--- misc/xpdf-3.02/goo/GString.cc Tue Feb 27 23:05:51 2007 +++ misc/build/xpdf-3.02/goo/GString.cc Mon Apr 7 13:16:54 2008 @@ -528,7 +528,7 @@ if ((neg = x < 0)) { x = -x; } - x = floor(x * pow(10, prec) + 0.5); + x = floor(x * pow(10.0, prec) + 0.5); i = bufSize; started = !trim; for (j = 0; j < prec && i > 1; ++j) { --- misc/xpdf-3.02/ms_make.bat Tue Feb 27 23:05:51 2007 +++ misc/build/xpdf-3.02/ms_make.bat Mon Apr 7 13:16:54 2008 @@ -1,5 +1,5 @@ set CC=cl -set CFLAGS=/DWIN32 /I.. /I..\goo /I..\fofi /O2 /nologo +set CFLAGS=/DWIN32 /D_MT /I.. /I..\goo /I..\fofi /O2 /nologo set CXX=cl set CXXFLAGS=%CFLAGS% /TP set LIBPROG=lib @@ -70,6 +70,8 @@ %CXX% %CXXFLAGS% /c pdffonts.cc %CXX% %CXXFLAGS% /c pdfimages.cc +%LIBPROG% /nologo /out:xpdf.lib Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSTokenizer.obj SecurityHandler.obj Stream.obj UnicodeMap.obj XRef.obj + %CXX% %LINKFLAGS% /Fepdftops.exe Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSOutputDev.obj PSTokenizer.obj SecurityHandler.obj Stream.obj UnicodeMap.obj XRef.obj pdftops.obj ..\fofi\fofi.lib ..\goo\Goo.lib shell32.lib user32.lib gdi32.lib advapi32.lib %CXX% %LINKFLAGS% /Fepdftotext.exe Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSTokenizer.obj SecurityHandler.obj Stream.obj TextOutputDev.obj UnicodeMap.obj UnicodeTypeTable.obj XRef.obj pdftotext.obj ..\fofi\fofi.lib ..\goo\Goo.lib shell32.lib user32.lib gdi32.lib advapi32.lib @@ -82,37 +84,3 @@ cd .. -rem --- This part will only work if you have FreeType installed --- - -set FT2DIR=..\freetype-2.3.1 -set CXXFLAGS=%CXXFLAGS% /I..\splash /I%FT2DIR%\include - -cd splash -%CXX% %CXXFLAGS% /c Splash.cc -%CXX% %CXXFLAGS% /c SplashBitmap.cc -%CXX% %CXXFLAGS% /c SplashClip.cc -%CXX% %CXXFLAGS% /c SplashFTFont.cc -%CXX% %CXXFLAGS% /c SplashFTFontEngine.cc -%CXX% %CXXFLAGS% /c SplashFTFontFile.cc -%CXX% %CXXFLAGS% /c SplashFont.cc -%CXX% %CXXFLAGS% /c SplashFontEngine.cc -%CXX% %CXXFLAGS% /c SplashFontFile.cc -%CXX% %CXXFLAGS% /c SplashFontFileID.cc -%CXX% %CXXFLAGS% /c SplashPath.cc -%CXX% %CXXFLAGS% /c SplashPattern.cc -%CXX% %CXXFLAGS% /c SplashScreen.cc -%CXX% %CXXFLAGS% /c SplashState.cc -%CXX% %CXXFLAGS% /c SplashT1Font.cc -%CXX% %CXXFLAGS% /c SplashT1FontEngine.cc -%CXX% %CXXFLAGS% /c SplashT1FontFile.cc -%CXX% %CXXFLAGS% /c SplashXPath.cc -%CXX% %CXXFLAGS% /c SplashXPathScanner.cc -%LIBPROG% /nologo /out:splash.lib Splash.obj SplashBitmap.obj SplashClip.obj SplashFTFont.obj SplashFTFontEngine.obj SplashFTFontFile.obj SplashFont.obj SplashFontEngine.obj SplashFontFile.obj SplashFontFileID.obj SplashPath.obj SplashPattern.obj SplashScreen.obj SplashState.obj SplashT1Font.obj SplashT1FontEngine.obj SplashT1FontFile.obj SplashXPath.obj SplashXPathScanner.obj - -cd ..\xpdf -%CXX% %CXXFLAGS% /c SplashOutputDev.cc -%CXX% %CXXFLAGS% /c pdftoppm.cc - -%CXX% %LINKFLAGS% /Fepdftoppm.exe Annot.obj Array.obj BuiltinFont.obj BuiltinFontTables.obj Catalog.obj CharCodeToUnicode.obj CMap.obj Decrypt.obj Dict.obj Error.obj FontEncodingTables.obj Function.obj Gfx.obj GfxFont.obj GfxState.obj GlobalParams.obj JArithmeticDecoder.obj JBIG2Stream.obj JPXStream.obj Lexer.obj Link.obj NameToCharCode.obj Object.obj Outline.obj OutputDev.obj Page.obj Parser.obj PDFDoc.obj PDFDocEncoding.obj PSTokenizer.obj SecurityHandler.obj SplashOutputDev.obj Stream.obj UnicodeMap.obj UnicodeTypeTable.obj XRef.obj pdftoppm.obj ..