbig2SegPatternDict) {
error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
return;
}
***************
*** 2483,2489 ****
// read the bitmap
bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse,
! NULL, atx, aty, mmr ? 0 : length - 18);
// combine the region bitmap into the page bitmap
if (imm) {
--- 2590,2596 ----
// read the bitmap
bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse,
! NULL, atx, aty, mmr ? length - 18 : 0);
// combine the region bitmap into the page bitmap
if (imm) {
***************
*** 2505,2510 ****
--- 2612,2654 ----
error(getPos(), "Unexpected EOF in JBIG2 stream");
}
+ inline void JBIG2Stream::mmrAddPixels(int a1, int blackPixels,
+ int *codingLine, int *a0i, int w) {
+ if (a1 > codingLine[*a0i]) {
+ if (a1 > w) {
+ error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
+ a1 = w;
+ }
+ if ((*a0i & 1) ^ blackPixels) {
+ ++*a0i;
+ }
+ codingLine[*a0i] = a1;
+ }
+ }
+
+ inline void JBIG2Stream::mmrAddPixelsNeg(int a1, int blackPixels,
+ int *codingLine, int *a0i, int w) {
+ if (a1 > codingLine[*a0i]) {
+ if (a1 > w) {
+ error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
+ a1 = w;
+ }
+ if ((*a0i & 1) ^ blackPixels) {
+ ++*a0i;
+ }
+ codingLine[*a0i] = a1;
+ } else if (a1 < codingLine[*a0i]) {
+ if (a1 < 0) {
+ error(getPos(), "Invalid JBIG2 MMR code");
+ a1 = 0;
+ }
+ while (*a0i > 0 && a1 <= codingLine[*a0i - 1]) {
+ --*a0i;
+ }
+ codingLine[*a0i] = a1;
+ }
+ }
+
JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h,
int templ, GBool tpgdOn,
GBool useSkip, JBIG2Bitmap *skip,
***************
*** 2517,2523 ****
JBIG2BitmapPtr atPtr0, atPtr1, atPtr2, atPtr3;
int *refLine, *codingLine;
int code1, code2, code3;
! int x, y, a0, pix, i, refI, codingI;
bitmap = new JBIG2Bitmap(0, w, h);
bitmap->clearToZero();
--- 2661,2667 ----
JBIG2BitmapPtr atPtr0, atPtr1, atPtr2, atPtr3;
int *refLine, *codingLine;
int code1, code2, code3;
! int x, y, a0i, b1i, blackPixels, pix, i;
bitmap = new JBIG2Bitmap(0, w, h);
bitmap->clearToZero();
***************
*** 2527,2535 ****
if (mmr) {
mmrDecoder->reset();
refLine = (int *)gmallocn(w + 2, sizeof(int));
! codingLine = (int *)gmallocn(w + 2, sizeof(int));
! codingLine[0] = codingLine[1] = w;
for (y = 0; y < h; ++y) {
--- 2671,2688 ----
if (mmr) {
mmrDecoder->reset();
+ if (w > INT_MAX - 2) {
+ error(getPos(), "Bad width in JBIG2 generic bitmap");
+ // force a call to gmalloc(-1), which will throw an exception
+ w = -3;
+ }
+ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = w
+ // ---> max codingLine size = w + 1
+ // refLine has one extra guard entry at the end
+ // ---> max refLine size = w + 2
+ codingLine = (int *)gmallocn(w + 1, sizeof(int));
refLine = (int *)gmallocn(w + 2, sizeof(int));
! codingLine[0] = w;
for (y = 0; y < h; ++y) {
***************
*** 2537,2664 ****
for (i = 0; codingLine[i] < w; ++i) {
refLine[i] = codingLine[i];
}
! refLine[i] = refLine[i + 1] = w;
// decode a line
! refI = 0; // b1 = refLine[refI]
! codingI = 0; // a1 = codingLine[codingI]
! a0 = 0;
! do {
code1 = mmrDecoder->get2DCode();
switch (code1) {
case twoDimPass:
! if (refLine[refI] < w) {
! a0 = refLine[refI + 1];
! refI += 2;
! }
! break;
case twoDimHoriz:
! if (codingI & 1) {
! code1 = 0;
! do {
! code1 += code3 = mmrDecoder->getBlackCode();
! } while (code3 >= 64);
! code2 = 0;
! do {
! code2 += code3 = mmrDecoder->getWhiteCode();
! } while (code3 >= 64);
! } else {
! code1 = 0;
! do {
