summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kde-base/kdegraphics/ChangeLog13
-rw-r--r--kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff68
-rw-r--r--kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch25
-rw-r--r--kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff10
-rw-r--r--kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff61
-rw-r--r--kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff134
-rw-r--r--kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff17
-rw-r--r--kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff643
8 files changed, 11 insertions, 960 deletions
diff --git a/kde-base/kdegraphics/ChangeLog b/kde-base/kdegraphics/ChangeLog
index 1f22241f6c93..89db21cd0cc8 100644
--- a/kde-base/kdegraphics/ChangeLog
+++ b/kde-base/kdegraphics/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for kde-base/kdegraphics
-# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.346 2009/03/30 13:03:21 loki_val Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.347 2009/06/14 12:45:21 alexxy Exp $
+
+ 14 Jun 2009; Alexey Shvetsov <alexxy@gentoo.org>
+ -files/post-3.5.5-kdegraphics.diff,
+ -files/post-3.5.5-kdegraphics-CVE-2007-0104.diff,
+ -files/kamera-3.5.6-download-fix.diff, -files/kpdf-3.5.7-hash_path.diff,
+ -files/post-3.5.7-kdegraphics-CVE-2007-3387.diff,
+ -files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch,
+ -files/post-3.5.8-kdegraphics-kpdf.diff:
+ Clean unneeded patches
30 Mar 2009; Peter Alfredsen <loki_val@gentoo.org>
kdegraphics-3.5.9.ebuild:
diff --git a/kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff b/kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff
deleted file mode 100644
index c26dff3a86bf..000000000000
--- a/kde-base/kdegraphics/files/kamera-3.5.6-download-fix.diff
+++ /dev/null
@@ -1,68 +0,0 @@
---- kamera/kioslave/kamera.cpp 2006/06/22 06:45:40 553793
-+++ kamera/kioslave/kamera.cpp 2007/05/03 20:59:50 660816
-@@ -270,19 +270,39 @@
- long unsigned int fileSize;
- // This merely returns us a pointer to gphoto's internal data
- // buffer -- there's no expensive memcpy
-- gp_file_get_data_and_size(m_file, &fileData, &fileSize);
-+ gpr = gp_file_get_data_and_size(m_file, &fileData, &fileSize);
-+ if (gpr != GP_OK) {
-+ kdDebug(7123) << "get():: get_data_and_size failed." << endl;
-+ gp_file_free(m_file);
-+ m_file = NULL;
-+ error(KIO::ERR_UNKNOWN, gp_result_as_string(gpr));
-+ closeCamera();
-+ return;
-+ }
- // make sure we're not sending zero-sized chunks (=EOF)
- // also make sure we send only if the progress did not send the data
- // already.
- if ((fileSize > 0) && (fileSize - m_fileSize)>0) {
-- // XXX using assign() here causes segfault, prolly because
-- // gp_file_free is called before chunkData goes out of scope
-+ unsigned long written = 0;
- QByteArray chunkDataBuffer;
-- chunkDataBuffer.setRawData(fileData + m_fileSize, fileSize - m_fileSize);
-- data(chunkDataBuffer);
-- processedSize(fileSize);
-- chunkDataBuffer.resetRawData(fileData + m_fileSize, fileSize - m_fileSize);
-+
-+ // We need to split it up here. Someone considered it funny
-+ // to discard any data() larger than 16MB.
-+ //
-+ // So nearly any Movie will just fail....
-+ while (written < fileSize-m_fileSize) {
-+ unsigned long towrite = 1024*1024; // 1MB
-+
-+ if (towrite > fileSize-m_fileSize-written)
-+ towrite = fileSize-m_fileSize-written;
-+ chunkDataBuffer.setRawData(fileData + m_fileSize + written, towrite);
-+ processedSize(m_fileSize + written + towrite);
-+ data(chunkDataBuffer);
-+ chunkDataBuffer.resetRawData(fileData + m_fileSize + written, towrite);
-+ written += towrite;
-+ }
- m_fileSize = fileSize;
-+ setFileSize(fileSize);
- }
-
- finished();
-@@ -907,8 +927,8 @@
- // camera and pass it to KIO, to allow progressive display
- // of the downloaded photo.