\splash\splash.lib ..\fofi\fofi.lib ..\goo\Goo.lib %FT2DIR%\freetype2.lib shell32.lib user32.lib gdi32.lib advapi32.lib - -cd .. --- misc/xpdf-3.02/xpdf/Makefile.in Tue Feb 27 23:05:52 2007 +++ misc/build/xpdf-3.02/xpdf/Makefile.in Mon Apr 7 13:16:54 2008 @@ -20,6 +20,8 @@ SPLASHLIBDIR = ../splash CXXFLAGS = @CXXFLAGS@ @DEFS@ -I.. -I$(GOOSRCDIR) -I$(FOFISRCDIR) -I$(SPLASHSRCDIR) -I$(srcdir) @freetype2_CFLAGS@ @Sgm_CFLAGS@ @Xm_CFLAGS@ @Xt_CFLAGS@ @Xp_CFLAGS@ @Xext_CFLAGS@ @Xpm_CFLAGS@ @t1_CFLAGS@ @libpaper_CFLAGS@ @X_CFLAGS@ +AR = ar rc +RANLIB = ranlib LDFLAGS = @LDFLAGS@ @@ -107,12 +109,29 @@ #------------------------------------------------------------------------ all: xpdf$(EXE) pdftops$(EXE) pdftotext$(EXE) pdfinfo$(EXE) \ - pdffonts$(EXE) pdftoppm$(EXE) pdfimages$(EXE) + pdffonts$(EXE) pdftoppm$(EXE) pdfimages$(EXE) $(LIBPREFIX)xpdf.a all-no-x: pdftops$(EXE) pdftotext$(EXE) pdfinfo$(EXE) pdffonts$(EXE) \ - pdfimages$(EXE) + pdfimages$(EXE) $(LIBPREFIX)xpdf.a #------------------------------------------------------------------------ + +XPDFLIB_OBJS = Annot.o Array.o BuiltinFont.o BuiltinFontTables.o Catalog.o \ + CharCodeToUnicode.o CMap.o Decrypt.o Dict.o \ + Error.o FontEncodingTables.o Function.o Gfx.o GfxFont.o \ + GfxState.o GlobalParams.o JArithmeticDecoder.o JBIG2Stream.o \ + JPXStream.o Lexer.o Link.o NameToCharCode.o Object.o Outline.o \ + OutputDev.o Page.o Parser.o PDFCore.o PDFDoc.o PDFDocEncoding.o \ + PSTokenizer.o SecurityHandler.o \ + Stream.o UnicodeMap.o \ + UnicodeTypeTable.o XRef.o + +$(LIBPREFIX)xpdf.a: $(XPDFLIB_OBJS) + rm -f $(LIBPREFIX)xpdf.a + $(AR) $(LIBPREFIX)xpdf.a $(XPDFLIB_OBJS) + $(RANLIB) $(LIBPREFIX)xpdf.a + +#------------------------------------------------------------------------ XPDF_OBJS = Annot.o Array.o BuiltinFont.o BuiltinFontTables.o Catalog.o \ CharCodeToUnicode.o CMap.o CoreOutputDev.o Decrypt.o Dict.o \ --- misc/xpdf-3.02/xpdf/Stream.cc Tue Feb 27 23:05:52 2007 +++ misc/build/xpdf-3.02/xpdf/Stream.cc Mon Apr 21 15:42:49 2008 @@ -410,15 +410,13 @@ ok = gFalse; nVals = width * nComps; - if (width <= 0 || nComps <= 0 || nBits <= 0 || - nComps >= INT_MAX / nBits || - width >= INT_MAX / nComps / nBits || - nVals * nBits + 7 < 0) { - return; - } pixBytes = (nComps * nBits + 7) >> 3; rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; - if (rowBytes <= 0) { + if (width <= 0 || nComps <= 0 || nBits <= 0 || + nComps > gfxColorMaxComps || + nBits > 16 || + width >= INT_MAX / nComps || // check for overflow in nVals + nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes return; } predLine = (Guchar *)gmalloc(rowBytes); @@ -1245,23 +1243,26 @@ columns = columnsA; if (columns < 1) { columns = 1; + } else if (columns > INT_MAX - 2) { + columns = INT_MAX - 2; } - if (columns + 4 <= 0) { - columns = INT_MAX - 4; - } rows = rowsA; endOfBlock = endOfBlockA; black = blackA; - refLine = (short *)gmallocn(columns + 3, sizeof(short)); - codingLine = (short *)gmallocn(columns + 2, sizeof(short)); + // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns + // ---> max codingLine size = columns + 1 + // refLine has one extra guard entry at the end + // ---> max refLine size = columns + 2 + codingLine = (int *)gmallocn(columns + 1, sizeof(int)); + refLine = (int *)gmallocn(columns + 2, sizeof(int)); eof = gFalse; row = 0; nextLine2D = encoding < 0; inputBits = 0; - codingLine[0] = 0; - codingLine[1] = refLine[2] = columns; - a0 = 1; + codingLine[0] = columns; + a0i = 0; + outputBits = 0; buf = EOF; } @@ -1280,9 +1281,9 @@ row = 0; nextLine2D = encoding < 0; inputBits = 0; - codingLine[0] = 0; - codingLine[1] = columns; - a0 = 1; + codingLine[0] = columns; + a0i = 0; + outputBits = 0; buf = EOF; // skip any initial zero bits and end-of-line marker, and get the 2D @@ -1299,211 +1300,230 @@ } } +inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { + if (a1 > codingLine[a0i]) { + if (a1 > columns) { + error(getPos(), "CCITTFax row is wrong length (%d)", a1); + err = gTrue; + a1 = columns; + } + if ((a0i & 1) ^ blackPixels) { + ++a0i; + } + codingLine[a0i] = a1; + } +} + +inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { + if (a1 > codingLine[a0i]) { + if (a1 > columns) { + error(getPos(), "CCITTFax row is wrong length (%d)", a1); + err = gTrue; + a1 = columns; + } + if ((a0i & 1) ^ blackPixels) { + ++a0i; + } + codingLine[a0i] = a1; + } else if (a1 < codingLine[a0i]) { + if (a1 < 0) { + error(getPos(), "Invalid CCITTFax code"); + err = gTrue; + a1 = 0; + } + while (a0i > 0 && a1 <= codingLine[a0i - 1]) { + --a0i; + } + codingLine[a0i] = a1; + } +} + int CCITTFaxStream::lookChar() { short code1, code2, code3; - int a0New; - GBool err, gotEOL; - int ret; - int bits, i; + int b1i, blackPixels, i, bits; + GBool gotEOL; - // if at eof just return EOF - if (eof && codingLine[a0] >= columns) { - return EOF; + if (buf != EOF) { + return buf; } // read the next row - err = gFalse; - if (codingLine[a0] >= columns) { + if (outputBits == 0) { + // if at eof just return EOF + if (eof) { + return EOF; + } + + err = gFalse; + // 2-D encoding if (nextLine2D) { - // state: - // a0New = current position in coding line (0 <= a0New <= columns) - // codingLine[a0] = last change in coding line - // (black-to-white if a0 is even, - // white-to-black if a0 is odd) - // refLine[b1] = next change in reference line of opposite color - // to a0 - // invariants: - // 0 <= codingLine[a0] <= a0New - // <= refLine[b1] <= refLine[b1+1] <= columns - // 0 <= a0 <= columns+1 - // refLine[0] = 0 - // refLine[n] = refLine[n+1] = columns - // -- for some 1 <= n <= columns+1 - // end condition: - // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ... - // < codingLine[n-1] < codingLine[n] = columns - // -- where 1 <= n <= columns+1 for (i = 0; codingLine[i] < columns; ++i) { refLine[i] = codingLine[i]; } - refLine[i] = refLine[i + 1] = columns; - b1 = 1; - a0New = codingLine[a0 = 0] = 0; - do { + refLine[i++] = columns; + refLine[i] = columns; + codingLine[0] = 0; + a0i = 0; + b1i = 0; + blackPixels = 0; + // invariant: + // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] + // <= columns + // exception at left edge: + // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible + // exception at right edge: + // refLine[b1i] = refLine[b1i+1] = columns is possible + while (codingLine[a0i] < columns) { code1 = getTwoDimCode(); switch (code1) { case twoDimPass: - if (refLine[b1] < columns) { - a0New = refLine[b1 + 1]; - b1 += 2; + addPixels(refLine[b1i + 1], blackPixels); + if (refLine[b1i + 1] < columns) { + b1i += 2; } break; case twoDimHoriz: - if ((a0 & 1) == 0) { - code1 = code2 = 0; + code1 = code2 = 0; + if (blackPixels) { do { - code1 += code3 = getWhiteCode(); + code1 += code3 = getBlackCode(); } while (code3 >= 64); do { - code2 += code3 = getBlackCode(); + code2 += code3 = getWhiteCode(); } while (code3 >= 64); } else { - code1 = code2 = 0; do { - code1 += code3 = getBlackCode(); + code1 += code3 = getWhiteCode(); } while (code3 >= 64); do { - code2 += code3 = getWhiteCode(); + code2 += code3 = getBlackCode(); } while (code3 >= 64); } - if (code1 > 0 || code2 > 0) { - if (a0New + code1 <= columns) { - codingLine[a0 + 1] = a0New + code1; - } else { - codingLine[a0 + 1] = columns; + addPixels(codingLine[a0i] + code1, blackPixels); + if (codingLine[a0i] < columns) { + addPixels(codingLine[a0i] + code2, blackPixels ^ 1); + } + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; + } + break; + case twoDimVertR3: + addPixels(refLine[b1i] + 3, blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + ++b1i; + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; } - ++a0; - if (codingLine[a0] + code2 <= columns) { - codingLine[a0 + 1] = codingLine[a0] + code2; - } else { - codingLine[a0 + 1] = columns; - } - ++a0; - a0New = codingLine[a0]; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; - } } break; - case twoDimVert0: - if (refLine[b1] < columns) { - a0New = codingLine[++a0] = refLine[b1]; - ++b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + case twoDimVertR2: + addPixels(refLine[b1i] + 2, blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + ++b1i; + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; } - } else { - a0New = codingLine[++a0] = columns; } break; case twoDimVertR1: - if (refLine[b1] + 1 < columns) { - a0New = codingLine[++a0] = refLine[b1] + 1; - ++b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + addPixels(refLine[b1i] + 1, blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + ++b1i; + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; } - } else { - a0New = codingLine[++a0] = columns; } break; - case twoDimVertL1: - if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) { - a0New = codingLine[++a0] = refLine[b1] - 1; - --b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + case twoDimVert0: + addPixels(refLine[b1i], blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + ++b1i; + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; } } break; - case twoDimVertR2: - if (refLine[b1] + 2 < columns) { - a0New = codingLine[++a0] = refLine[b1] + 2; - ++b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + case twoDimVertL3: + addPixelsNeg(refLine[b1i] - 3, blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + if (b1i > 0) { + --b1i; + } else { + ++b1i; } - } else { - a0New = codingLine[++a0] = columns; + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; + } } break; case twoDimVertL2: - if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) { - a0New = codingLine[++a0] = refLine[b1] - 2; - --b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + addPixelsNeg(refLine[b1i] - 2, blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + if (b1i > 0) { + --b1i; + } else { + ++b1i; } - } - break; - case twoDimVertR3: - if (refLine[b1] + 3 < columns) { - a0New = codingLine[++a0] = refLine[b1] + 3; - ++b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; } - } else { - a0New = codingLine[++a0] = columns; } break; - case