search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
merge the formfield patch from ooo-build
[ooovba.git] / xpdf / xpdf-3.02.patch
blob82d4ffadb701aee052064dadaea2cc635f78337d
1 --- misc/xpdf-3.02/goo/GString.cc Tue Feb 27 23:05:51 2007
2 +++ misc/build/xpdf-3.02/goo/GString.cc Mon Apr 7 13:16:54 2008
3 @@ -528,7 +528,7 @@
4 if ((neg = x < 0)) {
5 x = -x;
6 }
7 - x = floor(x * pow(10, prec) + 0.5);
8 + x = floor(x * pow(10.0, prec) + 0.5);
9 i = bufSize;
10 started = !trim;
11 for (j = 0; j < prec && i > 1; ++j) {
12 --- misc/xpdf-3.02/goo/gmem.cc 2007-02-27 23:05:51.000000000 +0100
13 +++ misc/build/xpdf-3.02/goo/gmem.cc 2009-04-22 19:21:14.274507454 +0200
14 @@ -55,7 +55,15 @@
15 void *data;
16 unsigned long *trl, *p;
17
18 - if (size <= 0) {
19 + if (size < 0) {
20 +#if USE_EXCEPTIONS
21 + throw GMemException();
22 +#else
23 + fprintf(stderr, "Invalid memory allocation size\n");
24 + exit(1);
25 +#endif
26 + }
27 + if (size == 0) {
28 return NULL;
29 }
30 size1 = gMemDataSize(size);
31 @@ -91,7 +99,15 @@
32 #else
33 void *p;
34
35 - if (size <= 0) {
36 + if (size < 0) {
37 +#if USE_EXCEPTIONS
38 + throw GMemException();
39 +#else
40 + fprintf(stderr, "Invalid memory allocation size\n");
41 + exit(1);
42 +#endif
43 + }
44 + if (size == 0) {
45 return NULL;
46 }
47 if (!(p = malloc(size))) {
48 @@ -112,7 +128,15 @@
49 void *q;
50 int oldSize;
51
52 - if (size <= 0) {
53 + if (size < 0) {
54 +#if USE_EXCEPTIONS
55 + throw GMemException();
56 +#else
57 + fprintf(stderr, "Invalid memory allocation size\n");
58 + exit(1);
59 +#endif
60 + }
61 + if (size == 0) {
62 if (p) {
63 gfree(p);
64 }
65 @@ -131,7 +155,15 @@
66 #else
67 void *q;
68
69 - if (size <= 0) {
70 + if (size < 0) {
71 +#if USE_EXCEPTIONS
72 + throw GMemException();
73 +#else
74 + fprintf(stderr, "Invalid memory allocation size\n");
75 + exit(1);
76 +#endif
77 + }
78 + if (size == 0) {
79 if (p) {
80 free(p);
81 }
82 --- misc/xpdf-3.02/ms_make.bat Tue Feb 27 23:05:51 2007
83 +++ misc/build/xpdf-3.02/ms_make.bat Mon Apr 7 13:16:54 2008
84 @@ -1,5 +1,5 @@
85 set CC=cl
86 -set CFLAGS=/DWIN32 /I.. /I..\goo /I..\fofi /O2 /nologo
87 +set CFLAGS=/DWIN32 /D_MT /I.. /I..\goo /I..\fofi /O2 /nologo
88 set CXX=cl
89 set CXXFLAGS=%CFLAGS% /TP
90 set LIBPROG=lib
91 @@ -70,6 +70,8 @@
92 %CXX% %CXXFLAGS% /c pdffonts.cc
93 %CXX% %CXXFLAGS% /c pdfimages.cc
94
95 +%LIBPROG% /nologo /out:xpdf.lib Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSTokenizer.obj SecurityHandler.obj Stream.obj UnicodeMap.obj XRef.obj
96 +
97 %CXX% %LINKFLAGS% /Fepdftops.exe Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSOutputDev.obj PSTokenizer.obj SecurityHandler.obj Stream.obj UnicodeMap.obj XRef.obj pdftops.obj ..\fofi\fofi.lib ..\goo\Goo.lib shell32.lib user32.lib gdi32.lib advapi32.lib
98
99 %CXX% %LINKFLAGS% /Fepdftotext.exe Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSTokenizer.obj SecurityHandler.obj Stream.obj TextOutputDev.obj UnicodeMap.obj UnicodeTypeTable.obj XRef.obj pdftotext.obj ..\fofi\fofi.lib ..\goo\Goo.lib shell32.lib user32.lib gdi32.lib advapi32.lib
100 @@ -82,37 +84,3 @@
101
102 cd ..
103
104 -rem --- This part will only work if you have FreeType installed ---
105 -
106 -set FT2DIR=..\freetype-2.3.1
107 -set CXXFLAGS=%CXXFLAGS% /I..\splash /I%FT2DIR%\include
108 -
109 -cd splash
110 -%CXX% %CXXFLAGS% /c Splash.cc
111 -%CXX% %CXXFLAGS% /c SplashBitmap.cc
112 -%CXX% %CXXFLAGS% /c SplashClip.cc
113 -%CXX% %CXXFLAGS% /c SplashFTFont.cc
114 -%CXX% %CXXFLAGS% /c SplashFTFontEngine.cc
115 -%CXX% %CXXFLAGS% /c SplashFTFontFile.cc
116 -%CXX% %CXXFLAGS% /c SplashFont.cc
117 -%CXX% %CXXFLAGS% /c SplashFontEngine.cc
118 -%CXX% %CXXFLAGS% /c SplashFontFile.cc
119 -%CXX% %CXXFLAGS% /c SplashFontFileID.cc
120 -%CXX% %CXXFLAGS% /c SplashPath.cc
121 -%CXX% %CXXFLAGS% /c SplashPattern.cc
122 -%CXX% %CXXFLAGS% /c SplashScreen.cc
123 -%CXX% %CXXFLAGS% /c SplashState.cc
124 -%CXX% %CXXFLAGS% /c SplashT1Font.cc
125 -%CXX% %CXXFLAGS% /c SplashT1FontEngine.cc
126 -%CXX% %CXXFLAGS% /c SplashT1FontFile.cc
127 -%CXX% %CXXFLAGS% /c SplashXPath.cc
128 -%CXX% %CXXFLAGS% /c SplashXPathScanner.cc
129 -%LIBPROG% /nologo /out:splash.lib Splash.obj SplashBitmap.obj SplashClip.obj SplashFTFont.obj SplashFTFontEngine.obj SplashFTFontFile.obj SplashFont.obj SplashFontEngine.obj SplashFontFile.obj SplashFontFileID.obj SplashPath.obj SplashPattern.obj SplashScreen.obj SplashState.obj SplashT1Font.obj SplashT1FontEngine.obj SplashT1FontFile.obj SplashXPath.obj SplashXPathScanner.obj
130 -
131 -cd ..\xpdf
132 -%CXX% %CXXFLAGS% /c SplashOutputDev.cc
133 -%CXX% %CXXFLAGS% /c pdftoppm.cc
134 -
135 -%CXX% %LINKFLAGS% /Fepdftoppm.exe Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSTokenizer.obj SecurityHandler.obj SplashOutputDev.obj Stream.obj UnicodeMap.obj UnicodeTypeTable.obj XRef.obj pdftoppm.obj ..\splash\splash.lib ..\fofi\fofi.lib ..\goo\Goo.lib %FT2DIR%\freetype2.lib shell32.lib user32.lib gdi32.lib advapi32.lib
136 -
137 -cd ..
