diff options
author | Alexey Shvetsov <alexxy@gentoo.org> | 2009-06-14 12:45:21 +0000 |
---|---|---|
committer | Alexey Shvetsov <alexxy@gentoo.org> | 2009-06-14 12:45:21 +0000 |
commit | 75175cc0d1c0fd92466ddb27ea012d7e19c7780b (patch) | |
tree | 3d655c32a37d35b4aa39f666f7e11433315578b5 /kde-base | |
parent | [kde-base/kdebase-pam] Clean unneeded patches (diff) | |
download | historical-75175cc0d1c0fd92466ddb27ea012d7e19c7780b.tar.gz historical-75175cc0d1c0fd92466ddb27ea012d7e19c7780b.tar.bz2 historical-75175cc0d1c0fd92466ddb27ea012d7e19c7780b.zip |
[kde-base/kdegraphics] Clean unneeded patches
Package-Manager: portage-2.2_rc33/cvs/Linux x86_64
Diffstat (limited to 'kde-base')
8 files changed, 11 insertions, 960 deletions
diff --git a/kde-base/kdegraphics/ChangeLog b/kde-base/kdegraphics/ChangeLog index 1f22241f6c93..89db21cd0cc8 100644 --- a/kde-base/kdegraphics/ChangeLog +++ b/kde-base/kdegraphics/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for kde-base/kdegraphics -# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.346 2009/03/30 13:03:21 loki_val Exp $ +# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.347 2009/06/14 12:45:21 alexxy Exp $ + + 14 Jun 2009; Alexey Shvetsov <alexxy@gentoo.org> + -files/post-3.5.5-kdegraphics.diff, + -files/post-3.5.5-kdegraphics-CVE-2007-0104.diff, + -files/kamera-3.5.6-download-fix.diff, -files/kpdf-3.5.7-hash_path.diff, + -files/post-3.5.7-kdegraphics-CVE-2007-3387.diff, + -files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch, + -files/post-3.5.8-kdegraphics-kpdf.diff: + Clean unneeded patches 30 Mar 2009; Peter Alfredsen <loki_val@gentoo.org> kdegraphics-3.5.9.ebuild: diff --git a/kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff b/kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff deleted file mode 100644 index c26dff3a86bf..000000000000 --- a/kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff +++ /dev/null @@ -1,68 +0,0 @@ ---- kamera/kioslave/kamera.cpp 2006/06/22 06:45:40 553793 -+++ kamera/kioslave/kamera.cpp 2007/05/03 20:59:50 660816 -@@ -270,19 +270,39 @@ - long unsigned int fileSize; - // This merely returns us a pointer to gphoto's internal data - // buffer -- there's no expensive memcpy -- gp_file_get_data_and_size(m_file, &fileData, &fileSize); -+ gpr = gp_file_get_data_and_size(m_file, &fileData, &fileSize); -+ if (gpr != GP_OK) { -+ kdDebug(7123) << "get():: get_data_and_size failed." << endl; -+ gp_file_free(m_file); -+ m_file = NULL; -+ error(KIO::ERR_UNKNOWN, gp_result_as_string(gpr)); -+ closeCamera(); -+ return; -+ } - // make sure we're not sending zero-sized chunks (=EOF) - // also make sure we send only if the progress did not send the data - // already. - if ((fileSize > 0) && (fileSize - m_fileSize)>0) { -- // XXX using assign() here causes segfault, prolly because -- // gp_file_free is called before chunkData goes out of scope -+ unsigned long written = 0; - QByteArray chunkDataBuffer; -- chunkDataBuffer.setRawData(fileData + m_fileSize, fileSize - m_fileSize); -- data(chunkDataBuffer); -- processedSize(fileSize); -- chunkDataBuffer.resetRawData(fileData + m_fileSize, fileSize - m_fileSize); -+ -+ // We need to split it up here. Someone considered it funny -+ // to discard any data() larger than 16MB. -+ // -+ // So nearly any Movie will just fail.... -+ while (written < fileSize-m_fileSize) { -+ unsigned long towrite = 1024*1024; // 1MB -+ -+ if (towrite > fileSize-m_fileSize-written) -+ towrite = fileSize-m_fileSize-written; -+ chunkDataBuffer.setRawData(fileData + m_fileSize + written, towrite); -+ processedSize(m_fileSize + written + towrite); -+ data(chunkDataBuffer); -+ chunkDataBuffer.resetRawData(fileData + m_fileSize + written, towrite); -+ written += towrite; -+ } - m_fileSize = fileSize; -+ setFileSize(fileSize); - } - - finished(); -@@ -907,8 +927,8 @@ - // camera and pass it to KIO, to allow progressive display - // of the downloaded photo. - -- const char *fileData; -- long unsigned int fileSize; -+ const char *fileData = NULL; -+ long unsigned int fileSize = 0; - - // This merely returns us a pointer to gphoto's internal data - // buffer -- there's no expensive memcpy -@@ -921,6 +941,7 @@ - // gp_file_free is called before chunkData goes out of scope - QByteArray chunkDataBuffer; - chunkDataBuffer.setRawData(fileData + object->getFileSize(), fileSize - object->getFileSize()); -+ // Note: this will fail with sizes > 16MB ... - object->data(chunkDataBuffer); - object->processedSize(fileSize); - chunkDataBuffer.resetRawData(fileData + object->getFileSize(), fileSize - object->getFileSize()); diff --git a/kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch b/kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch deleted file mode 100644 index de82dba73000..000000000000 --- a/kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- kfile-plugins/exr/kfile_exr.cpp -+++ kfile-plugins/exr/kfile_exr.cpp -@@ -32,6 +32,7 @@ - #include <ImfVecAttribute.h> - #include <ImfPreviewImage.h> - #include <ImfVersion.h> -+#include <ImfCRgbaFile.h> - - #include <iostream> - -@@ -226,7 +227,14 @@ - qcapDateString.setLength(capDateString.size()); - appendItem( stdgroup, "Capture Date", qcapDateString ); - } -+ // This define was introduced in EXR 1.6.0 -+#ifndef IMF_B44_COMPRESSION -+ // This is the 1.4 and earlier version - if ( hasutcOffset(h) ) { -+#else -+ // This is the 1.6.0 and later version -+ if ( hasUtcOffset(h) ) { -+#endif - QString UTCOffset; - if (utcOffset(h)>0.0) { - UTCOffset.append(QString("%1").arg(utcOffset(h)/3600, 0, 'f', 1)); diff --git a/kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff b/kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff deleted file mode 100644 index 1c3ac507c049..000000000000 --- a/kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff +++ /dev/null @@ -1,10 +0,0 @@ ---- branches/KDE/3.5/kdegraphics/kpdf/part.cpp #703563:703564 -@@ -612,7 +612,7 @@ - m_pageView->showText(i18n("Reloading the document..."), 0); - } - -- if (KParts::ReadOnlyPart::openURL(m_file)) -+ if (KParts::ReadOnlyPart::openURL(KURL::fromPathOrURL(m_file))) - { - if (m_viewportDirty.pageNumber >= (int)m_document->pages()) m_viewportDirty.pageNumber = (int)m_document->pages() - 1; - m_document->setViewport(m_viewportDirty); diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff deleted file mode 100644 index 092cf67f360b..000000000000 --- a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff +++ /dev/null @@ -1,61 +0,0 @@ ---- kpdf/xpdf/xpdf/Catalog.cc -+++ kpdf/xpdf/xpdf/Catalog.cc -@@ -26,6 +26,12 @@ - #include "UGString.h" - #include "Catalog.h" - -+// This define is used to limit the depth of recursive readPageTree calls -+// This is needed because the page tree nodes can reference their parents -+// leaving us in an infinite loop -+// Most sane pdf documents don't have a call depth higher than 10 -+#define MAX_CALL_DEPTH 1000 -+ - //------------------------------------------------------------------------ - // Catalog - //------------------------------------------------------------------------ -@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) { - pageRefs[i].num = -1; - pageRefs[i].gen = -1; - } -- numPages = readPageTree(pagesDict.getDict(), NULL, 0); -+ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); - if (numPages != numPages0) { - error(-1, "Page count in top-level pages object is