1 diff -c -r xpdf-3.02pl1.orig/xpdf/Stream.cc xpdf-3.02/xpdf/Stream.cc
2 *** xpdf-3.02pl1.orig/xpdf/Stream.cc Thu Oct 25 15:47:38 2007
3 --- xpdf-3.02/xpdf/Stream.cc Thu Oct 25 15:48:19 2007
4 ***************
5 *** 1243,1265 ****
6 columns = columnsA;
7 if (columns < 1) {
8 columns = 1;
9 ! }
10 ! if (columns + 4 <= 0) {
11 ! columns = INT_MAX - 4;
12 }
13 rows = rowsA;
14 endOfBlock = endOfBlockA;
15 black = blackA;
16 ! refLine = (short *)gmallocn(columns + 3, sizeof(short));
17 ! codingLine = (short *)gmallocn(columns + 2, sizeof(short));
18
19 eof = gFalse;
20 row = 0;
21 nextLine2D = encoding < 0;
22 inputBits = 0;
23 ! codingLine[0] = 0;
24 ! codingLine[1] = refLine[2] = columns;
25 ! a0 = 1;
26
27 buf = EOF;
28 }
29 --- 1243,1268 ----
30 columns = columnsA;
31 if (columns < 1) {
32 columns = 1;
33 ! } else if (columns > INT_MAX - 2) {
34 ! columns = INT_MAX - 2;
35 }
36 rows = rowsA;
37 endOfBlock = endOfBlockA;
38 black = blackA;
39 ! // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
40 ! // ---> max codingLine size = columns + 1
41 ! // refLine has one extra guard entry at the end
42 ! // ---> max refLine size = columns + 2
43 ! codingLine = (int *)gmallocn(columns + 1, sizeof(int));
44 ! refLine = (int *)gmallocn(columns + 2, sizeof(int));
45
46 eof = gFalse;
47 row = 0;
48 nextLine2D = encoding < 0;
49 inputBits = 0;
50 ! codingLine[0] = columns;
51 ! a0i = 0;
52 ! outputBits = 0;
53
54 buf = EOF;
55 }
56 ***************
57 *** 1278,1286 ****
58 row = 0;
59 nextLine2D = encoding < 0;
60 inputBits = 0;
61 ! codingLine[0] = 0;
62 ! codingLine[1] = columns;
63 ! a0 = 1;
64 buf = EOF;
65
66 // skip any initial zero bits and end-of-line marker, and get the 2D
67 --- 1281,1289 ----
68 row = 0;
69 nextLine2D = encoding < 0;
70 inputBits = 0;
71 ! codingLine[0] = columns;
72 ! a0i = 0;
73 ! outputBits = 0;
74 buf = EOF;
75
76 // skip any initial zero bits and end-of-line marker, and get the 2D
77 ***************
78 *** 1297,1507 ****
79 }
80 }
81
82 int CCITTFaxStream::lookChar() {
83 short code1, code2, code3;
84 ! int a0New;
85 ! GBool err, gotEOL;
86 ! int ret;
87 ! int bits, i;
88
89 ! // if at eof just return EOF
90 ! if (eof && codingLine[a0] >= columns) {
91 ! return EOF;
92 }
93
94 // read the next row
95 ! err = gFalse;
96 ! if (codingLine[a0] >= columns) {
97
98 // 2-D encoding
99 if (nextLine2D) {
100 - // state:
101 - // a0New = current position in coding line (0 <= a0New <= columns)
102 - // codingLine[a0] = last change in coding line
103 - // (black-to-white if a0 is even,
104 - // white-to-black if a0 is odd)
105 - // refLine[b1] = next change in reference line of opposite color
106 - // to a0
107 - // invariants:
108 - // 0 <= codingLine[a0] <= a0New
109 - // <= refLine[b1] <= refLine[b1+1] <= columns
110 - // 0 <= a0 <= columns+1
111 - // refLine[0] = 0
112 - // refLine[n] = refLine[n+1] = columns
113 - // -- for some 1 <= n <= columns+1
114 - // end condition:
115 - // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ...