! code1 += code3 = mmrDecoder->getWhiteCode();
! } while (code3 >= 64);
! code2 = 0;
! do {
! code2 += code3 = mmrDecoder->getBlackCode();
! } while (code3 >= 64);
! }
! if (code1 > 0 || code2 > 0) {
! a0 = codingLine[codingI++] = a0 + code1;
! a0 = codingLine[codingI++] = a0 + code2;
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! }
! break;
! case twoDimVert0:
! a0 = codingLine[codingI++] = refLine[refI];
! if (refLine[refI] < w) {
! ++refI;
! }
! break;
! case twoDimVertR1:
! a0 = codingLine[codingI++] = refLine[refI] + 1;
! if (refLine[refI] < w) {
! ++refI;
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! }
! break;
! case twoDimVertR2:
! a0 = codingLine[codingI++] = refLine[refI] + 2;
! if (refLine[refI] < w) {
! ++refI;
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! }
! break;
case twoDimVertR3:
! a0 = codingLine[codingI++] = refLine[refI] + 3;
! if (refLine[refI] < w) {
! ++refI;
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! }
! break;
! case twoDimVertL1:
! a0 = codingLine[codingI++] = refLine[refI] - 1;
! if (refI > 0) {
! --refI;
! } else {
! ++refI;
! }
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! break;
! case twoDimVertL2:
! a0 = codingLine[codingI++] = refLine[refI] - 2;
! if (refI > 0) {
! --refI;
! } else {
! ++refI;
! }
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! break;
case twoDimVertL3:
! a0 = codingLine[codingI++] = refLine[refI] - 3;
! if (refI > 0) {
! --refI;
! } else {
! ++refI;
! }
! while (refLine[refI] <= a0 && refLine[refI] < w) {
! refI += 2;
! }
! break;
default:
error(getPos(), "Illegal code in JBIG2 MMR bitmap data");
break;
}
! } while (a0 < w);
! codingLine[codingI++] = w;
// convert the run lengths to a bitmap line
i = 0;
! while (codingLine[i] < w) {
for (x = codingLine[i]; x < codingLine[i+1]; ++x) {
bitmap->setPixel(x, y);
}
i += 2;
}
}
--- 2690,2846 ----
for (i = 0; codingLine[i] < w; ++i) {
refLine[i] = codingLine[i];
}
! refLine[i++] = w;
! refLine[i] = w;
// decode a line
! codingLine[0] = 0;
! a0i = 0;
! b1i = 0;
! blackPixels = 0;
! // invariant:
! // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] <= w
! // exception at left edge:
! // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
! // exception at right edge:
! // refLine[b1i] = refLine[b1i+1] = w is possible
! while (codingLine[a0i] < w) {
code1 = mmrDecoder->get2DCode();
switch (code1) {
case twoDimPass:
! mmrAddPixels(refLine[b1i + 1], blackPixels, codingLine, &a0i, w);
! if (refLine[b1i + 1] < w) {
! b1i += 2;
! }
! break;
case twoDimHoriz:
! code1 = code2 = 0;
! if (blackPixels) {
! do {
! code1 += code3 = mmrDecoder->getBlackCode();
! } while (code3 >= 64);
! do {
! code2 += code3 = mmrDecoder->getWhiteCode();
! } while (code3 >= 64);
! } else {
! do {
! code1 += code3 = mmrDecoder->getWhiteCode();
! } while (code3 >= 64);
! do {
! code2 += code3 = mmrDecoder->getBlackCode();
! } while (code3 >= 64);
! }
! mmrAddPixels(codingLine[a0i] + code1, blackPixels,
! codingLine, &a0i, w);
! if (codingLine[a0i] < w) {
! mmrAddPixels(codingLine[a0i] + code2, blackPixels ^ 1,
! codingLine, &a0i, w);
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! break;
case twoDimVertR3:
! mmrAddPixels(refLine[b1i] + 3, blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
! case twoDimVertR2:
! mmrAddPixels(refLine[b1i] + 2, blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
! case twoDimVertR1:
! mmrAddPixels(refLine[b1i] + 1, blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
! case twoDimVert0:
! mmrAddPixels(refLine[b1i], blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! ++b1i;
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
case twoDimVertL3:
! mmrAddPixelsNeg(refLine[b1i] - 3, blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! if (b1i > 0) {
! --b1i;
! } else {
! ++b1i;
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
! case twoDimVertL2:
! mmrAddPixelsNeg(refLine[b1i] - 2, blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! if (b1i > 0) {
! --b1i;
! } else {
! ++b1i;
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
! case twoDimVertL1:
! mmrAddPixelsNeg(refLine[b1i] - 1, blackPixels, codingLine, &a0i, w);
! blackPixels ^= 1;
! if (codingLine[a0i] < w) {
! if (b1i > 0) {
! --b1i;
! } else {
! ++b1i;
! }
! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
! b1i += 2;
! }
! }
! break;
! case EOF:
! mmrAddPixels(w, 0, codingLine, &a0i, w);
! break;
default:
error(getPos(), "Illegal code in JBIG2 MMR bitmap data");
+ mmrAddPixels(w, 0, codingLine, &a0i, w);
break;
}
! }
// convert the run lengths to a bitmap line
i = 0;
! while (1) {
for (x = codingLine[i]; x < codingLine[i+1]; ++x) {
bitmap->setPixel(x, y);
}
+ if (codingLine[i+1] >= w || codingLine[i+2] >= w) {
+ break;
+ }
i += 2;
}
}
***************
*** 2706,2712 ****
ltp = !ltp;
}
if (ltp) {
! bitmap->duplicateRow(y, y-1);
continue;
}
}
--- 2888,2896 ----
ltp = !ltp;
}
if (ltp) {
! if (y > 0) {
! bitmap->duplicateRow(y, y-1);
! }
continue;
}
}
***************
*** 2909,2916 ****
return;
}
if (nRefSegs == 1) {
! seg = findSegment(refSegs[0]);
! if (seg->getType() != jbig2SegBitmap) {
error(getPos(), "Bad bitmap reference in JBIG2 generic refinement segment");
return;
}
--- 3093,3100 ----
return;
}
if (nRefSegs == 1) {
! if (!(seg = findSegment(refSegs[0])) ||
! seg->getType() != jbig2SegBitmap) {
error(getPos(), "Bad bitmap reference in JBIG2 generic refinement segment");
return;
}
***************
*** 3004,3009 ****
--- 3188,3197 ----
tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2);
tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
+ } else {
+ tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy
+ tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0;
+ tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0;
}
for (x = 0; x < w; ++x) {
***************
*** 3075,3080 ****
--- 3263,3272 ----
tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2);
tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
+ } else {
+ tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy
+ tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0;
+ tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0;
}
for (x = 0; x < w; ++x) {
diff -r -c xpdf-3.02.orig/xpdf/JBIG2Stream.h xpdf-3.02/xpdf/JBIG2Stream.h
*** xpdf-3.02.orig/xpdf/JBIG2Stream.h Tue Feb 27 14:05:52 2007
--- xpdf-3.02/xpdf/JBIG2Stream.h Tue Mar 31 10:50:07 2009
***************
*** 78,83 ****
--- 78,87 ----
Guint *refSegs, Guint nRefSegs);
void readGenericRegionSeg(Guint segNum, GBool imm,
GBool lossless, Guint length);
+ void mmrAddPixels(int a1, int blackPixels,
+ int *codingLine, int *a0i, int w);
+ void mmrAddPixelsNeg(int a1, int blackPixels,
+ int *codingLine, int *a0i, int w);
JBIG2Bitmap *readGenericBitmap(GBool mmr, int w, int h,
int templ, GBool tpgdOn,
GBool useSkip, JBIG2Bitmap *skip,
Index: xpdf.spec