incorrect"); - } -@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() { - return s; - } - --int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { -+int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { - Object kids; - Object kid; - Object kidRef; -@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic - // This should really be isDict("Pages"), but I've seen at least one - // PDF file where the /Type entry is missing. - } else if (kid.isDict()) { -- if ((start = readPageTree(kid.getDict(), attrs1, start)) -- < 0) -- goto err2; -+ if (callDepth > MAX_CALL_DEPTH) { -+ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); -+ } else { -+ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) -+ < 0) -+ goto err2; -+ } - } else { - error(-1, "Kid object (page %d) is wrong type (%s)", - start+1, kid.getTypeName()); ---- kpdf/xpdf/xpdf/Catalog.h -+++ kpdf/xpdf/xpdf/Catalog.h -@@ -128,7 +128,7 @@ private: - Object acroForm; // AcroForm dictionary - GBool ok; // true if catalog is valid - -- int readPageTree(Dict *pages, PageAttrs *attrs, int start); -+ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); - Object *findDestInTree(Object *tree, GString *name, Object *obj); - }; - diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff deleted file mode 100644 index 881b81757ab4..000000000000 --- a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff +++ /dev/null @@ -1,134 +0,0 @@ ---- kfile-plugins/jpeg/exif.h -+++ kfile-plugins/jpeg/exif.h -@@ -72,7 +72,8 @@ - int Get32s(void * Long); - unsigned Get32u(void * Long); - double ConvertAnyFormat(void * ValuePtr, int Format); -- void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength); -+ void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength, -+ unsigned NestingLevel); - void process_COM (const uchar * Data, int length); - void process_SOFn (const uchar * Data, int marker); - int Get16m(const void * Short); ---- kfile-plugins/jpeg/exif.cpp -+++ kfile-plugins/jpeg/exif.cpp -@@ -446,7 +446,7 @@ - //-------------------------------------------------------------------------- - // Process one of the nested EXIF directories. - //-------------------------------------------------------------------------- --void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength) -+void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength, unsigned NestingLevel) - { - int de; - int a; -@@ -454,6 +454,9 @@ - unsigned ThumbnailOffset = 0; - unsigned ThumbnailSize = 0; - -+ if ( NestingLevel > 4) -+ throw FatalError("Maximum directory nesting exceeded (corrupt exif header)"); -+ - NumDirEntries = Get16u(DirStart); - #define DIR_ENTRY_ADDR(Start, Entry) (Start+2+12*(Entry)) - -@@ -476,7 +479,7 @@ - for (de=0;de<NumDirEntries;de++){ - int Tag, Format, Components; - unsigned char * ValuePtr; -- int ByteCount; -+ unsigned ByteCount; - char * DirEntry; - DirEntry = (char *)DIR_ENTRY_ADDR(DirStart, de); - -@@ -489,6 +492,11 @@ - throw FatalError("Illegal format code in EXIF dir"); - } - -+ if ((unsigned)Components > 0x10000) { -+ throw FatalError("Illegal number of components for tag"); -+ continue; -+ } -+ - ByteCount = Components * BytesPerFormat[Format]; - - if (ByteCount > 4){ -@@ -517,11 +525,11 @@ - switch(Tag){ - - case TAG_MAKE: -- ExifData::CameraMake = QString((char*)ValuePtr); -+ ExifData::CameraMake = QString::fromLatin1((const char*)ValuePtr, 31); - break; - - case TAG_MODEL: -- ExifData::CameraModel = QString((char*)ValuePtr); -+ ExifData::CameraModel = QString::fromLatin1((const char*)ValuePtr, 39); - break; - - case TAG_ORIENTATION: -@@ -529,7 +537,7 @@ - break; - - case TAG_DATETIME_ORIGINAL: -- DateTime = QString((char*)ValuePtr); -+ DateTime = QString::fromLatin1((const