-
-- const char *fileData;
-- long unsigned int fileSize;
-+ const char *fileData = NULL;
-+ long unsigned int fileSize = 0;
-
- // This merely returns us a pointer to gphoto's internal data
- // buffer -- there's no expensive memcpy
-@@ -921,6 +941,7 @@
- // gp_file_free is called before chunkData goes out of scope
- QByteArray chunkDataBuffer;
- chunkDataBuffer.setRawData(fileData + object->getFileSize(), fileSize - object->getFileSize());
-+ // Note: this will fail with sizes > 16MB ...
- object->data(chunkDataBuffer);
- object->processedSize(fileSize);
- chunkDataBuffer.resetRawData(fileData + object->getFileSize(), fileSize - object->getFileSize());
diff --git a/kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch b/kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch
deleted file mode 100644
index de82dba73000..000000000000
--- a/kde-base/kdegraphics/files/kdegraphics-kfile-plugins-3.5.7-openexr-1.6.0.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- kfile-plugins/exr/kfile_exr.cpp
-+++ kfile-plugins/exr/kfile_exr.cpp
-@@ -32,6 +32,7 @@
- #include <ImfVecAttribute.h>
- #include <ImfPreviewImage.h>
- #include <ImfVersion.h>
-+#include <ImfCRgbaFile.h>
-
- #include <iostream>
-
-@@ -226,7 +227,14 @@
- qcapDateString.setLength(capDateString.size());
- appendItem( stdgroup, "Capture Date", qcapDateString );
- }
-+ // This define was introduced in EXR 1.6.0
-+#ifndef IMF_B44_COMPRESSION
-+ // This is the 1.4 and earlier version
- if ( hasutcOffset(h) ) {
-+#else
-+ // This is the 1.6.0 and later version
-+ if ( hasUtcOffset(h) ) {
-+#endif
- QString UTCOffset;
- if (utcOffset(h)>0.0) {
- UTCOffset.append(QString("%1").arg(utcOffset(h)/3600, 0, 'f', 1));
diff --git a/kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff b/kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff
deleted file mode 100644
index 1c3ac507c049..000000000000
--- a/kde-base/kdegraphics/files/kpdf-3.5.7-hash_path.diff
+++ /dev/null
@@ -1,10 +0,0 @@
---- branches/KDE/3.5/kdegraphics/kpdf/part.cpp #703563:703564
-@@ -612,7 +612,7 @@
- m_pageView->showText(i18n("Reloading the document..."), 0);
- }
-
-- if (KParts::ReadOnlyPart::openURL(m_file))
-+ if (KParts::ReadOnlyPart::openURL(KURL::fromPathOrURL(m_file)))
- {
- if (m_viewportDirty.pageNumber >= (int)m_document->pages()) m_viewportDirty.pageNumber = (int)m_document->pages() - 1;
- m_document->setViewport(m_viewportDirty);
diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
deleted file mode 100644
index 092cf67f360b..000000000000
--- a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
+++ /dev/null
@@ -1,61 +0,0 @@
---- kpdf/xpdf/xpdf/Catalog.cc
-+++ kpdf/xpdf/xpdf/Catalog.cc
-@@ -26,6 +26,12 @@
- #include "UGString.h"
- #include "Catalog.h"
-
-+// This define is used to limit the depth of recursive readPageTree calls
-+// This is needed because the page tree nodes can reference their parents
-+// leaving us in an infinite loop
-+// Most sane pdf documents don't have a call depth higher than 10
-+#define MAX_CALL_DEPTH 1000
-+
- //------------------------------------------------------------------------
- // Catalog
- //------------------------------------------------------------------------
-@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
- pageRefs[i].num = -1;
- pageRefs[i].gen = -1;
- }
-- numPages = readPageTree(pagesDict.getDict(), NULL, 0);
-+ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
- if (numPages != numPages0) {
- error(-1, "Page count in top-level pages object is incorrect");
- }
-@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
- return s;
- }
-
--int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
-+int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
- Object kids;
- Object kid;
- Object kidRef;
-@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
- // This should really be isDict("Pages"), but I've seen at least one
- // PDF file where the /Type entry is missing.