138 --- misc/xpdf-3.02/xpdf/JBIG2Stream.cc 2007-02-27 23:05:52.000000000 +0100
139 +++ misc/build/xpdf-3.02/xpdf/JBIG2Stream.cc 2009-04-22 19:21:14.286412894 +0200
140 @@ -422,12 +422,14 @@
141 table[i] = table[len];
142
143 // assign prefixes
144 - i = 0;
145 - prefix = 0;
146 - table[i++].prefix = prefix++;
147 - for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
148 - prefix <<= table[i].prefixLen - table[i-1].prefixLen;
149 - table[i].prefix = prefix++;
150 + if (table[0].rangeLen != jbig2HuffmanEOT) {
151 + i = 0;
152 + prefix = 0;
153 + table[i++].prefix = prefix++;
154 + for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
155 + prefix <<= table[i].prefixLen - table[i-1].prefixLen;
156 + table[i].prefix = prefix++;
157 + }
158 }
159 }
160
161 @@ -491,7 +493,7 @@
162 }
163 if (p->bits < 0) {
164 error(str->getPos(), "Bad two dim code in JBIG2 MMR stream");
165 - return 0;
166 + return EOF;
167 }
168 bufLen -= p->bits;
169 return p->n;
170 @@ -507,7 +509,7 @@
171 ++nBytesRead;
172 }
173 while (1) {
174 - if (bufLen >= 7 && ((buf >> (bufLen - 7)) & 0x7f) == 0) {
175 + if (bufLen >= 11 && ((buf >> (bufLen - 7)) & 0x7f) == 0) {
176 if (bufLen <= 12) {
177 code = buf << (12 - bufLen);
178 } else {
179 @@ -550,14 +552,15 @@
180 ++nBytesRead;
181 }
182 while (1) {
183 - if (bufLen >= 6 && ((buf >> (bufLen - 6)) & 0x3f) == 0) {
184 + if (bufLen >= 10 && ((buf >> (bufLen - 6)) & 0x3f) == 0) {
185 if (bufLen <= 13) {
186 code = buf << (13 - bufLen);
187 } else {
188 code = buf >> (bufLen - 13);
189 }
190 p = &blackTab1[code & 0x7f];
191 - } else if (bufLen >= 4 && ((buf >> (bufLen - 4)) & 0x0f) == 0) {
192 + } else if (bufLen >= 7 && ((buf >> (bufLen - 4)) & 0x0f) == 0 &&
193 + ((buf >> (bufLen - 6)) & 0x03) != 0) {
194 if (bufLen <= 12) {
195 code = buf << (12 - bufLen);
196 } else {
197 @@ -683,8 +686,9 @@
198 h = hA;
199 line = (wA + 7) >> 3;
200 if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
201 - data = NULL;
202 - return;
203 + // force a call to gmalloc(-1), which will throw an exception
204 + h = -1;
205 + line = 2;
206 }
207 // need to allocate one extra guard byte for use in combine()
208 data = (Guchar *)gmalloc(h * line + 1);
209 @@ -698,8 +702,9 @@
210 h = bitmap->h;
211 line = bitmap->line;
212 if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
213 - data = NULL;
214 - return;
215 + // force a call to gmalloc(-1), which will throw an exception
216 + h = -1;
217 + line = 2;
218 }
219 // need to allocate one extra guard byte for use in combine()
220 data = (Guchar *)gmalloc(h * line + 1);
221 @@ -754,6 +759,8 @@
222 inline void JBIG2Bitmap::getPixelPtr(int x, int y, JBIG2BitmapPtr *ptr) {
223 if (y < 0 || y >= h || x >= w) {
224 ptr->p = NULL;
225 + ptr->shift = 0; // make gcc happy
226 + ptr->x = 0; // make gcc happy
227 } else if (x < 0) {
228 ptr->p = &data[y * line];
229 ptr->shift = 7;
230 @@ -798,6 +805,10 @@
231 Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
232 GBool oneByte;
233
234 + // check for the pathological case where y = -2^31
235 + if (y < -0x7fffffff) {
236 + return;
237 + }
238 if (y < 0) {
239 y0 = -y;
240 } else {
241 @@ -1011,8 +1022,13 @@
242 JBIG2SymbolDict::JBIG2SymbolDict(Guint segNumA, Guint sizeA):
243 JBIG2Segment(segNumA)
244 {
245 + Guint i;
246 +
247 size = sizeA;
248 bitmaps = (JBIG2Bitmap **)gmallocn(size, sizeof(JBIG2Bitmap *));
249 + for (i = 0; i < size; ++i) {
250 + bitmaps[i] = NULL;
251 + }
252 genericRegionStats = NULL;
253 refinementRegionStats = NULL;
254 }
255 @@ -1021,7 +1037,9 @@
256 Guint i;
257
258 for (i = 0; i < size; ++i) {
259 - delete bitmaps[i];
260 + if (bitmaps[i]) {
261 + delete bitmaps[i];
262 + }
263 }
264 gfree(bitmaps);
265 if (genericRegionStats) {
266 @@ -1296,6 +1314,13 @@
267 goto eofError2;
268 }
269
270 + // check for missing page information segment
271 + if (!pageBitmap && ((segType >= 4 && segType <= 7) ||
272 + (segType >= 20 && segType <= 43))) {
273 + error(getPos(), "First JBIG2 segment associated with a page must be a page information segment");
274 + goto syntaxError;
275 + }
276 +
277 // read the segment data
278 switch (segType) {
279 case 0:
280 @@ -1411,6 +1436,8 @@
281 Guint i, j, k;
282 Guchar *p;
283
284 + symWidths = NULL;
285 +
286 // symbol dictionary flags
287 if (!readUWord(&flags)) {
288 goto eofError;
289 @@ -1466,20 +1493,32 @@
290 codeTables = new GList();
291 numInputSyms = 0;
292 for (i = 0; i < nRefSegs; ++i) {
293 - seg = findSegment(refSegs[i]);
294 - if (seg->getType() == jbig2SegSymbolDict) {
295 - numInputSyms += ((JBIG2SymbolDict *)seg)->getSize();
296 - } else if (seg->getType() == jbig2SegCodeTable) {
297 - codeTables->append(seg);
298 + if ((seg = findSegment(refSegs[i]))) {
299 + if (seg->getType() == jbig2SegSymbolDict) {
300 + j = ((JBIG2SymbolDict *)seg)->getSize();
301 + if (numInputSyms > UINT_MAX - j) {
302 + error(getPos(), "Too many input symbols in JBIG2 symbol dictionary");
303 + delete codeTables;
304 + goto eofError;
305 + }
306 + numInputSyms += j;
307 + } else if (seg->getType() == jbig2SegCodeTable) {
308 + codeTables->append(seg);
309 + }
310 }
311 }
312 + if (numInputSyms > UINT_MAX - numNewSyms) {
313 + error(getPos(), "Too many input symbols in JBIG2 symbol dictionary");
314 + delete codeTables;
315 + goto eofError;
316 + }
317
318 // compute symbol code length
319 - symCodeLen = 0;
320 - i = 1;
321 - while (i < numInputSyms + numNewSyms) {
322 + symCodeLen = 1;
323 + i = (numInputSyms + numNewSyms) >> 1;
324 + while (i) {
325 ++symCodeLen;
326 - i <<= 1;
327 + i >>= 1;
328 }
329
330 // get the input symbol bitmaps
331 @@ -1491,11 +1530,12 @@
332 k = 0;
333 inputSymbolDict = NULL;
334 for (i = 0; i < nRefSegs; ++i) {
335 - seg = findSegment(refSegs[i]);
336 - if (seg->getType() == jbig2SegSymbolDict) {
337 - inputSymbolDict = (JBIG2SymbolDict *)seg;
338 - for (j = 0; j < inputSymbolDict->getSize(); ++j) {
339 - bitmaps[k++] = inputSymbolDict->getBitmap(j);
340 + if ((seg = findSegment(refSegs[i]))) {
