From 9f6fa20804cef5c3a948e361fefe632bb9841d30 Mon Sep 17 00:00:00 2001 From: "David Kaspar [Dee'Kej]" Date: Thu, 9 Nov 2017 14:25:11 +0100 Subject: [PATCH] rebase to 'ghostscript-9.22' --- .gitignore | 1 + ghostscript-9.20-cve-2016-10217.patch | 33 - ghostscript-9.20-cve-2016-10218.patch | 30 - ghostscript-9.20-cve-2016-10219.patch | 44 - ghostscript-9.20-cve-2016-10220.patch | 50 - ghostscript-9.20-cve-2016-7976.patch | 180 --- ghostscript-9.20-cve-2016-7977.patch | 28 - ghostscript-9.20-cve-2016-7978.patch | 25 - ghostscript-9.20-cve-2016-7979.patch | 43 - ghostscript-9.20-cve-2016-8602.patch | 42 - ghostscript-9.20-cve-2016-9601.patch | 897 ------------ ghostscript-9.20-cve-2017-5951.patch | 39 - ghostscript-9.20-cve-2017-7207.patch | 33 - ghostscript-9.20-cve-2017-7975.patch | 31 - ghostscript-9.20-cve-2017-8291.patch | 92 -- ...cript-9.20-fix-openjpeg-system-build.patch | 56 - ...9.20-handle-glyphdirectory-correctly.patch | 52 - ...20-remove-and-reimplement-ConvertUTF.patch | 1228 ----------------- ghostscript-9.20-urw-fonts-naming.patch | 33 - ghostscript.spec | 93 +- sources | 2 +- 21 files changed, 13 insertions(+), 3019 deletions(-) delete mode 100644 ghostscript-9.20-cve-2016-10217.patch delete mode 100644 ghostscript-9.20-cve-2016-10218.patch delete mode 100644 ghostscript-9.20-cve-2016-10219.patch delete mode 100644 ghostscript-9.20-cve-2016-10220.patch delete mode 100644 ghostscript-9.20-cve-2016-7976.patch delete mode 100644 ghostscript-9.20-cve-2016-7977.patch delete mode 100644 ghostscript-9.20-cve-2016-7978.patch delete mode 100644 ghostscript-9.20-cve-2016-7979.patch delete mode 100644 ghostscript-9.20-cve-2016-8602.patch delete mode 100644 ghostscript-9.20-cve-2016-9601.patch delete mode 100644 ghostscript-9.20-cve-2017-5951.patch delete mode 100644 ghostscript-9.20-cve-2017-7207.patch delete mode 100644 ghostscript-9.20-cve-2017-7975.patch delete mode 100644 ghostscript-9.20-cve-2017-8291.patch delete mode 100644 ghostscript-9.20-fix-openjpeg-system-build.patch delete mode 100644 ghostscript-9.20-handle-glyphdirectory-correctly.patch delete mode 100644 ghostscript-9.20-remove-and-reimplement-ConvertUTF.patch delete mode 100644 ghostscript-9.20-urw-fonts-naming.patch diff --git a/.gitignore b/.gitignore index bcc3585..d42a0e9 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,4 @@ ghostscript-8.71.tar.xz /ghostscript-9.15-cleaned-1.tar.bz2 /ghostscript-9.16-cleaned-1.tar.bz2 /ghostscript-9.20.tar.xz +/ghostscript-9.22.tar.xz diff --git a/ghostscript-9.20-cve-2016-10217.patch b/ghostscript-9.20-cve-2016-10217.patch deleted file mode 100644 index 269ab84..0000000 --- a/ghostscript-9.20-cve-2016-10217.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb Mon Sep 17 00:00:00 2001 -From: Michael Vrhel -Date: Thu, 29 Dec 2016 14:00:21 -0800 -Subject: [PATCH] Bug 697456. Dont create new ctx when pdf14 device reenabled - -This bug had yet another weird case where the user created a -file that pushed the pdf14 device twice. We were in that case, -creating a new ctx and blowing away the original one with out -proper clean up. To avoid, only create a new one when we need it. ---- - base/gdevp14.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/base/gdevp14.c b/base/gdevp14.c -index fd56ec9..f19318e 100644 ---- a/base/gdevp14.c -+++ b/base/gdevp14.c -@@ -1669,8 +1669,10 @@ pdf14_open(gx_device *dev) - rect.p.y = 0; - rect.q.x = dev->width; - rect.q.y = dev->height; -- pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components, -- pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev); -+ /* If we are reenabling the device dont create a new ctx. Bug 697456 */ -+ if (pdev->ctx == NULL) -+ pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components, -+ pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev); - if (pdev->ctx == NULL) - return_error(gs_error_VMerror); - pdev->free_devicen = true; --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2016-10218.patch b/ghostscript-9.20-cve-2016-10218.patch deleted file mode 100644 index 11c8278..0000000 --- a/ghostscript-9.20-cve-2016-10218.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c0502b3771e4eac89a199a3558182337d146d4ab Mon Sep 17 00:00:00 2001 -From: Michael Vrhel -Date: Thu, 29 Dec 2016 12:00:40 -0800 -Subject: [PATCH] Bug 697444 Unmatched transparency group pop - -This issue can only occur if there is an unmatched group pop. -If the interpreter is doing that, then the interpreter is -broken. With this bug the user is intentionally doing it. -We now throw and error when it occurs. ---- - base/gdevp14.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/base/gdevp14.c b/base/gdevp14.c -index ad3478f..84f0f40 100644 ---- a/base/gdevp14.c -+++ b/base/gdevp14.c -@@ -985,6 +985,9 @@ pdf14_pop_transparency_group(gs_gstate *pgs, pdf14_ctx *ctx, - bool blendspot = pdev->blendspot; - bool nonicc_conversion = true; - -+ if (nos == NULL) -+ return_error(gs_error_unknownerror); /* Unmatched group pop */ -+ - #ifdef DEBUG - pdf14_debug_mask_stack_state(ctx); - #endif --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2016-10219.patch b/ghostscript-9.20-cve-2016-10219.patch deleted file mode 100644 index 415cd8a..0000000 --- a/ghostscript-9.20-cve-2016-10219.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4bef1a1d32e29b68855616020dbff574b9cda08f Mon Sep 17 00:00:00 2001 -From: Robin Watts -Date: Thu, 29 Dec 2016 15:57:43 +0000 -Subject: [PATCH] Bug 697453: Avoid divide by 0 in scan conversion code. - -Arithmetic overflow due to extreme values in the scan conversion -code can cause a division by 0. - -Avoid this with a simple extra check. - - dx_old=cf814d81 - endp->x_next=b0e859b9 - alp->x_next=8069a73a - -leads to dx_den = 0 ---- - base/gxfill.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/base/gxfill.c b/base/gxfill.c -index 99196c0..2f81bb0 100644 ---- a/base/gxfill.c -+++ b/base/gxfill.c -@@ -1741,7 +1741,7 @@ intersect(active_line *endp, active_line *alp, fixed y, fixed y1, fixed *p_y_new - fixed dx_old = alp->x_current - endp->x_current; - fixed dx_den = dx_old + endp->x_next - alp->x_next; - -- if (dx_den <= dx_old) -+ if (dx_den <= dx_old || dx_den == 0) - return false; /* Intersection isn't possible. */ - dy = y1 - y; - if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n", -@@ -1750,7 +1750,7 @@ intersect(active_line *endp, active_line *alp, fixed y, fixed y1, fixed *p_y_new - /* Do the computation in single precision */ - /* if the values are small enough. */ - y_new = -- ((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ? -+ (((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ? - dy * dx_old / dx_den : - (INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den))) - + y; --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2016-10220.patch b/ghostscript-9.20-cve-2016-10220.patch deleted file mode 100644 index 4a3388a..0000000 --- a/ghostscript-9.20-cve-2016-10220.patch +++ /dev/null @@ -1,50 +0,0 @@ -From daf85701dab05f17e924a48a81edc9195b4a04e8 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Wed, 21 Dec 2016 16:54:14 +0000 -Subject: [PATCH] fix crash with bad data supplied to makeimagedevice - -Bug #697450 "Null pointer dereference in gx_device_finalize()" - -The problem here is that the code to finalise a device unconditionally -frees the icc_struct member of the device structure. However this -particular (weird) device is not setup as a normal device, probably -because its very, very ancient. Its possible for the initialisation -of the device to abort with an error before calling gs_make_mem_device() -which is where the icc_struct member gets allocated (or set to NULL). - -If that happens, then the cleanup code tries to free the device, which -calls finalize() which tries to free a garbage pointer. - -Setting the device memory to 0x00 after we allocate it means that the -icc_struct member will be NULL< and our memory manager allows for that -happily enough, which avoids the problem. ---- - base/gsdevmem.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/base/gsdevmem.c b/base/gsdevmem.c -index 97b9cf4..fe75bcc 100644 ---- a/base/gsdevmem.c -+++ b/base/gsdevmem.c -@@ -225,6 +225,18 @@ gs_makewordimagedevice(gx_device ** pnew_dev, const gs_matrix * pmat, - - if (pnew == 0) - return_error(gs_error_VMerror); -+ -+ /* Bug #697450 "Null pointer dereference in gx_device_finalize()" -+ * If we have incorrect data passed to gs_initialise_wordimagedevice() then the -+ * initialisation will fail, crucially it will fail *before* it calls -+ * gs_make_mem_device() which initialises the device. This means that the -+ * icc_struct member will be uninitialsed, but the device finalise method -+ * will unconditionally free that memory. Since its a garbage pointer, bad things happen. -+ * Apparently we do still need makeimagedevice to be available from -+ * PostScript, so in here just zero the device memory, which means that -+ * the finalise routine won't have a problem. -+ */ -+ memset(pnew, 0x00, st_device_memory.ssize); - code = gs_initialize_wordimagedevice(pnew, pmat, width, height, - colors, num_colors, word_oriented, - page_device, mem); --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2016-7976.patch b/ghostscript-9.20-cve-2016-7976.patch deleted file mode 100644 index e39d169..0000000 --- a/ghostscript-9.20-cve-2016-7976.patch +++ /dev/null @@ -1,180 +0,0 @@ -From fee19fa8d4f6f351e5a76f5801884880249d6a45 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 5 Oct 2016 09:55:55 +0100 -Subject: [PATCH] Bug 697178: Add a file permissions callback - -For the rare occasions when the graphics library directly opens a file -(currently for reading), this allows us to apply any restrictions on -file access normally applied in the interpteter. ---- - base/gsicc_manage.c | 10 ++++++---- - base/gslibctx.c | 12 +++++++++++- - base/gslibctx.h | 7 +++++++ - psi/imain.c | 2 ++ - psi/int.mak | 2 +- - psi/zfile.c | 19 +++++++++++++++++++ - psi/zfile.h | 7 +++++++ - 7 files changed, 53 insertions(+), 6 deletions(-) - -diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c -index 931c2a6..e9c09c3 100644 ---- a/base/gsicc_manage.c -+++ b/base/gsicc_manage.c -@@ -1124,10 +1124,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc, - } - - /* First just try it like it is */ -- str = sfopen(pname, "r", mem_gc); -- if (str != NULL) { -- *strp = str; -- return 0; -+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) { -+ str = sfopen(pname, "r", mem_gc); -+ if (str != NULL) { -+ *strp = str; -+ return 0; -+ } - } - - /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */ -diff --git a/base/gslibctx.c b/base/gslibctx.c -index fa4432a..f2c13e3 