twoDimVertL3: - if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) { - a0New = codingLine[++a0] = refLine[b1] - 3; - --b1; - while (refLine[b1] <= a0New && refLine[b1] < columns) { - b1 += 2; + case twoDimVertL1: + addPixelsNeg(refLine[b1i] - 1, blackPixels); + blackPixels ^= 1; + if (codingLine[a0i] < columns) { + if (b1i > 0) { + --b1i; + } else { + ++b1i; } + while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { + b1i += 2; + } } break; case EOF: + addPixels(columns, 0); eof = gTrue; - codingLine[a0 = 0] = columns; - return EOF; + break; default: error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); + addPixels(columns, 0); err = gTrue; break; } - } while (codingLine[a0] < columns); + } // 1-D encoding } else { - codingLine[a0 = 0] = 0; - while (1) { + codingLine[0] = 0; + a0i = 0; + blackPixels = 0; + while (codingLine[a0i] < columns) { code1 = 0; - do { - code1 += code3 = getWhiteCode(); - } while (code3 >= 64); - codingLine[a0+1] = codingLine[a0] + code1; - ++a0; - if (codingLine[a0] >= columns) { - break; + if (blackPixels) { + do { + code1 += code3 = getBlackCode(); + } while (code3 >= 64); + } else { + do { + code1 += code3 = getWhiteCode(); + } while (code3 >= 64); } - code2 = 0; - do { - code2 += code3 = getBlackCode(); - } while (code3 >= 64); - codingLine[a0+1] = codingLine[a0] + code2; - ++a0; - if (codingLine[a0] >= columns) { - break; - } + addPixels(codingLine[a0i] + code1, blackPixels); + blackPixels ^= 1; } } - if (codingLine[a0] != columns) { - error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]); - // force the row to be the correct length - while (codingLine[a0] > columns) { - --a0; - } - codingLine[++a0] = columns; - err = gTrue; - } - // byte-align the row if (byteAlign) { inputBits &= ~7; @@ -1562,14 +1582,17 @@ // this if we know the stream contains end-of-line markers because // the "just plow on" technique tends to work better otherwise } else if (err && endOfLine) { - do { + while (1) { + code1 = lookBits(13); if (code1 == EOF) { eof = gTrue; return EOF; } + if ((code1 >> 1) == 0x001) { + break; + } eatBits(1); - code1 = lookBits(13); - } while ((code1 >> 1) != 0x001); + } eatBits(12); if (encoding > 0) { eatBits(1); @@ -1577,11 +1600,11 @@ } } - a0 = 0; - outputBits = codingLine[1] - codingLine[0]; - if (outputBits == 0) { - a0 = 1; - outputBits = codingLine[2] - codingLine[1]; + // set up for output + if (codingLine[0] > 0) { + outputBits = codingLine[a0i = 0]; + } else { + outputBits = codingLine[a0i = 1]; } ++row; @@ -1589,39 +1612,43 @@ // get a byte if (outputBits >= 8) { - ret = ((a0 & 1) == 0) ? 0xff : 0x00; - if ((outputBits -= 8) == 0) { - ++a0; - if (codingLine[a0] < columns) { - outputBits = codingLine[a0 + 1] - codingLine[a0]; - } + buf = (a0i & 1) ? 0x00 : 0xff; + outputBits -= 8; + if (outputBits == 0 && codingLine[a0i] < columns) { + ++a0i; + outputBits = codingLine[a0i] - codingLine[a0i - 1]; } } else { bits = 8; - ret = 0; + buf = 0; do { if (outputBits > bits) { - i = bits; - bits = 0; - if ((a0 & 1) == 0) { - ret |= 0xff >> (8 - i); + buf <<= bits; + if (!(a0i & 1)) { + buf |= 0xff >> (8 - bits); } - outputBits -= i; + outputBits -= bits; + bits = 0; } else { - i = outputBits; - bits -= outputBits; - if ((a0 & 1) == 0) { - ret |= (0xff >> (8 - i)) << bits; + buf <<= outputBits; + if (!