341 + if (seg->getType() == jbig2SegSymbolDict) {
342 + inputSymbolDict = (JBIG2SymbolDict *)seg;
343 + for (j = 0; j < inputSymbolDict->getSize(); ++j) {
344 + bitmaps[k++] = inputSymbolDict->getBitmap(j);
345 + }
346 }
347 }
348 }
349 @@ -1510,6 +1550,9 @@
350 } else if (huffDH == 1) {
351 huffDHTable = huffTableE;
352 } else {
353 + if (i >= (Guint)codeTables->getLength()) {
354 + goto codeTableError;
355 + }
356 huffDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
357 }
358 if (huffDW == 0) {
359 @@ -1517,17 +1560,26 @@
360 } else if (huffDW == 1) {
361 huffDWTable = huffTableC;
362 } else {
363 + if (i >= (Guint)codeTables->getLength()) {
364 + goto codeTableError;
365 + }
366 huffDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
367 }
368 if (huffBMSize == 0) {
369 huffBMSizeTable = huffTableA;
370 } else {
371 + if (i >= (Guint)codeTables->getLength()) {
372 + goto codeTableError;
373 + }
374 huffBMSizeTable =
375 ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
376 }
377 if (huffAggInst == 0) {
378 huffAggInstTable = huffTableA;
379 } else {
380 + if (i >= (Guint)codeTables->getLength()) {
381 + goto codeTableError;
382 + }
383 huffAggInstTable =
384 ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
385 }
386 @@ -1560,7 +1612,6 @@
387 }
388
389 // allocate symbol widths storage
390 - symWidths = NULL;
391 if (huff && !refAgg) {
392 symWidths = (Guint *)gmallocn(numNewSyms, sizeof(Guint));
393 }
394 @@ -1602,6 +1653,10 @@
395 goto syntaxError;
396 }
397 symWidth += dw;
398 + if (i >= numNewSyms) {
399 + error(getPos(), "Too many symbols in JBIG2 symbol dictionary");
400 + goto syntaxError;
401 + }
402
403 // using a collective bitmap, so don't read a bitmap here
404 if (huff && !refAgg) {
405 @@ -1638,6 +1693,10 @@
406 arithDecoder->decodeInt(&refDX, iardxStats);
407 arithDecoder->decodeInt(&refDY, iardyStats);
408 }
409 + if (symID >= numInputSyms + i) {
410 + error(getPos(), "Invalid symbol ID in JBIG2 symbol dictionary");
411 + goto syntaxError;
412 + }
413 refBitmap = bitmaps[symID];
414 bitmaps[numInputSyms + i] =
415 readGenericRefinementRegion(symWidth, symHeight,
416 @@ -1704,6 +1763,12 @@
417 } else {
418 arithDecoder->decodeInt(&run, iaexStats);
419 }
420 + if (i + run > numInputSyms + numNewSyms ||
421 + (ex && j + run > numExSyms)) {
422 + error(getPos(), "Too many exported symbols in JBIG2 symbol dictionary");
423 + delete symbolDict;
424 + goto syntaxError;
425 + }
426 if (ex) {
427 for (cnt = 0; cnt < run; ++cnt) {
428 symbolDict->setBitmap(j++, bitmaps[i++]->copy());
429 @@ -1713,6 +1778,11 @@
430 }
431 ex = !ex;
432 }
433 + if (j != numExSyms) {
434 + error(getPos(), "Too few symbols in JBIG2 symbol dictionary");
435 + delete symbolDict;
436 + goto syntaxError;
437 + }
438
439 for (i = 0; i < numNewSyms; ++i) {
440 delete bitmaps[numInputSyms + i];
441 @@ -1735,6 +1805,10 @@
442
443 return gTrue;
444
445 + codeTableError:
446 + error(getPos(), "Missing code table in JBIG2 symbol dictionary");
447 + delete codeTables;
448 +
449 syntaxError:
450 for (i = 0; i < numNewSyms; ++i) {
451 if (bitmaps[numInputSyms + i]) {
452 @@ -1837,6 +1911,8 @@
453 }
454 } else {
455 error(getPos(), "Invalid segment reference in JBIG2 text region");
456 + delete codeTables;
457 + return;
458 }
459 }
460 symCodeLen = 0;
461 @@ -1871,6 +1947,9 @@
462 } else if (huffFS == 1) {
463 huffFSTable = huffTableG;
464 } else {
465 + if (i >= (Guint)codeTables->getLength()) {
466 + goto codeTableError;
467 + }
468 huffFSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
469 }
470 if (huffDS == 0) {
471 @@ -1880,6 +1959,9 @@
472 } else if (huffDS == 2) {
473 huffDSTable = huffTableJ;
474 } else {
475 + if (i >= (Guint)codeTables->getLength()) {
476 + goto codeTableError;
477 + }
478 huffDSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
479 }
480 if (huffDT == 0) {
481 @@ -1889,6 +1971,9 @@
482 } else if (huffDT == 2) {
483 huffDTTable = huffTableM;
484 } else {
485 + if (i >= (Guint)codeTables->getLength()) {
486 + goto codeTableError;
487 + }
488 huffDTTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
489 }
490 if (huffRDW == 0) {
491 @@ -1896,6 +1981,9 @@
492 } else if (huffRDW == 1) {
493 huffRDWTable = huffTableO;
494 } else {
495 + if (i >= (Guint)codeTables->getLength()) {
496 + goto codeTableError;
497 + }
498 huffRDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
499 }
500 if (huffRDH == 0) {
501 @@ -1903,6 +1991,9 @@
502 } else if (huffRDH == 1) {
503 huffRDHTable = huffTableO;
504 } else {
505 + if (i >= (Guint)codeTables->getLength()) {
506 + goto codeTableError;
507 + }
508 huffRDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
509 }
510 if (huffRDX == 0) {
511 @@ -1910,6 +2001,9 @@
512 } else if (huffRDX == 1) {
513 huffRDXTable = huffTableO;
514 } else {
515 + if (i >= (Guint)codeTables->getLength()) {
516 + goto codeTableError;
517 + }
518 huffRDXTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
519 }
520 if (huffRDY == 0) {
521 @@ -1917,11 +2011,17 @@
522 } else if (huffRDY == 1) {
523 huffRDYTable = huffTableO;
524 } else {
525 + if (i >= (Guint)codeTables->getLength()) {
526 + goto codeTableError;
527 + }
528 huffRDYTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
529 }
530 if (huffRSize == 0) {
531 huffRSizeTable = huffTableA;
532 } else {
533 + if (i >= (Guint)codeTables->getLength()) {
534 + goto codeTableError;
535 + }
536 huffRSizeTable =
537 ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable();
538 }
539 @@ -2016,8 +2116,15 @@
540
541 return;
542
543 + codeTableError:
544 + error(getPos(), "Missing code table in JBIG2 text region");
545 + gfree(codeTables);
546 + delete syms;
547 + return;
548 +
549 eofError:
550 error(getPos(), "Unexpected EOF in JBIG2 stream");
551 + return;
552 }
553
554 JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine,
555 @@ -2324,8 +2431,8 @@
556 error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
557 return;
558 }