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -183,7 +183,7 @@ int gs_lib_ctx_init( gs_memory_t *mem ) - mem->gs_lib_ctx = NULL; - return -1; - } -- -+ pio->client_check_file_permission = NULL; - gp_get_realtime(pio->real_time_0); - - /* Set scanconverter to 1 (default) */ -@@ -336,3 +336,13 @@ void errflush(const gs_memory_t *mem) - fflush(mem->gs_lib_ctx->fstderr); - /* else nothing to flush */ - } -+ -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ int code = 0; -+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) { -+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission); -+ } -+ return code; -+} -diff --git a/base/gslibctx.h b/base/gslibctx.h -index 84ec205..55eb4a6 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server; - # define gs_font_dir_DEFINED - typedef struct gs_font_dir_s gs_font_dir; - #endif -+ -+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - typedef struct gs_lib_ctx_s - { - gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -@@ -61,6 +64,7 @@ typedef struct gs_lib_ctx_s - struct gx_io_device_s **io_device_table; - int io_device_table_count; - int io_device_table_size; -+ client_check_file_permission_t client_check_file_permission; - /* Define the default value of AccurateScreens that affects setscreen - and setcolorscreen. */ - bool screen_accurate_screens; -@@ -132,6 +136,9 @@ int - gs_lib_ctx_get_default_device_list(const gs_memory_t *mem, char** dev_list_str, - int *list_str_len); - -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout) - #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr) - -diff --git a/psi/imain.c b/psi/imain.c -index 9a9bb5d..6874128 100644 ---- a/psi/imain.c -+++ b/psi/imain.c -@@ -57,6 +57,7 @@ - #include "ivmspace.h" - #include "idisp.h" /* for setting display device callback */ - #include "iplugin.h" -+#include "zfile.h" - - #ifdef PACIFY_VALGRIND - #include "valgrind.h" -@@ -212,6 +213,7 @@ gs_main_init1(gs_main_instance * minst) - "the_gs_name_table"); - if (code < 0) - return code; -+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions; - } - code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */ - if (code < 0) -diff --git a/psi/int.mak b/psi/int.mak -index 4654afc..bb30d51 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -2024,7 +2024,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\ - $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\ - $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\ - $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\ -- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)\ -+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)\ - $(INT_MAK) $(MAKEDIRS) - $(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c - -diff --git a/psi/zfile.c b/psi/zfile.c -index b6caea2..fd94f67 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len, - return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup); - } - -+/* z_check_file_permissions: see zfile.h for explanation -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p; -+ gs_parsed_file_name_t pname; -+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting"; -+ int code = gs_parse_file_name(&pname, fname, len, imemory); -+ if (code < 0) -+ return code; -+ -+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0) -+ return gs_error_invalidfileaccess; -+ -+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup); -+ return code; -+} -+ - /* file */ - int /* exported for zsysvm.c */ - zfile(i_ctx_t *i_ctx_p) -diff --git a/psi/zfile.h b/psi/zfile.h -index fdf1373..a9399c7 100644 ---- a/psi/zfile.h -+++ b/psi/zfile.h -@@ -22,4 +22,11 @@ - int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn, - const char *file_access, stream **ps, gs_memory_t *mem); - -+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission) -+ * to allow applying the above permissions checks when opening file(s) from -+ * the graphics library -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, -+ const int len, const char *permission); - #endif --- -2.7.4 - diff --git a/ghostscript-9.20-cve-2016-7977.patch b/ghostscript-9.20-cve-2016-7977.patch deleted file mode 100644 index 176ba9e..0000000 --- a/ghostscript-9.20-cve-2016-7977.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8abd22010eb4db0fb1b10e430d5f5d83e015ef70 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Mon, 3 Oct 2016 01:46:28 +0100 -Subject: [PATCH] Bug 697169: Be rigorous with SAFER permissions - -Once we've opened our input file from the command line, enforce the SAFER -rules. ---- - psi/zfile.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/psi/zfile.c b/psi/zfile.c -index b6caea2..2c6c958 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -1081,6 +1081,9 @@ lib_file_open(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx - gs_main_instance *minst = get_minst_from_memory(mem); - int code; - -+ if (i_ctx_p && starting_arg_file) -+ i_ctx_p->starting_arg_file = false; -+ - /* when starting arg files (@ files) iodev_default is not yet set */ - if (iodev == 0) - iodev = (gx_io_device *)gx_io_device_table[0]; --- -2.7.4 - diff --git a/ghostscript-9.20-cve-2016-7978.patch b/ghostscript-9.20-cve-2016-7978.patch deleted file mode 100644 index 74aa51c..0000000 --- a/ghostscript-9.20-cve-2016-7978.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 5 Oct 2016 09:59:25 +0100 -Subject: [PATCH] Bug 697179: Reference count device icc profile - -when copying a device ---- - base/gsdevice.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/gsdevice.c b/base/gsdevice.c -index 778106f..aea986a 100644 ---- a/base/gsdevice.c -+++ b/base/gsdevice.c -@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem, - dev->memory = mem; - dev->retained = !internal; - rc_init(dev, mem, (internal ? 0 : 1)); -+ rc_increment(dev->icc_struct); - } - - void --- -2.7.4 - diff --git a/ghostscript-9.20-cve-2016-7979.patch b/ghostscript-9.20-cve-2016-7979.patch deleted file mode 100644 index 5b2738a..0000000 --- a/ghostscript-9.20-cve-2016-7979.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Wed, 5 Oct 2016 10:10:58 +0100 -Subject: [PATCH] DSC parser - validate parameters - -Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it." - -Regardless of any security implications, its simply wrong for a PostScript -operator not to validate its parameter(s). - -No differences expected. ---- - psi/zdscpars.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/psi/zdscpars.c b/psi/zdscpars.c -index c05e154..9b4b605 100644 ---- a/psi/zdscpars.c -+++ b/psi/zdscpars.c -@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p) - ref local_ref; - int code; - os_ptr const op = osp; -- dict * const pdict = op->value.pdict; -- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict); -- dsc_data_t * const data = -- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); -+ dict *pdict; -+ gs_memory_t *mem; -+ dsc_data_t *data; - -+ check_read_type(*op, t_dictionary); -+ -+ pdict = op->value.pdict; -+ mem = (gs_memory_t *)dict_memory(pdict); -+ -+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); - if (!data) - return_error(gs_error_VMerror); - data->document_level = 0; --- -2.7.4 - diff --git a/ghostscript-9.20-cve-2016-8602.patch b/ghostscript-9.20-cve-2016-8602.patch deleted file mode 100644 index 7e57bd0..0000000 --- a/ghostscript-9.20-cve-2016-8602.patch +++ /dev/null @@ -1,42 +0,0 @@ -From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Sat, 8 Oct 2016 16:10:27 +0100 -Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 - -and param types ---- - psi/zht2.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/psi/zht2.c b/psi/zht2.c -index fb4a264..dfa27a4 100644 ---- a/psi/zht2.c -+++ b/psi/zht2.c -@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) - gs_memory_t *mem; - uint edepth = ref_stack_count(&e_stack); - int npop = 2; -- int dict_enum = dict_first(op); -+ int dict_enum; - ref rvalue[2]; - int cname, colorant_number; - byte * pname; - uint name_size; - int halftonetype, type = 0; - gs_gstate *pgs = igs; -- int space_index = r_space_index(op - 1); -+ int space_index; -+ -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(gs_error_stackunderflow); -+ check_type(*op, t_dictionary); -+ check_type(*(op - 1), t_dictionary); -+ -+ dict_enum = dict_first(op); -+ space_index = r_space_index(op - 1); - - mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; - --- -2.7.4 - diff --git a/ghostscript-9.20-cve-2016-9601.patch b/ghostscript-9.20-cve-2016-9601.patch deleted file mode 100644 index ea522a1..0000000 --- a/ghostscript-9.20-cve-2016-9601.patch +++ /dev/null @@ -1,897 +0,0 @@ -From cecf6b592945d247bf932f6a4f50065db4acfba8 Mon Sep 17 00:00:00 2001 -From: Robin Watts -Date: Mon, 12 Dec 2016 17:47:17 +0000 -Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build. - -Also rename "new" to "new_dict", because "new" is a bad -variable name. ---- - jbig2dec/jbig2.c | 4 +-- - jbig2dec/jbig2.h | 8 +++-- - jbig2dec/jbig2_generic.c | 2 +- - jbig2dec/jbig2_halftone.c | 24 +++++++-------- - jbig2dec/jbig2_huffman.c | 10 +++--- - jbig2dec/jbig2_huffman.h | 2 +- - jbig2dec/jbig2_image.c | 32 +++++++++---------- - jbig2dec/jbig2_mmr.c | 66 ++++++++++++++++++++------------------- - jbig2dec/jbig2_page.c | 6 ++-- - jbig2dec/jbig2_priv.h | 4 +-- - jbig2dec/jbig2_segment.c | 10 +++--- - jbig2dec/jbig2_symbol_dict.c | 73 ++++++++++++++++++++++---------------------- - jbig2dec/jbig2_symbol_dict.h | 6 ++-- - jbig2dec/jbig2_text.c | 16 +++++----- - jbig2dec/jbig2_text.h | 2 +- - 15 files changed, 134 insertions(+), 131 deletions(-) - -diff --git a/jbig2dec/jbig2.c b/jbig2dec/jbig2.c -index f729e29..e51380f 100644 ---- a/jbig2dec/jbig2.c -+++ b/jbig2dec/jbig2.c -@@ -379,7 +379,7 @@ typedef struct { - } Jbig2WordStreamBuf; - - static int --jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word) -+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word) - { - Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self; - const byte *data = z->data; -@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t - else if (offset > z->size) - return -1; - else { -- int i; -+ size_t i; - - result = 0; - for (i = 0; i < z->size - offset; i++) -diff --git a/jbig2dec/jbig2.h b/jbig2dec/jbig2.h -index d5aa52f..624e0ed 100644 ---- a/jbig2dec/jbig2.h -+++ b/jbig2dec/jbig2.h -@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary; - */ - - struct _Jbig2Image { -- int width, height, stride; -+ uint32_t width; -+ uint32_t height; -+ uint32_t stride; - uint8_t *data; - int