116 - // < codingLine[n-1] < codingLine[n] = columns
117 - // -- where 1 <= n <= columns+1
118 for (i = 0; codingLine[i] < columns; ++i) {
119 refLine[i] = codingLine[i];
120 }
121 ! refLine[i] = refLine[i + 1] = columns;
122 ! b1 = 1;
123 ! a0New = codingLine[a0 = 0] = 0;
124 ! do {
125 code1 = getTwoDimCode();
126 switch (code1) {
127 case twoDimPass:
128 ! if (refLine[b1] < columns) {
129 ! a0New = refLine[b1 + 1];
130 ! b1 += 2;
131 }
132 break;
133 case twoDimHoriz:
134 ! if ((a0 & 1) == 0) {
135 ! code1 = code2 = 0;
136 do {
137 ! code1 += code3 = getWhiteCode();
138 } while (code3 >= 64);
139 do {
140 ! code2 += code3 = getBlackCode();
141 } while (code3 >= 64);
142 } else {
143 - code1 = code2 = 0;
144 do {
145 ! code1 += code3 = getBlackCode();
146 } while (code3 >= 64);
147 do {
148 ! code2 += code3 = getWhiteCode();
149 } while (code3 >= 64);
150 }
151 ! if (code1 > 0 || code2 > 0) {
152 ! if (a0New + code1 <= columns) {
153 ! codingLine[a0 + 1] = a0New + code1;
154 ! } else {
155 ! codingLine[a0 + 1] = columns;
156 ! }
157 ! ++a0;
158 ! if (codingLine[a0] + code2 <= columns) {
159 ! codingLine[a0 + 1] = codingLine[a0] + code2;
160 ! } else {
161 ! codingLine[a0 + 1] = columns;
162 ! }
163 ! ++a0;
164 ! a0New = codingLine[a0];
165 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
166 ! b1 += 2;
167 }
168 }
169 break;
170 ! case twoDimVert0:
171 ! if (refLine[b1] < columns) {
172 ! a0New = codingLine[++a0] = refLine[b1];
173 ! ++b1;
174 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
175 ! b1 += 2;
176 }
177 - } else {
178 - a0New = codingLine[++a0] = columns;
179 }
180 break;
181 case twoDimVertR1:
182 ! if (refLine[b1] + 1 < columns) {
183 ! a0New = codingLine[++a0] = refLine[b1] + 1;
184 ! ++b1;
185 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
186 ! b1 += 2;
187 }
188 - } else {
189 - a0New = codingLine[++a0] = columns;
190 }
191 break;
192 ! case twoDimVertL1:
193 ! if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) {
194 ! a0New = codingLine[++a0] = refLine[b1] - 1;
195 ! --b1;
196 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
197 ! b1 += 2;
198 }
199 }
200 break;
201 ! case twoDimVertR2:
202 ! if (refLine[b1] + 2 < columns) {
203 ! a0New = codingLine[++a0] = refLine[b1] + 2;
204 ! ++b1;
205 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
206 ! b1 += 2;
207 }
208 - } else {
209 - a0New = codingLine[++a0] = columns;
210 }
211 break;
212 case twoDimVertL2:
213 ! if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) {
214 ! a0New = codingLine[++a0] = refLine[b1] - 2;
215 ! --b1;
216 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
217 ! b1 += 2;
218 }
219 ! }
220 ! break;
221 ! case twoDimVertR3:
222 ! if (refLine[b1] + 3 < columns) {
223 ! a0New = codingLine[++a0] = refLine[b1] + 3;
224 ! ++b1;
225 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
226 ! b1 += 2;
227 }
228 - } else {
229 - a0New = codingLine[++a0] = columns;
230 }
231 break;
232 ! case twoDimVertL3:
233 ! if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) {
234 ! a0New = codingLine[++a0] = refLine[b1] - 3;
235 ! --b1;
236 ! while (refLine[b1] <= a0New && refLine[b1] < columns) {
237 ! b1 += 2;
238 }
239 }
240 break;
241 case EOF:
242 eof = gTrue;
243 ! codingLine[a0 = 0] = columns;
244 ! return EOF;
245 default:
246 error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
247 err = gTrue;
248 break;
249 }
250 ! } while (codingLine[a0] < columns);