559 - seg = findSegment(refSegs[0]);
560 - if (seg->getType() != jbig2SegPatternDict) {
561 + if (!(seg = findSegment(refSegs[0])) ||
562 + seg->getType() != jbig2SegPatternDict) {
563 error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
564 return;
565 }
566 @@ -2483,7 +2590,7 @@
567
568 // read the bitmap
569 bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse,
570 - NULL, atx, aty, mmr ? 0 : length - 18);
571 + NULL, atx, aty, mmr ? length - 18 : 0);
572
573 // combine the region bitmap into the page bitmap
574 if (imm) {
575 @@ -2505,6 +2612,43 @@
576 error(getPos(), "Unexpected EOF in JBIG2 stream");
577 }
578
579 +inline void JBIG2Stream::mmrAddPixels(int a1, int blackPixels,
580 + int *codingLine, int *a0i, int w) {
581 + if (a1 > codingLine[*a0i]) {
582 + if (a1 > w) {
583 + error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
584 + a1 = w;
585 + }
586 + if ((*a0i & 1) ^ blackPixels) {
587 + ++*a0i;
588 + }
589 + codingLine[*a0i] = a1;
590 + }
591 +}
592 +
593 +inline void JBIG2Stream::mmrAddPixelsNeg(int a1, int blackPixels,
594 + int *codingLine, int *a0i, int w) {
595 + if (a1 > codingLine[*a0i]) {
596 + if (a1 > w) {
597 + error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
598 + a1 = w;
599 + }
600 + if ((*a0i & 1) ^ blackPixels) {
601 + ++*a0i;
602 + }
603 + codingLine[*a0i] = a1;
604 + } else if (a1 < codingLine[*a0i]) {
605 + if (a1 < 0) {
606 + error(getPos(), "Invalid JBIG2 MMR code");
607 + a1 = 0;
608 + }
609 + while (*a0i > 0 && a1 <= codingLine[*a0i - 1]) {
610 + --*a0i;
611 + }
612 + codingLine[*a0i] = a1;
613 + }
614 +}
615 +
616 JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h,
617 int templ, GBool tpgdOn,
618 GBool useSkip, JBIG2Bitmap *skip,
619 @@ -2517,7 +2661,7 @@
620 JBIG2BitmapPtr atPtr0, atPtr1, atPtr2, atPtr3;
621 int *refLine, *codingLine;
622 int code1, code2, code3;
623 - int x, y, a0, pix, i, refI, codingI;
624 + int x, y, a0i, b1i, blackPixels, pix, i;
625
626 bitmap = new JBIG2Bitmap(0, w, h);
627 bitmap->clearToZero();
628 @@ -2527,9 +2671,18 @@
629 if (mmr) {
630
631 mmrDecoder->reset();
632 + if (w > INT_MAX - 2) {
633 + error(getPos(), "Bad width in JBIG2 generic bitmap");
634 + // force a call to gmalloc(-1), which will throw an exception
635 + w = -3;
636 + }
637 + // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = w
638 + // ---> max codingLine size = w + 1
639 + // refLine has one extra guard entry at the end
640 + // ---> max refLine size = w + 2
641 + codingLine = (int *)gmallocn(w + 1, sizeof(int));
642 refLine = (int *)gmallocn(w + 2, sizeof(int));
643 - codingLine = (int *)gmallocn(w + 2, sizeof(int));
644 - codingLine[0] = codingLine[1] = w;
645 + codingLine[0] = w;
646
647 for (y = 0; y < h; ++y) {
648
649 @@ -2537,128 +2690,157 @@
650 for (i = 0; codingLine[i] < w; ++i) {
651 refLine[i] = codingLine[i];
652 }
653 - refLine[i] = refLine[i + 1] = w;
654 + refLine[i++] = w;
655 + refLine[i] = w;
656
657 // decode a line
658 - refI = 0; // b1 = refLine[refI]
659 - codingI = 0; // a1 = codingLine[codingI]
660 - a0 = 0;
661 - do {
662 + codingLine[0] = 0;
663 + a0i = 0;
664 + b1i = 0;
665 + blackPixels = 0;
666 + // invariant:
667 + // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] <= w
668 + // exception at left edge:
669 + // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
670 + // exception at right edge:
671 + // refLine[b1i] = refLine[b1i+1] = w is possible
672 + while (codingLine[a0i] < w) {
673 code1 = mmrDecoder->get2DCode();
674 switch (code1) {
675 case twoDimPass:
676 - if (refLine[refI] < w) {
677 - a0 = refLine[refI + 1];
678 - refI += 2;
679 - }
680 - break;
681 + mmrAddPixels(refLine[b1i + 1], blackPixels, codingLine, &a0i, w);
682 + if (refLine[b1i + 1] < w) {
683 + b1i += 2;
684 + }
685 + break;
686 case twoDimHoriz:
687 - if (codingI & 1) {
688 - code1 = 0;
689 - do {
690 - code1 += code3 = mmrDecoder->getBlackCode();
691 - } while (code3 >= 64);
692 - code2 = 0;
693 - do {
694 - code2 += code3 = mmrDecoder->getWhiteCode();
695 - } while (code3 >= 64);
696 - } else {
697 - code1 = 0;
698 - do {
699 - code1 += code3 = mmrDecoder->getWhiteCode();
700 - } while (code3 >= 64);
701 - code2 = 0;
702 - do {
703 - code2 += code3 = mmrDecoder->getBlackCode();
704 - } while (code3 >= 64);
705 - }
706 - if (code1 > 0 || code2 > 0) {
707 - a0 = codingLine[codingI++] = a0 + code1;
708 - a0 = codingLine[codingI++] = a0 + code2;
709 - while (refLine[refI] <= a0 && refLine[refI] < w) {
710 - refI += 2;
711 - }
712 - }
713 - break;
714 - case twoDimVert0:
715 - a0 = codingLine[codingI++] = refLine[refI];
716 - if (refLine[refI] < w) {
717 - ++refI;
718 - }
719 - break;
720 - case twoDimVertR1:
721 - a0 = codingLine[codingI++] = refLine[refI] + 1;
722 - if (refLine[refI] < w) {
723 - ++refI;
724 - while (refLine[refI] <= a0 && refLine[refI] < w) {
725 - refI += 2;
726 - }
727 - }
728 - break;
729 - case twoDimVertR2:
730 - a0 = codingLine[codingI++] = refLine[refI] + 2;
731 - if (refLine[refI] < w) {
732 - ++refI;
733 - while (refLine[refI] <= a0 && refLine[refI] < w) {
734 - refI += 2;
735 - }
736 - }
737 - break;
738 + code1 = code2 = 0;
739 + if (blackPixels) {
740 + do {
741 + code1 += code3 = mmrDecoder->getBlackCode();
742 + } while (code3 >= 64);
743 + do {
744 + code2 += code3 = mmrDecoder->getWhiteCode();
745 + } while (code3 >= 64);
746 + } else {
747 + do {
748 + code1 += code3 = mmrDecoder->getWhiteCode();
749 + } while (code3 >= 64);
750 + do {
751 + code2 += code3 = mmrDecoder->getBlackCode();
752 + } while (code3 >= 64);
753 + }
754 + mmrAddPixels(codingLine[a0i] + code1, blackPixels,
755 + codingLine, &a0i, w);
756 + if (codingLine[a0i] < w) {
757 + mmrAddPixels(codingLine[a0i] + code2, blackPixels ^ 1,
758 + codingLine, &a0i, w);
759 + }
760 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
761 + b1i += 2;
762 + }
763 + break;
764 case twoDimVertR3:
765 - a0 = codingLine[codingI++] = refLine[refI] + 3;
766 - if (refLine[refI] < w) {