refcount; - }; - --Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height); -+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height); - Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image); - void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image); - void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image); - void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value); --Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height); -+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height); - - /* errors are returned from the library via a callback. If no callback - is provided (a NULL argument is passed ot jbig2_ctx_new) a default -diff --git a/jbig2dec/jbig2_generic.c b/jbig2dec/jbig2_generic.c -index 02fdbfb..9656198 100644 ---- a/jbig2dec/jbig2_generic.c -+++ b/jbig2dec/jbig2_generic.c -@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte - byte seg_flags; - int8_t gbat[8]; - int offset; -- int gbat_bytes = 0; -+ uint32_t gbat_bytes = 0; - Jbig2GenericRegionParams params; - int code = 0; - Jbig2Image *image = NULL; -diff --git a/jbig2dec/jbig2_halftone.c b/jbig2dec/jbig2_halftone.c -index aeab576..acfbc56 100644 ---- a/jbig2dec/jbig2_halftone.c -+++ b/jbig2dec/jbig2_halftone.c -@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - { - uint8_t **GSVALS = NULL; - size_t consumed_bytes = 0; -- int i, j, code, stride; -- int x, y; -+ uint32_t i, j, stride, x, y; -+ int code; - Jbig2Image **GSPLANES; - Jbig2GenericRegionParams rparams; - Jbig2WordStream *ws = NULL; -@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - if (GSPLANES[i] == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH); - /* free already allocated */ -- for (j = i - 1; j >= 0; --j) { -- jbig2_image_release(ctx, GSPLANES[j]); -- } -+ for (j = i; j > 0;) -+ jbig2_image_release(ctx, GSPLANES[--j]); - jbig2_free(ctx->allocator, GSPLANES); - return NULL; - } -@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - } - - /* C.5 step 2. Set j = GSBPP-2 */ -- j = GSBPP - 2; -+ j = GSBPP - 1; - /* C.5 step 3. decode loop */ -- while (j >= 0) { -+ while (j > 0) { -+ j--; - /* C.5 step 3. (a) */ - if (GSMMR) { - code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes); -@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i]; - - /* C.5 step 3. (c) */ -- --j; - } - - /* allocate GSVALS */ -@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - if (GSVALS[i] == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW); - /* free already allocated */ -- for (j = i - 1; j >= 0; --j) { -- jbig2_free(ctx->allocator, GSVALS[j]); -- } -+ for (j = i; j > 0;) -+ jbig2_free(ctx->allocator, GSVALS[--j]); - jbig2_free(ctx->allocator, GSVALS); - GSVALS = NULL; - goto cleanup; -@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - uint8_t **GI; - Jbig2Image *HSKIP = NULL; - Jbig2PatternDict *HPATS; -- int i; -+ uint32_t i; - uint32_t mg, ng; - int32_t x, y; - uint8_t gray_val; -@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - - /* calculate ceil(log2(HNUMPATS)) */ - HBPP = 0; -- while (HNUMPATS > (1 << ++HBPP)); -+ while (HNUMPATS > (1U << ++HBPP)); - - /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */ - GI = jbig2_decode_gray_scale_image(ctx, segment, data, size, -diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c -index 4521b48..f77981b 100644 ---- a/jbig2dec/jbig2_huffman.c -+++ b/jbig2dec/jbig2_huffman.c -@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState { - is (offset + 4) * 8. */ - uint32_t this_word; - uint32_t next_word; -- int offset_bits; -- int offset; -- int offset_limit; -+ uint32_t offset_bits; -+ uint32_t offset; -+ uint32_t offset_limit; - - Jbig2WordStream *ws; - Jbig2Ctx *ctx; - }; - - static uint32_t --huff_get_next_word(Jbig2HuffmanState *hs, int offset) -+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset) - { - uint32_t word = 0; - Jbig2WordStream *ws = hs->ws; -@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset) - /* return the offset of the huffman decode pointer (in bytes) - * from the beginning of the WordStream - */ --int -+uint32_t - jbig2_huffman_offset(Jbig2HuffmanState *hs) - { - return hs->offset + (hs->offset_bits >> 3); -diff --git a/jbig2dec/jbig2_huffman.h b/jbig2dec/jbig2_huffman.h -index 5d1e6e0..cfda9e0 100644 ---- a/jbig2dec/jbig2_huffman.h -+++ b/jbig2dec/jbig2_huffman.h -@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs); - - void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset); - --int jbig2_huffman_offset(Jbig2HuffmanState *hs); -+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs); - - int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob); - -diff --git a/jbig2dec/jbig2_image.c b/jbig2dec/jbig2_image.c -index 1ae614e..94e5a4c 100644 ---- a/jbig2dec/jbig2_image.c -+++ b/jbig2dec/jbig2_image.c -@@ -32,10 +32,10 @@ - - /* allocate a Jbig2Image structure and its associated bitmap */ - Jbig2Image * --jbig2_image_new(Jbig2Ctx *ctx, int width, int height) -+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height) - { - Jbig2Image *image; -- int stride; -+ uint32_t stride; - int64_t check; - - image = jbig2_new(ctx, Jbig2Image, 1); -@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image) - - /* resize a Jbig2Image */ - Jbig2Image * --jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height) -+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height) - { - if (width == image->width) { - /* check for integer multiplication overflow */ -@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height) - static int - jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) - { -- int i, j; -- int sw = src->width; -- int sh = src->height; -- int sx = 0; -- int sy = 0; -+ uint32_t i, j; -+ uint32_t sw = src->width; -+ uint32_t sh = src->height; -+ uint32_t sx = 0; -+ uint32_t sy = 0; - - /* clip to the dst image boundaries */ - if (x < 0) { -@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x - int - jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) - { -- int i, j; -- int w, h; -- int leftbyte, rightbyte; -- int shift; -+ uint32_t i, j; -+ uint32_t w, h; -+ uint32_t leftbyte, rightbyte; -+ uint32_t shift; - uint8_t *s, *ss; - uint8_t *d, *dd; - uint8_t mask, rightmask; -@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int - h += y; - y = 0; - } -- w = (x + w < dst->width) ? w : dst->width - x; -- h = (y + h < dst->height) ? h : dst->height - y; -+ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0); -+ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0); - #ifdef JBIG2_DEBUG - jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y); - #endif -@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int - } - #endif - -- leftbyte = x >> 3; -- rightbyte = (x + w - 1) >> 3; -+ leftbyte = (uint32_t)x >> 3; -+ rightbyte = ((uint32_t)x + w - 1) >> 3; - shift = x & 7; - - /* general OR case */ -diff --git a/jbig2dec/jbig2_mmr.c b/jbig2dec/jbig2_mmr.c -index d4cd3a2..390e27c 100644 ---- a/jbig2dec/jbig2_mmr.c -+++ b/jbig2dec/jbig2_mmr.c -@@ -38,19 +38,21 @@ - #include "jbig2_mmr.h" - - typedef struct { -- int width; -- int height; -+ uint32_t width; -+ uint32_t height; - const byte *data; - size_t size; -- int data_index; -- int bit_index; -+ uint32_t data_index; -+ uint32_t bit_index; - uint32_t word; - } Jbig2MmrCtx; - -+#define MINUS1 ((uint32_t)-1) -+ - static void - jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size) - { -- int i; -+ size_t i; - uint32_t word = 0; - - mmr->width = width; -@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = { - #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 ) - - static int --jbig2_find_changing_element(const byte *line, int x, int w) -+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w) - { - int a, b; - - if (line == 0) -- return w; -+ return (int)w; - -- if (x == -1) { -+ if (x == MINUS1) { - a = 0; - x = 0; - } else { -@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w) - } - - static int --jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color) -+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color) - { - if (line == 0) - return w; -@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 }; - static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE }; - - static void --jbig2_set_bits(byte *line, int x0, int x1) -+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1) - { -- int a0, a1, b0, b1, a; -+ uint32_t a0, a1, b0, b1, a; - - a0 = x0 >> 3; - a1 = x1 >> 3; -@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_ - static int - jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - { -- int a0 = -1; -- int a1, a2, b1, b2; -+ uint32_t a0 = MINUS1; -+ uint32_t a1, a2, b1, b2; - int c = 0; /* 0 is white, black is 1 */ - - while (1) { -@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - - /* printf ("%08x\n", word); */ - -- if (a0 >= mmr->width) -+ if (a0 != MINUS1 && a0 >= mmr->width) - break; - - if ((word >> (32 - 3)) == 1) { -@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - - jbig2_decode_mmr_consume(mmr, 3); - -- if (a0 == -1) -+ if (a0 == MINUS1) - a0 = 0; - - if (c == 0) { -@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - a1 = mmr->width; - if (a2 > mmr->width) - a2 = mmr->width; -- if (a2 < a1 || a1 < 0) -+ if (a1 == MINUS1 || a2 < a1) - return -1; - jbig2_set_bits(dst, a1, a2); - a0 = a2; -@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - a1 = mmr->width; - if (a2 > mmr->width) - a2 = mmr->width; -- if (a1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || a1 < a0) - return -1; - jbig2_set_bits(dst, a0, a1); - a0 = a2; -@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - b2 = jbig2_find_changing_element(ref, b1, mmr->width); - if (c) { -- if (b2 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b2 < a0) - return -1; - jbig2_set_bits(dst, a0, b2); - } -@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - jbig2_decode_mmr_consume(mmr, 1); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (c) { -- if (b1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 < a0) - return -1; - jbig2_set_bits(dst, a0, b1); - } -@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - if (b1 + 1 > mmr->width) - break; - if (c) { -- if (b1 + 1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 + 1 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 + 1); - } -@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - if (b1 + 2 > mmr->width) - break; - if (c) { -- if (b1 + 2 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 + 2 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 + 2); - } -@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VR(3)\n"); */ - jbig2_decode_mmr_consume(mmr, 7); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 + 3 > mmr->width) -+ if (b1 + 3 > (int)mmr->width) - break; - if (c) { -- if (b1 + 3 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 + 3 