diff options
author | lofi <lofi@FreeBSD.org> | 2007-11-09 01:17:45 +0800 |
---|---|---|
committer | lofi <lofi@FreeBSD.org> | 2007-11-09 01:17:45 +0800 |
commit | 531d80d4023ecb134dc6348f171edc63f509a9ce (patch) | |
tree | d19180e7fa300c19d397fc87af12c4f05da85cc5 | |
parent | 039654d24210b3b41d4b0481845d61c476e375c1 (diff) | |
download | freebsd-ports-gnome-531d80d4023ecb134dc6348f171edc63f509a9ce.tar.gz freebsd-ports-gnome-531d80d4023ecb134dc6348f171edc63f509a9ce.tar.zst freebsd-ports-gnome-531d80d4023ecb134dc6348f171edc63f509a9ce.zip |
Fix multiple vulnerabilities from imported xpdf code in KOffice and
kdegraphics
Approved by: portmgr (mcl)
-rw-r--r-- | editors/calligra/Makefile | 2 | ||||
-rw-r--r-- | editors/calligra/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff | 669 | ||||
-rw-r--r-- | editors/koffice-kde3/Makefile | 2 | ||||
-rw-r--r-- | editors/koffice-kde3/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff | 669 | ||||
-rw-r--r-- | editors/koffice-kde4/Makefile | 2 | ||||
-rw-r--r-- | editors/koffice-kde4/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff | 669 | ||||
-rw-r--r-- | graphics/kdegraphics3/Makefile | 2 | ||||
-rw-r--r-- | graphics/kdegraphics3/files/patch-post-3.5.8-kdegraphics-kpdf.diff | 643 | ||||
-rw-r--r-- | graphics/kdegraphics4/Makefile | 2 | ||||
-rw-r--r-- | graphics/kdegraphics4/files/patch-post-3.5.8-kdegraphics-kpdf.diff | 643 |
10 files changed, 3298 insertions, 5 deletions
diff --git a/editors/calligra/Makefile b/editors/calligra/Makefile index ec599242a4d1..4851acac05c4 100644 --- a/editors/calligra/Makefile +++ b/editors/calligra/Makefile @@ -7,7 +7,7 @@ PORTNAME= koffice PORTVERSION= 1.6.3 -PORTREVISION= 2 +PORTREVISION= 3 PORTEPOCH= 2 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/calligra/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff b/editors/calligra/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff new file mode 100644 index 000000000000..dabcf23d44aa --- /dev/null +++ b/editors/calligra/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff @@ -0,0 +1,669 @@ +--- filters/kword/pdf/xpdf/xpdf/Stream.cc ++++ filters/kword/pdf/xpdf/xpdf/Stream.cc +@@ -1239,6 +1239,7 @@ + // CCITTFaxStream + //------------------------------------------------------------------------ + ++#if 0 + CCITTFaxStream::CCITTFaxStream(Stream *strA, int encodingA, GBool endOfLineA, + GBool byteAlignA, int columnsA, int rowsA, + GBool endOfBlockA, GBool blackA): +@@ -1748,6 +1749,609 @@ + } + return (inputBuf >> (inputBits - n)) & (0xffff >> (16 - n)); + } ++#else // secfix ++CCITTFaxStream::CCITTFaxStream(Stream *strA, int encodingA, GBool endOfLineA, ++ GBool byteAlignA, int columnsA, int rowsA, ++ GBool endOfBlockA, GBool blackA): ++ FilterStream(strA) { ++ encoding = encodingA; ++ endOfLine = endOfLineA; ++ byteAlign = byteAlignA; ++ columns = columnsA; ++ if (columns < 1) { ++ columns = 1; ++ } else if (columns > (INT_MAX - 2)/sizeof(int)) { ++ columns = (INT_MAX - 2)/sizeof(int); ++ } ++ rows = rowsA; ++ endOfBlock = endOfBlockA; ++ black = blackA; ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ codingLine = (int *)gmalloc((columns + 1) * sizeof(int)); ++ refLine = (int *)gmalloc((columns + 2) * sizeof(int)); ++ ++ eof = gFalse; ++ row = 0; ++ nextLine2D = encoding < 0; ++ inputBits = 0; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; ++ ++ buf = EOF; ++} ++ ++CCITTFaxStream::~CCITTFaxStream() { ++ delete str; ++ gfree(refLine); ++ gfree(codingLine); ++} ++ ++void CCITTFaxStream::reset() { ++ short code1; ++ ++ str->reset(); ++ eof = gFalse; ++ row = 0; ++ nextLine2D = encoding < 0; ++ inputBits = 0; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; ++ buf = EOF; ++ ++ // skip any initial zero bits and end-of-line marker, and get the 2D ++ // encoding tag ++ while ((code1 = lookBits(12)) == 0) { ++ eatBits(1); ++ } ++ if (code1 == 0x001) { ++ eatBits(12); ++ } ++ if (encoding > 0) { ++ nextLine2D = !lookBits(1); ++ eatBits(1); ++ } ++} ++ ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++int CCITTFaxStream::lookChar() { ++ short code1, code2, code3; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; ++ ++ if (buf != EOF) { ++ return buf; ++ } ++ ++ // read the next row ++ if (outputBits == 0) { ++ ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; ++ ++ // 2-D encoding ++ if (nextLine2D) { ++ for (i = 0; codingLine[i] < columns; ++i) { ++ refLine[i] = codingLine[i]; ++ } ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { ++ code1 = getTwoDimCode(); ++ switch (code1) { ++ case twoDimPass: ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimHoriz: ++ code1 = code2 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR1: ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL2: ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case EOF: ++ addPixels(columns, 0); ++ eof = gTrue; ++ break; ++ default: ++ error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); ++ err = gTrue; ++ break; ++ } ++ } ++ ++ // 1-D encoding ++ } else { ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { ++ code1 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; ++ } ++ } ++ ++ // byte-align the row ++ if (byteAlign) { ++ inputBits &= ~7; ++ } ++ ++ // check for end-of-line marker, skipping over any extra zero bits ++ gotEOL = gFalse; ++ if (!endOfBlock && row == rows - 1) { ++ eof = gTrue; ++ } else { ++ code1 = lookBits(12); ++ while (code1 == 0) { ++ eatBits(1); ++ code1 = lookBits(12); ++ } ++ if (code1 == 0x001) { ++ eatBits(12); ++ gotEOL = gTrue; ++ } else if (code1 == EOF) { ++ eof = gTrue; ++ } ++ } ++ ++ // get 2D encoding tag ++ if (!eof && encoding > 0) { ++ nextLine2D = !lookBits(1); ++ eatBits(1); ++ } ++ ++ // check for end-of-block marker ++ if (endOfBlock && gotEOL) { ++ code1 = lookBits(12); ++ if (code1 == 0x001) { ++ eatBits(12); ++ if (encoding > 0) { ++ lookBits(1); ++ eatBits(1); ++ } ++ if (encoding >= 0) { ++ for (i = 0; i < 4; ++i) { ++ code1 = lookBits(12); ++ if (code1 != 0x001) { ++ error(getPos(), "Bad RTC code in CCITTFax stream"); ++ } ++ eatBits(12); ++ if (encoding > 0) { ++ lookBits(1); ++ eatBits(1); ++ } ++ } ++ } ++ eof = gTrue; ++ } ++ ++ // look for an end-of-line marker after an error -- we only do ++ // this if we know the stream contains end-of-line markers because ++ // the "just plow on" technique tends to work better otherwise ++ } else if (err && endOfLine) { ++ while (1) { ++ code1 = lookBits(13); ++ if (code1 == EOF) { ++ eof = gTrue; ++ return EOF; ++ } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } ++ eatBits(1); ++ } ++ eatBits(12); ++ if (encoding > 0) { ++ eatBits(1); ++ nextLine2D = !