- } else if (kid.isDict()) {
-- if ((start = readPageTree(kid.getDict(), attrs1, start))
-- < 0)
-- goto err2;
-+ if (callDepth > MAX_CALL_DEPTH) {
-+ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
-+ } else {
-+ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
-+ < 0)
-+ goto err2;
-+ }
- } else {
- error(-1, "Kid object (page %d) is wrong type (%s)",
- start+1, kid.getTypeName());
---- kpdf/xpdf/xpdf/Catalog.h
-+++ kpdf/xpdf/xpdf/Catalog.h
-@@ -128,7 +128,7 @@ private:
- Object acroForm; // AcroForm dictionary
- GBool ok; // true if catalog is valid
-
-- int readPageTree(Dict *pages, PageAttrs *attrs, int start);
-+ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
- Object *findDestInTree(Object *tree, GString *name, Object *obj);
- };
-
diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff
deleted file mode 100644
index 881b81757ab4..000000000000
--- a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics.diff
+++ /dev/null
@@ -1,134 +0,0 @@
---- kfile-plugins/jpeg/exif.h
-+++ kfile-plugins/jpeg/exif.h
-@@ -72,7 +72,8 @@
- int Get32s(void * Long);
- unsigned Get32u(void * Long);
- double ConvertAnyFormat(void * ValuePtr, int Format);
-- void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength);
-+ void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength,
-+ unsigned NestingLevel);
- void process_COM (const uchar * Data, int length);
- void process_SOFn (const uchar * Data, int marker);
- int Get16m(const void * Short);
---- kfile-plugins/jpeg/exif.cpp
-+++ kfile-plugins/jpeg/exif.cpp
-@@ -446,7 +446,7 @@
- //--------------------------------------------------------------------------
- // Process one of the nested EXIF directories.
- //--------------------------------------------------------------------------
--void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength)
-+void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength, unsigned NestingLevel)
- {
- int de;
- int a;
-@@ -454,6 +454,9 @@
- unsigned ThumbnailOffset = 0;
- unsigned ThumbnailSize = 0;
-
-+ if ( NestingLevel > 4)
-+ throw FatalError("Maximum directory nesting exceeded (corrupt exif header)");
-+
- NumDirEntries = Get16u(DirStart);
- #define DIR_ENTRY_ADDR(Start, Entry) (Start+2+12*(Entry))
-
-@@ -476,7 +479,7 @@
- for (de=0;de<NumDirEntries;de++){
- int Tag, Format, Components;
- unsigned char * ValuePtr;
-- int ByteCount;
-+ unsigned ByteCount;
- char * DirEntry;
- DirEntry = (char *)DIR_ENTRY_ADDR(DirStart, de);
-
-@@ -489,6 +492,11 @@
- throw FatalError("Illegal format code in EXIF dir");
- }
-
-+ if ((unsigned)Components > 0x10000) {
-+ throw FatalError("Illegal number of components for tag");
-+ continue;
-+ }
-+
- ByteCount = Components * BytesPerFormat[Format];
-
- if (ByteCount > 4){
-@@ -517,11 +525,11 @@
- switch(Tag){
-
- case TAG_MAKE:
-- ExifData::CameraMake = QString((char*)ValuePtr);
-+ ExifData::CameraMake = QString::fromLatin1((const char*)ValuePtr, 31);
- break;
-
- case TAG_MODEL:
-- ExifData::CameraModel = QString((char*)ValuePtr);
-+ ExifData::CameraModel = QString::fromLatin1((const char*)ValuePtr, 39);
- break;
-
- case TAG_ORIENTATION:
-@@ -529,7 +537,7 @@
- break;
-
- case TAG_DATETIME_ORIGINAL:
-- DateTime = QString((char*)ValuePtr);
-+ DateTime = QString::fromLatin1((const char*)ValuePtr, 19);
- break;
-
- case TAG_USERCOMMENT:
-@@ -550,14 +558,12 @@
- int c;
- c = (ValuePtr)[a];
- if (c != '\0' && c != ' '){
-- //strncpy(ImageInfo.Comments, (const char*)(a+ValuePtr), 199);
-- UserComment.sprintf("%s", (const char*)(a+ValuePtr));
-+ UserComment = QString::fromLatin1((const char*)(a+ValuePtr), 199);
- break;
- }
- }
- }else{
-- //strncpy(ImageInfo.Comments, (const char*)ValuePtr, 199);
-- UserComment.sprintf("%s", (const char*)ValuePtr);
-+ UserComment = QString::fromLatin1((const char*)ValuePtr, 199);
- }
- break;
-
-@@ -676,10 +682,10 @@
- if (Tag == TAG_EXIF_OFFSET || Tag == TAG_INTEROP_OFFSET){
- unsigned char * SubdirStart;
- SubdirStart = OffsetBase + Get32u(ValuePtr);
-- if (SubdirStart < OffsetBase || SubdirStart > OffsetBase+ExifLength){
-+ if (SubdirStart <= OffsetBase || SubdirStart >= OffsetBase+ExifLength){
- throw FatalError("Illegal subdirectory link");
- }
-- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
-+ ProcessExifDir(SubdirStart, OffsetBase, ExifLength, NestingLevel+1);
- continue;
- }
- }
-@@ -709,7 +715,7 @@
- }
- }else{
- if (SubdirStart <= OffsetBase+ExifLength){
-- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
-+ ProcessExifDir(SubdirStart, OffsetBase, ExifLength, NestingLevel+1);
- }
- }
- }
-@@ -719,7 +725,7 @@
- }
-
- if (ThumbnailSize && ThumbnailOffset){
-- if (ThumbnailSize + ThumbnailOffset <= ExifLength){
-+ if (ThumbnailSize + ThumbnailOffset < ExifLength){
- // The thumbnail pointer appears to be valid. Store it.
