kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Sync pdftops with xpdf 3.01pl2, fixing at least two possible

Browse source 
integer overflows. Bump revision.
This commit is contained in:
joerg 2006-03-29 17:22:46 +00:00
parent 9ad2ba16ec
commit 9b77c3c96f
5 changed files with 115 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
print/cups/Makefile
View file

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.107 2006/02/15 19:06:47 joerg Exp $
# $NetBSD: Makefile,v 1.108 2006/03/29 17:22:46 joerg Exp $
#
# The CUPS author is very good about taking back changes into the main
# CUPS distribution. The correct place to send patches or bug-fixes is:
@ -6,7 +6,7 @@
DISTNAME= cups-${DIST_VERS}-source
PKGNAME= cups-${VERS}
PKGREVISION= 7
PKGREVISION= 8
BASE_VERS= 1.1.23
DIST_VERS= ${BASE_VERS}
VERS= ${DIST_VERS:S/-/./g}

8
print/cups/distinfo
View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.38 2006/02/16 15:52:15 yyamano Exp $
$NetBSD: distinfo,v 1.39 2006/03/29 17:22:46 joerg Exp $
SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c
RMD160 (cups-1.1.23-source.tar.bz2) = 255ec4c22422b14f2367d69f3ec7e590dc46bea5
@ -13,10 +13,10 @@ SHA1 (patch-ag) = 47a5c7a9ad7c604fa3253aebbaa62f576fb477d0
SHA1 (patch-ah) = 1ef58b7e1dfcbd8aabb9e822d30f995b3d653ea4
SHA1 (patch-an) = 8eb0f80067839d3d112d93e08cb8ad6854fa2b4c
SHA1 (patch-ao) = c4c8f833cf4a09a686a338df6c209cebec36c6ef
SHA1 (patch-ap) = 81b8213e16f875b22d0684d0c06dfe75af11dcb4
SHA1 (patch-ap) = 2351844f81a561d69cd02a1e83e30f3c9ee33f5f
SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f
SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98
SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11
SHA1 (patch-aw) = f9a83423eac1a631b67e10911e0ef9e111da9b84
SHA1 (patch-be) = 98f0c2d060df5f6bd95129d80b5ba29c276a3c67
SHA1 (patch-bf) = 50d42bcdf3b103e2c5828baa2661ec1c87c7da1c
SHA1 (patch-be) = 85c99298a6eca8f73c81298624d98b66f929aac2
SHA1 (patch-bf) = a25cbddf47dc9637ccce2a8e40c6541320df4a8a

21
print/cups/patches/patch-ap
View file

@ -1,4 +1,4 @@
$NetBSD: patch-ap,v 1.6 2006/02/15 19:06:13 joerg Exp $
$NetBSD: patch-ap,v 1.7 2006/03/29 17:22:46 joerg Exp $
--- pdftops/JBIG2Stream.cxx.orig 2006-02-13 22:20:31.000000000 +0100
+++ pdftops/JBIG2Stream.cxx
@ -43,7 +43,22 @@ $NetBSD: patch-ap,v 1.6 2006/02/15 19:06:13 joerg Exp $
return;
}
data = (Guchar *)grealloc(data, newH * line);
@@ -2576,6 +2587,14 @@ void JBIG2Stream::readHalftoneRegionSeg(
@@ -2565,6 +2576,14 @@ void JBIG2Stream::readHalftoneRegionSeg(
!readUWord(&stepX) || !readUWord(&stepY)) {
goto eofError;
}
+ if (w == 0 || h == 0 || w >= INT_MAX / h) {
+ error(getPos(), "Bad bitmap size in JBIG2 halftone segment");
+ return;
+ }
+ if (gridH == 0 || gridW >= INT_MAX / gridH) {
+ error(getPos(), "Bad grid size in JBIG2 halftone segment");
+ return;
+ }
// get pattern dictionary
if (nRefSegs != 1) {
@@ -2576,6 +2595,14 @@ void JBIG2Stream::readHalftoneRegionSeg(
error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
return;
}
@ -58,7 +73,7 @@ $NetBSD: patch-ap,v 1.6 2006/02/15 19:06:13 joerg Exp $
patternDict = (JBIG2PatternDict *)seg;
bpp = 0;
i = 1;
@@ -2763,6 +2782,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit
@@ -2763,6 +2790,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit
int code1, code2, code3;
int x, y, a0, pix, i, refI, codingI;