(code1 & 1); ++ } ++ } ++ ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; ++ } ++ ++ ++row; ++ } ++ ++ // get a byte ++ if (outputBits >= 8) { ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } ++ } else { ++ bits = 8; ++ buf = 0; ++ do { ++ if (outputBits > bits) { ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); ++ } ++ outputBits -= bits; ++ bits = 0; ++ } else { ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); ++ } ++ bits -= outputBits; ++ outputBits = 0; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; ++ } ++ } ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; ++ } ++ return buf; ++} ++ ++short CCITTFaxStream::getTwoDimCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(7); ++ p = &twoDimTab1[code]; ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 1; n <= 7; ++n) { ++ code = lookBits(n); ++ if (n < 7) { ++ code <<= 7 - n; ++ } ++ p = &twoDimTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad two dim code (%04x) in CCITTFax stream", code); ++ return EOF; ++} ++ ++short CCITTFaxStream::getWhiteCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } ++ if ((code >> 5) == 0) { ++ p = &whiteTab1[code]; ++ } else { ++ p = &whiteTab2[code >> 3]; ++ } ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 1; n <= 9; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 9) { ++ code <<= 9 - n; ++ } ++ p = &whiteTab2[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ for (n = 11; n <= 12; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 12) { ++ code <<= 12 - n; ++ } ++ p = &whiteTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad white code (%04x) in CCITTFax stream", code); ++ // eat a bit and return a positive number so that the caller doesn't ++ // go into an infinite loop ++ eatBits(1); ++ return 1; ++} ++ ++short CCITTFaxStream::getBlackCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } ++ if ((code >> 7) == 0) { ++ p = &blackTab1[code]; ++ } else if ((code >> 9) == 0 && (code >> 7) != 0) { ++ p = &blackTab2[(code >> 1) - 64]; ++ } else { ++ p = &blackTab3[code >> 7]; ++ } ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 2; n <= 6; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 6) { ++ code <<= 6 - n; ++ } ++ p = &blackTab3[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ for (n = 7; n <= 12; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 12) { ++ code <<= 12 - n; ++ } ++ if (code >= 64) { ++ p = &blackTab2[code - 64]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ for (n = 10; n <= 13; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 13) { ++ code <<= 13 - n; ++ } ++ p = &blackTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad black code (%04x) in CCITTFax stream", code); ++ // eat a bit and return a positive number so that the caller doesn't ++ // go into an infinite loop ++ eatBits(1); ++ return 1; ++} ++ ++short CCITTFaxStream::lookBits(int n) { ++ int c; ++ ++ while (inputBits < n) { ++ if ((c = str->getChar()) == EOF) { ++ if (inputBits == 0) { ++ return EOF; ++ } ++ // near the end of the stream, the caller may ask for more bits ++ // than are available, but there may still be a valid code in ++ // however many bits are available -- we need to return correct ++ // data in this case ++ return (inputBuf << (n - inputBits)) & (0xffff >> (16 - n)); ++ } ++ inputBuf = (inputBuf << 8) + c; ++ inputBits += 8; ++ } ++ return (inputBuf >> (inputBits - n)) & (0xffff >> (16 - n)); ++} ++ ++#endif + + GString *CCITTFaxStream::getPSFilter(const char *indent) { + GString *s; +@@ -1929,6 +2533,12 @@ + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmalloc(bufWidth * bufHeight * sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); +@@ -2975,6 +3585,11 @@ + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; +--- filters/kword/pdf/xpdf/xpdf/Stream.h ++++ filters/kword/pdf/xpdf/xpdf/Stream.h +@@ -513,13 +513,17 @@ + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line ++ + int outputBits; // remaining output bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); ++ + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); diff --git a/editors/koffice-kde3/Makefile b/editors/koffice-kde3/Makefile index ec599242a4d1..4851acac05c4 100644 --- a/editors/koffice-kde3/Makefile +++ b/editors/koffice-kde3/Makefile @@ -7,7 +7,7 @@ PORTNAME= koffice PORTVERSION= 1.6.3 -PORTREVISION= 2 +PORTREVISION= 3 PORTEPOCH= 2 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/koffice-kde3/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff b/editors/koffice-kde3/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff new file mode 100644 index 000000000000..dabcf23d44aa --- /dev/null +++ b/editors/koffice-kde3/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff @@ -0,0 +1,669 @@ +--- filters/kword/pdf/xpdf/xpdf/Stream.cc ++++ filters/kword/pdf/xpdf/xpdf/Stream.cc +@@ -1239,6 +1239,7 @@ + // CCITTFaxStream + //------------------------------------------------------------------------ + ++#if 0 + CCITTFaxStream::CCITTFaxStream(Stream *strA, int encodingA, GBool endOfLineA, + GBool byteAlignA, int columnsA, int rowsA, + GBool endOfBlockA, GBool blackA): +@@ -1748,6 +1749,609 @@ + } + return (inputBuf >> (inputBits - n)) & (0xffff >> (16 - n)); + } ++#else // secfix ++CCITTFaxStream::CCITTFaxStream(Stream *strA, int encodingA, GBool endOfLineA, ++ GBool byteAlignA, int columnsA, int rowsA, ++ GBool endOfBlockA, GBool blackA): ++ FilterStream(strA) { ++ encoding = encodingA; ++ endOfLine = endOfLineA; ++ byteAlign = byteAlignA; ++ columns = columnsA; ++ if (columns < 1) { ++ columns = 1; ++ } else if (columns > (INT_MAX - 2)/sizeof(int)) { ++ columns = (INT_MAX - 2)/sizeof(int); ++ } ++ rows = rowsA; ++ endOfBlock = endOfBlockA; ++ black = blackA; ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ codingLine = (int *)gmalloc((columns + 1) * sizeof(int)); ++ refLine = (int *)gmalloc((columns + 2) * sizeof(int)); ++ ++ eof = gFalse; ++ row = 0; ++ nextLine2D = encoding < 