- Thumbnail.loadFromData(OffsetBase + ThumbnailOffset, ThumbnailSize, "JPEG");
- }
-@@ -810,7 +816,7 @@
- LastExifRefd = CharBuf;
-
- // First directory starts 16 bytes in. Offsets start at 8 bytes in.
-- ProcessExifDir(CharBuf+16, CharBuf+8, length-6);
-+ ProcessExifDir(CharBuf+16, CharBuf+8, length-6, 0);
-
- // This is how far the interesting (non thumbnail) part of the exif went.
- ExifSettingsLength = LastExifRefd - CharBuf;
diff --git a/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff b/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
deleted file mode 100644
index e28add87e275..000000000000
--- a/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
+++ /dev/null
@@ -1,17 +0,0 @@
-Index: kpdf/xpdf/xpdf/Stream.cc
-===================================================================
---- kpdf/xpdf/xpdf/Stream.cc (revision 689574)
-+++ kpdf/xpdf/xpdf/Stream.cc (working copy)
-@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream
-
- nVals = width * nComps;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-- nComps >= INT_MAX / nBits ||
-- width >= INT_MAX / nComps / nBits ||
-- nVals * nBits + 7 < 0) {
-+ nComps > gfxColorMaxComps || nBits > 16 ||
-+ width >= INT_MAX / nComps ||
-+ nVals >= (INT_MAX - 7) / nBits) {
- return;
- }
- pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff b/kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff
deleted file mode 100644
index 94e44a0280e9..000000000000
--- a/kde-base/kdegraphics/files/post-3.5.8-kdegraphics-kpdf.diff
+++ /dev/null
@@ -1,643 +0,0 @@
---- kpdf/xpdf/xpdf/Stream.cc
-+++ kpdf/xpdf/xpdf/Stream.cc
-@@ -1245,23 +1245,26 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
- columns = columnsA;
- if (columns < 1) {
- columns = 1;
-- }
-- if (columns + 4 <= 0) {
-- columns = INT_MAX - 4;
-+ } else if (columns > INT_MAX - 2) {
-+ columns = INT_MAX - 2;
- }
- rows = rowsA;
- endOfBlock = endOfBlockA;
- black = blackA;
-- refLine = (short *)gmallocn(columns + 3, sizeof(short));
-- codingLine = (short *)gmallocn(columns + 2, sizeof(short));
-+ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
-+ // ---> max codingLine size = columns + 1
-+ // refLine has one extra guard entry at the end
-+ // ---> max refLine size = columns + 2
-+ codingLine = (int *)gmallocn(columns + 1, sizeof(int));
-+ refLine = (int *)gmallocn(columns + 2, sizeof(int));
-
- eof = gFalse;
- row = 0;
- nextLine2D = encoding < 0;
- inputBits = 0;
-- codingLine[0] = 0;
-- codingLine[1] = refLine[2] = columns;
-- a0 = 1;
-+ codingLine[0] = columns;
-+ a0i = 0;
-+ outputBits = 0;
-
- buf = EOF;
- }
-@@ -1280,9 +1283,9 @@ void CCITTFaxStream::reset() {
- row = 0;
- nextLine2D = encoding < 0;
- inputBits = 0;
-- codingLine[0] = 0;
-- codingLine[1] = columns;
-- a0 = 1;
-+ codingLine[0] = columns;
-+ a0i = 0;
-+ outputBits = 0;
- buf = EOF;
-
- // skip any initial zero bits and end-of-line marker, and get the 2D
-@@ -1299,211 +1302,230 @@ void CCITTFaxStream::reset() {
- }
- }
-
-+inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
-+ if (a1 > codingLine[a0i]) {
-+ if (a1 > columns) {
-+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
-+ err = gTrue;
-+ a1 = columns;
-+ }
-+ if ((a0i & 1) ^ blackPixels) {
-+ ++a0i;
-+ }
-+ codingLine[a0i] = a1;
-+ }
-+}
-+
-+inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
-+ if (a1 > codingLine[a0i]) {
-+ if (a1 > columns) {