767 - ++refI;
768 - while (refLine[refI] <= a0 && refLine[refI] < w) {
769 - refI += 2;
770 - }
771 - }
772 - break;
773 - case twoDimVertL1:
774 - a0 = codingLine[codingI++] = refLine[refI] - 1;
775 - if (refI > 0) {
776 - --refI;
777 - } else {
778 - ++refI;
779 - }
780 - while (refLine[refI] <= a0 && refLine[refI] < w) {
781 - refI += 2;
782 - }
783 - break;
784 - case twoDimVertL2:
785 - a0 = codingLine[codingI++] = refLine[refI] - 2;
786 - if (refI > 0) {
787 - --refI;
788 - } else {
789 - ++refI;
790 - }
791 - while (refLine[refI] <= a0 && refLine[refI] < w) {
792 - refI += 2;
793 - }
794 - break;
795 + mmrAddPixels(refLine[b1i] + 3, blackPixels, codingLine, &a0i, w);
796 + blackPixels ^= 1;
797 + if (codingLine[a0i] < w) {
798 + ++b1i;
799 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
800 + b1i += 2;
801 + }
802 + }
803 + break;
804 + case twoDimVertR2:
805 + mmrAddPixels(refLine[b1i] + 2, blackPixels, codingLine, &a0i, w);
806 + blackPixels ^= 1;
807 + if (codingLine[a0i] < w) {
808 + ++b1i;
809 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
810 + b1i += 2;
811 + }
812 + }
813 + break;
814 + case twoDimVertR1:
815 + mmrAddPixels(refLine[b1i] + 1, blackPixels, codingLine, &a0i, w);
816 + blackPixels ^= 1;
817 + if (codingLine[a0i] < w) {
818 + ++b1i;
819 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
820 + b1i += 2;
821 + }
822 + }
823 + break;
824 + case twoDimVert0:
825 + mmrAddPixels(refLine[b1i], blackPixels, codingLine, &a0i, w);
826 + blackPixels ^= 1;
827 + if (codingLine[a0i] < w) {
828 + ++b1i;
829 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
830 + b1i += 2;
831 + }
832 + }
833 + break;
834 case twoDimVertL3:
835 - a0 = codingLine[codingI++] = refLine[refI] - 3;
836 - if (refI > 0) {
837 - --refI;
838 - } else {
839 - ++refI;
840 - }
841 - while (refLine[refI] <= a0 && refLine[refI] < w) {
842 - refI += 2;
843 - }
844 - break;
845 + mmrAddPixelsNeg(refLine[b1i] - 3, blackPixels, codingLine, &a0i, w);
846 + blackPixels ^= 1;
847 + if (codingLine[a0i] < w) {
848 + if (b1i > 0) {
849 + --b1i;
850 + } else {
851 + ++b1i;
852 + }
853 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
854 + b1i += 2;
855 + }
856 + }
857 + break;
858 + case twoDimVertL2:
859 + mmrAddPixelsNeg(refLine[b1i] - 2, blackPixels, codingLine, &a0i, w);
860 + blackPixels ^= 1;
861 + if (codingLine[a0i] < w) {
862 + if (b1i > 0) {
863 + --b1i;
864 + } else {
865 + ++b1i;
866 + }
867 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
868 + b1i += 2;
869 + }
870 + }
871 + break;
872 + case twoDimVertL1:
873 + mmrAddPixelsNeg(refLine[b1i] - 1, blackPixels, codingLine, &a0i, w);
874 + blackPixels ^= 1;
875 + if (codingLine[a0i] < w) {
876 + if (b1i > 0) {
877 + --b1i;
878 + } else {
879 + ++b1i;
880 + }
881 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) {
882 + b1i += 2;
883 + }
884 + }
885 + break;
886 + case EOF:
887 + mmrAddPixels(w, 0, codingLine, &a0i, w);
888 + break;
889 default:
890 error(getPos(), "Illegal code in JBIG2 MMR bitmap data");
891 + mmrAddPixels(w, 0, codingLine, &a0i, w);
892 break;
893 }
894 - } while (a0 < w);
895 - codingLine[codingI++] = w;
896 + }
897
898 // convert the run lengths to a bitmap line
899 i = 0;
900 - while (codingLine[i] < w) {
901 + while (1) {
902 for (x = codingLine[i]; x < codingLine[i+1]; ++x) {
903 bitmap->setPixel(x, y);
904 }
905 + if (codingLine[i+1] >= w || codingLine[i+2] >= w) {
906 + break;
907 + }
908 i += 2;
909 }
910 }
911 @@ -2706,7 +2888,9 @@
912 ltp = !ltp;
913 }
914 if (ltp) {
915 - bitmap->duplicateRow(y, y-1);
916 + if (y > 0) {
917 + bitmap->duplicateRow(y, y-1);
918 + }
919 continue;
920 }
921 }
922 @@ -2909,8 +3093,8 @@
923 return;
924 }
925 if (nRefSegs == 1) {
926 - seg = findSegment(refSegs[0]);
927 - if (seg->getType() != jbig2SegBitmap) {
928 + if (!(seg = findSegment(refSegs[0])) ||
929 + seg->getType() != jbig2SegBitmap) {
930 error(getPos(), "Bad bitmap reference in JBIG2 generic refinement segment");
931 return;
932 }
933 @@ -3004,6 +3188,10 @@
934 tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2);
935 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
936 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
937 + } else {
938 + tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy
939 + tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0;
940 + tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0;
941 }
942
943 for (x = 0; x < w; ++x) {
944 @@ -3075,6 +3263,10 @@
945 tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2);
946 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
947 tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2);
948 + } else {
949 + tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy
950 + tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0;
951 + tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0;
952 }
953
954 for (x = 0; x < w; ++x) {
955 --- misc/xpdf-3.02/xpdf/JBIG2Stream.h 2007-02-27 23:05:52.000000000 +0100
956 +++ misc/build/xpdf-3.02/xpdf/JBIG2Stream.h 2009-04-22 19:21:14.293918758 +0200
957 @@ -78,6 +78,10 @@
958 Guint *refSegs, Guint nRefSegs);
959 void readGenericRegionSeg(Guint segNum, GBool imm,
960 GBool lossless, Guint length);
961 + void mmrAddPixels(int a1, int blackPixels,
962 + int *codingLine, int *a0i, int w);
963 + void mmrAddPixelsNeg(int a1, int blackPixels,
964 + int *codingLine, int *a0i, int w);
965 JBIG2Bitmap *readGenericBitmap(GBool mmr, int w, int h,
966 int templ, GBool tpgdOn,
967 GBool useSkip, JBIG2Bitmap *skip,
968 --- misc/xpdf-3.02/xpdf/Makefile.in 2007-02-27 23:05:52.000000000 +0100
969 +++ misc/build/xpdf-3.02/xpdf/Makefile.in 2009-04-22 19:20:56.651099700 +0200
970 @@ -20,6 +20,8 @@
971 SPLASHLIBDIR = ../splash
972
973 CXXFLAGS = @CXXFLAGS@ @DEFS@ -I.. -I$(GOOSRCDIR) -I$(FOFISRCDIR) -I$(SPLASHSRCDIR) -I$(srcdir) @freetype2_CFLAGS@ @Sgm_CFLAGS@ @Xm_CFLAGS@ @Xt_CFLAGS@ @Xp_CFLAGS@ @Xext_CFLAGS@ @Xpm_CFLAGS@ @t1_CFLAGS@ @libpaper_CFLAGS@ @X_CFLAGS@