251
252 // 1-D encoding
253 } else {
254 ! codingLine[a0 = 0] = 0;
255 ! while (1) {
256 code1 = 0;
257 ! do {
258 ! code1 += code3 = getWhiteCode();
259 ! } while (code3 >= 64);
260 ! codingLine[a0+1] = codingLine[a0] + code1;
261 ! ++a0;
262 ! if (codingLine[a0] >= columns) {
263 ! break;
264 ! }
265 ! code2 = 0;
266 ! do {
267 ! code2 += code3 = getBlackCode();
268 ! } while (code3 >= 64);
269 ! codingLine[a0+1] = codingLine[a0] + code2;
270 ! ++a0;
271 ! if (codingLine[a0] >= columns) {
272 ! break;
273 }
274 }
275 }
276
277 - if (codingLine[a0] != columns) {
278 - error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
279 - // force the row to be the correct length
280 - while (codingLine[a0] > columns) {
281 - --a0;
282 - }
283 - codingLine[++a0] = columns;
284 - err = gTrue;
285 - }
286 -
287 // byte-align the row
288 if (byteAlign) {
289 inputBits &= ~7;
290 --- 1300,1529 ----
291 }
292 }
293
294 + inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
295 + if (a1 > codingLine[a0i]) {
296 + if (a1 > columns) {
297 + error(getPos(), "CCITTFax row is wrong length (%d)", a1);
298 + err = gTrue;
299 + a1 = columns;
300 + }
301 + if ((a0i & 1) ^ blackPixels) {
302 + ++a0i;
303 + }
304 + codingLine[a0i] = a1;
305 + }
306 + }
307 +
308 + inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
309 + if (a1 > codingLine[a0i]) {
310 + if (a1 > columns) {
311 + error(getPos(), "CCITTFax row is wrong length (%d)", a1);
312 + err = gTrue;
313 + a1 = columns;
314 + }
315 + if ((a0i & 1) ^ blackPixels) {
316 + ++a0i;
317 + }
318 + codingLine[a0i] = a1;
319 + } else if (a1 < codingLine[a0i]) {
320 + if (a1 < 0) {
321 + error(getPos(), "Invalid CCITTFax code");
322 + err = gTrue;
323 + a1 = 0;
324 + }
325 + while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
326 + --a0i;
327 + }
328 + codingLine[a0i] = a1;
329 + }
330 + }
331 +
332 int CCITTFaxStream::lookChar() {
333 short code1, code2, code3;
334 ! int b1i, blackPixels, i, bits;
335 ! GBool gotEOL;
336
337 ! if (buf != EOF) {
338 ! return buf;
339 }
340
341 // read the next row
342 ! if (outputBits == 0) {
343 !
344 ! // if at eof just return EOF
345 ! if (eof) {
346 ! return EOF;
347 ! }
348 !
349 ! err = gFalse;
350
351 // 2-D encoding
352 if (nextLine2D) {
353 for (i = 0; codingLine[i] < columns; ++i) {
354 refLine[i] = codingLine[i];
355 }
356 ! refLine[i++] = columns;
357 ! refLine[i] = columns;
358 ! codingLine[0] = 0;
359 ! a0i = 0;
360 ! b1i = 0;
361 ! blackPixels = 0;
362 ! // invariant:
363 ! // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
364 ! // <= columns
365 ! // exception at left edge:
366 ! // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
367 ! // exception at right edge:
368 ! // refLine[b1i] = refLine[b1i+1] = columns is possible
369 ! while (codingLine[a0i] < columns) {
370 code1 = getTwoDimCode();
371 switch (code1) {
372 case twoDimPass:
373 ! addPixels(refLine[b1i + 1], blackPixels);
374 ! if (refLine[b1i + 1] < columns) {
375 ! b1i += 2;
376 }
377 break;
378 case twoDimHoriz:
379 ! code1 = code2 = 0;
380 ! if (blackPixels) {
381 do {
382 ! code1 += code3 = getBlackCode();
383 } while (code3 >= 64);
384 do {
385 ! code2 += code3 = getWhiteCode();
386 } while (code3 >= 64);
387 } else {
388 do {
389 ! code1 += code3 = getWhiteCode();
390 } while (code3 >= 64);
391 do {
392 ! code2 += code3 = getBlackCode();
393 } while (code3 >= 64);
394 }
395 ! addPixels(codingLine[a0i] + code1, blackPixels);