-+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
-+ err = gTrue;
-+ a1 = columns;
-+ }
-+ if ((a0i & 1) ^ blackPixels) {
-+ ++a0i;
-+ }
-+ codingLine[a0i] = a1;
-+ } else if (a1 < codingLine[a0i]) {
-+ if (a1 < 0) {
-+ error(getPos(), "Invalid CCITTFax code");
-+ err = gTrue;
-+ a1 = 0;
-+ }
-+ while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
-+ --a0i;
-+ }
-+ codingLine[a0i] = a1;
-+ }
-+}
-+
- int CCITTFaxStream::lookChar() {
- short code1, code2, code3;
-- int a0New;
-- GBool err, gotEOL;
-- int ret;
-- int bits, i;
-+ int b1i, blackPixels, i, bits;
-+ GBool gotEOL;
-
-- // if at eof just return EOF
-- if (eof && codingLine[a0] >= columns) {
-- return EOF;
-+ if (buf != EOF) {
-+ return buf;
- }
-
- // read the next row
-- err = gFalse;
-- if (codingLine[a0] >= columns) {
-+ if (outputBits == 0) {
-+
-+ // if at eof just return EOF
-+ if (eof) {
-+ return EOF;
-+ }
-+
-+ err = gFalse;
-
- // 2-D encoding
- if (nextLine2D) {
-- // state:
-- // a0New = current position in coding line (0 <= a0New <= columns)
-- // codingLine[a0] = last change in coding line
-- // (black-to-white if a0 is even,
-- // white-to-black if a0 is odd)
-- // refLine[b1] = next change in reference line of opposite color
-- // to a0
-- // invariants:
-- // 0 <= codingLine[a0] <= a0New
-- // <= refLine[b1] <= refLine[b1+1] <= columns
-- // 0 <= a0 <= columns+1
-- // refLine[0] = 0
-- // refLine[n] = refLine[n+1] = columns
-- // -- for some 1 <= n <= columns+1
-- // end condition:
-- // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ...
-- // < codingLine[n-1] < codingLine[n] = columns
-- // -- where 1 <= n <= columns+1
- for (i = 0; codingLine[i] < columns; ++i) {
- refLine[i] = codingLine[i];
- }
-- refLine[i] = refLine[i + 1] = columns;
-- b1 = 1;
-- a0New = codingLine[a0 = 0] = 0;
-- do {
-+ refLine[i++] = columns;
-+ refLine[i] = columns;
-+ codingLine[0] = 0;
-+ a0i = 0;
-+ b1i = 0;
-+ blackPixels = 0;
-+ // invariant:
-+ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
-+ // <= columns
-+ // exception at left edge:
-+ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
-+ // exception at right edge:
-+ // refLine[b1i] = refLine[b1i+1] = columns is possible
-+ while (codingLine[a0i] < columns) {
- code1 = getTwoDimCode();
- switch (code1) {
- case twoDimPass:
-- if (refLine[b1] < columns) {
-- a0New = refLine[b1 + 1];
-- b1 += 2;
-+ addPixels(refLine[b1i + 1], blackPixels);
-+ if (refLine[b1i + 1] < columns) {
-+ b1i += 2;
- }
- break;
- case twoDimHoriz:
-- if ((a0 & 1) == 0) {
-- code1 = code2 = 0;
-+ code1 = code2 = 0;
-+ if (blackPixels) {
- do {
-- code1 += code3 = getWhiteCode();
-+ code1 += code3 = getBlackCode();
- } while (code3 >= 64);
- do {
-- code2 += code3 = getBlackCode();
-+ code2 += code3 = getWhiteCode();
- } while (code3 >= 64);
- } else {
-- code1 = code2 = 0;
- do {
-- code1 += code3 = getBlackCode();
-+ code1 += code3 = getWhiteCode();
- } while (code3 >= 64);
- do {
-- code2 += code3 = getWhiteCode();
-+ code2 += code3 = getBlackCode();
- } while (code3 >= 64);
- }
-- if (code1 > 0 || code2 > 0) {
-- if (a0New + code1 <= columns) {
-- codingLine[a0 + 1] = a0New + code1;
-- } else {
-- codingLine[a0 + 1] = columns;
-- }
-- ++a0;
-- if (codingLine[a0] + code2 <= columns) {
-- codingLine[a0 + 1] = codingLine[a0] + code2;
-- } else {
-- codingLine[a0 + 1] = columns;
-- }
-- ++a0;
-- a0New = codingLine[a0];