char*)ValuePtr, 19); - break; - - case TAG_USERCOMMENT: -@@ -550,14 +558,12 @@ - int c; - c = (ValuePtr)[a]; - if (c != '\0' && c != ' '){ -- //strncpy(ImageInfo.Comments, (const char*)(a+ValuePtr), 199); -- UserComment.sprintf("%s", (const char*)(a+ValuePtr)); -+ UserComment = QString::fromLatin1((const char*)(a+ValuePtr), 199); - break; - } - } - }else{ -- //strncpy(ImageInfo.Comments, (const char*)ValuePtr, 199); -- UserComment.sprintf("%s", (const char*)ValuePtr); -+ UserComment = QString::fromLatin1((const char*)ValuePtr, 199); - } - break; - -@@ -676,10 +682,10 @@ - if (Tag == TAG_EXIF_OFFSET || Tag == TAG_INTEROP_OFFSET){ - unsigned char * SubdirStart; - SubdirStart = OffsetBase + Get32u(ValuePtr); -- if (SubdirStart < OffsetBase || SubdirStart > OffsetBase+ExifLength){ -+ if (SubdirStart <= OffsetBase || SubdirStart >= OffsetBase+ExifLength){ - throw FatalError("Illegal subdirectory link"); - } -- ProcessExifDir(SubdirStart, OffsetBase, ExifLength); -+ ProcessExifDir(SubdirStart, OffsetBase, ExifLength, NestingLevel+1); - continue; - } - } -@@ -709,7 +715,7 @@ - } - }else{ - if (SubdirStart <= OffsetBase+ExifLength){ -- ProcessExifDir(SubdirStart, OffsetBase, ExifLength); -+ ProcessExifDir(SubdirStart, OffsetBase, ExifLength, NestingLevel+1); - } - } - } -@@ -719,7 +725,7 @@ - } - - if (ThumbnailSize && ThumbnailOffset){ -- if (ThumbnailSize + ThumbnailOffset <= ExifLength){ -+ if (ThumbnailSize + ThumbnailOffset < ExifLength){ - // The thumbnail pointer appears to be valid. Store it. - Thumbnail.loadFromData(OffsetBase + ThumbnailOffset, ThumbnailSize, "JPEG"); - } -@@ -810,7 +816,7 @@ - LastExifRefd = CharBuf; - - // First directory starts 16 bytes in. Offsets start at 8 bytes in. -- ProcessExifDir(CharBuf+16, CharBuf+8, length-6); -+ ProcessExifDir(CharBuf+16, CharBuf+8, length-6, 0); - - // This is how far the interesting (non thumbnail) part of the exif went. - ExifSettingsLength = LastExifRefd - CharBuf; diff --git a/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff b/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff deleted file mode 100644 index e28add87e275..000000000000 --- a/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff +++ /dev/null @@ -1,17 +0,0 @@ -Index: kpdf/xpdf/xpdf/Stream.cc -=================================================================== ---- kpdf/xpdf/xpdf/Stream.cc (revision 689574) -+++ kpdf/xpdf/xpdf/Stream.cc (working copy) -@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream - - nVals = width * nComps; - if (width <= 0 || nComps <= 0 || nBits <= 0 || -- nComps >= INT_MAX / nBits || -- width >= INT_MAX / nComps / nBits || -- nVals * nBits + 7 < 0) { -+ nComps > gfxColorMaxComps || nBits > 16 || -+ width >= INT_MAX / nComps || -+ nVals >= (INT_MAX - 7) / nBits) { - return; - } - pixBytes = (nComps * nBits + 7) >> 3; diff --git a/kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff b/kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff deleted file mode 100644 index 94e44a0280e9..000000000000 --- a/kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff +++ /dev/null @@ -1,643 +0,0 @@ ---- kpdf/xpdf/xpdf/Stream.cc -+++ kpdf/xpdf/xpdf/Stream.cc -@@ -1245,23 +1245,26 @@ CCITTFaxStream::CCITTFaxStream(Stream *s - columns = columnsA; - if (columns < 1) { - columns = 1; -- } -- if (columns + 4 <= 0) { -- columns = INT_MAX - 4; -+ } else if (columns > INT_MAX - 2) { -+ columns = INT_MAX - 2; - } - rows = rowsA; - endOfBlock = endOfBlockA; - black = blackA; -- refLine = (short *)gmallocn(columns + 3, sizeof(short)); -- codingLine = (short *)gmallocn(columns + 2, sizeof(short)); -+ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns -+ // ---> max codingLine size = columns + 1 -+ // refLine has one extra guard entry at the end -+ // ---> max refLine size = columns + 2 -+ codingLine = (int *)gmallocn(columns + 1, sizeof(int)); -+ refLine = (int *)gmallocn(columns + 2, sizeof(int)); - - eof = gFalse; - row = 0; - nextLine2D = encoding < 0; - inputBits = 0; -- codingLine[0] = 0; -- codingLine[1] = refLine[2] = columns; -- a0 = 1; -+ codingLine[0] = columns; -+ a0i = 0; -+ outputBits = 0; - - buf = EOF; - } -@@ -1280,9 +1283,9 @@ void CCITTFaxStream::reset() { - row = 0; - nextLine2D = encoding < 0; - inputBits = 0; -- codingLine[0] = 0; -- codingLine[1] = columns; -- a0 = 1; -+ codingLine[0] = columns; -+ a0i = 0; -+ outputBits = 0; - buf = EOF; - - // skip any initial zero bits and end-of-line marker, and get the 2D -@@ -1299,211 +1302,230 @@ void CCITTFaxStream::reset() { - } - } - -+inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { -+ if (a1 > codingLine[a0i]) { -+ if (a1 > columns) { -+ error(getPos(), "CCITTFax row is wrong length (%d)", a1); -+ err = gTrue; -+ a1 = columns; -+ } -+ if ((a0i & 1) ^ blackPixels) { -+ ++a0i; -+ } -+ codingLine[a0i] = a1; -+ } -+} -+ -+inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { -+ if (a1 > codingLine[a0i]) { -+ if (a1 > columns) { -+ error(getPos(), "CCITTFax row is wrong length (%d)", a1); -+ err = gTrue; -+ a1 = columns; -+ } -+ if ((a0i & 1) ^ blackPixels) { -+ ++a0i; -+ } -+ codingLine[a0i] = a1; -+ } else if (a1 < codingLine[a0i]) { -+ if (a1 < 0) { -+ error(getPos(), "Invalid CCITTFax code"); -+ err = gTrue; -+ a1 = 0; -+ } -+ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { -+ --a0i; -+ } -+ codingLine[a0i] = a1; -+ } -+} -+ - int CCITTFaxStream::lookChar() { - short code1, code2, code3; -- int a0New; -- GBool err, gotEOL; -- int ret; -- int bits, i; -+ int b1i, blackPixels, i, bits; -+ GBool gotEOL; - -- // if at eof just return EOF -- if (eof && codingLine[a0] >= columns) { -- return EOF; -+ if (buf != EOF) { -+ return buf; - } - - // read the next row -- err = gFalse; -- if (codingLine[a0] >= columns) { -+ if (outputBits == 0) { -+ -+ // if at eof just return EOF -+ if (eof) { -+ return EOF; -+ } -+ -+ err = gFalse; - - // 2-D encoding - if (nextLine2D) { -- // state: -- // a0New = current position in coding line (0 <= a0New <= columns) -- // codingLine[a0] = last change in coding line -- // (black-to-white if a0 is even, -- // white-to-black if a0 is odd) -- // refLine[b1] = next change in reference line of opposite color -- // to a0 -- // invariants: -- // 0 <= codingLine[a0] <= a0New -- // <= refLine[b1] <= refLine[b1+1] <= columns -- // 0 <= a0 <= columns+1 -- // refLine[0] = 0 -- // refLine[n] = refLine[n+1] = columns -- // -- for some 1 <= n <= columns+1 -- // end condition: -- // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ... -- // < codingLine[n-1] < codingLine[n] = columns -- // -- where 1 <= n <= columns+1 - for (i = 0; codingLine[i] < columns; ++i) { - refLine[i] = codingLine[i]; - } -- refLine[i] = refLine[i + 1] = columns; -- b1 = 1; -- a0New = codingLine[a0 = 0] = 0; -- do { -+ refLine[i++] = columns; -+ refLine[i] = columns; -+ codingLine[0] = 0; -+ a0i = 0; -+ b1i = 0; -+ blackPixels = 0; -+ // invariant: -+ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] -+ // <= columns -+ // exception at left edge: -+ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible -+ // exception at right edge: -+ // refLine[b1i] = refLine[b1i+1] = columns is possible -+ while (codingLine[a0i] < columns) { - code1 = getTwoDimCode(); - switch (code1) { - case twoDimPass: -- if (refLine[b1] < columns) { -- a0New = refLine[b1 + 1]; -- b1 += 2; -+ addPixels(refLine[b1i + 1], blackPixels); -+ if (refLine[b1i + 