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 + 3); - } -@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VL(1)\n"); */ - jbig2_decode_mmr_consume(mmr, 3); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 - 1 < 0) -+ if (b1 < 1) - break; - if (c) { -- if (b1 - 1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 - 1 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 - 1); - } -@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VL(2)\n"); */ - jbig2_decode_mmr_consume(mmr, 6); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 - 2 < 0) -+ if (b1 < 2) - break; - if (c) { - if (b1 - 2 < a0 || a0 < 0) -@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VL(3)\n"); */ - jbig2_decode_mmr_consume(mmr, 7); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 - 3 < 0) -+ if (b1 < 3) - break; - if (c) { -- if (b1 - 3 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 - 3 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 - 3); - } -@@ -1009,10 +1011,10 @@ int - jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image) - { - Jbig2MmrCtx mmr; -- const int rowstride = image->stride; -+ const uint32_t rowstride = image->stride; - byte *dst = image->data; - byte *ref = NULL; -- int y; -+ uint32_t y; - int code = 0; - - jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size); -@@ -1047,10 +1049,10 @@ int - jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes) - { - Jbig2MmrCtx mmr; -- const int rowstride = image->stride; -+ const uint32_t rowstride = image->stride; - byte *dst = image->data; - byte *ref = NULL; -- int y; -+ uint32_t y; - int code = 0; - const uint32_t EOFB = 0x001001; - -diff --git a/jbig2dec/jbig2_page.c b/jbig2dec/jbig2_page.c -index 110ff7c..1ed1c8a 100644 ---- a/jbig2dec/jbig2_page.c -+++ b/jbig2dec/jbig2_page.c -@@ -155,9 +155,9 @@ int - jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data) - { - Jbig2Page page = ctx->pages[ctx->current_page]; -- int end_row; -+ uint32_t end_row; - -- end_row = jbig2_get_int32(segment_data); -+ end_row = jbig2_get_uint32(segment_data); - if (end_row < page.end_row) { - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, - "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row); -@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x, - - /* grow the page to accomodate a new stripe if necessary */ - if (page->striped) { -- int new_height = y + image->height + page->end_row; -+ uint32_t new_height = y + image->height + page->end_row; - - if (page->image->height < new_height) { - jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height); -diff --git a/jbig2dec/jbig2_priv.h b/jbig2dec/jbig2_priv.h -index 42ba496..3d44b42 100644 ---- a/jbig2dec/jbig2_priv.h -+++ b/jbig2dec/jbig2_priv.h -@@ -132,7 +132,7 @@ struct _Jbig2Page { - uint32_t x_resolution, y_resolution; /* in pixels per meter */ - uint16_t stripe_size; - bool striped; -- int end_row; -+ uint32_t end_row; - uint8_t flags; - Jbig2Image *image; - }; -@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm - typedef struct _Jbig2WordStream Jbig2WordStream; - - struct _Jbig2WordStream { -- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word); -+ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word); - }; - - Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size); -diff --git a/jbig2dec/jbig2_segment.c b/jbig2dec/jbig2_segment.c -index 2e0db67..5b63706 100644 ---- a/jbig2dec/jbig2_segment.c -+++ b/jbig2dec/jbig2_segment.c -@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t - uint8_t rtscarf; - uint32_t rtscarf_long; - uint32_t *referred_to_segments; -- int referred_to_segment_count; -- int referred_to_segment_size; -- int pa_size; -- int offset; -+ uint32_t referred_to_segment_count; -+ uint32_t referred_to_segment_size; -+ uint32_t pa_size; -+ uint32_t offset; - - /* minimum possible size of a jbig2 segment header */ - if (buf_size < 11) -@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t - - /* 7.2.5 */ - if (referred_to_segment_count) { -- int i; -+ uint32_t i; - - referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size); - if (referred_to_segments == NULL) { -diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c -index 2c71a4c..11a2252 100644 ---- a/jbig2dec/jbig2_symbol_dict.c -+++ b/jbig2dec/jbig2_symbol_dict.c -@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment) - - /* return a new empty symbol dict */ - Jbig2SymbolDict * --jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols) -+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols) - { -- Jbig2SymbolDict *new = NULL; -+ Jbig2SymbolDict *new_dict = NULL; - - if (n_symbols < 0) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols); - return NULL; - } - -- new = jbig2_new(ctx, Jbig2SymbolDict, 1); -- if (new != NULL) { -- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); -- new->n_symbols = n_symbols; -+ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1); -+ if (new_dict != NULL) { -+ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); -+ new_dict->n_symbols = n_symbols; - } else { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict"); - return NULL; - } - -- if (new->glyphs != NULL) { -- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *)); -+ if (new_dict->glyphs != NULL) { -+ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *)); - } else { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict"); -- jbig2_free(ctx->allocator, new); -+ jbig2_free(ctx->allocator, new_dict); - return NULL; - } - -- return new; -+ return new_dict; - } - - /* release the memory associated with a symbol dict */ - void - jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict) - { -- int i; -+ uint32_t i; - - if (dict == NULL) - return; -@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id) - } - - /* count the number of dictionary segments referred to by the given segment */ --int -+uint32_t - jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) - { - int index; - Jbig2Segment *rsegment; -- int n_dicts = 0; -+ uint32_t n_dicts = 0; - - for (index = 0; index < segment->referred_to_segment_count; index++) { - rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]); -@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) - int index; - Jbig2Segment *rsegment; - Jbig2SymbolDict **dicts; -- int n_dicts = jbig2_sd_count_referred(ctx, segment); -- int dindex = 0; -+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); -+ uint32_t dindex = 0; - - dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts); - if (dicts == NULL) { -@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) - /* generate a new symbol dictionary by concatenating a list of - existing dictionaries */ - Jbig2SymbolDict * --jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) -+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts) - { -- int i, j, k, symbols; -- Jbig2SymbolDict *new = NULL; -+ uint32_t i, j, k, symbols; -+ Jbig2SymbolDict *new_dict = NULL; - - /* count the imported symbols and allocate a new array */ - symbols = 0; -@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) - symbols += dicts[i]->n_symbols; - - /* fill a new array with cloned glyph pointers */ -- new = jbig2_sd_new(ctx, symbols); -- if (new != NULL) { -+ new_dict = jbig2_sd_new(ctx, symbols); -+ if (new_dict != NULL) { - k = 0; - for (i = 0; i < n_dicts; i++) - for (j = 0; j < dicts[i]->n_symbols; j++) -- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); -+ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); - } else { - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary"); - } - -- return new; -+ return new_dict; - } - - /* Decoding routines */ -@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - - if (REFAGGNINST > 1) { - Jbig2Image *image; -- int i; -+ uint32_t i; - - if (tparams == NULL) { - /* First time through, we need to initialise the */ -@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - uint32_t ID; - int32_t RDX, RDY; - int BMSIZE = 0; -- int ninsyms = params->SDNUMINSYMS; -+ uint32_t ninsyms = params->SDNUMINSYMS; - int code1 = 0; - int code2 = 0; - int code3 = 0; -@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - if (params->SDHUFF && !params->SDREFAGG) { - /* 6.5.9 */ - Jbig2Image *image; -- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); -- int j, x; -+ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); -+ uint32_t j; -+ int x; - - if (code || (BMSIZE < 0)) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!"); -@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary"); - goto cleanup4; - } else { -- int i = 0; -- int j = 0; -- int k; -+ uint32_t i = 0; -+ uint32_t j = 0; -+ uint32_t k; - int exflag = 0; -- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS; -- int32_t exrunlength; -+ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS; -+ uint32_t exrunlength; - int zerolength = 0; - - while (i < limit) { - if (params->SDHUFF) - exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code); - else -- code = jbig2_arith_int_decode(IAEX, as, &exrunlength); -+ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength); - /* prevent infinite loop */ - zerolength = exrunlength > 0 ? 