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ addPixels(codingLine[a0i] + code1, blackPixels);
-+ if (codingLine[a0i] < columns) {
-+ addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
-+ }
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
-+ }
-+ break;
-+ case twoDimVertR3:
-+ addPixels(refLine[b1i] + 3, blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ ++b1i;
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
- }
- break;
-- case twoDimVert0:
-- if (refLine[b1] < columns) {
-- a0New = codingLine[++a0] = refLine[b1];
-- ++b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ case twoDimVertR2:
-+ addPixels(refLine[b1i] + 2, blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ ++b1i;
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
-- } else {
-- a0New = codingLine[++a0] = columns;
- }
- break;
- case twoDimVertR1:
-- if (refLine[b1] + 1 < columns) {
-- a0New = codingLine[++a0] = refLine[b1] + 1;
-- ++b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ addPixels(refLine[b1i] + 1, blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ ++b1i;
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
-- } else {
-- a0New = codingLine[++a0] = columns;
- }
- break;
-- case twoDimVertL1:
-- if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) {
-- a0New = codingLine[++a0] = refLine[b1] - 1;
-- --b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ case twoDimVert0:
-+ addPixels(refLine[b1i], blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ ++b1i;
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
- }
- break;
-- case twoDimVertR2:
-- if (refLine[b1] + 2 < columns) {
-- a0New = codingLine[++a0] = refLine[b1] + 2;
-- ++b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ case twoDimVertL3:
-+ addPixelsNeg(refLine[b1i] - 3, blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ if (b1i > 0) {
-+ --b1i;
-+ } else {
-+ ++b1i;
-+ }
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
-- } else {
-- a0New = codingLine[++a0] = columns;
- }
- break;
- case twoDimVertL2:
-- if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) {
-- a0New = codingLine[++a0] = refLine[b1] - 2;
-- --b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ addPixelsNeg(refLine[b1i] - 2, blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ if (b1i > 0) {
-+ --b1i;
-+ } else {
-+ ++b1i;
- }
-- }
-- break;
-- case twoDimVertR3:
-- if (refLine[b1] + 3 < columns) {
-- a0New = codingLine[++a0] = refLine[b1] + 3;
-- ++b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
-- } else {
-- a0New = codingLine[++a0] = columns;
- }
- break;
-- case twoDimVertL3:
-- if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) {
-- a0New = codingLine[++a0] = refLine[b1] - 3;
-- --b1;
-- while (refLine[b1] <= a0New && refLine[b1] < columns) {
-- b1 += 2;
-+ case twoDimVertL1:
-+ addPixelsNeg(refLine[b1i] - 1, blackPixels);
-+ blackPixels ^= 1;
-+ if (codingLine[a0i] < columns) {
-+ if (b1i > 0) {
-+ --b1i;
-+ } else {
-+ ++b1i;
-+ }
-+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
-+ b1i += 2;
- }
- }
- break;
- case EOF:
-+ addPixels(columns, 0);
- eof = gTrue;
-- codingLine[a0 = 0] = columns;
-- return EOF;
-+ break;
- default:
- error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
-+ addPixels(columns, 0);
- err = gTrue;
- break;
- }
-- } while (codingLine[a0] < columns);
-+ }
-
- // 1-D encoding
- } else {