116
print/cups/patches/patch-be
View file

@ -1,38 +1,34 @@
$NetBSD: patch-be,v 1.2 2006/02/15 19:06:13 joerg Exp $
$NetBSD: patch-be,v 1.3 2006/03/29 17:22:46 joerg Exp $
--- pdftops/Stream.cxx.orig 2004-02-02 17:41:09.000000000 -0500
+++ pdftops/Stream.cxx
@@ -15,6 +15,7 @@
@@ -12,6 +12,7 @@
#pragma implementation
#endif
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
+#include <limits.h>
#ifndef WIN32
#include <unistd.h>
#endif
@@ -409,13 +410,30 @@ StreamPredictor::StreamPredictor(Stream
@@ -409,13 +410,26 @@ StreamPredictor::StreamPredictor(Stream
width = widthA;
nComps = nCompsA;
nBits = nBitsA;
+ predLine = NULL;
+ ok = gFalse;
+
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps >= INT_MAX / nBits ||
+ width >= INT_MAX / nComps / nBits) {
+ return;
+ }
nVals = width * nComps;
+ if (nVals * nBits + 7 <= 0) {
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps >= INT_MAX / nBits ||
+ width >= INT_MAX / nComps / nBits ||
+ nVals * nBits + 7 < 0) {
+ return;
+ }
pixBytes = (nComps * nBits + 7) >> 3;
rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+ if (rowBytes < 0) {
+ if (rowBytes <= 0) {
+ return;
+ }
+
predLine = (Guchar *)gmalloc(rowBytes);
memset(predLine, 0, rowBytes);
predIdx = rowBytes;
@ -41,80 +37,126 @@ $NetBSD: patch-be,v 1.2 2006/02/15 19:06:13 joerg Exp $
}
StreamPredictor::~StreamPredictor() {
@@ -991,6 +1009,10 @@ LZWStream::LZWStream(Stream *strA, int p
@@ -991,6 +1005,10 @@ LZWStream::LZWStream(Stream *strA, int p
FilterStream(strA) {
if (predictor != 1) {
pred = new StreamPredictor(this, predictor, columns, colors, bits);
+ if (!pred->isOk()) {
+ if (!pred->isOK()) {
+ delete pred;
+ pred = NULL;
+ }
} else {
pred = NULL;
}
@@ -1239,6 +1261,9 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
@@ -1239,6 +1257,9 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
endOfLine = endOfLineA;
byteAlign = byteAlignA;
columns = columnsA;
+ if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) {
+ columns = 1;
+ if (columns + 4 <= 0) {
+ columns = INT_MAX - 4;
+ }
rows = rowsA;
endOfBlock = endOfBlockA;
black = blackA;
@@ -2891,6 +2916,10 @@ GBool DCTStream::readBaselineSOF() {
@@ -2891,6 +2912,11 @@ GBool DCTStream::readBaselineSOF() {
height = read16();
width = read16();
numComps = str->getChar();
+ if (numComps <= 0 || numComps > 4) {
+ error(getPos(), "Bad number of components %d in DCT stream", numComps);
+ error(getPos(), "Bad number of components in DCT stream", prec);
+ numComps = 0;
+ return gFalse;
+ }
if (prec != 8) {
error(getPos(), "Bad DCT precision %d", prec);
return gFalse;
@@ -2917,6 +2946,10 @@ GBool DCTStream::readProgressiveSOF() {
@@ -2917,6 +2943,11 @@ GBool DCTStream::readProgressiveSOF() {
height = read16();
width = read16();
numComps = str->getChar();
+ if (numComps <= 0 || numComps > 4) {
+ error(getPos(), "Bad number of components %d in DCT stream", numComps);
+ error(getPos(), "Bad number of components in DCT stream", prec);
+ numComps = 0;
+ return gFalse;
+ }
if (prec != 8) {
error(getPos(), "Bad DCT precision %d", prec);
return gFalse;
@@ -2939,6 +2972,10 @@ GBool DCTStream::readScanInfo() {
@@ -2939,6 +2970,11 @@ GBool DCTStream::readScanInfo() {
length = read16() - 2;
scanInfo.numComps = str->getChar();
+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
+ error(getPos(), "Bad number of components in DCT stream");
+ scanInfo.numComps = 0;
+ return gFalse;
+ }
--length;
if (length != 2 * scanInfo.numComps + 3) {
error(getPos(), "Bad DCT scan info block");
@@ -3013,12 +3050,12 @@ GBool DCTStream::readHuffmanTables() {
@@ -2980,22 +3016,32 @@ GBool DCTStream::readScanInfo() {
}
GBool DCTStream::readQuantTables() {
- int length;
- int i;
- int index;
+ int length, prec, i, index;
length = read16() - 2;
while (length > 0) {
index = str->getChar();
--length;
- if ((index & 0x0f) >= 4) {
+ if ((index & 0x0f) >= 4 || (index & ~0x10) < 0) {
error(getPos(), "Bad DCT Huffman table");
- if ((index & 0xf0) || index >= 4) {
+ prec = (index >> 4) & 0x0f;
+ index &= 0x0f;
+ if (prec > 1 || index >= 4) {
error(getPos(), "Bad DCT quantization table");
return gFalse;
}
if (index & 0x10) {
- index &= 0x0f;
+ index &= 0x03;
if (index >= numACHuffTables)
- if (index == numQuantTables)
+ if (index == numQuantTables) {
numQuantTables = index + 1;
- for (i = 0; i < 64; ++i)
- quantTables[index][dctZigZag[i]] = str->getChar();
- length -= 65;
+ }
+ for (i = 0; i < 64; ++i) {
+ if (prec) {
+ quantTables[index][dctZigZag[i]] = read16();
+ } else {
+ quantTables[index][dctZigZag[i]] = str->getChar();
+ }
+ }
+ if (prec) {
+ length -= 129;
+ } else {
+ length -= 65;
+ }
}
return gTrue;
}
@@ -3023,6 +3069,7 @@ GBool DCTStream::readHuffmanTables() {
numACHuffTables = index+1;
tbl = &acHuffTables[index];
@@ -3249,6 +3286,10 @@ FlateStream::FlateStream(Stream *strA, i
} else {
+ index &= 0x0f;
if (index >= numDCHuffTables)
numDCHuffTables = index+1;
tbl = &dcHuffTables[index];
@@ -3136,7 +3183,7 @@ int DCTStream::readMarker() {
do {
do {
c = str->getChar();
- } while (c != 0xff);
+ } while (c != 0xff && c != EOF);
do {
c = str->getChar();
} while (c == 0xff);
@@ -3249,6 +3296,10 @@ FlateStream::FlateStream(Stream *strA, i
FilterStream(strA) {
if (predictor != 1) {
pred = new StreamPredictor(this, predictor, columns, colors, bits);
+ if (!pred->isOk()) {
+ if (!pred->isOK()) {
+ delete pred;
+ pred = NULL;
+ }