396 ! if (codingLine[a0i] < columns) {
397 ! addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
398 ! }
399 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
400 ! b1i += 2;
401 ! }
402 ! break;
403 ! case twoDimVertR3:
404 ! addPixels(refLine[b1i] + 3, blackPixels);
405 ! blackPixels ^= 1;
406 ! if (codingLine[a0i] < columns) {
407 ! ++b1i;
408 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
409 ! b1i += 2;
410 }
411 }
412 break;
413 ! case twoDimVertR2:
414 ! addPixels(refLine[b1i] + 2, blackPixels);
415 ! blackPixels ^= 1;
416 ! if (codingLine[a0i] < columns) {
417 ! ++b1i;
418 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
419 ! b1i += 2;
420 }
421 }
422 break;
423 case twoDimVertR1:
424 ! addPixels(refLine[b1i] + 1, blackPixels);
425 ! blackPixels ^= 1;
426 ! if (codingLine[a0i] < columns) {
427 ! ++b1i;
428 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
429 ! b1i += 2;
430 }
431 }
432 break;
433 ! case twoDimVert0:
434 ! addPixels(refLine[b1i], blackPixels);
435 ! blackPixels ^= 1;
436 ! if (codingLine[a0i] < columns) {
437 ! ++b1i;
438 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
439 ! b1i += 2;
440 }
441 }
442 break;
443 ! case twoDimVertL3:
444 ! addPixelsNeg(refLine[b1i] - 3, blackPixels);
445 ! blackPixels ^= 1;
446 ! if (codingLine[a0i] < columns) {
447 ! if (b1i > 0) {
448 ! --b1i;
449 ! } else {
450 ! ++b1i;
451 ! }
452 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
453 ! b1i += 2;
454 }
455 }
456 break;
457 case twoDimVertL2:
458 ! addPixelsNeg(refLine[b1i] - 2, blackPixels);
459 ! blackPixels ^= 1;
460 ! if (codingLine[a0i] < columns) {
461 ! if (b1i > 0) {
462 ! --b1i;
463 ! } else {
464 ! ++b1i;
465 }
466 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
467 ! b1i += 2;
468 }
469 }
470 break;
471 ! case twoDimVertL1:
472 ! addPixelsNeg(refLine[b1i] - 1, blackPixels);
473 ! blackPixels ^= 1;
474 ! if (codingLine[a0i] < columns) {
475 ! if (b1i > 0) {
476 ! --b1i;
477 ! } else {
478 ! ++b1i;
479 ! }
480 ! while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
481 ! b1i += 2;
482 }
483 }
484 break;
485 case EOF:
486 + addPixels(columns, 0);
487 eof = gTrue;
488 ! break;
489 default:
490 error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
491 + addPixels(columns, 0);
492 err = gTrue;
493 break;
494 }
495 ! }
496
497 // 1-D encoding
498 } else {
499 ! codingLine[0] = 0;
500 ! a0i = 0;
501 ! blackPixels = 0;
502 ! while (codingLine[a0i] < columns) {
503 code1 = 0;
504 ! if (blackPixels) {
505 ! do {
506 ! code1 += code3 = getBlackCode();
507 ! } while (code3 >= 64);
508 ! } else {
509 ! do {
510 ! code1 += code3 = getWhiteCode();
511 ! } while (code3 >= 64);
512 }
513 + addPixels(codingLine[a0i] + code1, blackPixels);
514 + blackPixels ^= 1;
515 }
516 }
517
518 // byte-align the row
519 if (byteAlign) {
520 inputBits &= ~7;
521 ***************
522 *** 1560,1573 ****
523 // this if we know the stream contains end-of-line markers because
524 // the "just plow on" technique tends to work better otherwise
525 } else if (err && endOfLine) {
526 ! do {
527 if (code1 == EOF) {
528 eof = gTrue;
529 return EOF;
530 }
531 eatBits(1);
532 ! code1 = lookBits(13);
533 ! } while ((code1 >> 1) != 0x001);
534 eatBits(12);
535 if (encoding > 0) {
536 eatBits(1);
537 --- 1582,1598 ----
538 // this if we know the stream contains end-of-line markers because
539 // the "just plow on" technique tends to work better otherwise