0 : zerolength + 1; -- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) { -+ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { - if (code) - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols"); - else if (exrunlength <= 0) -@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen - { - Jbig2SymbolDictParams params; - uint16_t flags; -- int sdat_bytes; -- int offset; -+ uint32_t sdat_bytes; -+ uint32_t offset; - Jbig2ArithCx *GB_stats = NULL; - Jbig2ArithCx *GR_stats = NULL; - int table_index = 0; -@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen - - /* 7.4.2.2 (2) */ - { -- int n_dicts = jbig2_sd_count_referred(ctx, segment); -+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); - Jbig2SymbolDict **dicts = NULL; - - if (n_dicts > 0) { -diff --git a/jbig2dec/jbig2_symbol_dict.h b/jbig2dec/jbig2_symbol_dict.h -index d56d62d..30211d4 100644 ---- a/jbig2dec/jbig2_symbol_dict.h -+++ b/jbig2dec/jbig2_symbol_dict.h -@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se - Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id); - - /* return a new empty symbol dict */ --Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols); -+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols); - - /* release the memory associated with a symbol dict */ - void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict); - - /* generate a new symbol dictionary by concatenating a list of - existing dictionaries */ --Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts); -+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts); - - /* count the number of dictionary segments referred - to by the given segment */ --int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); -+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); - - /* return an array of pointers to symbol dictionaries referred - to by a segment */ -diff --git a/jbig2dec/jbig2_text.c b/jbig2dec/jbig2_text.c -index 5c99640..e77460f 100644 ---- a/jbig2dec/jbig2_text.c -+++ b/jbig2dec/jbig2_text.c -@@ -55,7 +55,7 @@ - int - jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - const Jbig2TextRegionParams *params, -- const Jbig2SymbolDict *const *dicts, const int n_dicts, -+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts, - Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws) - { - /* relevent bits of 6.4.4 */ -@@ -476,19 +476,19 @@ cleanup2: - int - jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data) - { -- int offset = 0; -+ uint32_t offset = 0; - Jbig2RegionSegmentInfo region_info; - Jbig2TextRegionParams params; - Jbig2Image *image = NULL; - Jbig2SymbolDict **dicts = NULL; -- int n_dicts = 0; -+ uint32_t n_dicts = 0; - uint16_t flags = 0; - uint16_t huffman_flags = 0; - Jbig2ArithCx *GR_stats = NULL; - int code = 0; - Jbig2WordStream *ws = NULL; - Jbig2ArithState *as = NULL; -- int table_index = 0; -+ uint32_t table_index = 0; - const Jbig2HuffmanParams *huffman_params = NULL; - - /* 7.4.1 */ -@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data - code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?"); - goto cleanup1; - } else { -- int index; -+ uint32_t index; - - if (dicts[0] == NULL) { - code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!"); -@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data - } - - if (!params.SBHUFF) { -- int SBSYMCODELEN, index; -- int SBNUMSYMS = 0; -+ uint32_t SBSYMCODELEN, index; -+ uint32_t SBNUMSYMS = 0; - - for (index = 0; index < n_dicts; index++) { - SBNUMSYMS += dicts[index]->n_symbols; -@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data - } - - /* Table 31 */ -- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) { -+ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) { - } - params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN); - params.IARI = jbig2_arith_int_ctx_new(ctx); -diff --git a/jbig2dec/jbig2_text.h b/jbig2dec/jbig2_text.h -index aec2732..51d242e 100644 ---- a/jbig2dec/jbig2_text.h -+++ b/jbig2dec/jbig2_text.h -@@ -70,5 +70,5 @@ typedef struct { - int - jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - const Jbig2TextRegionParams *params, -- const Jbig2SymbolDict *const *dicts, const int n_dicts, -+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts, - Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws); --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2017-5951.patch b/ghostscript-9.20-cve-2017-5951.patch deleted file mode 100644 index a924c7f..0000000 --- a/ghostscript-9.20-cve-2017-5951.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Thu, 6 Apr 2017 16:44:54 +0100 -Subject: [PATCH] Bug 697548: use the correct param list enumerator - -When we encountered dictionary in a ref_param_list, we were using the enumerator -for the "parent" param_list, rather than the enumerator for the param_list -we just created for the dictionary. That parent was usually the stack -list enumerator, and caused a segfault. - -Using the correct enumerator works better. ---- - psi/iparam.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/psi/iparam.c b/psi/iparam.c -index 4e63b6d..b2fa85f 100644 ---- a/psi/iparam.c -+++ b/psi/iparam.c -@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * plist, gs_param_name pkey, - gs_param_enumerator_t enumr; - gs_param_key_t key; - ref_type keytype; -+ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list; - - param_init_enumerator(&enumr); -- if (!(*((iparam_list *) plist)->enumerate) -- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype) -+ if (!(*(dlist->enumerate)) -+ ((iparam_list *) dlist, &enumr, &key, &keytype) - && keytype == t_integer) { -- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1; -+ dlist->int_keys = 1; - pvalue->type = gs_param_type_dict_int_keys; - } - } --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2017-7207.patch b/ghostscript-9.20-cve-2017-7207.patch deleted file mode 100644 index ebe83fe..0000000 --- a/ghostscript-9.20-cve-2017-7207.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Mon, 20 Mar 2017 09:34:11 +0000 -Subject: [PATCH] Ensure a device has raster memory, before trying to read it. - -Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()" - -This is only possible by abusing/mis-using Ghostscript-specific -language extensions, so cannot happen in a general PostScript program. - -Nevertheless, Ghostscript should not crash. So this commit checks the -memory device to see if raster memory has been allocated, before trying -to read from it. ---- - base/gdevmem.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/base/gdevmem.c b/base/gdevmem.c -index afd05bd..d52d684 100644 ---- a/base/gdevmem.c -+++ b/base/gdevmem.c -@@ -606,6 +606,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect, - GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE; - return_error(gs_error_rangecheck); - } -+ if (mdev->line_ptrs == 0x00) -+ return_error(gs_error_rangecheck); - if ((w <= 0) | (h <= 0)) { - if ((w | h) < 0) - return_error(gs_error_rangecheck); --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2017-7975.patch b/ghostscript-9.20-cve-2017-7975.patch deleted file mode 100644 index beacee8..0000000 --- a/ghostscript-9.20-cve-2017-7975.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001 -From: Shailesh Mistry -Date: Wed, 26 Apr 2017 22:12:14 +0100 -Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow. - -While building a Huffman table, the start and end points were susceptible -to integer overflow. - -Thank you to Jiaqi for finding this issue and suggesting a patch. ---- - jbig2dec/jbig2_huffman.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c -index 511e461..b4189a1 100644 ---- a/jbig2dec/jbig2_huffman.c -+++ b/jbig2dec/jbig2_huffman.c -@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params) - - if (PREFLEN == CURLEN) { - int RANGELEN = lines[CURTEMP].RANGELEN; -- int start_j = CURCODE << shift; -- int end_j = (CURCODE + 1) << shift; -+ uint32_t start_j = CURCODE << shift; -+ uint32_t end_j = (CURCODE + 1) << shift; - byte eflags = 0; - - if (end_j > max_j) { --- -2.9.3 - diff --git a/ghostscript-9.20-cve-2017-8291.patch b/ghostscript-9.20-cve-2017-8291.patch deleted file mode 100644 index 7da2678..0000000 --- a/ghostscript-9.20-cve-2017-8291.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Thu, 27 Apr 2017 13:03:33 +0100 -Subject: [PATCH 1/2] Bug 697799: have .eqproc check its parameters - -The Ghostscript custom operator .eqproc was not check the number or type of -the parameters it was given. ---- - psi/zmisc3.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b3042..37293ff 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(gs_error_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(gs_error_typecheck); -+ } -+ - make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { --- -2.9.3 - - -From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Thu, 27 Apr 2017 13:21:31 +0100 -Subject: [PATCH 2/2] Bug 697799: have .rsdparams check its parameters - -The Ghostscript internal operator .rsdparams wasn't checking the number or -type of the operands it was being passed. Do so. ---- - psi/zfrsd.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 191107d..950588d 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) - ref *pFilter; - ref *pDecodeParms; - int Intent = 0; -- bool AsyncRead; -+ bool AsyncRead = false; - ref empty_array, filter1_array, parms1_array; - uint i; -- int code; -+ int code = 0; -+ -+ if (ref_stack_count(&o_stack) < 1) -+ return_error(gs_error_stackunderflow); -+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(gs_error_typecheck); -+ } - - make_empty_array(&empty_array, a_readonly); -- if (dict_find_string(op, "Filter", &pFilter) > 0) { -+ if (r_has_type(op, t_dictionary) -+ && dict_find_string(op, "Filter", &pFilter) > 0) { - if (!r_is_array(pFilter)) { - if (!r_has_type(pFilter, t_name)) - return_error(gs_error_typecheck); -@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(gs_error_typecheck); - } - } -- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); -+ if (r_has_type(op, t_dictionary)) -+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ - return code; -- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 -- ) -- return code; -+ if (r_has_type(op, t_dictionary)) -+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0) -+ return code; - push(1); - op[-1] = *pFilter; - if (pDecodeParms) --- -2.9.3 - diff --git a/ghostscript-9.20-fix-openjpeg-system-build.patch b/ghostscript-9.20-fix-openjpeg-system-build.patch deleted file mode 100644 index 3c637e7..0000000 --- a/ghostscript-9.20-fix-openjpeg-system-build.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 99cf218dbd5f6fbdbda2ce6872eb9ab7f475c353 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Tue, 27 Sep 2016 11:22:18 +0100 -Subject: [PATCH 1/2] Add pre-processor define for shared OpenJPEG - ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index 25875ad..2ca2a80 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -290,7 +290,7 @@ JBIG2_CFLAGS=@JBIG2_AUTOCONF_CFLAGS@ - JPX_LIB=@JPX_DECODER@ - SHARE_JPX=@SHARE_JPX@ - JPXSRCDIR=@JPXDIR@ --JPX_CFLAGS=@JPX_AUTOCONF_CFLAGS@ @JPX_SSE_CFLAGS@ -+JPX_CFLAGS=-DSHARE_JPX=$(SHARE_JPX) @JPX_AUTOCONF_CFLAGS@ @JPX_SSE_CFLAGS@ - - # uncomment the following three lines and one of the last two to - # compile in the Luratech lwf_jp2 codec --- -2.7.4 - - -From 4f19ab99cac2d8a7d21aea34d8aea0727fad52d3 Mon Sep 17 00:00:00 2001 -From: Didier Raboud -Date: Thu, 6 Oct 2016 17:08:41 +0200 -Subject: [PATCH 2/2] Don't pass -DOPJ_STATIC when compiling the OpenJPEG code. - - It makes the symbols hidden when including - /usr/include/openjpeg-2.1/openjpeg.h. - Fixes a FTBFS against libopenjp2-7 (>= 2.1.1). - - Debian bug: https://bugs.debian.org/832873 ---- - base/lib.mak | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/base/lib.mak b/base/lib.mak -index 173e2c6..cffdc9d 100644 ---- a/base/lib.mak -+++ b/base/lib.mak -@@ -1849,7 +1849,7 @@ $(GLOBJ)sjpx_openjpeg.$(OBJ) : $(GLSRC)sjpx_openjpeg.c $(AK) \ - $(memory__h) $(gserror_h) $(gserrors_h) \ - $(gdebug_h) $(strimpl_h) $(sjpx_openjpeg_h) $(LIB_MAK) $(MAKEDIRS) - $(GLJPXOPJCC) $(GLO_)sjpx_openjpeg.