15
print/cups/patches/patch-bf
View file

@ -1,4 +1,4 @@
$NetBSD: patch-bf,v 1.1 2005/12/17 04:22:55 jlam Exp $
$NetBSD: patch-bf,v 1.2 2006/03/29 17:22:46 joerg Exp $
--- pdftops/Stream.h.orig 2004-02-02 17:41:09.000000000 -0500
+++ pdftops/Stream.h
@ -6,7 +6,7 @@ $NetBSD: patch-bf,v 1.1 2005/12/17 04:22:55 jlam Exp $
~StreamPredictor();
+ GBool isOk() { return ok; }
+ GBool isOK() { return ok; }
+
int lookChar();
int getChar();
@ -15,7 +15,16 @@ $NetBSD: patch-bf,v 1.1 2005/12/17 04:22:55 jlam Exp $
int rowBytes; // bytes per line
Guchar *predLine; // line buffer
int predIdx; // current index in predLine
+ GBool ok; // flag for proper initialization
+ GBool ok;
};
//------------------------------------------------------------------------
@@ -530,7 +533,7 @@ private:
short getWhiteCode();
short getBlackCode();
short lookBits(int n);
- void eatBits(int n) { inputBits -= n; }
+ void eatBits(int n) { if ((inputBits -= n) < 0) inputBits = 0; }
};
//------------------------------------------------------------------------