diff --git a/editors/calligra/Makefile b/editors/calligra/Makefile index a39b6adf5e0d..32351cfe58f7 100644 --- a/editors/calligra/Makefile +++ b/editors/calligra/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} @@ -37,6 +38,7 @@ USE_GMAKE= yes USE_ICONV= yes USE_PYTHON= yes GNU_CONFIGURE= yes +_NO_KDE_CLOSURE= yes INSTALLS_SHLIB= yes LDCONFIG_DIRS+= %%PREFIX%%/lib %%PREFIX%%/lib/kde3 diff --git a/editors/calligra/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc b/editors/calligra/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc new file mode 100644 index 000000000000..1e54fc9cb30e --- /dev/null +++ b/editors/calligra/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc @@ -0,0 +1,27 @@ +--- filters/kword/pdf/xpdf/xpdf/Catalog.cc.orig 2004-10-18 16:26:39.388666476 +0200 ++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc 2004-10-18 16:27:28.004749073 +0200 +@@ -62,6 +62,12 @@ + } + pagesSize = numPages0 = obj.getInt(); + obj.free(); ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize'"); ++ ok = gFalse; ++ return; ++ } + pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); + pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); + for (i = 0; i < pagesSize; ++i) { +@@ -186,6 +192,11 @@ + } + if (start >= pagesSize) { + pagesSize += 32; ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize' parameter."); ++ goto err3; ++ } + pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); + pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); + for (j = pagesSize - 32; j < pagesSize; ++j) { diff --git a/editors/calligra/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc b/editors/calligra/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc new file mode 100644 index 000000000000..935e7b56c6e6 --- /dev/null +++ b/editors/calligra/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc @@ -0,0 +1,49 @@ +--- filters/kword/pdf/xpdf/xpdf/XRef.cc.orig 2004-09-17 23:54:38.000000000 -0700 ++++ filters/kword/pdf/xpdf/xpdf/XRef.cc 2004-09-25 17:59:36.000000000 -0700 +@@ -76,6 +76,12 @@ + + // trailer is ok - read the xref table + } else { ++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ error(-1, "Invalid 'size' inside xref table."); ++ ok = gFalse; ++ errCode = errDamaged; ++ return; ++ } + entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); + for (i = 0; i < size; ++i) { + entries[i].offset = 0xffffffff; +@@ -267,6 +273,10 @@ + // table size + if (first + n > size) { + newSize = size + 256; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'newSize'"); ++ goto err2; ++ } + entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; +@@ -410,6 +420,10 @@ + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'obj' parameters."); ++ return gFalse; ++ } + entries = (XRefEntry *) + grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { +@@ -431,6 +445,11 @@ + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; ++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ error(-1, "Invalid 'endstream' parameter."); ++ return gFalse; ++ } ++ + streamEnds = (Guint *)grealloc(streamEnds, + streamEndsSize * sizeof(int)); + } diff --git a/editors/koffice-kde3/Makefile b/editors/koffice-kde3/Makefile index a39b6adf5e0d..32351cfe58f7 100644 --- a/editors/koffice-kde3/Makefile +++ b/editors/koffice-kde3/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} @@ -37,6 +38,7 @@ USE_GMAKE= yes USE_ICONV= yes USE_PYTHON= yes GNU_CONFIGURE= yes +_NO_KDE_CLOSURE= yes INSTALLS_SHLIB= yes LDCONFIG_DIRS+= %%PREFIX%%/lib %%PREFIX%%/lib/kde3 diff --git a/editors/koffice-kde3/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc b/editors/koffice-kde3/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc new file mode 100644 index 000000000000..1e54fc9cb30e --- /dev/null +++ b/editors/koffice-kde3/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc @@ -0,0 +1,27 @@ +--- filters/kword/pdf/xpdf/xpdf/Catalog.cc.orig 2004-10-18 16:26:39.388666476 +0200 ++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc 2004-10-18 16:27:28.004749073 +0200 +@@ -62,6 +62,12 @@ + } + pagesSize = numPages0 = obj.getInt(); + obj.free(); ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize'"); ++ ok = gFalse; ++ return; ++ } + pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); + pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); + for (i = 0; i < pagesSize; ++i) { +@@ -186,6 +192,11 @@ + } + if (start >= pagesSize) { + pagesSize += 32; ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize' parameter."); ++ goto err3; ++ } + pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); + pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); + for (j = pagesSize - 32; j < pagesSize; ++j) { diff --git a/editors/koffice-kde3/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc b/editors/koffice-kde3/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc new file mode 100644 index 000000000000..935e7b56c6e6 --- /dev/null +++ b/editors/koffice-kde3/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc @@ -0,0 +1,49 @@ +--- filters/kword/pdf/xpdf/xpdf/XRef.cc.orig 2004-09-17 23:54:38.000000000 -0700 ++++ filters/kword/pdf/xpdf/xpdf/XRef.cc 2004-09-25 17:59:36.000000000 -0700 +@@ -76,6 +76,12 @@ + + // trailer is ok - read the xref table + } else { ++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ error(-1, "Invalid 'size' inside xref table."); ++ ok = gFalse; ++ errCode = errDamaged; ++ return; ++ } + entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); + for (i = 0; i < size; ++i) { + entries[i].offset = 0xffffffff; +@@ -267,6 +273,10 @@ + // table size + if (first + n > size) { + newSize = size + 256; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'newSize'"); ++ goto err2; ++ } + entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; +@@ -410,6 +420,10 @@ + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'obj' parameters."); ++ return gFalse; ++ } + entries = (XRefEntry *) + grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { +@@ -431,6 +445,11 @@ + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; ++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ error(-1, "Invalid 'endstream' parameter."); ++ return gFalse; ++ } ++ + streamEnds = (Guint *)grealloc(streamEnds, + streamEndsSize * sizeof(int)); + } diff --git a/editors/koffice-kde4/Makefile b/editors/koffice-kde4/Makefile index a39b6adf5e0d..32351cfe58f7 100644 --- a/editors/koffice-kde4/Makefile +++ b/editors/koffice-kde4/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} @@ -37,6 +38,7 @@ USE_GMAKE= yes USE_ICONV= yes USE_PYTHON= yes GNU_CONFIGURE= yes +_NO_KDE_CLOSURE= yes INSTALLS_SHLIB= yes LDCONFIG_DIRS+= %%PREFIX%%/lib %%PREFIX%%/lib/kde3 diff --git a/editors/koffice-kde4/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc b/editors/koffice-kde4/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc new file mode 100644 index 000000000000..1e54fc9cb30e --- /dev/null +++ b/editors/koffice-kde4/files/patch-filters_kword_pdf_xpdf_xpdf_Catalog.cc @@ -0,0 +1,27 @@ +--- filters/kword/pdf/xpdf/xpdf/Catalog.cc.orig 2004-10-18 16:26:39.388666476 +0200 ++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc 2004-10-18 16:27:28.004749073 +0200 +@@ -62,6 +62,12 @@ + } + pagesSize = numPages0 = obj.getInt(); + obj.free(); ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize'"); ++ ok = gFalse; ++ return; ++ } + pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); + pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); + for (i = 0; i < pagesSize; ++i) { +@@ -186,6 +192,11 @@ + } + if (start >= pagesSize) { + pagesSize += 32; ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize' parameter."); ++ goto err3; ++ } + pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); + pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); + for (j = pagesSize - 32; j < pagesSize; ++j) { diff --git a/editors/koffice-kde4/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc b/editors/koffice-kde4/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc new file mode 100644 index 000000000000..935e7b56c6e6 --- /dev/null +++ b/editors/koffice-kde4/files/patch-filters_kword_pdf_xpdf_xpdf_XRef.cc @@ -0,0 +1,49 @@ +--- filters/kword/pdf/xpdf/xpdf/XRef.cc.orig 2004-09-17 23:54:38.000000000 -0700 ++++ filters/kword/pdf/xpdf/xpdf/XRef.cc 2004-09-25 17:59:36.000000000 -0700 +@@ -76,6 +76,12 @@ + + // trailer is ok - read the xref table + } else { ++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ error(-1, "Invalid 'size' inside xref table."); ++ ok = gFalse; ++ errCode = errDamaged; ++ return; ++ } + entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); + for (i = 0; i < size; ++i) { + entries[i].offset = 0xffffffff; +@@ -267,6 +273,10 @@ + // table size + if (first + n > size) { + newSize = size + 256; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'newSize'"); ++ goto err2; ++ } + entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; +@@ -410,6 +420,10 @@ + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'obj' parameters."); ++ return gFalse; ++ } + entries = (XRefEntry *) + grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { +@@ -431,6 +445,11 @@ + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; ++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ error(-1, "Invalid 'endstream' parameter."); ++ return gFalse; ++ } ++ + streamEnds = (Guint *)grealloc(streamEnds, + streamEndsSize * sizeof(int)); + } diff --git a/graphics/kdegraphics3/Makefile b/graphics/kdegraphics3/Makefile index 2154d034a115..3ede10ca190d 100644 --- a/graphics/kdegraphics3/Makefile +++ b/graphics/kdegraphics3/Makefile @@ -8,6 +8,7 @@ PORTNAME= kdegraphics PORTVERSION= ${KDE_VERSION} +PORTREVISION= 1 CATEGORIES= graphics kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/graphics/kdegraphics3/files/patch-kpdf_xpdf_Catalog.cc b/graphics/kdegraphics3/files/patch-kpdf_xpdf_Catalog.cc new file mode 100644 index 000000000000..919d49085539 --- /dev/null +++ b/graphics/kdegraphics3/files/patch-kpdf_xpdf_Catalog.cc @@ -0,0 +1,35 @@ +--- kpdf/xpdf/Catalog.cc 20 Aug 2003 21:25:12 -0000 1.3 ++++ kpdf/xpdf/Catalog.cc 18 Oct 2004 20:12:09 -0000 +@@ -61,10 +61,16 @@ Catalog::Catalog(XRef *xrefA) { + obj.getTypeName()); + goto err3; + } + pagesSize = numPages0 = obj.getInt(); + obj.free(); ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize'"); ++ ok = gFalse; ++ return; ++ } + pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); + pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); + for (i = 0; i < pagesSize; ++i) { + pages[i] = NULL; + pageRefs[i].num = -1; +@@ -188,10 +194,15 @@ int Catalog::readPageTree(Dict *pagesDic + ++start; + goto err3; + } + if (start >= pagesSize) { + pagesSize += 32; ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize' parameter."); ++ goto err3; ++ } + pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); + pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); + for (j = pagesSize - 32; j < pagesSize; ++j) { + pages[j] = NULL; + pageRefs[j].num = -1; \ No newline at end of file diff --git a/graphics/kdegraphics3/files/patch-kpdf_xpdf_XRef.cc b/graphics/kdegraphics3/files/patch-kpdf_xpdf_XRef.cc new file mode 100644 index 000000000000..696b795b3b6d --- /dev/null +++ b/graphics/kdegraphics3/files/patch-kpdf_xpdf_XRef.cc @@ -0,0 +1,65 @@ +--- kpdf/xpdf/XRef.cc 20 Aug 2003 21:25:12 -0000 1.3 ++++ kpdf/xpdf/XRef.cc 18 Oct 2004 20:12:09 -0000 +@@ -74,10 +74,16 @@ XRef::XRef(BaseStream *strA, GString *ow + return; + } + + // trailer is ok - read the xref table + } else { ++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ error(-1, "Invalid 'size' inside xref table."); ++ ok = gFalse; ++ errCode = errDamaged; ++ return; ++ } + entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); + for (i = 0; i < size; ++i) { + entries[i].offset = 0xffffffff; + entries[i].used = gFalse; + } +@@ -265,10 +271,14 @@ GBool XRef::readXRef(Guint *pos) { + } + // check for buggy PDF files with an incorrect (too small) xref + // table size + if (first + n > size) { + newSize = size + 256; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'newSize'"); ++ goto err2; ++ } + entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; + entries[i].used = gFalse; + } +@@ -413,10 +423,14 @@ GBool XRef::constructXRef() { + ++p; + } while (*p && isspace(*p)); + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'obj' parameters."); ++ return gFalse; ++ } + entries = (XRefEntry *) + grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; + entries[i].used = gFalse; +@@ -434,10 +448,15 @@ GBool XRef::constructXRef() { + } + + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; ++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ error(-1, "Invalid 'endstream' parameter."); ++ return gFalse; ++ } ++ + streamEnds = (Guint *)grealloc(streamEnds, + streamEndsSize * sizeof(int)); + } + streamEnds[streamEndsLen++] = pos; + } diff --git a/graphics/kdegraphics4/Makefile b/graphics/kdegraphics4/Makefile index 2154d034a115..3ede10ca190d 100644 --- a/graphics/kdegraphics4/Makefile +++ b/graphics/kdegraphics4/Makefile @@ -8,6 +8,7 @@ PORTNAME= kdegraphics PORTVERSION= ${KDE_VERSION} +PORTREVISION= 1 CATEGORIES= graphics kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/graphics/kdegraphics4/files/patch-kpdf_xpdf_Catalog.cc b/graphics/kdegraphics4/files/patch-kpdf_xpdf_Catalog.cc new file mode 100644 index 000000000000..919d49085539 --- /dev/null +++ b/graphics/kdegraphics4/files/patch-kpdf_xpdf_Catalog.cc @@ -0,0 +1,35 @@ +--- kpdf/xpdf/Catalog.cc 20 Aug 2003 21:25:12 -0000 1.3 ++++ kpdf/xpdf/Catalog.cc 18 Oct 2004 20:12:09 -0000 +@@ -61,10 +61,16 @@ Catalog::Catalog(XRef *xrefA) { + obj.getTypeName()); + goto err3; + } + pagesSize = numPages0 = obj.getInt(); + obj.free(); ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize'"); ++ ok = gFalse; ++ return; ++ } + pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); + pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); + for (i = 0; i < pagesSize; ++i) { + pages[i] = NULL; + pageRefs[i].num = -1; +@@ -188,10 +194,15 @@ int Catalog::readPageTree(Dict *pagesDic + ++start; + goto err3; + } + if (start >= pagesSize) { + pagesSize += 32; ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize' parameter."); ++ goto err3; ++ } + pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); + pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); + for (j = pagesSize - 32; j < pagesSize; ++j) { + pages[j] = NULL; + pageRefs[j].num = -1; \ No newline at end of file diff --git a/graphics/kdegraphics4/files/patch-kpdf_xpdf_XRef.cc b/graphics/kdegraphics4/files/patch-kpdf_xpdf_XRef.cc new file mode 100644 index 000000000000..696b795b3b6d --- /dev/null +++ b/graphics/kdegraphics4/files/patch-kpdf_xpdf_XRef.cc @@ -0,0 +1,65 @@ +--- kpdf/xpdf/XRef.cc 20 Aug 2003 21:25:12 -0000 1.3 ++++ kpdf/xpdf/XRef.cc 18 Oct 2004 20:12:09 -0000 +@@ -74,10 +74,16 @@ XRef::XRef(BaseStream *strA, GString *ow + return; + } + + // trailer is ok - read the xref table + } else { ++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ error(-1, "Invalid 'size' inside xref table."); ++ ok = gFalse; ++ errCode = errDamaged; ++ return; ++ } + entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); + for (i = 0; i < size; ++i) { + entries[i].offset = 0xffffffff; + entries[i].used = gFalse; + } +@@ -265,10 +271,14 @@ GBool XRef::readXRef(Guint *pos) { + } + // check for buggy PDF files with an incorrect (too small) xref + // table size + if (first + n > size) { + newSize = size + 256; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'newSize'"); ++ goto err2; ++ } + entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; + entries[i].used = gFalse; + } +@@ -413,10 +423,14 @@ GBool XRef::constructXRef() { + ++p; + } while (*p && isspace(*p)); + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'obj' parameters."); ++ return gFalse; ++ } + entries = (XRefEntry *) + grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; + entries[i].used = gFalse; +@@ -434,10 +448,15 @@ GBool XRef::constructXRef() { + } + + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; ++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ error(-1, "Invalid 'endstream' parameter."); ++ return gFalse; ++ } ++ + streamEnds = (Guint *)grealloc(streamEnds, + streamEndsSize * sizeof(int)); + } + streamEnds[streamEndsLen++] = pos; + }