0; ++ inputBits = 0; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; ++ ++ buf = EOF; ++} ++ ++CCITTFaxStream::~CCITTFaxStream() { ++ delete str; ++ gfree(refLine); ++ gfree(codingLine); ++} ++ ++void CCITTFaxStream::reset() { ++ short code1; ++ ++ str->reset(); ++ eof = gFalse; ++ row = 0; ++ nextLine2D = encoding < 0; ++ inputBits = 0; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; ++ buf = EOF; ++ ++ // skip any initial zero bits and end-of-line marker, and get the 2D ++ // encoding tag ++ while ((code1 = lookBits(12)) == 0) { ++ eatBits(1); ++ } ++ if (code1 == 0x001) { ++ eatBits(12); ++ } ++ if (encoding > 0) { ++ nextLine2D = !lookBits(1); ++ eatBits(1); ++ } ++} ++ ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++int CCITTFaxStream::lookChar() { ++ short code1, code2, code3; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; ++ ++ if (buf != EOF) { ++ return buf; ++ } ++ ++ // read the next row ++ if (outputBits == 0) { ++ ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; ++ ++ // 2-D encoding ++ if (nextLine2D) { ++ for (i = 0; codingLine[i] < columns; ++i) { ++ refLine[i] = codingLine[i]; ++ } ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { ++ code1 = getTwoDimCode(); ++ switch (code1) { ++ case twoDimPass: ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimHoriz: ++ code1 = code2 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR1: ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL2: ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case EOF: ++ addPixels(columns, 0); ++ eof = gTrue; ++ break; ++ default: ++ error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); ++ err = gTrue; ++ break; ++ } ++ } ++ ++ // 1-D encoding ++ } else { ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { ++ code1 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; ++ } ++ } ++ ++ // byte-align the row ++ if (byteAlign) { ++ inputBits &= ~7; ++ } ++ ++ // check for end-of-line marker, skipping over any extra zero bits ++ gotEOL = gFalse; ++ if (!endOfBlock && row == rows - 1) { ++ eof = gTrue; ++ } else { ++ code1 = lookBits(12); ++ while (code1 == 0) { ++ eatBits(1); ++ code1 = lookBits(12); ++ } ++ if (code1 == 0x001) { ++ eatBits(12); ++ gotEOL = gTrue; ++ } else if (code1 == EOF) { ++ eof = gTrue; ++ } ++ } ++ ++ // get 2D encoding tag ++ if (!eof && encoding > 0) { ++ nextLine2D = !lookBits(1); ++ eatBits(1); ++ } ++ ++ // check for end-of-block marker ++ if (endOfBlock && gotEOL) { ++ code1 = lookBits(12); ++ if (code1 == 0x001) { ++ eatBits(12); ++ if (encoding > 0) { ++ lookBits(1); ++ eatBits(1); ++ } ++ if (encoding >= 0) { ++ for (i = 0; i < 4; ++i) { ++ code1 = lookBits(12); ++ if (code1 != 0x001) { ++ error(getPos(), "Bad RTC code in CCITTFax stream"); ++ } ++ eatBits(12); ++ if (encoding > 0) { ++ lookBits(1); ++ eatBits(1); ++ } ++ } ++ } ++ eof = gTrue; ++ } ++ ++ // look for an end-of-line marker after an error -- we only do ++ // this if we know the stream contains end-of-line markers because ++ // the "just plow on" technique tends to work better otherwise ++ } else if (err && endOfLine) { ++ while (1) { ++ code1 = lookBits(13); ++ if (code1 == EOF) { ++ eof = gTrue; ++ return EOF; ++ } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } ++ eatBits(1); ++ } ++ eatBits(12); ++ if (encoding > 0) { ++ eatBits(1); ++ nextLine2D = !(code1 & 1); ++ } ++ } ++ ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; ++ } ++ ++ ++row; ++ } ++ ++ // get a byte ++ if (outputBits >= 8) { ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } ++ } else { ++ bits = 8; ++ buf = 0; ++ do { ++ if (outputBits > bits) { ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); ++ } ++ outputBits -= bits; ++ bits = 0; ++ } else { ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); ++ } ++ bits -= outputBits; ++ outputBits = 0; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; ++ } ++ } ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; ++ } ++ return buf; ++} ++ ++short CCITTFaxStream::getTwoDimCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(7); ++ p = &twoDimTab1[code]; ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 1; n <= 7; ++n) { ++ code = lookBits(n); ++ if (n < 7) { ++ code <<= 7 - n; ++ } ++ p = &twoDimTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad two dim code (%04x) in CCITTFax stream", code); ++ return EOF; ++} ++ ++short CCITTFaxStream::getWhiteCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } ++ if ((code >> 5) == 0) { ++ p = &whiteTab1[code]; ++ } else { ++ p = &whiteTab2[code >> 3]; ++ } ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 1; n <= 9; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 9) { ++ code <<= 9 - n; ++ } ++ p = &whiteTab2[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ for (n = 11; n <= 12; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 12) { ++ code <<= 12 - n; ++ } ++ p = &whiteTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad white code (%04x) in CCITTFax stream", code); ++ // eat a bit and return a positive number so that the caller doesn't ++ // go into an infinite loop ++ eatBits(1); ++ return 1; ++} ++ ++short CCITTFaxStream::getBlackCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } ++ if ((code >> 7) == 0) { ++ p = &blackTab1[code]; ++ } else if ((code >> 9) == 0 && (code >> 7) != 0) { ++ p = &blackTab2[(code >> 1) - 64]; ++ } else { ++ p = &blackTab3[code >> 7]; ++ } ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 2; n <= 6; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 6) { ++ code <<= 6 - n; ++ } ++ p = &blackTab3[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ for (n = 7; n <= 12; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 12) { ++ code <<= 12 - n; ++ } ++ if (code >= 64) { ++ p = &blackTab2[code - 64]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ for (n = 10; n <= 13; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 13) { ++ code <<= 13 - n; ++ } ++ p = &blackTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad black code (%04x) in CCITTFax stream", code); ++ // eat a bit and return a positive number so that the caller doesn't ++ // go into an infinite loop ++ eatBits(1); ++ return 1; ++} ++ ++short CCITTFaxStream::lookBits(int n) { ++ int c; ++ ++ while (inputBits < n) { ++ if ((c = str->getChar()) == EOF) { ++ if (inputBits == 0) { ++ return EOF; ++ } ++ // near the end of the stream, the caller may ask for more bits ++ // than are available, but there may still be a valid code in ++ // however many bits are available -- we need to return correct ++ // data in this case ++ return (inputBuf << (n - inputBits)) & (0xffff >> (16 - n)); ++ } ++ inputBuf = (inputBuf << 8) + c; ++ inputBits += 8; ++ } ++ return (inputBuf >> (inputBits - n)) & (0xffff >> (16 - n)); ++} ++ ++#endif + + GString *CCITTFaxStream::getPSFilter(const char *indent) { + GString *s; +@@ -1929,6 +2533,12 @@ + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmalloc(bufWidth * bufHeight * sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); +@@ -2975,6 +3585,11 @@ + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; +--- filters/kword/pdf/xpdf/xpdf/Stream.h ++++ filters/kword/pdf/xpdf/xpdf/Stream.h +@@ -513,13 +513,17 @@ + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line ++ + int outputBits; // remaining output bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); ++ + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); diff --git a/editors/koffice-kde4/Makefile b/editors/koffice-kde4/Makefile index ec599242a4d1..4851acac05c4 100644 --- a/editors/koffice-kde4/Makefile +++ b/editors/koffice-kde4/Makefile @@ -7,7 +7,7 @@ PORTNAME= koffice PORTVERSION= 1.6.3 -PORTREVISION= 2 +PORTREVISION= 3 PORTEPOCH= 2 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/koffice-kde4/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff b/editors/koffice-kde4/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff new file mode 100644 index 000000000000..dabcf23d44aa --- /dev/null +++ b/editors/koffice-kde4/files/patch-koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff @@ -0,0 +1,669 @@ +--- filters/kword/pdf/xpdf/xpdf/Stream.cc ++++ filters/kword/pdf/xpdf/xpdf/Stream.cc +@@ -1239,6 +1239,7 @@ + // CCITTFaxStream + //------------------------------------------------------------------------ + ++#if 0 + CCITTFaxStream::CCITTFaxStream(Stream *strA, int encodingA, GBool endOfLineA, + GBool byteAlignA, int columnsA, int rowsA, + GBool endOfBlockA, GBool blackA): +@@ -1748,6 +1749,609 @@ + } + return (inputBuf >> (inputBits - n)) & (0xffff >> (16 - n)); + } ++#else // secfix ++CCITTFaxStream::CCITTFaxStream(Stream *strA, int encodingA, GBool endOfLineA, ++ GBool byteAlignA, int columnsA, int rowsA, ++ GBool endOfBlockA, GBool blackA): ++ FilterStream(strA) { ++ encoding = encodingA; ++ endOfLine = endOfLineA; ++ byteAlign = byteAlignA; ++ columns = columnsA; ++ if (columns < 1) { ++ columns = 1; ++ } else if (columns > (INT_MAX - 2)/sizeof(int)) { ++ columns = (INT_MAX - 2)/sizeof(int); ++ } ++ rows = rowsA; ++ endOfBlock = endOfBlockA; ++ black = blackA; ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ codingLine = (int *)gmalloc((columns + 1) * sizeof(int)); ++ refLine = (int *)gmalloc((columns + 2) * sizeof(int)); ++ ++ eof = gFalse; ++ row = 0; ++ nextLine2D = encoding < 0; ++ inputBits = 0; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; ++ ++ buf = EOF; ++} ++ ++CCITTFaxStream::~CCITTFaxStream() { ++ delete str; ++ gfree(refLine); ++ gfree(codingLine); ++} ++ ++void CCITTFaxStream::reset() { ++ short code1; ++ ++ str->reset(); ++ eof = gFalse; ++ row = 0; ++ nextLine2D = encoding < 0; ++ inputBits = 0; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; ++ buf = EOF; ++ ++ // skip any initial zero bits and end-of-line marker, and get the 2D ++ // encoding tag ++ while ((code1 = lookBits(12)) == 0) { ++ eatBits(1); ++ } ++ if (code1 == 0x001) { ++ eatBits(12); ++ } ++ if (encoding > 0) { ++ nextLine2D = !lookBits(1); ++ eatBits(1); ++ } ++} ++ ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++int CCITTFaxStream::lookChar() { ++ short code1, code2, code3; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; ++ ++ if (buf != EOF) { ++ return buf; ++ } ++ ++ // read the next row ++ if (outputBits == 0) { ++ ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; ++ ++ // 2-D encoding ++ if (nextLine2D) { ++ for (i = 0; codingLine[i] < columns; ++i) { ++ refLine[i] = codingLine[i]; ++ } ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { ++ code1 = getTwoDimCode(); ++ switch (code1) { ++ case twoDimPass: ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimHoriz: ++ code1 = code2 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR1: ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL2: ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case EOF: ++ addPixels(columns, 0); ++ eof = gTrue; ++ break; ++ default: ++ error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); ++ err = gTrue; ++ break; ++ } ++ } ++ ++ // 1-D encoding ++ } else { ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { ++ code1 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; ++ } ++ } ++ ++ // byte-align the row ++ if (byteAlign) { ++ inputBits &= ~7; ++ } ++ ++ // check for end-of-line marker, skipping over any extra zero bits ++ gotEOL = gFalse; ++ if (!endOfBlock && row == rows - 1) { ++ eof = gTrue; ++ } else { ++ code1 = lookBits(12); ++ while (code1 == 0) { ++ eatBits(1); ++ code1 = lookBits(12); ++ } ++ if (code1 == 0x001) { ++ eatBits(12); ++ gotEOL = gTrue; ++ } else if (code1 == EOF) { ++ eof = gTrue; ++ } ++ } ++ ++ // get 2D encoding tag ++ if (!eof && encoding > 0) { ++ nextLine2D = !lookBits(1); ++ eatBits(1); ++ } ++ ++ // check for end-of-block marker ++ if (endOfBlock && gotEOL) { ++ code1 = lookBits(12); ++ if (code1 == 0x001) { ++ eatBits(12); ++ if (encoding > 0) { ++ lookBits(1); ++ eatBits(1); ++ } ++ if (encoding >= 0) { ++ for (i = 0; i < 4; ++i) { ++ code1 = lookBits(12); ++ if (code1 != 0x001) { ++ error(getPos(), "Bad RTC code in CCITTFax stream"); ++ } ++ eatBits(12); ++ if (encoding > 0) { ++ lookBits(1); ++ eatBits(1); ++ } ++ } ++ } ++ eof = gTrue; ++ } ++ ++ // look for an end-of-line marker after an error -- we only do ++ // this if we know the stream contains end-of-line markers because ++ // the "just plow on" technique tends to work better otherwise ++ } else if (err && endOfLine) { ++ while (1) { ++ code1 = lookBits(13); ++ if (code1 == EOF) { ++ eof = gTrue; ++ return EOF; ++ } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } ++ eatBits(1); ++ } ++ eatBits(12); ++ if (encoding > 0) { ++ eatBits(1); ++ nextLine2D = !