===================================================================
RCS file: /cvs/extras/rpms/xpdf/EL-5/xpdf.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- xpdf.spec 6 Jan 2008 01:36:27 -0000 1.8
+++ xpdf.spec 5 May 2009 13:35:26 -0000 1.9
@@ -1,7 +1,7 @@
Summary: A PDF file viewer for the X Window System
Name: xpdf
Version: 3.02
-Release: 5%{?dist}.1
+Release: 13%{?dist}
License: GPLv2
Epoch: 1
Url: http://www.foolabs.com/xpdf/
@@ -37,7 +37,7 @@ Patch6: xpdf-3.00-core.patch
Patch7: xpdf-3.00-xfont.patch
Patch9: xpdf-3.00-papersize.patch
Patch10: xpdf-3.00-gcc4.patch
-Patch11: xpdf-3.01-crash.patch
+Patch11: xpdf-3.02-crash.patch
Patch12: xpdf-3.00-64bit.patch
# Patch13: xpdf-3.01-resize.patch
# Patch14: xpdf-3.01-freetype-internals.patch
@@ -46,14 +46,30 @@ Patch16: xpdf-3.02-fontlist.patch
Patch17: xpdf-3.02-x86_64-fix.patch
Patch18: xpdf-3.02-mousebuttons.patch
Patch19: xpdf-3.02-additionalzoom.patch
+Patch20: xpdf-3.02-mousebuttons_view.patch
# Security patches
Patch100: xpdf-3.02pl1.patch
Patch101: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
+Patch102: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
+
+# Debian patches
+Patch200: 02_permissions.dpatch
+Patch201: 10_add_accelerators.dpatch
+# Fix crash with ctrl-W in full screen mode
+Patch202: fix-437725.dpatch
+# Proper stream encoding on 64bit platforms
+Patch203: fix-444648.dpatch
+# Fix segfault in image handling
+Patch204: fix-462544.dpatch
+# Fix crash with "g" in full screen mode
+Patch205: fix-479467.dpatch
Requires: urw-fonts
Requires: xdg-utils
Requires: poppler-utils
+Requires: xorg-x11-fonts-ISO8859-1-75dpi
+Requires: xorg-x11-fonts-ISO8859-1-100dpi
# BuildRequires: lesstif-devel
# RHEL 5 uses openmotif
@@ -81,7 +97,7 @@ standard X fonts.
%prep
%setup -q -a 3 -a 4 -a 5 -a 6 -a 7 -a 8 -a 12 -a 13 -a 14 -a 15 -a 16
-%patch -p1
+%patch0 -p1
%patch3 -p1 -b .ext
%patch6 -p1 -b .core
%patch7 -p1 -b .fonts
@@ -97,10 +113,20 @@ standard X fonts.
%patch17 -p1
%patch18 -p1
%patch19 -p1
+%patch20 -p1
# security patches
%patch100 -p1 -b .security
%patch101 -p1 -b .security2
+%patch102 -p1 -b .security3
+
+# debian patches
+%patch200 -p1 -b .permissions
+%patch201 -p1 -b .accelerators
+%patch202 -p1 -b .fullscreen-crashfix
+%patch203 -p1 -b .64bit-stream
+%patch204 -p1 -b .segfaultfix
+%patch205 -p1 -b .fullscreen-crashfix2
%build
find -name "*orig" | xargs rm -f
@@ -247,6 +273,17 @@ update-desktop-database &> /dev/null ||:
%{_datadir}/xpdf/latin2
%changelog
+* Tue May 5 2009 Tom "spot" Callaway <tcallawa at redhat.com> 1:3.02-13
+- apply xpdf-3.02pl3 security patch to fix:
+ CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180
+ CVE-2009-1181, CVE-2009-1182, CVE-2009-1183
+- add Requires: xorg-x11-fonts-ISO8859-1-100dpi (bz 485404)
+- cleanup crash patch a bit (bz 483664)
+- improve support for more mouse buttons (bz 483669)
+- apply debian patches
+- Fix Patch0:/%%patch mismatch.
+- add missing Requires: xorg-x11-fonts-ISO8859-1-75dpi
+
* Sat Jan 5 2008 Tom "spot" Callaway <tcallawa at redhat.com> 1:3.02-5.1
- RHEL-5 uses openmotif instead of lesstif
- Previous message: rpms/audio-entropyd/devel .cvsignore, 1.4, 1.5 audio-entropyd.spec, 1.15, 1.16 sources, 1.4, 1.5
- Next message: rpms/openoffice.org/F-11 openoffice.org-3.1.0.ooo101567.i18npool.mailocaledata.patch, NONE, 1.1 openoffice.org.spec, 1.1906, 1.1907
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list