$(OBJ) \ -- $(C_) -DOPJ_STATIC $(GLSRC)sjpx_openjpeg.c -+ $(C_) $(GLSRC)sjpx_openjpeg.c - - # ---------------- Pixel-difference filters ---------------- # - # The Predictor facility of the LZW and Flate filters uses these. --- -2.7.4 - diff --git a/ghostscript-9.20-handle-glyphdirectory-correctly.patch b/ghostscript-9.20-handle-glyphdirectory-correctly.patch deleted file mode 100644 index 831b2e8..0000000 --- a/ghostscript-9.20-handle-glyphdirectory-correctly.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 329e0a6d187cc5b5698689d76636ed3214d7efa7 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Thu, 3 Nov 2016 13:09:27 +0000 -Subject: [PATCH] Bug 697286: handle GlyphDirectory as an array - -For high level devices that need to copy CIDFonts, we need to establish the -highest CID in a given CIDFont. If the font has a GlyphDirectory dictionary -the only way to do so is to iterate through the keys to find the highest. - -The code handling this ignored that the GlyphDirectory could be an array, -which confused the dictionary content iterator, and caused a segfault. - -In the case of an array, set the high CID to the highest index available in the -array. ---- - psi/zfcid.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/psi/zfcid.c b/psi/zfcid.c -index ce583af..3098a22 100644 ---- a/psi/zfcid.c -+++ b/psi/zfcid.c -@@ -76,15 +76,19 @@ cid_font_data_param(os_ptr op, gs_font_cid_data *pdata, ref *pGlyphDirectory) - * the number of CIDs in the font. We need to know the maximum CID - * when copying fonts, so calculate and store it now. - */ -- index = dict_first(pgdir); -- while (index >= 0) { -- index = dict_next(pgdir, index, (ref *)&element); -- if (index >= 0) { -- if (element[0].value.intval > pdata->MaxCID) -- pdata->MaxCID = element[0].value.intval; -+ if (r_has_type(pgdir, t_dictionary)) { -+ index = dict_first(pgdir); -+ while (index >= 0) { -+ index = dict_next(pgdir, index, (ref *)&element); -+ if (index >= 0) { -+ if (element[0].value.intval > pdata->MaxCID) -+ pdata->MaxCID = element[0].value.intval; -+ } - } - } -- -+ else { -+ pdata->MaxCID = r_size(pgdir) - 1; -+ } - return code; - } else { - return_error(gs_error_typecheck); --- -2.7.4 - diff --git a/ghostscript-9.20-remove-and-reimplement-ConvertUTF.patch b/ghostscript-9.20-remove-and-reimplement-ConvertUTF.patch deleted file mode 100644 index 3083071..0000000 --- a/ghostscript-9.20-remove-and-reimplement-ConvertUTF.patch +++ /dev/null @@ -1,1228 +0,0 @@ -From 273a133110838ee5702e7eb6409a853c598211b2 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Thu, 29 Sep 2016 17:35:05 +0100 -Subject: [PATCH] Remove (and re-implement) ConvertUTF.c - -Bug #697122 " embedded ConvertUTF.c is buggy and licensed incompatibly with GPL/APGL" - -Its not clear that this code is incompatible with GPL, nor do we think -any 'bugginess' in the code affects us, since we are using a comparatively -small part of the included code. - -Nevertheless its possible to remove the code, and re-implement the small -part we actually need, and that is done here. - -Also removed the DSCEncodingToUnicode option which was insanely difficult -to use, and incorrectly documented. - -Yhis shows one difference, 692486_-_heap_overflow_in_pdf_to_ucs2.pdf -now correctly throws an error, because the PDF file contains document -information (Application) which has an invalid UTF16-BE sequence. ---- - base/ConvertUTF.c | 539 ----------------------------------------- - base/ConvertUTF.h | 155 ------------ - base/lib.mak | 4 - - devices/devs.mak | 5 +- - devices/vector/gdevpdf.c | 16 +- - devices/vector/gdevpdfb.h | 1 - - devices/vector/gdevpdfe.c | 270 +++++++++++---------- - devices/vector/gdevpdfp.c | 1 - - devices/vector/gdevpdfx.h | 17 +- - windows/ghostscript.vcproj | 8 - - windows/ghostscript_rt.vcxproj | 2 - - 11 files changed, 155 insertions(+), 863 deletions(-) - delete mode 100644 base/ConvertUTF.c - delete mode 100644 base/ConvertUTF.h - -diff --git a/base/ConvertUTF.c b/base/ConvertUTF.c -deleted file mode 100644 -index cb2e2de..0000000 ---- a/base/ConvertUTF.c -+++ /dev/null -@@ -1,539 +0,0 @@ --/* -- * Copyright 2001-2004 Unicode, Inc. -- * -- * Disclaimer -- * -- * This source code is provided as is by Unicode, Inc. No claims are -- * made as to fitness for any particular purpose. No warranties of any -- * kind are expressed or implied. The recipient agrees to determine -- * applicability of information provided. If this file has been -- * purchased on magnetic or optical media from Unicode, Inc., the -- * sole remedy for any claim will be exchange of defective media -- * within 90 days of receipt. -- * -- * Limitations on Rights to Redistribute This Code -- * -- * Unicode, Inc. hereby grants the right to freely use the information -- * supplied in this file in the creation of products supporting the -- * Unicode Standard, and to make copies of this file in any form -- * for internal or external distribution as long as this notice -- * remains attached. -- */ -- -- --/* --------------------------------------------------------------------- -- -- Conversions between UTF32, UTF-16, and UTF-8. Source code file. -- Author: Mark E. Davis, 1994. -- Rev History: Rick McGowan, fixes & updates May 2001. -- Sept 2001: fixed const & error conditions per -- mods suggested by S. Parent & A. Lillich. -- June 2002: Tim Dodd added detection and handling of incomplete -- source sequences, enhanced error detection, added casts -- to eliminate compiler warnings. -- July 2003: slight mods to back out aggressive FFFE detection. -- Jan 2004: updated switches in from-UTF8 conversions. -- Oct 2004: updated to use UNI_MAX_LEGAL_UTF32 in UTF-32 conversions. -- -- See the header file "ConvertUTF.h" for complete documentation. -- -------------------------------------------------------------------------- */ -- --#include "ConvertUTF.h" --#ifdef CVTUTF_DEBUG --#include --#endif -- --static const int halfShift = 10; /* used for shifting by 10 bits */ -- --static const UTF32 halfBase = 0x0010000UL; --static const UTF32 halfMask = 0x3FFUL; -- --#define UNI_SUR_HIGH_START (UTF32)0xD800 --#define UNI_SUR_HIGH_END (UTF32)0xDBFF --#define UNI_SUR_LOW_START (UTF32)0xDC00 --#define UNI_SUR_LOW_END (UTF32)0xDFFF --#define false 0 --#define true 1 -- --/* --------------------------------------------------------------------- */ -- --ConversionResult ConvertUTF32toUTF16 ( -- const UTF32** sourceStart, const UTF32* sourceEnd, -- UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags) { -- ConversionResult result = conversionOK; -- const UTF32* source = *sourceStart; -- UTF16* target = *targetStart; -- while (source < sourceEnd) { -- UTF32 ch; -- if (target >= targetEnd) { -- result = targetExhausted; break; -- } -- ch = *source++; -- if (ch <= UNI_MAX_BMP) { /* Target is a character <= 0xFFFF */ -- /* UTF-16 surrogate values are illegal in UTF-32; 0xffff or 0xfffe are both reserved values */ -- if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { -- if (flags == strictConversion) { -- --source; /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } else { -- *target++ = UNI_REPLACEMENT_CHAR; -- } -- } else { -- *target++ = (UTF16)ch; /* normal case */ -- } -- } else if (ch > UNI_MAX_LEGAL_UTF32) { -- if (flags == strictConversion) { -- result = sourceIllegal; -- } else { -- *target++ = UNI_REPLACEMENT_CHAR; -- } -- } else { -- /* target is a character in range 0xFFFF - 0x10FFFF. */ -- if (target + 1 >= targetEnd) { -- --source; /* Back up source pointer! */ -- result = targetExhausted; break; -- } -- ch -= halfBase; -- *target++ = (UTF16)((ch >> halfShift) + UNI_SUR_HIGH_START); -- *target++ = (UTF16)((ch & halfMask) + UNI_SUR_LOW_START); -- } -- } -- *sourceStart = source; -- *targetStart = target; -- return result; --} -- --/* --------------------------------------------------------------------- */ -- --ConversionResult ConvertUTF16toUTF32 ( -- const UTF16** sourceStart, const UTF16* sourceEnd, -- UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags) { -- ConversionResult result = conversionOK; -- const UTF16* source = *sourceStart; -- UTF32* target = *targetStart; -- UTF32 ch, ch2; -- while (source < sourceEnd) { -- const UTF16* oldSource = source; /* In case we have to back up because of target overflow. */ -- ch = *source++; -- /* If we have a surrogate pair, convert to UTF32 first. */ -- if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_HIGH_END) { -- /* If the 16 bits following the high surrogate are in the source buffer... */ -- if (source < sourceEnd) { -- ch2 = *source; -- /* If it's a low surrogate, convert to UTF32. */ -- if (ch2 >= UNI_SUR_LOW_START && ch2 <= UNI_SUR_LOW_END) { -- ch = ((ch - UNI_SUR_HIGH_START) << halfShift) -- + (ch2 - UNI_SUR_LOW_START) + halfBase; -- ++source; -- } else if (flags == strictConversion) { /* it's an unpaired high surrogate */ -- --source; /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } -- } else { /* We don't have the 16 bits following the high surrogate. */ -- --source; /* return to the high surrogate */ -- result = sourceExhausted; -- break; -- } -- } else if (flags == strictConversion) { -- /* UTF-16 surrogate values are illegal in UTF-32 */ -- if (ch >= UNI_SUR_LOW_START && ch <= UNI_SUR_LOW_END) { -- --source; /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } -- } -- if (target >= targetEnd) { -- source = oldSource; /* Back up source pointer! */ -- result = targetExhausted; break; -- } -- *target++ = ch; -- } -- *sourceStart = source; -- *targetStart = target; --#ifdef CVTUTF_DEBUG --if (result == sourceIllegal) { -- fprintf(stderr, "ConvertUTF16toUTF32 illegal seq 0x%04x,%04x\n", ch, ch2); -- fflush(stderr); --} --#endif -- return result; --} -- --/* --------------------------------------------------------------------- */ -- --/* -- * Index into the table below with the first byte of a UTF-8 sequence to -- * get the number of trailing bytes that are supposed to follow it. -- * Note that *legal* UTF-8 values can't have 4 or 5-bytes. The table is -- * left as-is for anyone who may want to do such conversion, which was -- * allowed in earlier algorithms. -- */ --static const char trailingBytesForUTF8[256] = { -- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -- 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, -- 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 --}; -- --/* -- * Magic values subtracted from a buffer value during UTF8 conversion. -- * This table contains as many values as there might be trailing bytes -- * in a UTF-8 sequence. -- */ --static const UTF32 offsetsFromUTF8[6] = { 0x00000000UL, 0x00003080UL, 0x000E2080UL, -- 0x03C82080UL, 0xFA082080UL, 0x82082080UL }; -- --/* -- * Once the bits are split out into bytes of UTF-8, this