(code1 & 1); ++ } ++ } ++ ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; ++ } ++ ++ ++row; ++ } ++ ++ // get a byte ++ if (outputBits >= 8) { ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } ++ } else { ++ bits = 8; ++ buf = 0; ++ do { ++ if (outputBits > bits) { ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); ++ } ++ outputBits -= bits; ++ bits = 0; ++ } else { ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); ++ } ++ bits -= outputBits; ++ outputBits = 0; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; ++ } ++ } ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; ++ } ++ return buf; ++} ++ ++short CCITTFaxStream::getTwoDimCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(7); ++ p = &twoDimTab1[code]; ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 1; n <= 7; ++n) { ++ code = lookBits(n); ++ if (n < 7) { ++ code <<= 7 - n; ++ } ++ p = &twoDimTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad two dim code (%04x) in CCITTFax stream", code); ++ return EOF; ++} ++ ++short CCITTFaxStream::getWhiteCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } ++ if ((code >> 5) == 0) { ++ p = &whiteTab1[code]; ++ } else { ++ p = &whiteTab2[code >> 3]; ++ } ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 1; n <= 9; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 9) { ++ code <<= 9 - n; ++ } ++ p = &whiteTab2[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ for (n = 11; n <= 12; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 12) { ++ code <<= 12 - n; ++ } ++ p = &whiteTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad white code (%04x) in CCITTFax stream", code); ++ // eat a bit and return a positive number so that the caller doesn't ++ // go into an infinite loop ++ eatBits(1); ++ return 1; ++} ++ ++short CCITTFaxStream::getBlackCode() { ++ short code; ++ CCITTCode *p; ++ int n; ++ ++ code = 0; // make gcc happy ++ if (endOfBlock) { ++ code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } ++ if ((code >> 7) == 0) { ++ p = &blackTab1[code]; ++ } else if ((code >> 9) == 0 && (code >> 7) != 0) { ++ p = &blackTab2[(code >> 1) - 64]; ++ } else { ++ p = &blackTab3[code >> 7]; ++ } ++ if (p->bits > 0) { ++ eatBits(p->bits); ++ return p->n; ++ } ++ } else { ++ for (n = 2; n <= 6; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 6) { ++ code <<= 6 - n; ++ } ++ p = &blackTab3[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ for (n = 7; n <= 12; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 12) { ++ code <<= 12 - n; ++ } ++ if (code >= 64) { ++ p = &blackTab2[code - 64]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ for (n = 10; n <= 13; ++n) { ++ code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } ++ if (n < 13) { ++ code <<= 13 - n; ++ } ++ p = &blackTab1[code]; ++ if (p->bits == n) { ++ eatBits(n); ++ return p->n; ++ } ++ } ++ } ++ error(getPos(), "Bad black code (%04x) in CCITTFax stream", code); ++ // eat a bit and return a positive number so that the caller doesn't ++ // go into an infinite loop ++ eatBits(1); ++ return 1; ++} ++ ++short CCITTFaxStream::lookBits(int n) { ++ int c; ++ ++ while (inputBits < n) { ++ if ((c = str->getChar()) == EOF) { ++ if (inputBits == 0) { ++ return EOF; ++ } ++ // near the end of the stream, the caller may ask for more bits ++ // than are available, but there may still be a valid code in ++ // however many bits are available -- we need to return correct ++ // data in this case ++ return (inputBuf << (n - inputBits)) & (0xffff >> (16 - n)); ++ } ++ inputBuf = (inputBuf << 8) + c; ++ inputBits += 8; ++ } ++ return (inputBuf >> (inputBits - n)) & (0xffff >> (16 - n)); ++} ++ ++#endif + + GString *CCITTFaxStream::getPSFilter(const char *indent) { + GString *s; +@@ -1929,6 +2533,12 @@ + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmalloc(bufWidth * bufHeight * sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); +@@ -2975,6 +3585,11 @@ + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; +--- filters/kword/pdf/xpdf/xpdf/Stream.h ++++ filters/kword/pdf/xpdf/xpdf/Stream.h +@@ -513,13 +513,17 @@ + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line ++ + int outputBits; // remaining output bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); ++ + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); diff --git a/graphics/kdegraphics3/Makefile b/graphics/kdegraphics3/Makefile index eb52337507da..e316a72b0b35 100644 --- a/graphics/kdegraphics3/Makefile +++ b/graphics/kdegraphics3/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdegraphics PORTVERSION= ${KDE_VERSION} -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= graphics kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/graphics/kdegraphics3/files/patch-post-3.5.8-kdegraphics-kpdf.diff b/graphics/kdegraphics3/files/patch-post-3.5.8-kdegraphics-kpdf.diff new file mode 100644 index 000000000000..94e44a0280e9 --- /dev/null +++ b/graphics/kdegraphics3/files/patch-post-3.5.8-kdegraphics-kpdf.diff @@ -0,0 +1,643 @@ +--- kpdf/xpdf/xpdf/Stream.cc ++++ kpdf/xpdf/xpdf/Stream.cc +@@ -1245,23 +1245,26 @@ CCITTFaxStream::CCITTFaxStream(Stream *s + columns = columnsA; + if (columns < 1) { + columns = 1; +- } +- if (columns + 4 <= 0) { +- columns = INT_MAX - 4; ++ } else if (columns > INT_MAX - 2) { ++ columns = INT_MAX - 2; + } + rows = rowsA; + endOfBlock = endOfBlockA; + black = blackA; +- refLine = (short *)gmallocn(columns + 3, sizeof(short)); +- codingLine = (short *)gmallocn(columns + 2, sizeof(short)); ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ codingLine = (int *)gmallocn(columns + 1, sizeof(int)); ++ refLine = (int *)gmallocn(columns + 2, sizeof(int)); + + eof = gFalse; + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = refLine[2] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + + buf = EOF; + } +@@ -1280,9 +1283,9 @@ void CCITTFaxStream::reset() { + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + buf = EOF; + + // skip any initial zero bits and end-of-line marker, and get the 2D +@@ -1299,211 +1302,230 @@ void CCITTFaxStream::reset() { + } + } + ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ + int CCITTFaxStream::lookChar() { + short code1, code2, code3; +- int a0New; +- GBool