diff options
Diffstat (limited to 'org.handhelds.familiar/packages/gpdf/files/000-checks.patch')
| -rw-r--r-- | org.handhelds.familiar/packages/gpdf/files/000-checks.patch | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/org.handhelds.familiar/packages/gpdf/files/000-checks.patch b/org.handhelds.familiar/packages/gpdf/files/000-checks.patch new file mode 100644 index 0000000..9a23aa3 --- /dev/null +++ b/org.handhelds.familiar/packages/gpdf/files/000-checks.patch @@ -0,0 +1,108 @@ +--- xpdf/Catalog.cc.orig ++++ xpdf/Catalog.cc +@@ -13,6 +13,7 @@ + #endif + + #include <stddef.h> ++#include <limits.h> + #include "gmem.h" + #include "Object.h" + #include "XRef.h" +@@ -64,10 +65,8 @@ + } + pagesSize = numPages0 = (int)obj.getNum(); + obj.free(); +- // The gcc doesnt optimize this away, so this check is ok, +- // even if it looks like a pagesSize != pagesSize check +- if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize || +- pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ if (pagesSize >= INT_MAX/sizeof(Page *) || ++ pagesSize >= INT_MAX/sizeof(Ref)) { + error(-1, "Invalid 'pagesSize'"); + ok = gFalse; + return; +@@ -200,8 +199,8 @@ + } + if (start >= pagesSize) { + pagesSize += 32; +- if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize || +- pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ if (pagesSize >= INT_MAX/sizeof(Page *) || ++ pagesSize >= INT_MAX/sizeof(Ref)) { + error(-1, "Invalid 'pagesSize' parameter."); + goto err3; + } +--- xpdf/XRef.cc.orig ++++ xpdf/XRef.cc +@@ -16,6 +16,7 @@ + #include <stddef.h> + #include <string.h> + #include <ctype.h> ++#include <limits.h> + #include "gmem.h" + #include "Object.h" + #include "Stream.h" +@@ -110,7 +111,7 @@ + goto err1; + } + +- if (nObjects*(int)sizeof(int)/sizeof(int) != nObjects) { ++ if (nObjects >= INT_MAX/sizeof(int)) { + error(-1, "Invalid 'nObjects'"); + goto err1; + } +@@ -138,8 +139,7 @@ + offsets[i] = obj2.getInt(); + obj1.free(); + obj2.free(); +- if (objNums[i] < 0 || offsets[i] < 0 || +- (i > 0 && offsets[i] < offsets[i-1])) { ++ if (objNums[i]<0 || offsets[i]<0 || (i>0 && offsets[i]<offsets[i-1])) { + delete parser; + gfree(offsets); + goto err1; +@@ -393,7 +393,7 @@ + if (newSize < 0) { + goto err1; + } +- if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if (newSize >= INT_MAX/sizeof(XRefEntry)) { + error(-1, "Invalid 'obj' parameters'"); + goto err1; + } +@@ -503,7 +503,7 @@ + goto err1; + } + if (newSize > size) { +- if (newSize * (int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if (newSize >= INT_MAX/sizeof(XRefEntry)) { + error(-1, "Invalid 'size' parameter."); + return gFalse; + } +@@ -597,7 +597,7 @@ + if (newSize < 0) { + return gFalse; + } +- if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if (newSize >= INT_MAX/sizeof(XRefEntry)) { + error(-1, "Invalid 'size' inside xref table."); + return gFalse; + } +@@ -736,7 +736,7 @@ + error(-1, "Bad object number"); + return gFalse; + } +- if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if (newSize >= INT_MAX/sizeof(XRefEntry)) { + error(-1, "Invalid 'obj' parameters."); + return gFalse; + } +@@ -763,7 +763,7 @@ + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; +- if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) { ++ if (streamEndsSize >= INT_MAX/sizeof(int)) { + error(-1, "Invalid 'endstream' parameter."); + return gFalse; + } |