974 +AR = ar rc
975 +RANLIB = ranlib
976
977 LDFLAGS = @LDFLAGS@
978
979 @@ -107,10 +109,27 @@
980 #------------------------------------------------------------------------
981
982 all: xpdf$(EXE) pdftops$(EXE) pdftotext$(EXE) pdfinfo$(EXE) \
983 - pdffonts$(EXE) pdftoppm$(EXE) pdfimages$(EXE)
984 + pdffonts$(EXE) pdftoppm$(EXE) pdfimages$(EXE) $(LIBPREFIX)xpdf.a
985
986 all-no-x: pdftops$(EXE) pdftotext$(EXE) pdfinfo$(EXE) pdffonts$(EXE) \
987 - pdfimages$(EXE)
988 + pdfimages$(EXE) $(LIBPREFIX)xpdf.a
989 +
990 +#------------------------------------------------------------------------
991 +
992 +XPDFLIB_OBJS = Annot.o Array.o BuiltinFont.o BuiltinFontTables.o Catalog.o \
993 + CharCodeToUnicode.o CMap.o Decrypt.o Dict.o \
994 + Error.o FontEncodingTables.o Function.o Gfx.o GfxFont.o \
995 + GfxState.o GlobalParams.o JArithmeticDecoder.o JBIG2Stream.o \
996 + JPXStream.o Lexer.o Link.o NameToCharCode.o Object.o Outline.o \
997 + OutputDev.o Page.o Parser.o PDFCore.o PDFDoc.o PDFDocEncoding.o \
998 + PSTokenizer.o SecurityHandler.o \
999 + Stream.o UnicodeMap.o \
1000 + UnicodeTypeTable.o XRef.o
1001 +
1002 +$(LIBPREFIX)xpdf.a: $(XPDFLIB_OBJS)
1003 + rm -f $(LIBPREFIX)xpdf.a
1004 + $(AR) $(LIBPREFIX)xpdf.a $(XPDFLIB_OBJS)
1005 + $(RANLIB) $(LIBPREFIX)xpdf.a
1006
1007 #------------------------------------------------------------------------
1008
1009 --- misc/xpdf-3.02/xpdf/Stream.cc 2007-02-27 23:05:52.000000000 +0100
1010 +++ misc/build/xpdf-3.02/xpdf/Stream.cc 2009-04-22 19:20:56.661311973 +0200
1011 @@ -410,15 +410,13 @@
1012 ok = gFalse;
1013
1014 nVals = width * nComps;
1015 - if (width <= 0 || nComps <= 0 || nBits <= 0 ||
1016 - nComps >= INT_MAX / nBits ||
1017 - width >= INT_MAX / nComps / nBits ||
1018 - nVals * nBits + 7 < 0) {
1019 - return;
1020 - }
1021 pixBytes = (nComps * nBits + 7) >> 3;
1022 rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
1023 - if (rowBytes <= 0) {
1024 + if (width <= 0 || nComps <= 0 || nBits <= 0 ||
1025 + nComps > gfxColorMaxComps ||
1026 + nBits > 16 ||
1027 + width >= INT_MAX / nComps || // check for overflow in nVals
1028 + nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
1029 return;
1030 }
1031 predLine = (Guchar *)gmalloc(rowBytes);
1032 @@ -1245,23 +1243,26 @@
1033 columns = columnsA;
1034 if (columns < 1) {
1035 columns = 1;
1036 - }
1037 - if (columns + 4 <= 0) {
1038 - columns = INT_MAX - 4;
1039 + } else if (columns > INT_MAX - 2) {
1040 + columns = INT_MAX - 2;
1041 }
1042 rows = rowsA;
1043 endOfBlock = endOfBlockA;
1044 black = blackA;
1045 - refLine = (short *)gmallocn(columns + 3, sizeof(short));
1046 - codingLine = (short *)gmallocn(columns + 2, sizeof(short));
1047 + // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
1048 + // ---> max codingLine size = columns + 1
1049 + // refLine has one extra guard entry at the end
1050 + // ---> max refLine size = columns + 2
1051 + codingLine = (int *)gmallocn(columns + 1, sizeof(int));
1052 + refLine = (int *)gmallocn(columns + 2, sizeof(int));
1053
1054 eof = gFalse;
1055 row = 0;
1056 nextLine2D = encoding < 0;
1057 inputBits = 0;
1058 - codingLine[0] = 0;
1059 - codingLine[1] = refLine[2] = columns;
1060 - a0 = 1;
1061 + codingLine[0] = columns;
1062 + a0i = 0;
1063 + outputBits = 0;
1064
1065 buf = EOF;
1066 }
1067 @@ -1280,9 +1281,9 @@
1068 row = 0;
1069 nextLine2D = encoding < 0;
1070 inputBits = 0;
1071 - codingLine[0] = 0;
1072 - codingLine[1] = columns;
1073 - a0 = 1;
1074 + codingLine[0] = columns;
1075 + a0i = 0;
1076 + outputBits = 0;
1077 buf = EOF;
1078
1079 // skip any initial zero bits and end-of-line marker, and get the 2D
1080 @@ -1299,211 +1300,230 @@
1081 }
1082 }
1083
1084 +inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
1085 + if (a1 > codingLine[a0i]) {
1086 + if (a1 > columns) {
1087 + error(getPos(), "CCITTFax row is wrong length (%d)", a1);
1088 + err = gTrue;
1089 + a1 = columns;
1090 + }
1091 + if ((a0i & 1) ^ blackPixels) {
1092 + ++a0i;
1093 + }
1094 + codingLine[a0i] = a1;
1095 + }
1096 +}
1097 +
1098 +inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
1099 + if (a1 > codingLine[a0i]) {
1100 + if (a1 > columns) {
1101 + error(getPos(), "CCITTFax row is wrong length (%d)", a1);
1102 + err = gTrue;
1103 + a1 = columns;
1104 + }
1105 + if ((a0i & 1) ^ blackPixels) {
1106 + ++a0i;
1107 + }
1108 + codingLine[a0i] = a1;
1109 + } else if (a1 < codingLine[a0i]) {
1110 + if (a1 < 0) {
1111 + error(getPos(), "Invalid CCITTFax code");
1112 + err = gTrue;
1113 + a1 = 0;
1114 + }
1115 + while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
1116 + --a0i;
1117 + }
1118 + codingLine[a0i] = a1;
1119 + }
1120 +}
1121 +
1122 int CCITTFaxStream::lookChar() {
1123 short code1, code2, code3;
1124 - int a0New;
1125 - GBool err, gotEOL;
1126 - int ret;
1127 - int bits, i;
1128 + int b1i, blackPixels, i, bits;
1129 + GBool gotEOL;
1130
1131 - // if at eof just return EOF
1132 - if (eof && codingLine[a0] >= columns) {
1133 - return EOF;
1134 + if (buf != EOF) {
1135 + return buf;
1136 }
1137
1138 // read the next row
1139 - err = gFalse;
1140 - if (codingLine[a0] >= columns) {
1141 + if (outputBits == 0) {
1142 +
1143 + // if at eof just return EOF
1144 + if (eof) {
1145 + return EOF;
1146 + }
1147 +
1148 + err = gFalse;
1149
1150 // 2-D encoding
1151 if (nextLine2D) {
1152 - // state:
1153 - // a0New = current position in coding line (0 <= a0New <= columns)
1154 - // codingLine[a0] = last change in coding line
1155 - // (black-to-white if a0 is even,
1156 - // white-to-black if a0 is odd)
1157 - // refLine[b1] = next change in reference line of opposite color
1158 - // to a0
1159 - // invariants:
1160 - // 0 <= codingLine[a0] <= a0New
1161 - // <= refLine[b1] <= refLine[b1+1] <= columns
1162 - // 0 <= a0 <= columns+1
1163 - // refLine[0] = 0
1164 - // refLine[n] = refLine[n+1] = columns
1165 - // -- for some 1 <= n <= columns+1
1166 - // end condition:
1167 - // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ...