err, gotEOL; +- int ret; +- int bits, i; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; + +- // if at eof just return EOF +- if (eof && codingLine[a0] >= columns) { +- return EOF; ++ if (buf != EOF) { ++ return buf; + } + + // read the next row +- err = gFalse; +- if (codingLine[a0] >= columns) { ++ if (outputBits == 0) { ++ ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; + + // 2-D encoding + if (nextLine2D) { +- // state: +- // a0New = current position in coding line (0 <= a0New <= columns) +- // codingLine[a0] = last change in coding line +- // (black-to-white if a0 is even, +- // white-to-black if a0 is odd) +- // refLine[b1] = next change in reference line of opposite color +- // to a0 +- // invariants: +- // 0 <= codingLine[a0] <= a0New +- // <= refLine[b1] <= refLine[b1+1] <= columns +- // 0 <= a0 <= columns+1 +- // refLine[0] = 0 +- // refLine[n] = refLine[n+1] = columns +- // -- for some 1 <= n <= columns+1 +- // end condition: +- // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ... +- // < codingLine[n-1] < codingLine[n] = columns +- // -- where 1 <= n <= columns+1 + for (i = 0; codingLine[i] < columns; ++i) { + refLine[i] = codingLine[i]; + } +- refLine[i] = refLine[i + 1] = columns; +- b1 = 1; +- a0New = codingLine[a0 = 0] = 0; +- do { ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { + code1 = getTwoDimCode(); + switch (code1) { + case twoDimPass: +- if (refLine[b1] < columns) { +- a0New = refLine[b1 + 1]; +- b1 += 2; ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; + } + break; + case twoDimHoriz: +- if ((a0 & 1) == 0) { +- code1 = code2 = 0; ++ code1 = code2 = 0; ++ if (blackPixels) { + do { +- code1 += code3 = getWhiteCode(); ++ code1 += code3 = getBlackCode(); + } while (code3 >= 64); + do { +- code2 += code3 = getBlackCode(); ++ code2 += code3 = getWhiteCode(); + } while (code3 >= 64); + } else { +- code1 = code2 = 0; + do { +- code1 += code3 = getBlackCode(); ++ code1 += code3 = getWhiteCode(); + } while (code3 >= 64); + do { +- code2 += code3 = getWhiteCode(); ++ code2 += code3 = getBlackCode(); + } while (code3 >= 64); + } +- if (code1 > 0 || code2 > 0) { +- if (a0New + code1 <= columns) { +- codingLine[a0 + 1] = a0New + code1; +- } else { +- codingLine[a0 + 1] = columns; +- } +- ++a0; +- if (codingLine[a0] + code2 <= columns) { +- codingLine[a0 + 1] = codingLine[a0] + code2; +- } else { +- codingLine[a0 + 1] = columns; +- } +- ++a0; +- a0New = codingLine[a0]; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + } + break; +- case twoDimVert0: +- if (refLine[b1] < columns) { +- a0New = codingLine[++a0] = refLine[b1]; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; + case twoDimVertR1: +- if (refLine[b1] + 1 < columns) { +- a0New = codingLine[++a0] = refLine[b1] + 1; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; +- case twoDimVertL1: +- if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) { +- a0New = codingLine[++a0] = refLine[b1] - 1; +- --b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + } + break; +- case twoDimVertR2: +- if (refLine[b1] + 2 < columns) { +- a0New = codingLine[++a0] = refLine[b1] + 2; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; + case twoDimVertL2: +- if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) { +- a0New = codingLine[++a0] = refLine[b1] - 2; +- --b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; + } +- } +- break; +- case twoDimVertR3: +- if (refLine[b1] + 3 < columns) { +- a0New = codingLine[++a0] = refLine[b1] + 3; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; +- case twoDimVertL3: +- if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) { +- a0New = codingLine[++a0] = refLine[b1] - 3; +- --b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + } + break; + case EOF: ++ addPixels(columns, 0); + eof = gTrue; +- codingLine[a0 = 0] = columns; +- return EOF; ++ break; + default: + error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); + err = gTrue; + break; + } +- } while (codingLine[a0] < columns); ++ } + + // 1-D encoding + } else { +- codingLine[a0 = 0] = 0; +- while (1) { ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { + code1 = 0; +- do { +- code1 += code3 = getWhiteCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code1; +- ++a0; +- if (codingLine[a0] >= columns) { +- break; +- } +- code2 = 0; +- do { +- code2 += code3 = getBlackCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code2; +- ++a0; +- if (codingLine[a0] >= columns) { +- break; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); + } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; + } + } + +- if (codingLine[a0] != columns) { +- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]); +- // force the row to be the correct length +- while (codingLine[a0] > columns) { +- --a0; +- } +- codingLine[++a0] = columns; +- err = gTrue; +- } +- + // byte-align the row + if (byteAlign) { + inputBits &= ~7; +@@ -1562,14 +1584,17 @@ int CCITTFaxStream::lookChar() { + // this if we know the stream contains end-of-line markers because + // the "just plow on" technique tends to work better otherwise + } else if (err && endOfLine) { +- do { ++ while (1) { ++ code1 = lookBits(13); + if (code1 == EOF) { + eof = gTrue; + return EOF; + } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } + eatBits(1); +- code1 = lookBits(13); +- } while ((code1 >> 1) != 0x001); ++ } + eatBits(12); + if (encoding > 0) { + eatBits(1); +@@ -1577,11 +1602,11 @@ int CCITTFaxStream::lookChar() { + } + } + +- a0 = 0; +- outputBits = codingLine[1] - codingLine[0]; +- if (outputBits == 0) { +- a0 = 1; +- outputBits = codingLine[2] - codingLine[1]; ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; + } + + ++row; +@@ -1589,39 +1614,43 @@ int CCITTFaxStream::lookChar() { + + // get a byte + if (outputBits >= 8) { +- ret = ((a0 & 1) == 0) ? 