is a mask OR-ed -- * into the first byte, depending on how many bytes follow. There are -- * as many entries in this table as there are UTF-8 sequence types. -- * (I.e., one byte sequence, two byte... etc.). Remember that sequencs -- * for *legal* UTF-8 will be 4 or fewer bytes total. -- */ --static const UTF8 firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC }; -- --/* --------------------------------------------------------------------- */ -- --/* The interface converts a whole buffer to avoid function-call overhead. -- * Constants have been gathered. Loops & conditionals have been removed as -- * much as possible for efficiency, in favor of drop-through switches. -- * (See "Note A" at the bottom of the file for equivalent code.) -- * If your compiler supports it, the "isLegalUTF8" call can be turned -- * into an inline function. -- */ -- --/* --------------------------------------------------------------------- */ -- --ConversionResult ConvertUTF16toUTF8 ( -- const UTF16** sourceStart, const UTF16* sourceEnd, -- UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags) { -- ConversionResult result = conversionOK; -- const UTF16* source = *sourceStart; -- UTF8* target = *targetStart; -- while (source < sourceEnd) { -- UTF32 ch; -- unsigned short bytesToWrite = 0; -- const UTF32 byteMask = 0xBF; -- const UTF32 byteMark = 0x80; -- const UTF16* oldSource = source; /* In case we have to back up because of target overflow. */ -- ch = *source++; -- /* If we have a surrogate pair, convert to UTF32 first. */ -- if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_HIGH_END) { -- /* If the 16 bits following the high surrogate are in the source buffer... */ -- if (source < sourceEnd) { -- UTF32 ch2 = *source; -- /* If it's a low surrogate, convert to UTF32. */ -- if (ch2 >= UNI_SUR_LOW_START && ch2 <= UNI_SUR_LOW_END) { -- ch = ((ch - UNI_SUR_HIGH_START) << halfShift) -- + (ch2 - UNI_SUR_LOW_START) + halfBase; -- ++source; -- } else if (flags == strictConversion) { /* it's an unpaired high surrogate */ -- --source; /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } -- } else { /* We don't have the 16 bits following the high surrogate. */ -- --source; /* return to the high surrogate */ -- result = sourceExhausted; -- break; -- } -- } else if (flags == strictConversion) { -- /* UTF-16 surrogate values are illegal in UTF-32 */ -- if (ch >= UNI_SUR_LOW_START && ch <= UNI_SUR_LOW_END) { -- --source; /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } -- } -- /* Figure out how many bytes the result will require */ -- if (ch < (UTF32)0x80) { bytesToWrite = 1; -- } else if (ch < (UTF32)0x800) { bytesToWrite = 2; -- } else if (ch < (UTF32)0x10000) { bytesToWrite = 3; -- } else if (ch < (UTF32)0x110000) { bytesToWrite = 4; -- } else { bytesToWrite = 3; -- ch = UNI_REPLACEMENT_CHAR; -- } -- -- target += bytesToWrite; -- if (target > targetEnd) { -- source = oldSource; /* Back up source pointer! */ -- target -= bytesToWrite; result = targetExhausted; break; -- } -- switch (bytesToWrite) { /* note: everything falls through. */ -- case 4: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; -- case 3: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; -- case 2: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; -- case 1: *--target = (UTF8)(ch | firstByteMark[bytesToWrite]); -- } -- target += bytesToWrite; -- } -- *sourceStart = source; -- *targetStart = target; -- return result; --} -- --/* --------------------------------------------------------------------- */ -- --/* -- * Utility routine to tell whether a sequence of bytes is legal UTF-8. -- * This must be called with the length pre-determined by the first byte. -- * If not calling this from ConvertUTF8to*, then the length can be set by: -- * length = trailingBytesForUTF8[*source]+1; -- * and the sequence is illegal right away if there aren't that many bytes -- * available. -- * If presented with a length > 4, this returns false. The Unicode -- * definition of UTF-8 goes up to 4-byte sequences. -- */ -- --static Boolean isLegalUTF8(const UTF8 *source, int length) { -- UTF8 a; -- const UTF8 *srcptr = source+length; -- switch (length) { -- default: return false; -- /* Everything else falls through when "true"... */ -- case 4: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false; -- case 3: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false; -- case 2: if ((a = (*--srcptr)) > 0xBF) return false; -- -- switch (*source) { -- /* no fall-through in this inner switch */ -- case 0xE0: if (a < 0xA0) return false; break; -- case 0xED: if (a > 0x9F) return false; break; -- case 0xF0: if (a < 0x90) return false; break; -- case 0xF4: if (a > 0x8F) return false; break; -- default: if (a < 0x80) return false; -- } -- -- case 1: if (*source >= 0x80 && *source < 0xC2) return false; -- } -- if (*source > 0xF4) return false; -- return true; --} -- --/* --------------------------------------------------------------------- */ -- --/* -- * Exported function to return whether a UTF-8 sequence is legal or not. -- * This is not used here; it's just exported. -- */ --Boolean isLegalUTF8Sequence(const UTF8 *source, const UTF8 *sourceEnd) { -- int length = trailingBytesForUTF8[*source]+1; -- if (source+length > sourceEnd) { -- return false; -- } -- return isLegalUTF8(source, length); --} -- --/* --------------------------------------------------------------------- */ -- --ConversionResult ConvertUTF8toUTF16 ( -- const UTF8** sourceStart, const UTF8* sourceEnd, -- UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags) { -- ConversionResult result = conversionOK; -- const UTF8* source = *sourceStart; -- UTF16* target = *targetStart; -- while (source < sourceEnd) { -- UTF32 ch = 0; -- unsigned short extraBytesToRead = trailingBytesForUTF8[*source]; -- if (source + extraBytesToRead >= sourceEnd) { -- result = sourceExhausted; break; -- } -- /* Do this check whether lenient or strict */ -- if (! isLegalUTF8(source, extraBytesToRead+1)) { -- result = sourceIllegal; -- break; -- } -- /* -- * The cases all fall through. See "Note A" below. -- */ -- switch (extraBytesToRead) { -- case 5: ch += *source++; ch <<= 6; /* remember, illegal UTF-8 */ -- case 4: ch += *source++; ch <<= 6; /* remember, illegal UTF-8 */ -- case 3: ch += *source++; ch <<= 6; -- case 2: ch += *source++; ch <<= 6; -- case 1: ch += *source++; ch <<= 6; -- case 0: ch += *source++; -- } -- ch -= offsetsFromUTF8[extraBytesToRead]; -- -- if (target >= targetEnd) { -- source -= (extraBytesToRead+1); /* Back up source pointer! */ -- result = targetExhausted; break; -- } -- if (ch <= UNI_MAX_BMP) { /* Target is a character <= 0xFFFF */ -- /* UTF-16 surrogate values are illegal in UTF-32 */ -- if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { -- if (flags == strictConversion) { -- source -= (extraBytesToRead+1); /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } else { -- *target++ = UNI_REPLACEMENT_CHAR; -- } -- } else { -- *target++ = (UTF16)ch; /* normal case */ -- } -- } else if (ch > UNI_MAX_UTF16) { -- if (flags == strictConversion) { -- result = sourceIllegal; -- source -= (extraBytesToRead+1); /* return to the start */ -- break; /* Bail out; shouldn't continue */ -- } else { -- *target++ = UNI_REPLACEMENT_CHAR; -- } -- } else { -- /* target is a character in range 0xFFFF - 0x10FFFF. */ -- if (target + 1 >= targetEnd) { -- source -= (extraBytesToRead+1); /* Back up source pointer! */ -- result = targetExhausted; break; -- } -- ch -= halfBase; -- *target++ = (UTF16)((ch >> halfShift) + UNI_SUR_HIGH_START); -- *target++ = (UTF16)((ch & halfMask) + UNI_SUR_LOW_START); -- } -- } -- *sourceStart = source; -- *targetStart = target; -- return result; --} -- --/* --------------------------------------------------------------------- */ -- --ConversionResult ConvertUTF32toUTF8 ( -- const UTF32** sourceStart, const UTF32* sourceEnd, -- UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags) { -- ConversionResult result = conversionOK; -- const UTF32* source = *sourceStart; -- UTF8* target = *targetStart; -- while (source < sourceEnd) { -- UTF32 ch; -- unsigned short bytesToWrite = 0; -- const UTF32 byteMask = 0xBF; -- const UTF32 byteMark = 0x80; -- ch = *source++; -- if (flags == strictConversion ) { -- /* UTF-16 surrogate values are illegal in UTF-32 */ -- if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { -- --source; /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } -- } -- /* -- * Figure out how many bytes the result will require. Turn any -- * illegally large UTF32 things (> Plane 17) into replacement chars. -- */ -- if (ch < (UTF32)0x80) { bytesToWrite = 1; -- } else if (ch < (UTF32)0x800) { bytesToWrite = 2; -- } else if (ch < (UTF32)0x10000) { bytesToWrite = 3; -- } else if (ch <= UNI_MAX_LEGAL_UTF32) { bytesToWrite = 4; -- } else { bytesToWrite = 3; -- ch = UNI_REPLACEMENT_CHAR; -- result = sourceIllegal; -- } -- -- target += bytesToWrite; -- if (target > targetEnd) { -- --source; /* Back up source pointer! */ -- target -= bytesToWrite; result = targetExhausted; break; -- } -- switch (bytesToWrite) { /* note: everything falls through. */ -- case 4: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; -- case 3: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; -- case 2: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; -- case 1: *--target = (UTF8) (ch | firstByteMark[bytesToWrite]); -- } -- target += bytesToWrite; -- } -- *sourceStart = source; -- *targetStart = target; -- return result; --} -- --/* --------------------------------------------------------------------- */ -- --ConversionResult ConvertUTF8toUTF32 ( -- const UTF8** sourceStart, const UTF8* sourceEnd, -- UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags) { -- ConversionResult result = conversionOK; -- const UTF8* source = *sourceStart; -- UTF32* target = *targetStart; -- while (source < sourceEnd) { -- UTF32 ch = 0; -- unsigned short extraBytesToRead = trailingBytesForUTF8[*source]; -- if (source + extraBytesToRead >= sourceEnd) { -- result = sourceExhausted; break; -- } -- /* Do this check whether lenient or strict */ -- if (! isLegalUTF8(source, extraBytesToRead+1)) { -- result = sourceIllegal; -- break; -- } -- /* -- * The cases all fall through. See "Note A" below. -- */ -- switch (extraBytesToRead) { -- case 5: ch += *source++; ch <<= 6; -- case 4: ch += *source++; ch <<= 6; -- case 3: ch += *source++; ch <<= 6; -- case 2: ch += *source++; ch <<= 6; -- case 1: ch += *source++; ch <<= 6; -- case 0: ch += *source++; -- } -- ch -= offsetsFromUTF8[extraBytesToRead]; -- -- if (target >= targetEnd) { -- source -= (extraBytesToRead+1); /* Back