1] < columns) { -+ b1i += 2; - } - break; - case twoDimHoriz: -- if ((a0 & 1) == 0) { -- code1 = code2 = 0; -+ code1 = code2 = 0; -+ if (blackPixels) { - do { -- code1 += code3 = getWhiteCode(); -+ code1 += code3 = getBlackCode(); - } while (code3 >= 64); - do { -- code2 += code3 = getBlackCode(); -+ code2 += code3 = getWhiteCode(); - } while (code3 >= 64); - } else { -- code1 = code2 = 0; - do { -- code1 += code3 = getBlackCode(); -+ code1 += code3 = getWhiteCode(); - } while (code3 >= 64); - do { -- code2 += code3 = getWhiteCode(); -+ code2 += code3 = getBlackCode(); - } while (code3 >= 64); - } -- if (code1 > 0 || code2 > 0) { -- if (a0New + code1 <= columns) { -- codingLine[a0 + 1] = a0New + code1; -- } else { -- codingLine[a0 + 1] = columns; -- } -- ++a0; -- if (codingLine[a0] + code2 <= columns) { -- codingLine[a0 + 1] = codingLine[a0] + code2; -- } else { -- codingLine[a0 + 1] = columns; -- } -- ++a0; -- a0New = codingLine[a0]; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ addPixels(codingLine[a0i] + code1, blackPixels); -+ if (codingLine[a0i] < columns) { -+ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); -+ } -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; -+ } -+ break; -+ case twoDimVertR3: -+ addPixels(refLine[b1i] + 3, blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ ++b1i; -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } - } - break; -- case twoDimVert0: -- if (refLine[b1] < columns) { -- a0New = codingLine[++a0] = refLine[b1]; -- ++b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ case twoDimVertR2: -+ addPixels(refLine[b1i] + 2, blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ ++b1i; -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } -- } else { -- a0New = codingLine[++a0] = columns; - } - break; - case twoDimVertR1: -- if (refLine[b1] + 1 < columns) { -- a0New = codingLine[++a0] = refLine[b1] + 1; -- ++b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ addPixels(refLine[b1i] + 1, blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ ++b1i; -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } -- } else { -- a0New = codingLine[++a0] = columns; - } - break; -- case twoDimVertL1: -- if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) { -- a0New = codingLine[++a0] = refLine[b1] - 1; -- --b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ case twoDimVert0: -+ addPixels(refLine[b1i], blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ ++b1i; -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } - } - break; -- case twoDimVertR2: -- if (refLine[b1] + 2 < columns) { -- a0New = codingLine[++a0] = refLine[b1] + 2; -- ++b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ case twoDimVertL3: -+ addPixelsNeg(refLine[b1i] - 3, blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ if (b1i > 0) { -+ --b1i; -+ } else { -+ ++b1i; -+ } -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } -- } else { -- a0New = codingLine[++a0] = columns; - } - break; - case twoDimVertL2: -- if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) { -- a0New = codingLine[++a0] = refLine[b1] - 2; -- --b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ addPixelsNeg(refLine[b1i] - 2, blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ if (b1i > 0) { -+ --b1i; -+ } else { -+ ++b1i; - } -- } -- break; -- case twoDimVertR3: -- if (refLine[b1] + 3 < columns) { -- a0New = codingLine[++a0] = refLine[b1] + 3; -- ++b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } -- } else { -- a0New = codingLine[++a0] = columns; - } - break; -- case twoDimVertL3: -- if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) { -- a0New = codingLine[++a0] = refLine[b1] - 3; -- --b1; -- while (refLine[b1] <= a0New && refLine[b1] < columns) { -- b1 += 2; -+ case twoDimVertL1: -+ addPixelsNeg(refLine[b1i] - 1, blackPixels); -+ blackPixels ^= 1; -+ if (codingLine[a0i] < columns) { -+ if (b1i > 0) { -+ --b1i; -+ } else { -+ ++b1i; -+ } -+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { -+ b1i += 2; - } - } - break; - case EOF: -+ addPixels(columns, 0); - eof = gTrue; -- codingLine[a0 = 0] = columns; -- return EOF; -+ break; - default: - error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); -+ addPixels(columns, 0); - err = gTrue; - break; - } -- } while (codingLine[a0] < columns); -+ } - - // 1-D encoding - } else { -- codingLine[a0 = 0] = 0; -- while (1) { -+ codingLine[0] = 0; -+ a0i = 0; -+ blackPixels = 0; -+ while (codingLine[a0i] < columns) { - code1 = 0; -- do { -- code1 += code3 = getWhiteCode(); -- } while (code3 >= 64); -- codingLine[a0+1] = codingLine[a0] + code1; -- ++a0; -- if (codingLine[a0] >= columns) { -- break; -- } -- code2 = 0; -- do { -- code2 += code3 = getBlackCode(); -- } while (code3 >= 64); -- codingLine[a0+1] = codingLine[a0] + code2; -- ++a0; -- if (codingLine[a0] >= columns) { -- break; -+ if (blackPixels) { -+ do { -+ code1 += code3 = getBlackCode(); -+ } while (code3 >= 64); -+ } else { -+ do { -+ code1 += code3 = getWhiteCode(); -+ } while (code3 >= 64); - } -+ addPixels(codingLine[a0i] + code1, blackPixels); -+ blackPixels ^= 1; - } - } - -- if (codingLine[a0] != columns) { -- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]); -- // force the row to be the correct length -- while (codingLine[a0] > columns) { -- --a0; -- } -- codingLine[++a0] = columns; -- err = gTrue; -- } -- - // byte-align the row - if (byteAlign) { - inputBits &= ~7; -@@ -1562,14 +1584,17 @@ int CCITTFaxStream::lookChar() { - // this if we know the stream contains end-of-line markers because - // the "just plow on" technique tends to work better otherwise - } else if (err && endOfLine) { -- do { -+ while (1) { -+ code1 = lookBits(13); - if (code1 == EOF) { - eof = gTrue; - return EOF; - } -+ if ((code1 >> 1) == 0x001) { -+ break; -+ } - eatBits(1); -- code1 = lookBits(13); -- } while ((code1 >> 1) != 0x001); -+ } - eatBits(12); - if (encoding > 0) { - eatBits(1); -@@ -1577,11 +1602,11 @@ int CCITTFaxStream::lookChar() { - } - } - -- a0 = 0; -- outputBits = codingLine[1] - codingLine[0]; -- if (outputBits == 0) { -- a0 = 1; -- outputBits = codingLine[2] - codingLine[1]; -+ // set up for output -+ if (codingLine[0] > 0) { -+ outputBits = codingLine[a0i = 0]; -+ } else { -+ outputBits = codingLine[a0i = 1]; - } - - ++row; -@@ -1589,39 +1614,43 @@ int CCITTFaxStream::lookChar() { - - // get a byte - if (outputBits >= 8) { -- ret = ((a0 & 1) == 0) ? 0xff : 0x00; -- if ((outputBits -= 8) == 0) { -- ++a0; -- if (codingLine[a0] < columns) { -- outputBits = codingLine[a0 + 1] - codingLine[a0]; -- } -+ buf = (a0i & 1) ? 0x00 : 0xff; -+ outputBits -= 8; -+ if (outputBits == 0 && codingLine[a0i] < columns) { -+ ++a0i; -+ outputBits = codingLine[a0i] - codingLine[a0i - 1]; - } - } else { - bits = 8; -- ret = 0; -+ buf = 0; - do { - if (outputBits > bits) { -- i = bits; -- bits = 0; -- if ((a0 & 1) == 0) { -- ret |= 0xff >> (8 - i); -+ buf <<= bits; -+ if (!(a0i & 1)) { -+ buf |= 0xff >> (8 - bits); - } -- outputBits -= i; -+ outputBits -= bits; -+ bits = 0; - } else { -- i = outputBits; -- bits -= outputBits; -- if ((a0 & 1) == 0) { -- ret |= (0xff >> (8 - i)) << bits; -+ buf <<= outputBits; -+ if (!