-- codingLine[a0 = 0] = 0;
-- while (1) {
-+ codingLine[0] = 0;
-+ a0i = 0;
-+ blackPixels = 0;
-+ while (codingLine[a0i] < columns) {
- code1 = 0;
-- do {
-- code1 += code3 = getWhiteCode();
-- } while (code3 >= 64);
-- codingLine[a0+1] = codingLine[a0] + code1;
-- ++a0;
-- if (codingLine[a0] >= columns) {
-- break;
-- }
-- code2 = 0;
-- do {
-- code2 += code3 = getBlackCode();
-- } while (code3 >= 64);
-- codingLine[a0+1] = codingLine[a0] + code2;
-- ++a0;
-- if (codingLine[a0] >= columns) {
-- break;
-+ if (blackPixels) {
-+ do {
-+ code1 += code3 = getBlackCode();
-+ } while (code3 >= 64);
-+ } else {
-+ do {
-+ code1 += code3 = getWhiteCode();
-+ } while (code3 >= 64);
- }
-+ addPixels(codingLine[a0i] + code1, blackPixels);
-+ blackPixels ^= 1;
- }
- }
-
-- if (codingLine[a0] != columns) {
-- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
-- // force the row to be the correct length
-- while (codingLine[a0] > columns) {
-- --a0;
-- }
-- codingLine[++a0] = columns;
-- err = gTrue;
-- }
--
- // byte-align the row
- if (byteAlign) {
- inputBits &= ~7;
-@@ -1562,14 +1584,17 @@ int CCITTFaxStream::lookChar() {
- // this if we know the stream contains end-of-line markers because
- // the "just plow on" technique tends to work better otherwise
- } else if (err && endOfLine) {
-- do {
-+ while (1) {
-+ code1 = lookBits(13);
- if (code1 == EOF) {
- eof = gTrue;
- return EOF;
- }
-+ if ((code1 >> 1) == 0x001) {
-+ break;
-+ }
- eatBits(1);
-- code1 = lookBits(13);
-- } while ((code1 >> 1) != 0x001);
-+ }
- eatBits(12);
- if (encoding > 0) {
- eatBits(1);
-@@ -1577,11 +1602,11 @@ int CCITTFaxStream::lookChar() {
- }
- }
-
-- a0 = 0;
-- outputBits = codingLine[1] - codingLine[0];
-- if (outputBits == 0) {
-- a0 = 1;
-- outputBits = codingLine[2] - codingLine[1];
-+ // set up for output
-+ if (codingLine[0] > 0) {
-+ outputBits = codingLine[a0i = 0];
-+ } else {
-+ outputBits = codingLine[a0i = 1];
- }
-
- ++row;
-@@ -1589,39 +1614,43 @@ int CCITTFaxStream::lookChar() {
-
- // get a byte
- if (outputBits >= 8) {
-- ret = ((a0 & 1) == 0) ? 0xff : 0x00;
-- if ((outputBits -= 8) == 0) {
-- ++a0;
-- if (codingLine[a0] < columns) {
-- outputBits = codingLine[a0 + 1] - codingLine[a0];
-- }
-+ buf = (a0i & 1) ? 0x00 : 0xff;
-+ outputBits -= 8;
-+ if (outputBits == 0 && codingLine[a0i] < columns) {
-+ ++a0i;
-+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
- }
- } else {
- bits = 8;
-- ret = 0;
-+ buf = 0;
- do {
- if (outputBits > bits) {
-- i = bits;
-- bits = 0;
-- if ((a0 & 1) == 0) {
-- ret |= 0xff >> (8 - i);
-+ buf <<= bits;
-+ if (!(a0i & 1)) {
-+ buf |= 0xff >> (8 - bits);
- }
-- outputBits -= i;
-+ outputBits -= bits;
-+ bits = 0;
- } else {
-- i = outputBits;
-- bits -= outputBits;
-- if ((a0 & 1) == 0) {
-- ret |= (0xff >> (8 - i)) << bits;
-+ buf <<= outputBits;
-+ if (!(a0i & 1)) {
-+ buf |= 0xff >> (8 - outputBits);
- }
-+ bits -= outputBits;
- outputBits = 0;
-- ++a0;
-- if (codingLine[a0] < columns) {
-- outputBits = codingLine[a0 + 1] - codingLine[a0];
-+ if (codingLine[a0i] < columns) {
-+ ++a0i;
-+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
-+ } else if (bits > 0) {
-+ buf <<= bits;
-+ bits = 0;
- }
- }
-- } while (bits > 0 && codingLine[a0] < columns);
-+ } while (bits);
-+ }
-+ if (black) {
-+ buf ^= 0xff;
- }
-- buf = black ? (ret ^ 0xff) : ret;
- return buf;
- }
-
-@@ -1663,6 +1692,9 @@ short CCITTFaxStream::getWhiteCode() {