540 } else if (err && endOfLine) {
541 ! while (1) {
542 ! code1 = lookBits(13);
543 if (code1 == EOF) {
544 eof = gTrue;
545 return EOF;
546 }
547 + if ((code1 >> 1) == 0x001) {
548 + break;
549 + }
550 eatBits(1);
551 ! }
552 eatBits(12);
553 if (encoding > 0) {
554 eatBits(1);
555 ***************
556 *** 1575,1585 ****
557 }
558 }
559
560 ! a0 = 0;
561 ! outputBits = codingLine[1] - codingLine[0];
562 ! if (outputBits == 0) {
563 ! a0 = 1;
564 ! outputBits = codingLine[2] - codingLine[1];
565 }
566
567 ++row;
568 --- 1600,1610 ----
569 }
570 }
571
572 ! // set up for output
573 ! if (codingLine[0] > 0) {
574 ! outputBits = codingLine[a0i = 0];
575 ! } else {
576 ! outputBits = codingLine[a0i = 1];
577 }
578
579 ++row;
580 ***************
581 *** 1587,1625 ****
582
583 // get a byte
584 if (outputBits >= 8) {
585 ! ret = ((a0 & 1) == 0) ? 0xff : 0x00;
586 ! if ((outputBits -= 8) == 0) {
587 ! ++a0;
588 ! if (codingLine[a0] < columns) {
589 ! outputBits = codingLine[a0 + 1] - codingLine[a0];
590 ! }
591 }
592 } else {
593 bits = 8;
594 ! ret = 0;
595 do {
596 if (outputBits > bits) {
597 ! i = bits;
598 ! bits = 0;
599 ! if ((a0 & 1) == 0) {
600 ! ret |= 0xff >> (8 - i);
601 }
602 ! outputBits -= i;
603 } else {
604 ! i = outputBits;
605 ! bits -= outputBits;
606 ! if ((a0 & 1) == 0) {
607 ! ret |= (0xff >> (8 - i)) << bits;
608 }
609 outputBits = 0;
610 ! ++a0;
611 ! if (codingLine[a0] < columns) {
612 ! outputBits = codingLine[a0 + 1] - codingLine[a0];
613 }
614 }
615 ! } while (bits > 0 && codingLine[a0] < columns);
616 }
617 - buf = black ? (ret ^ 0xff) : ret;
618 return buf;
619 }
620
621 --- 1612,1654 ----
622
623 // get a byte
624 if (outputBits >= 8) {
625 ! buf = (a0i & 1) ? 0x00 : 0xff;
626 ! outputBits -= 8;
627 ! if (outputBits == 0 && codingLine[a0i] < columns) {
628 ! ++a0i;
629 ! outputBits = codingLine[a0i] - codingLine[a0i - 1];
630 }
631 } else {
632 bits = 8;
633 ! buf = 0;
634 do {
635 if (outputBits > bits) {
636 ! buf <<= bits;
637 ! if (!(a0i & 1)) {
638 ! buf |= 0xff >> (8 - bits);
639 }
640 ! outputBits -= bits;
641 ! bits = 0;
642 } else {
643 ! buf <<= outputBits;
644 ! if (!(a0i & 1)) {
645 ! buf |= 0xff >> (8 - outputBits);
646 }
647 + bits -= outputBits;
648 outputBits = 0;
649 ! if (codingLine[a0i] < columns) {
650 ! ++a0i;
651 ! outputBits = codingLine[a0i] - codingLine[a0i - 1];
652 ! } else if (bits > 0) {
653 ! buf <<= bits;
654 ! bits = 0;
655 }
656 }
657 ! } while (bits);
658 ! }
659 ! if (black) {
660 ! buf ^= 0xff;
661 }
662 return buf;
663 }
664
665 ***************
666 *** 1661,1666 ****
667 --- 1690,1698 ----
668 code = 0; // make gcc happy
669 if (endOfBlock) {
670 code = lookBits(12);
671 + if (code == EOF) {
672 + return 1;
673 + }
674 if ((code >> 5) == 0) {
675 p = &whiteTab1[code];
676 } else {
677 ***************
678 *** 1673,1678 ****
679 --- 1705,1713 ----
680 } else {
681 for (n = 1; n <= 9; ++n) {
682 code = lookBits(n);
683 + if (code == EOF) {
684 + return 1;
685 + }
686 if (n < 9) {
687 code <<= 9 - n;
688 }
689 ***************
690 *** 1684,1689 ****
691 --- 1719,1727 ----
692 }
693 for (n = 11; n <= 12; ++n) {
694 code = lookBits(n);
695 + if (code == EOF) {
696 + return 1;
697 + }
698 if (n < 12) {
699 code <<= 12 - n;
700 }
701 ***************
702 *** 1709,1717 ****
703 code = 0; // make gcc happy
704 if (endOfBlock) {
705 code = lookBits(13);
706 if ((code >> 7) == 0) {
707 p = &blackTab1[code];