(a0i & 1)) { -+ buf |= 0xff >> (8 - outputBits); - } -+ bits -= outputBits; - outputBits = 0; -- ++a0; -- if (codingLine[a0] < columns) { -- outputBits = codingLine[a0 + 1] - codingLine[a0]; -+ if (codingLine[a0i] < columns) { -+ ++a0i; -+ outputBits = codingLine[a0i] - codingLine[a0i - 1]; -+ } else if (bits > 0) { -+ buf <<= bits; -+ bits = 0; - } - } -- } while (bits > 0 && codingLine[a0] < columns); -+ } while (bits); -+ } -+ if (black) { -+ buf ^= 0xff; - } -- buf = black ? (ret ^ 0xff) : ret; - return buf; - } - -@@ -1663,6 +1692,9 @@ short CCITTFaxStream::getWhiteCode() { - code = 0; // make gcc happy - if (endOfBlock) { - code = lookBits(12); -+ if (code == EOF) { -+ return 1; -+ } - if ((code >> 5) == 0) { - p = &whiteTab1[code]; - } else { -@@ -1675,6 +1707,9 @@ short CCITTFaxStream::getWhiteCode() { - } else { - for (n = 1; n <= 9; ++n) { - code = lookBits(n); -+ if (code == EOF) { -+ return 1; -+ } - if (n < 9) { - code <<= 9 - n; - } -@@ -1686,6 +1721,9 @@ short CCITTFaxStream::getWhiteCode() { - } - for (n = 11; n <= 12; ++n) { - code = lookBits(n); -+ if (code == EOF) { -+ return 1; -+ } - if (n < 12) { - code <<= 12 - n; - } -@@ -1711,9 +1749,12 @@ short CCITTFaxStream::getBlackCode() { - code = 0; // make gcc happy - if (endOfBlock) { - code = lookBits(13); -+ if (code == EOF) { -+ return 1; -+ } - if ((code >> 7) == 0) { - p = &blackTab1[code]; -- } else if ((code >> 9) == 0) { -+ } else if ((code >> 9) == 0 && (code >> 7) != 0) { - p = &blackTab2[(code >> 1) - 64]; - } else { - p = &blackTab3[code >> 7]; -@@ -1725,6 +1766,9 @@ short CCITTFaxStream::getBlackCode() { - } else { - for (n = 2; n <= 6; ++n) { - code = lookBits(n); -+ if (code == EOF) { -+ return 1; -+ } - if (n < 6) { - code <<= 6 - n; - } -@@ -1736,6 +1780,9 @@ short CCITTFaxStream::getBlackCode() { - } - for (n = 7; n <= 12; ++n) { - code = lookBits(n); -+ if (code == EOF) { -+ return 1; -+ } - if (n < 12) { - code <<= 12 - n; - } -@@ -1749,6 +1796,9 @@ short CCITTFaxStream::getBlackCode() { - } - for (n = 10; n <= 13; ++n) { - code = lookBits(n); -+ if (code == EOF) { -+ return 1; -+ } - if (n < 13) { - code <<= 13 - n; - } -@@ -1963,6 +2013,12 @@ void DCTStream::reset() { - // allocate a buffer for the whole image - bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; - bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; -+ if (bufWidth <= 0 || bufHeight <= 0 || -+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { -+ error(getPos(), "Invalid image size in DCT stream"); -+ y = height; -+ return; -+ } - for (i = 0; i < numComps; ++i) { - frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int)); - memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); -@@ -3038,6 +3094,11 @@ GBool DCTStream::readScanInfo() { - } - scanInfo.firstCoeff = str->getChar(); - scanInfo.lastCoeff = str->getChar(); -+ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || -+ scanInfo.firstCoeff > scanInfo.lastCoeff) { -+ error(getPos(), "Bad DCT coefficient numbers in scan info block"); -+ return gFalse; -+ } - c = str->getChar(); - scanInfo.ah = (c >> 4) & 0x0f; - scanInfo.al = c & 0x0f; ---- kpdf/xpdf/xpdf/Stream.h -+++ kpdf/xpdf/xpdf/Stream.h -@@ -528,13 +528,15 @@ private: - int row; // current row - int inputBuf; // input buffer - int inputBits; // number of bits in input buffer -- short *refLine; // reference line changing elements -- int b1; // index into refLine -- short *codingLine; // coding line changing elements -- int a0; // index into codingLine -+ int *codingLine; // coding line changing elements -+ int *refLine; // reference line changing elements -+ int a0i; // index into codingLine -+ GBool err; // error on current line - int outputBits; // remaining ouput bits - int buf; // character buffer - -+ void addPixels(int a1, int black); -+ void addPixelsNeg(int a1, int black); - short getTwoDimCode(); - short getWhiteCode(); - short getBlackCode(); |