0xff : 0x00; +- if ((outputBits -= 8) == 0) { +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; +- } ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; + } + } else { + bits = 8; +- ret = 0; ++ buf = 0; + do { + if (outputBits > bits) { +- i = bits; +- bits = 0; +- if ((a0 & 1) == 0) { +- ret |= 0xff >> (8 - i); ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); + } +- outputBits -= i; ++ outputBits -= bits; ++ bits = 0; + } else { +- i = outputBits; +- bits -= outputBits; +- if ((a0 & 1) == 0) { +- ret |= (0xff >> (8 - i)) << bits; ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); + } ++ bits -= outputBits; + outputBits = 0; +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; + } + } +- } while (bits > 0 && codingLine[a0] < columns); ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; + } +- buf = black ? (ret ^ 0xff) : ret; + return buf; + } + +@@ -1663,6 +1692,9 @@ short CCITTFaxStream::getWhiteCode() { + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 5) == 0) { + p = &whiteTab1[code]; + } else { +@@ -1675,6 +1707,9 @@ short CCITTFaxStream::getWhiteCode() { + } else { + for (n = 1; n <= 9; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 9) { + code <<= 9 - n; + } +@@ -1686,6 +1721,9 @@ short CCITTFaxStream::getWhiteCode() { + } + for (n = 11; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1711,9 +1749,12 @@ short CCITTFaxStream::getBlackCode() { + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 7) == 0) { + p = &blackTab1[code]; +- } else if ((code >> 9) == 0) { ++ } else if ((code >> 9) == 0 && (code >> 7) != 0) { + p = &blackTab2[(code >> 1) - 64]; + } else { + p = &blackTab3[code >> 7]; +@@ -1725,6 +1766,9 @@ short CCITTFaxStream::getBlackCode() { + } else { + for (n = 2; n <= 6; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 6) { + code <<= 6 - n; + } +@@ -1736,6 +1780,9 @@ short CCITTFaxStream::getBlackCode() { + } + for (n = 7; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1749,6 +1796,9 @@ short CCITTFaxStream::getBlackCode() { + } + for (n = 10; n <= 13; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 13) { + code <<= 13 - n; + } +@@ -1963,6 +2013,12 @@ void DCTStream::reset() { + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); +@@ -3038,6 +3094,11 @@ GBool DCTStream::readScanInfo() { + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; +--- kpdf/xpdf/xpdf/Stream.h ++++ kpdf/xpdf/xpdf/Stream.h +@@ -528,13 +528,15 @@ private: + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line + int outputBits; // remaining ouput bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); diff --git a/graphics/kdegraphics4/Makefile b/graphics/kdegraphics4/Makefile index eb52337507da..e316a72b0b35 100644 --- a/graphics/kdegraphics4/Makefile +++ b/graphics/kdegraphics4/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdegraphics PORTVERSION= ${KDE_VERSION} -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= graphics kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/graphics/kdegraphics4/files/patch-post-3.5.8-kdegraphics-kpdf.diff b/graphics/kdegraphics4/files/patch-post-3.5.8-kdegraphics-kpdf.diff new file mode 100644 index 000000000000..94e44a0280e9 --- /dev/null +++ b/graphics/kdegraphics4/files/patch-post-3.5.8-kdegraphics-kpdf.diff @@ -0,0 +1,643 @@ +--- kpdf/xpdf/xpdf/Stream.cc ++++ kpdf/xpdf/xpdf/Stream.cc +@@ -1245,23 +1245,26 @@ CCITTFaxStream::CCITTFaxStream(Stream *s + columns = columnsA; + if (columns < 1) { + columns = 1; +- } +- if (columns + 4 <= 0) { +- columns = INT_MAX - 4; ++ } else if (columns > INT_MAX - 2) { ++ columns = INT_MAX - 2; + } + rows = rowsA; + endOfBlock = endOfBlockA; + black = blackA; +- refLine = (short *)gmallocn(columns + 3, sizeof(short)); +- codingLine = (short *)gmallocn(columns + 2, sizeof(short)); ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ codingLine = (int *)gmallocn(columns + 1, sizeof(int)); ++ refLine = (int *)gmallocn(columns + 2, sizeof(int)); + + eof = gFalse; + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = refLine[2] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + + buf = EOF; + } +@@ -1280,9 +1283,9 @@ void CCITTFaxStream::reset() { + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + buf = EOF; + + // skip any initial zero bits and end-of-line marker, and get the 2D +@@ -1299,211 +1302,230 @@ void CCITTFaxStream::reset() { + } + } + ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ + int CCITTFaxStream::lookChar() { + short code1, code2, code3; +- int a0New; +- GBool err, gotEOL; +- int ret; +- int bits, i; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; + +- // if at eof just return EOF +- if (eof && codingLine[a0] >= columns) { +- return EOF; ++ if (buf != EOF) { ++ return buf; + } + + // read the next row +- err = gFalse; +- if (codingLine[a0] >= columns) { ++ if (outputBits == 0) { ++ ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; + + // 2-D encoding + if (nextLine2D) { +- // state: +- // a0New = current position in coding line (0 <= a0New <= columns) +- // codingLine[a0] = last change in coding line +- // (black-to-white if a0 is even, +- // white-to-black if a0 is odd) +- // refLine[b1] = next change in reference line of opposite color +- // to a0 +- // invariants: +- // 0 <= codingLine[a0] <= a0New +- // <= refLine[b1] <= refLine[b1+1] <= columns +- // 0 <= a0 <= columns+1 +- // refLine[0] = 0 +- // refLine[n] = refLine[n+1] = columns +- // -- for some 1 <= n <= columns+1 +- // end condition: +- // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ... +- // < codingLine[n-1] < codingLine[n] = columns +- // -- where 1 <= n <= columns+1 + for (i = 0; codingLine[i] < columns; ++i) { + refLine[i] = codingLine[i]; + } +- refLine[i] = refLine[i + 1] = columns; +- b1 = 1; +- a0New = codingLine[a0 = 0] = 0; +- do { ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { + code1 = getTwoDimCode(); + switch (code1) { + case twoDimPass: +- if (refLine[b1] < columns) { +- a0New = refLine[b1 + 1]; +- b1 += 2; ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; + } + break; + case twoDimHoriz: +- if ((a0 & 1) == 0) { +- code1 = code2 = 0; ++ code1 = code2 = 0; ++ if (blackPixels) { + do { +- code1 += code3 = getWhiteCode(); ++ code1 += code3 = getBlackCode(); + } while (code3 >= 64); + do { +- code2 += code3 = getBlackCode(); ++ code2 += code3 = getWhiteCode(); + } while (code3 >= 64); + } else { +- code1 = code2 = 0; + do { +- code1 += code3 = getBlackCode(); ++ code1 += code3 = getWhiteCode(); + } while (code3 >= 64); + do { +- code2 += code3 = getWhiteCode(); ++ code2 += code3 = getBlackCode(); + } while (code3 >= 64); + } +- if (code1 > 0 || code2 > 0) { +- if (a0New + code1 <= columns) { +- codingLine[a0 + 1] = a0New + code1; +- } else { +- codingLine[a0 + 1] = columns; +- } +- ++a0; +- if (codingLine[a0] + code2 <= columns) { +- codingLine[a0 + 1] = codingLine[a0] + code2; +- } else { +- codingLine[a0 + 1] = columns; +- } +- ++a0; +- a0New = codingLine[a0]; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + } + break; +- case twoDimVert0: +- if (refLine[b1] < columns) { +- a0New = codingLine[++a0] = refLine[b1]; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; + case twoDimVertR1: +- if (refLine[b1] + 1 < columns) { +- a0New = codingLine[++a0] = refLine[b1] + 1; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; +- case twoDimVertL1: +- if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) { +- a0New = codingLine[++a0] = refLine[b1] - 1; +- --b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + } + break; +- case twoDimVertR2: +- if (refLine[b1] + 2 < columns) { +- a0New = codingLine[++a0] = refLine[b1] + 2; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; + case twoDimVertL2: +- if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) { +- a0New = codingLine[++a0] = refLine[b1] - 2; +- --b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; + } +- } +- break; +- case twoDimVertR3: +- if (refLine[b1] + 3 < columns) { +- a0New = codingLine[++a0] = refLine[b1] + 3; +- ++b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } +- } else { +- a0New = codingLine[++a0] = columns; + } + break; +- case twoDimVertL3: +- if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) { +- a0New = codingLine[++a0] = refLine[b1] - 3; +- --b1; +- while (refLine[b1] <= a0New && refLine[b1] < columns) { +- b1 += 2; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + } + break; + case EOF: ++ addPixels(columns, 0); + eof = gTrue; +- codingLine[a0 = 0] = columns; +- return EOF; ++ break; + default: + error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); + err = gTrue; + break; + } +- } while (codingLine[a0] < columns); ++ } + + // 1-D encoding + } else { +- codingLine[a0 = 0] = 0; +- while (1) { ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { + code1 = 0; +- do { +- code1 += code3 = getWhiteCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code1; +- ++a0; +- if (codingLine[a0] >= columns) { +- break; +- } +- code2 = 0; +- do { +- code2 += code3 = getBlackCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code2; +- ++a0; +- if (codingLine[a0] >= columns) { +- break; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); + } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; + } + } + +- if (codingLine[a0] != columns) { +- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]); +- // force the row to be the correct length +- while (codingLine[a0] > columns) { +- --a0; +- } +- codingLine[++a0] = columns; +- err = gTrue; +- } +- + // byte-align the row + if (byteAlign) { + inputBits &= ~7; +@@ -1562,14 +1584,17 @@ int CCITTFaxStream::lookChar() { + // this if we know the stream contains end-of-line markers because + // the "just plow on" technique tends to work better otherwise + } else if (err && endOfLine) { +- do { ++ while (1) { ++ code1 = lookBits(13); + if (code1 == EOF) { + eof = gTrue; + return EOF; + } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } + eatBits(1); +- code1 = lookBits(13); +- } while ((code1 >> 1) != 0x001); ++ } + eatBits(12); + if (encoding > 0) { + eatBits(1); +@@ -1577,11 +1602,11 @@ int CCITTFaxStream::lookChar() { + } + } + +- a0 = 0; +- outputBits = codingLine[1] - codingLine[0]; +- if (outputBits == 0) { +- a0 = 1; +- outputBits = codingLine[2] - codingLine[1]; ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; + } + + ++row; +@@ -1589,39 +1614,43 @@ int CCITTFaxStream::lookChar() { + + // get a byte + if (outputBits >= 8) { +- ret = ((a0 & 1) == 0) ? 0xff : 0x00; +- if ((outputBits -= 8) == 0) { +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; +- } ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; + } + } else { + bits = 8; +- ret = 0; ++ buf = 0; + do { + if (outputBits > bits) { +- i = bits; +- bits = 0; +- if ((a0 & 1) == 0) { +- ret |= 0xff >> (8 - i); ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); + } +- outputBits -= i; ++ outputBits -= bits; ++ bits = 0; + } else { +- i = outputBits; +- bits -= outputBits; +- if ((a0 & 1) == 0) { +- ret |= (0xff >> (8 - i)) << bits; ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); + } ++ bits -= outputBits; + outputBits = 0; +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; + } + } +- } while (bits > 0 && codingLine[a0] < columns); ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; + } +- buf = black ? (ret ^ 0xff) : ret; + return buf; + } + +@@ -1663,6 +1692,9 @@ short CCITTFaxStream::getWhiteCode() { + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 5) == 0) { + p = &whiteTab1[code]; + } else { +@@ -1675,6 +1707,9 @@ short CCITTFaxStream::getWhiteCode() { + } else { + for (n = 1; n <= 9; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 9) { + code <<= 9 - n; + } +@@ -1686,6 +1721,9 @@ short CCITTFaxStream::getWhiteCode() { + } + for (n = 11; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1711,9 +1749,12 @@ short CCITTFaxStream::getBlackCode() { + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 7) == 0) { + p = &blackTab1[code]; +- } else if ((code >> 9) == 0) { ++ } else if ((code >> 9) == 0 && (code >> 7) != 0) { + p = &blackTab2[(code >> 1) - 64]; + } else { + p = &blackTab3[code >> 7]; +@@ -1725,6 +1766,9 @@ short CCITTFaxStream::getBlackCode() { + } else { + for (n = 2; n <= 6; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 6) { + code <<= 6 - n; + } +@@ -1736,6 +1780,9 @@ short CCITTFaxStream::getBlackCode() { + } + for (n = 7; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1749,6 +1796,9 @@ short CCITTFaxStream::getBlackCode() { + } + for (n = 10; n <= 13; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 13) { + code <<= 13 - n; + } +@@ -1963,6 +2013,12 @@ void DCTStream::reset() { + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); +@@ -3038,6 +3094,11 @@ GBool DCTStream::readScanInfo() { + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; +--- kpdf/xpdf/xpdf/Stream.h ++++ kpdf/xpdf/xpdf/Stream.h +@@ -528,13 +528,15 @@ private: + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line + int outputBits; // remaining ouput bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); |