- code = 0; // make gcc happy
- if (endOfBlock) {
- code = lookBits(12);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if ((code >> 5) == 0) {
- p = &whiteTab1[code];
- } else {
-@@ -1675,6 +1707,9 @@ short CCITTFaxStream::getWhiteCode() {
- } else {
- for (n = 1; n <= 9; ++n) {
- code = lookBits(n);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if (n < 9) {
- code <<= 9 - n;
- }
-@@ -1686,6 +1721,9 @@ short CCITTFaxStream::getWhiteCode() {
- }
- for (n = 11; n <= 12; ++n) {
- code = lookBits(n);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if (n < 12) {
- code <<= 12 - n;
- }
-@@ -1711,9 +1749,12 @@ short CCITTFaxStream::getBlackCode() {
- code = 0; // make gcc happy
- if (endOfBlock) {
- code = lookBits(13);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if ((code >> 7) == 0) {
- p = &blackTab1[code];
-- } else if ((code >> 9) == 0) {
-+ } else if ((code >> 9) == 0 && (code >> 7) != 0) {
- p = &blackTab2[(code >> 1) - 64];
- } else {
- p = &blackTab3[code >> 7];
-@@ -1725,6 +1766,9 @@ short CCITTFaxStream::getBlackCode() {
- } else {
- for (n = 2; n <= 6; ++n) {
- code = lookBits(n);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if (n < 6) {
- code <<= 6 - n;
- }
-@@ -1736,6 +1780,9 @@ short CCITTFaxStream::getBlackCode() {
- }
- for (n = 7; n <= 12; ++n) {
- code = lookBits(n);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if (n < 12) {
- code <<= 12 - n;
- }
-@@ -1749,6 +1796,9 @@ short CCITTFaxStream::getBlackCode() {
- }
- for (n = 10; n <= 13; ++n) {
- code = lookBits(n);
-+ if (code == EOF) {
-+ return 1;
-+ }
- if (n < 13) {
- code <<= 13 - n;
- }
-@@ -1963,6 +2013,12 @@ void DCTStream::reset() {
- // allocate a buffer for the whole image
- bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
- bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
-+ if (bufWidth <= 0 || bufHeight <= 0 ||
-+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
-+ error(getPos(), "Invalid image size in DCT stream");
-+ y = height;
-+ return;
-+ }
- for (i = 0; i < numComps; ++i) {
- frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
- memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
-@@ -3038,6 +3094,11 @@ GBool DCTStream::readScanInfo() {
- }
- scanInfo.firstCoeff = str->getChar();
- scanInfo.lastCoeff = str->getChar();
-+ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
-+ scanInfo.firstCoeff > scanInfo.lastCoeff) {
-+ error(getPos(), "Bad DCT coefficient numbers in scan info block");
-+ return gFalse;
-+ }
- c = str->getChar();
- scanInfo.ah = (c >> 4) & 0x0f;
- scanInfo.al = c & 0x0f;
---- kpdf/xpdf/xpdf/Stream.h
-+++ kpdf/xpdf/xpdf/Stream.h
-@@ -528,13 +528,15 @@ private:
- int row; // current row
- int inputBuf; // input buffer
- int inputBits; // number of bits in input buffer
-- short *refLine; // reference line changing elements
-- int b1; // index into refLine
-- short *codingLine; // coding line changing elements
-- int a0; // index into codingLine
-+ int *codingLine; // coding line changing elements
-+ int *refLine; // reference line changing elements
-+ int a0i; // index into codingLine
-+ GBool err; // error on current line
- int outputBits; // remaining ouput bits
- int buf; // character buffer
-
-+ void addPixels(int a1, int black);
-+ void addPixelsNeg(int a1, int black);
- short getTwoDimCode();
- short getWhiteCode();
- short getBlackCode();