Return to patch-ao CVS log | Up to [cvs.NetBSD.org] / pkgsrc / print / xpdf / patches |
File: [cvs.NetBSD.org] / pkgsrc / print / xpdf / patches / Attic / patch-ao (download)
Revision 1.4, Wed Mar 29 17:20:09 2006 UTC (18 years ago) by joerg
Update xpdf to 3.01 patch level 2. The patch level addresses a number of vulnerabilities reported and adds at least some constraint checks not done before. |
$NetBSD: patch-ao,v 1.4 2006/03/29 17:20:09 joerg Exp $ --- xpdf/JBIG2Stream.cc.orig 2005-08-17 06:34:31.000000000 +0100 +++ xpdf/JBIG2Stream.cc 2006-01-22 22:48:31.000000000 +0000 @@ -2305,6 +2318,15 @@ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); return; } + if (gridH == 0 || gridW >= INT_MAX / gridH) { + error(getPos(), "Bad size in JBIG2 halftone segment"); + return; + } + if (w == 0 || h >= INT_MAX / w) { + error(getPos(), "Bad size in JBIG2 bitmap segment"); + return; + } + patternDict = (JBIG2PatternDict *)seg; bpp = 0; i = 1; @@ -2936,6 +2958,9 @@ JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2; int x, y, pix; + if (w < 0 || h <= 0 || w >= INT_MAX / h) + return NULL; + bitmap = new JBIG2Bitmap(0, w, h); bitmap->clearToZero();