1168 - // < codingLine[n-1] < codingLine[n] = columns
1169 - // -- where 1 <= n <= columns+1
1170 for (i = 0; codingLine[i] < columns; ++i) {
1171 refLine[i] = codingLine[i];
1172 }
1173 - refLine[i] = refLine[i + 1] = columns;
1174 - b1 = 1;
1175 - a0New = codingLine[a0 = 0] = 0;
1176 - do {
1177 + refLine[i++] = columns;
1178 + refLine[i] = columns;
1179 + codingLine[0] = 0;
1180 + a0i = 0;
1181 + b1i = 0;
1182 + blackPixels = 0;
1183 + // invariant:
1184 + // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
1185 + // <= columns
1186 + // exception at left edge:
1187 + // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
1188 + // exception at right edge:
1189 + // refLine[b1i] = refLine[b1i+1] = columns is possible
1190 + while (codingLine[a0i] < columns) {
1191 code1 = getTwoDimCode();
1192 switch (code1) {
1193 case twoDimPass:
1194 - if (refLine[b1] < columns) {
1195 - a0New = refLine[b1 + 1];
1196 - b1 += 2;
1197 + addPixels(refLine[b1i + 1], blackPixels);
1198 + if (refLine[b1i + 1] < columns) {
1199 + b1i += 2;
1200 }
1201 break;
1202 case twoDimHoriz:
1203 - if ((a0 & 1) == 0) {
1204 - code1 = code2 = 0;
1205 + code1 = code2 = 0;
1206 + if (blackPixels) {
1207 do {
1208 - code1 += code3 = getWhiteCode();
1209 + code1 += code3 = getBlackCode();
1210 } while (code3 >= 64);
1211 do {
1212 - code2 += code3 = getBlackCode();
1213 + code2 += code3 = getWhiteCode();
1214 } while (code3 >= 64);
1215 } else {
1216 - code1 = code2 = 0;
1217 do {
1218 - code1 += code3 = getBlackCode();
1219 + code1 += code3 = getWhiteCode();
1220 } while (code3 >= 64);
1221 do {
1222 - code2 += code3 = getWhiteCode();
1223 + code2 += code3 = getBlackCode();
1224 } while (code3 >= 64);
1225 }
1226 - if (code1 > 0 || code2 > 0) {
1227 - if (a0New + code1 <= columns) {
1228 - codingLine[a0 + 1] = a0New + code1;
1229 - } else {
1230 - codingLine[a0 + 1] = columns;
1231 - }
1232 - ++a0;
1233 - if (codingLine[a0] + code2 <= columns) {
1234 - codingLine[a0 + 1] = codingLine[a0] + code2;
1235 - } else {
1236 - codingLine[a0 + 1] = columns;
1237 - }
1238 - ++a0;
1239 - a0New = codingLine[a0];
1240 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1241 - b1 += 2;
1242 + addPixels(codingLine[a0i] + code1, blackPixels);
1243 + if (codingLine[a0i] < columns) {
1244 + addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
1245 + }
1246 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1247 + b1i += 2;
1248 + }
1249 + break;
1250 + case twoDimVertR3:
1251 + addPixels(refLine[b1i] + 3, blackPixels);
1252 + blackPixels ^= 1;
1253 + if (codingLine[a0i] < columns) {
1254 + ++b1i;
1255 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1256 + b1i += 2;
1257 }
1258 }
1259 break;
1260 - case twoDimVert0:
1261 - if (refLine[b1] < columns) {
1262 - a0New = codingLine[++a0] = refLine[b1];
1263 - ++b1;
1264 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1265 - b1 += 2;
1266 + case twoDimVertR2:
1267 + addPixels(refLine[b1i] + 2, blackPixels);
1268 + blackPixels ^= 1;
1269 + if (codingLine[a0i] < columns) {
1270 + ++b1i;
1271 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1272 + b1i += 2;
1273 }
1274 - } else {
1275 - a0New = codingLine[++a0] = columns;
1276 }
1277 break;
1278 case twoDimVertR1:
1279 - if (refLine[b1] + 1 < columns) {
1280 - a0New = codingLine[++a0] = refLine[b1] + 1;
1281 - ++b1;
1282 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1283 - b1 += 2;
1284 + addPixels(refLine[b1i] + 1, blackPixels);
1285 + blackPixels ^= 1;
1286 + if (codingLine[a0i] < columns) {
1287 + ++b1i;
1288 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1289 + b1i += 2;
1290 }
1291 - } else {
1292 - a0New = codingLine[++a0] = columns;
1293 }
1294 break;
1295 - case twoDimVertL1:
1296 - if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) {
1297 - a0New = codingLine[++a0] = refLine[b1] - 1;
1298 - --b1;
1299 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1300 - b1 += 2;
1301 + case twoDimVert0:
1302 + addPixels(refLine[b1i], blackPixels);
1303 + blackPixels ^= 1;
1304 + if (codingLine[a0i] < columns) {
1305 + ++b1i;
1306 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1307 + b1i += 2;
1308 }
1309 }
1310 break;
1311 - case twoDimVertR2:
1312 - if (refLine[b1] + 2 < columns) {
1313 - a0New = codingLine[++a0] = refLine[b1] + 2;
1314 - ++b1;
1315 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1316 - b1 += 2;
1317 + case twoDimVertL3:
1318 + addPixelsNeg(refLine[b1i] - 3, blackPixels);
1319 + blackPixels ^= 1;
1320 + if (codingLine[a0i] < columns) {
1321 + if (b1i > 0) {
1322 + --b1i;
1323 + } else {
1324 + ++b1i;
1325 + }
1326 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1327 + b1i += 2;
1328 }
1329 - } else {
1330 - a0New = codingLine[++a0] = columns;
1331 }
1332 break;
1333 case twoDimVertL2:
1334 - if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) {
1335 - a0New = codingLine[++a0] = refLine[b1] - 2;
1336 - --b1;
1337 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1338 - b1 += 2;
1339 + addPixelsNeg(refLine[b1i] - 2, blackPixels);
1340 + blackPixels ^= 1;
1341 + if (codingLine[a0i] < columns) {
1342 + if (b1i > 0) {
1343 + --b1i;
1344 + } else {
1345 + ++b1i;
1346 }
1347 - }
1348 - break;
1349 - case twoDimVertR3:
1350 - if (refLine[b1] + 3 < columns) {
1351 - a0New = codingLine[++a0] = refLine[b1] + 3;
1352 - ++b1;
1353 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1354 - b1 += 2;
1355 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1356 + b1i += 2;
1357 }
1358 - } else {
1359 - a0New = codingLine[++a0] = columns;
1360 }
1361 break;
1362 - case twoDimVertL3:
1363 - if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) {
1364 - a0New = codingLine[++a0] = refLine[b1] - 3;
1365 - --b1;
1366 - while (refLine[b1] <= a0New && refLine[b1] < columns) {
1367 - b1 += 2;
1368 + case twoDimVertL1:
1369 + addPixelsNeg(refLine[b1i] - 1, blackPixels);
1370 + blackPixels ^= 1;
1371 + if (codingLine[a0i] < columns) {
1372 + if (b1i > 0) {
1373 + --b1i;
1374 + } else {
1375 + ++b1i;
1376 + }
1377 + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
1378 + b1i += 2;
1379 }
1380 }
1381 break;
1382 case EOF:
1383 + addPixels(columns, 0);
1384 eof = gTrue;
1385 - codingLine[a0 = 0] = columns;
1386 - return EOF;
1387 + break;
1388 default:
1389 error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
1390 + addPixels(columns, 0);
1391 err = gTrue;
1392 break;
1393 }
1394 - } while (codingLine[a0] < columns);
1395 + }
1396
1397 // 1-D encoding
1398 } else {
1399 - codingLine[a0 = 0] = 0;
1400 - while (1) {
1401 + codingLine[0] = 0;
1402 + a0i = 0;
1403 + blackPixels = 0;
1404 + while (codingLine[a0i] < columns) {
1405 code1 = 0;
1406 - do {
1407 - code1 += code3 = getWhiteCode();
1408 - } while (code3 >= 64);
1409 - codingLine[a0+1] = codingLine[a0] + code1;
1410 - ++a0;
1411 - if (codingLine[a0] >= columns) {
1412 - break;
1413 - }
1414 - code2 = 0;
1415 - do {
1416 - code2 += code3 = getBlackCode();