708 ! } else if ((code >> 9) == 0) {
709 p = &blackTab2[(code >> 1) - 64];
710 } else {
711 p = &blackTab3[code >> 7];
712 --- 1747,1758 ----
713 code = 0; // make gcc happy
714 if (endOfBlock) {
715 code = lookBits(13);
716 + if (code == EOF) {
717 + return 1;
718 + }
719 if ((code >> 7) == 0) {
720 p = &blackTab1[code];
721 ! } else if ((code >> 9) == 0 && (code >> 7) != 0) {
722 p = &blackTab2[(code >> 1) - 64];
723 } else {
724 p = &blackTab3[code >> 7];
725 ***************
726 *** 1723,1728 ****
727 --- 1764,1772 ----
728 } else {
729 for (n = 2; n <= 6; ++n) {
730 code = lookBits(n);
731 + if (code == EOF) {
732 + return 1;
733 + }
734 if (n < 6) {
735 code <<= 6 - n;
736 }
737 ***************
738 *** 1734,1739 ****
739 --- 1778,1786 ----
740 }
741 for (n = 7; n <= 12; ++n) {
742 code = lookBits(n);
743 + if (code == EOF) {
744 + return 1;
745 + }
746 if (n < 12) {
747 code <<= 12 - n;
748 }
749 ***************
750 *** 1747,1752 ****
751 --- 1794,1802 ----
752 }
753 for (n = 10; n <= 13; ++n) {
754 code = lookBits(n);
755 + if (code == EOF) {
756 + return 1;
757 + }
758 if (n < 13) {
759 code <<= 13 - n;
760 }
761 ***************
762 *** 1961,1966 ****
763 --- 2011,2022 ----
764 // allocate a buffer for the whole image
765 bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
766 bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
767 + if (bufWidth <= 0 || bufHeight <= 0 ||
768 + bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
769 + error(getPos(), "Invalid image size in DCT stream");
770 + y = height;
771 + return;
772 + }
773 for (i = 0; i < numComps; ++i) {
774 frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
775 memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
776 ***************
777 *** 3036,3041 ****
778 --- 3092,3102 ----
779 }
780 scanInfo.firstCoeff = str->getChar();
781 scanInfo.lastCoeff = str->getChar();
782 + if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
783 + scanInfo.firstCoeff > scanInfo.lastCoeff) {
784 + error(getPos(), "Bad DCT coefficient numbers in scan info block");
785 + return gFalse;
786 + }
787 c = str->getChar();
788 scanInfo.ah = (c >> 4) & 0x0f;
789 scanInfo.al = c & 0x0f;
790 diff -c -r xpdf-3.02pl1.orig/xpdf/Stream.h xpdf-3.02/xpdf/Stream.h
791 *** xpdf-3.02pl1.orig/xpdf/Stream.h Tue Feb 27 14:05:52 2007
792 --- xpdf-3.02/xpdf/Stream.h Thu Oct 25 15:48:15 2007
793 ***************
794 *** 528,540 ****
795 int row; // current row
796 int inputBuf; // input buffer
797 int inputBits; // number of bits in input buffer
798 ! short *refLine; // reference line changing elements
799 ! int b1; // index into refLine
800 ! short *codingLine; // coding line changing elements
801 ! int a0; // index into codingLine
802 int outputBits; // remaining ouput bits
803 int buf; // character buffer
804
805 short getTwoDimCode();
806 short getWhiteCode();
807 short getBlackCode();
808 --- 528,542 ----
809 int row; // current row
810 int inputBuf; // input buffer
811 int inputBits; // number of bits in input buffer
812 ! int *codingLine; // coding line changing elements
813 ! int *refLine; // reference line changing elements
814 ! int a0i; // index into codingLine
815 ! GBool err; // error on current line
816 int outputBits; // remaining ouput bits
817 int buf; // character buffer
818
819 + void addPixels(int a1, int black);
820 + void addPixelsNeg(int a1, int black);
821 short getTwoDimCode();
822 short getWhiteCode();
823 short getBlackCode();
|