(a0i & 1)) { + buf |= 0xff >> (8 - outputBits); } + bits -= outputBits; outputBits = 0; - ++a0; - if (codingLine[a0] < columns) { - outputBits = codingLine[a0 + 1] - codingLine[a0]; + if (codingLine[a0i] < columns) { + ++a0i; + outputBits = codingLine[a0i] - codingLine[a0i - 1]; + } else if (bits > 0) { + buf <<= bits; + bits = 0; } } - } while (bits > 0 && codingLine[a0] < columns); + } while (bits); } - buf = black ? (ret ^ 0xff) : ret; + if (black) { + buf ^= 0xff; + } return buf; } @@ -1663,6 +1690,9 @@ code = 0; // make gcc happy if (endOfBlock) { code = lookBits(12); + if (code == EOF) { + return 1; + } if ((code >> 5) == 0) { p = &whiteTab1[code]; } else { @@ -1675,6 +1705,9 @@ } else { for (n = 1; n <= 9; ++n) { code = lookBits(n); + if (code == EOF) { + return 1; + } if (n < 9) { code <<= 9 - n; } @@ -1686,6 +1719,9 @@ } for (n = 11; n <= 12; ++n) { code = lookBits(n); + if (code == EOF) { + return 1; + } if (n < 12) { code <<= 12 - n; } @@ -1711,9 +1747,12 @@ code = 0; // make gcc happy if (endOfBlock) { code = lookBits(13); + if (code == EOF) { + return 1; + } if ((code >> 7) == 0) { p = &blackTab1[code]; - } else if ((code >> 9) == 0) { + } else if ((code >> 9) == 0 && (code >> 7) != 0) { p = &blackTab2[(code >> 1) - 64]; } else { p = &blackTab3[code >> 7]; @@ -1725,6 +1764,9 @@ } else { for (n = 2; n <= 6; ++n) { code = lookBits(n); + if (code == EOF) { + return 1; + } if (n < 6) { code <<= 6 - n; } @@ -1736,6 +1778,9 @@ } for (n = 7; n <= 12; ++n) { code = lookBits(n); + if (code == EOF) { + return 1; + } if (n < 12) { code <<= 12 - n; } @@ -1749,6 +1794,9 @@ } for (n = 10; n <= 13; ++n) { code = lookBits(n); + if (code == EOF) { + return 1; + } if (n < 13) { code <<= 13 - n; } @@ -1963,6 +2011,12 @@ // allocate a buffer for the whole image bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; + if (bufWidth <= 0 || bufHeight <= 0 || + bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { + error(getPos(), "Invalid image size in DCT stream"); + y = height; + return; + } for (i = 0; i < numComps; ++i) { frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int)); memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); @@ -3038,6 +3092,11 @@ } scanInfo.firstCoeff = str->getChar(); scanInfo.lastCoeff = str->getChar(); + if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || + scanInfo.firstCoeff > scanInfo.lastCoeff) { + error(getPos(), "Bad DCT coefficient numbers in scan info block"); + return gFalse; + } c = str->getChar(); scanInfo.ah = (c >> 4) & 0x0f; scanInfo.al = c & 0x0f; --- misc/xpdf-3.02/xpdf/Stream.h Tue Feb 27 23:05:52 2007 +++ misc/build/xpdf-3.02/xpdf/Stream.h Mon Apr 21 15:42:50 2008 @@ -528,13 +528,15 @@ int row; // current row int inputBuf; // input buffer int inputBits; // number of bits in input buffer - short *refLine; // reference line changing elements - int b1; // index into refLine - short *codingLine; // coding line changing elements - int a0; // index into codingLine + int *codingLine; // coding line changing elements + int *refLine; // reference line changing elements + int a0i; // index into codingLine + GBool err; // error on current line int outputBits; // remaining ouput bits int buf; // character buffer + void addPixels(int a1, int black); + void addPixelsNeg(int a1, int black); short getTwoDimCode(); short getWhiteCode(); short getBlackCode();