1417 - } while (code3 >= 64);
1418 - codingLine[a0+1] = codingLine[a0] + code2;
1419 - ++a0;
1420 - if (codingLine[a0] >= columns) {
1421 - break;
1422 + if (blackPixels) {
1423 + do {
1424 + code1 += code3 = getBlackCode();
1425 + } while (code3 >= 64);
1426 + } else {
1427 + do {
1428 + code1 += code3 = getWhiteCode();
1429 + } while (code3 >= 64);
1430 }
1431 + addPixels(codingLine[a0i] + code1, blackPixels);
1432 + blackPixels ^= 1;
1433 }
1434 }
1435
1436 - if (codingLine[a0] != columns) {
1437 - error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
1438 - // force the row to be the correct length
1439 - while (codingLine[a0] > columns) {
1440 - --a0;
1441 - }
1442 - codingLine[++a0] = columns;
1443 - err = gTrue;
1444 - }
1445 -
1446 // byte-align the row
1447 if (byteAlign) {
1448 inputBits &= ~7;
1449 @@ -1562,14 +1582,17 @@
1450 // this if we know the stream contains end-of-line markers because
1451 // the "just plow on" technique tends to work better otherwise
1452 } else if (err && endOfLine) {
1453 - do {
1454 + while (1) {
1455 + code1 = lookBits(13);
1456 if (code1 == EOF) {
1457 eof = gTrue;
1458 return EOF;
1459 }
1460 + if ((code1 >> 1) == 0x001) {
1461 + break;
1462 + }
1463 eatBits(1);
1464 - code1 = lookBits(13);
1465 - } while ((code1 >> 1) != 0x001);
1466 + }
1467 eatBits(12);
1468 if (encoding > 0) {
1469 eatBits(1);
1470 @@ -1577,11 +1600,11 @@
1471 }
1472 }
1473
1474 - a0 = 0;
1475 - outputBits = codingLine[1] - codingLine[0];
1476 - if (outputBits == 0) {
1477 - a0 = 1;
1478 - outputBits = codingLine[2] - codingLine[1];
1479 + // set up for output
1480 + if (codingLine[0] > 0) {
1481 + outputBits = codingLine[a0i = 0];
1482 + } else {
1483 + outputBits = codingLine[a0i = 1];
1484 }
1485
1486 ++row;
1487 @@ -1589,39 +1612,43 @@
1488
1489 // get a byte
1490 if (outputBits >= 8) {
1491 - ret = ((a0 & 1) == 0) ? 0xff : 0x00;
1492 - if ((outputBits -= 8) == 0) {
1493 - ++a0;
1494 - if (codingLine[a0] < columns) {
1495 - outputBits = codingLine[a0 + 1] - codingLine[a0];
1496 - }
1497 + buf = (a0i & 1) ? 0x00 : 0xff;
1498 + outputBits -= 8;
1499 + if (outputBits == 0 && codingLine[a0i] < columns) {
1500 + ++a0i;
1501 + outputBits = codingLine[a0i] - codingLine[a0i - 1];
1502 }
1503 } else {
1504 bits = 8;
1505 - ret = 0;
1506 + buf = 0;
1507 do {
1508 if (outputBits > bits) {
1509 - i = bits;
1510 - bits = 0;
1511 - if ((a0 & 1) == 0) {
1512 - ret |= 0xff >> (8 - i);
1513 + buf <<= bits;
1514 + if (!(a0i & 1)) {
1515 + buf |= 0xff >> (8 - bits);
1516 }
1517 - outputBits -= i;
1518 + outputBits -= bits;
1519 + bits = 0;
1520 } else {
1521 - i = outputBits;
1522 - bits -= outputBits;
1523 - if ((a0 & 1) == 0) {
1524 - ret |= (0xff >> (8 - i)) << bits;
1525 + buf <<= outputBits;
1526 + if (!(a0i & 1)) {
1527 + buf |= 0xff >> (8 - outputBits);
1528 }
1529 + bits -= outputBits;
1530 outputBits = 0;
1531 - ++a0;
1532 - if (codingLine[a0] < columns) {
1533 - outputBits = codingLine[a0 + 1] - codingLine[a0];
1534 + if (codingLine[a0i] < columns) {
1535 + ++a0i;
1536 + outputBits = codingLine[a0i] - codingLine[a0i - 1];
1537 + } else if (bits > 0) {
1538 + buf <<= bits;
1539 + bits = 0;
1540 }
1541 }
1542 - } while (bits > 0 && codingLine[a0] < columns);
1543 + } while (bits);
1544 + }
1545 + if (black) {
1546 + buf ^= 0xff;
1547 }
1548 - buf = black ? (ret ^ 0xff) : ret;
1549 return buf;
1550 }
1551
1552 @@ -1663,6 +1690,9 @@
1553 code = 0; // make gcc happy
1554 if (endOfBlock) {
1555 code = lookBits(12);
1556 + if (code == EOF) {
1557 + return 1;
1558 + }
1559 if ((code >> 5) == 0) {
1560 p = &whiteTab1[code];
1561 } else {
1562 @@ -1675,6 +1705,9 @@
1563 } else {
1564 for (n = 1; n <= 9; ++n) {
1565 code = lookBits(n);
1566 + if (code == EOF) {
1567 + return 1;
1568 + }
1569 if (n < 9) {
1570 code <<= 9 - n;
1571 }
1572 @@ -1686,6 +1719,9 @@
1573 }
1574 for (n = 11; n <= 12; ++n) {
1575 code = lookBits(n);
1576 + if (code == EOF) {
1577 + return 1;
1578 + }
1579 if (n < 12) {
1580 code <<= 12 - n;
1581 }
1582 @@ -1711,9 +1747,12 @@
1583 code = 0; // make gcc happy
1584 if (endOfBlock) {
1585 code = lookBits(13);
1586 + if (code == EOF) {
1587 + return 1;
1588 + }
1589 if ((code >> 7) == 0) {
1590 p = &blackTab1[code];
1591 - } else if ((code >> 9) == 0) {
1592 + } else if ((code >> 9) == 0 && (code >> 7) != 0) {
1593 p = &blackTab2[(code >> 1) - 64];
1594 } else {
1595 p = &blackTab3[code >> 7];
1596 @@ -1725,6 +1764,9 @@
1597 } else {
1598 for (n = 2; n <= 6; ++n) {
1599 code = lookBits(n);
1600 + if (code == EOF) {
1601 + return 1;
1602 + }
1603 if (n < 6) {
1604 code <<= 6 - n;
1605 }
1606 @@ -1736,6 +1778,9 @@
1607 }
1608 for (n = 7; n <= 12; ++n) {
1609 code = lookBits(n);
1610 + if (code == EOF) {
1611 + return 1;
1612 + }
1613 if (n < 12) {
1614 code <<= 12 - n;
1615 }
1616 @@ -1749,6 +1794,9 @@
1617 }
1618 for (n = 10; n <= 13; ++n) {
1619 code = lookBits(n);
1620 + if (code == EOF) {
1621 + return 1;
1622 + }
1623 if (n < 13) {
1624 code <<= 13 - n;
1625 }
1626 @@ -1963,6 +2011,12 @@
1627 // allocate a buffer for the whole image
1628 bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
1629 bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
1630 + if (bufWidth <= 0 || bufHeight <= 0 ||
1631 + bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
1632 + error(getPos(), "Invalid image size in DCT stream");
1633 + y = height;
1634 + return;
1635 + }
1636 for (i = 0; i < numComps; ++i) {
1637 frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
1638 memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
1639 @@ -3038,6 +3092,11 @@
1640 }
1641 scanInfo.firstCoeff = str->getChar();
1642 scanInfo.lastCoeff = str->getChar();
1643 + if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
1644 + scanInfo.firstCoeff > scanInfo.lastCoeff) {
1645 + error(getPos(), "Bad DCT coefficient numbers in scan info block");
1646 + return gFalse;
1647 + }
1648 c = str->getChar();
1649 scanInfo.ah = (c >> 4) & 0x0f;
1650 scanInfo.al = c & 0x0f;
1651 --- misc/xpdf-3.02/xpdf/Stream.h Tue Feb 27 23:05:52 2007
1652 +++ misc/build/xpdf-3.02/xpdf/Stream.h Mon Apr 21 15:42:50 2008
1653 @@ -528,13 +528,15 @@
1654 int row; // current row
1655 int inputBuf; // input buffer
1656 int inputBits; // number of bits in input buffer
1657 - short *refLine; // reference line changing elements
1658 - int b1; // index into refLine
1659 - short *codingLine; // coding line changing elements
1660 - int a0; // index into codingLine
1661 + int *codingLine; // coding line changing elements
1662 + int *refLine; // reference line changing elements
1663 + int a0i; // index into codingLine
1664 + GBool err; // error on current line
1665 int outputBits; // remaining ouput bits
1666 int buf; // character buffer
1667
1668 + void addPixels(int a1, int black);
1669 + void addPixelsNeg(int a1, int black);
1670 short getTwoDimCode();
1671 short getWhiteCode();
1672 short getBlackCode();
vba interoperability for OOo