up the source pointer! */ -- result = targetExhausted; break; -- } -- if (ch <= UNI_MAX_LEGAL_UTF32) { -- /* -- * UTF-16 surrogate values are illegal in UTF-32, and anything -- * over Plane 17 (> 0x10FFFF) is illegal. -- */ -- if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { -- if (flags == strictConversion) { -- source -= (extraBytesToRead+1); /* return to the illegal value itself */ -- result = sourceIllegal; -- break; -- } else { -- *target++ = UNI_REPLACEMENT_CHAR; -- } -- } else { -- *target++ = ch; -- } -- } else { /* i.e., ch > UNI_MAX_LEGAL_UTF32 */ -- result = sourceIllegal; -- *target++ = UNI_REPLACEMENT_CHAR; -- } -- } -- *sourceStart = source; -- *targetStart = target; -- return result; --} -- --/* --------------------------------------------------------------------- -- -- Note A. -- The fall-through switches in UTF-8 reading code save a -- temp variable, some decrements & conditionals. The switches -- are equivalent to the following loop: -- { -- int tmpBytesToRead = extraBytesToRead+1; -- do { -- ch += *source++; -- --tmpBytesToRead; -- if (tmpBytesToRead) ch <<= 6; -- } while (tmpBytesToRead > 0); -- } -- In UTF-8 writing code, the switches on "bytesToWrite" are -- similarly unrolled loops. -- -- --------------------------------------------------------------------- */ -diff --git a/base/ConvertUTF.h b/base/ConvertUTF.h -deleted file mode 100644 -index 538bec6..0000000 ---- a/base/ConvertUTF.h -+++ /dev/null -@@ -1,155 +0,0 @@ --/* -- * Copyright 2001-2004 Unicode, Inc. -- * -- * Disclaimer -- * -- * This source code is provided as is by Unicode, Inc. No claims are -- * made as to fitness for any particular purpose. No warranties of any -- * kind are expressed or implied. The recipient agrees to determine -- * applicability of information provided. If this file has been -- * purchased on magnetic or optical media from Unicode, Inc., the -- * sole remedy for any claim will be exchange of defective media -- * within 90 days of receipt. -- * -- * Limitations on Rights to Redistribute This Code -- * -- * Unicode, Inc. hereby grants the right to freely use the information -- * supplied in this file in the creation of products supporting the -- * Unicode Standard, and to make copies of this file in any form -- * for internal or external distribution as long as this notice -- * remains attached. -- */ -- -- --#ifndef ConvertUTF_INCLUDED --#define ConvertUTF_INCLUDED -- --/* --------------------------------------------------------------------- -- -- Conversions between UTF32, UTF-16, and UTF-8. Header file. -- -- Several funtions are included here, forming a complete set of -- conversions between the three formats. UTF-7 is not included -- here, but is handled in a separate source file. -- -- Each of these routines takes pointers to input buffers and output -- buffers. The input buffers are const. -- -- Each routine converts the text between *sourceStart and sourceEnd, -- putting the result into the buffer between *targetStart and -- targetEnd. Note: the end pointers are *after* the last item: e.g. -- *(sourceEnd - 1) is the last item. -- -- The return result indicates whether the conversion was successful, -- and if not, whether the problem was in the source or target buffers. -- (Only the first encountered problem is indicated.) -- -- After the conversion, *sourceStart and *targetStart are both -- updated to point to the end of last text successfully converted in -- the respective buffers. -- -- Input parameters: -- sourceStart - pointer to a pointer to the source buffer. -- The contents of this are modified on return so that -- it points at the next thing to be converted. -- targetStart - similarly, pointer to pointer to the target buffer. -- sourceEnd, targetEnd - respectively pointers to the ends of the -- two buffers, for overflow checking only. -- -- These conversion functions take a ConversionFlags argument. When this -- flag is set to strict, both irregular sequences and isolated surrogates -- will cause an error. When the flag is set to lenient, both irregular -- sequences and isolated surrogates are converted. -- -- Whether the flag is strict or lenient, all illegal sequences will cause -- an error return. This includes sequences such as: , , -- or in UTF-8, and values above 0x10FFFF in UTF-32. Conformant code -- must check for illegal sequences. -- -- When the flag is set to lenient, characters over 0x10FFFF are converted -- to the replacement character; otherwise (when the flag is set to strict) -- they constitute an error. -- -- Output parameters: -- The value "sourceIllegal" is returned from some routines if the input -- sequence is malformed. When "sourceIllegal" is returned, the source -- value will point to the illegal value that caused the problem. E.g., -- in UTF-8 when a sequence is malformed, it points to the start of the -- malformed sequence. -- -- Author: Mark E. Davis, 1994. -- Rev History: Rick McGowan, fixes & updates May 2001. -- Fixes & updates, Sept 2001. -- -------------------------------------------------------------------------- */ -- --/* --------------------------------------------------------------------- -- The following 4 definitions are compiler-specific. -- The C standard does not guarantee that wchar_t has at least -- 16 bits, so wchar_t is no less portable than unsigned short! -- All should be unsigned values to avoid sign extension during -- bit mask & shift operations. -------------------------------------------------------------------------- */ -- --typedef unsigned long UTF32; /* at least 32 bits */ --typedef unsigned short UTF16; /* at least 16 bits */ --typedef unsigned char UTF8; /* typically 8 bits */ --typedef unsigned char Boolean; /* 0 or 1 */ -- --/* Some fundamental constants */ --#define UNI_REPLACEMENT_CHAR (UTF32)0x0000FFFD --#define UNI_MAX_BMP (UTF32)0x0000FFFF --#define UNI_MAX_UTF16 (UTF32)0x0010FFFF --#define UNI_MAX_UTF32 (UTF32)0x7FFFFFFF --#define UNI_MAX_LEGAL_UTF32 (UTF32)0x0010FFFF -- --typedef enum { -- conversionOK, /* conversion successful */ -- sourceExhausted, /* partial character in source, but hit end */ -- targetExhausted, /* insuff. room in target for conversion */ -- sourceIllegal /* source sequence is illegal/malformed */ --} ConversionResult; -- --typedef enum { -- strictConversion = 0, -- lenientConversion --} ConversionFlags; -- --/* This is for C++ and does no harm in C */ --#ifdef __cplusplus --extern "C" { --#endif -- --ConversionResult ConvertUTF8toUTF16 ( -- const UTF8** sourceStart, const UTF8* sourceEnd, -- UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags); -- --ConversionResult ConvertUTF16toUTF8 ( -- const UTF16** sourceStart, const UTF16* sourceEnd, -- UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags); -- --ConversionResult ConvertUTF8toUTF32 ( -- const UTF8** sourceStart, const UTF8* sourceEnd, -- UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); -- --ConversionResult ConvertUTF32toUTF8 ( -- const UTF32** sourceStart, const UTF32* sourceEnd, -- UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags); -- --ConversionResult ConvertUTF16toUTF32 ( -- const UTF16** sourceStart, const UTF16* sourceEnd, -- UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); -- --ConversionResult ConvertUTF32toUTF16 ( -- const UTF32** sourceStart, const UTF32* sourceEnd, -- UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags); -- --Boolean isLegalUTF8Sequence(const UTF8 *source, const UTF8 *sourceEnd); -- --#ifdef __cplusplus --} --#endif -- --/* --------------------------------------------------------------------- */ -- --#endif /* ConvertUTF_INCLUDED */ -diff --git a/base/lib.mak b/base/lib.mak -index 173e2c6..2de6565 100644 ---- a/base/lib.mak -+++ b/base/lib.mak -@@ -52,7 +52,6 @@ GLLCMS2CC=$(CC) $(LCMS2_CFLAGS) $(CFLAGS) $(I_)$(GLI_) $(II)$(LCMS2SRCDIR)$(D)in - lcms2_h=$(LCMS2SRCDIR)$(D)include$(D)lcms2.h - lcms2_plugin_h=$(LCMS2SRCDIR)$(D)include$(D)lcms2_plugin.h - --ConvertUTF_h=$(GLSRC)ConvertUTF.h - gdevdcrd_h=$(GLSRC)gdevdcrd.h - gdevpccm_h=$(GLSRC)gdevpccm.h - -@@ -1097,9 +1096,6 @@ $(GLOBJ)gdevpccm.$(OBJ) : $(GLSRC)gdevpccm.c $(AK)\ - $(gx_h) $(gsmatrix_h) $(gxdevice_h) $(gdevpccm_h) $(LIB_MAK) $(MAKEDIRS) - $(GLCC) $(GLO_)gdevpccm.$(OBJ) $(C_) $(GLSRC)gdevpccm.c - --$(GLOBJ)ConvertUTF.$(OBJ) : $(GLSRC)ConvertUTF.c $(ConvertUTF_h) $(LIB_MAK) $(MAKEDIRS) -- $(GLCC) $(GLO_)ConvertUTF.$(OBJ) $(C_) $(GLSRC)ConvertUTF.c -- - ### Memory devices - - $(GLOBJ)gdevmem.$(OBJ) : $(GLSRC)gdevmem.c $(AK) $(gx_h) $(gserrors_h) \ -diff --git a/devices/devs.mak b/devices/devs.mak -index ea27ab0..51ec363 100644 ---- a/devices/devs.mak -+++ b/devices/devs.mak -@@ -835,9 +835,8 @@ pdfwrite5_=$(DEVOBJ)gdevpdfm.$(OBJ) - pdfwrite6_=$(DEVOBJ)gdevpdfo.$(OBJ) $(DEVOBJ)gdevpdfp.$(OBJ) $(DEVOBJ)gdevpdft.$(OBJ) - pdfwrite7_=$(DEVOBJ)gdevpdfr.$(OBJ) - pdfwrite8_=$(DEVOBJ)gdevpdfu.$(OBJ) $(DEVOBJ)gdevpdfv.$(OBJ) $(DEVOBJ)gdevagl.$(OBJ) --pdfwrite9_= $(GLOBJ)ConvertUTF.$(OBJ) --pdfwrite10_=$(DEVOBJ)gsflip.$(OBJ) --pdfwrite11_=$(DEVOBJ)scantab.$(OBJ) $(DEVOBJ)sfilter2.$(OBJ) -+pdfwrite9_=$(DEVOBJ)gsflip.$(OBJ) -+pdfwrite10_=$(DEVOBJ)scantab.$(OBJ) $(DEVOBJ)sfilter2.$(OBJ) - pdfwrite_=$(pdfwrite1_) $(pdfwrite2_) $(pdfwrite3_) $(pdfwrite4_)\ - $(pdfwrite5_) $(pdfwrite6_) $(pdfwrite7_) $(pdfwrite8_) $(pdfwrite9_)\ - $(pdfwrite10_) $(pdfwrite11_) -diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c -index 2b3186d..20e0ae8 100644 ---- a/devices/vector/gdevpdf.c -+++ b/devices/vector/gdevpdf.c -@@ -111,14 +111,13 @@ ENUM_PTRS_WITH(device_pdfwrite_enum_ptrs, gx_device_pdf *pdev) - ENUM_PTR(32, gx_device_pdf, pres_soft_mask_dict); - ENUM_PTR(33, gx_device_pdf, PDFXTrimBoxToMediaBoxOffset.data); - ENUM_PTR(34, gx_device_pdf, PDFXBleedBoxToTrimBoxOffset.data); -- ENUM_PTR(35, gx_device_pdf, DSCEncodingToUnicode.data); -- ENUM_PTR(36, gx_device_pdf, Identity_ToUnicode_CMaps[0]); -- ENUM_PTR(37, gx_device_pdf, Identity_ToUnicode_CMaps[1]); -- ENUM_PTR(38, gx_device_pdf, vgstack); -- ENUM_PTR(39, gx_device_pdf, outline_levels); -- ENUM_PTR(40, gx_device_pdf, EmbeddedFiles); -- ENUM_PTR(41, gx_device_pdf, pdf_font_dir); -- ENUM_PTR(42, gx_device_pdf, ExtensionMetadata); -+ ENUM_PTR(35, gx_device_pdf, Identity_ToUnicode_CMaps[0]); -+ ENUM_PTR(36, gx_device_pdf, Identity_ToUnicode_CMaps[1]); -+ ENUM_PTR(37, gx_device_pdf, vgstack); -+ ENUM_PTR(38, gx_device_pdf, outline_levels); -+ ENUM_PTR(39, gx_device_pdf, EmbeddedFiles); -+ ENUM_PTR(40, gx_device_pdf, pdf_font_dir); -+ ENUM_PTR(41, gx_device_pdf, ExtensionMetadata); - #define e1(i,elt) ENUM_PARAM_STRING_PTR(i + gx_device_pdf_num_ptrs, gx_device_pdf, elt); - gx_device_pdf_do_param_strings(e1) - #undef e1 -@@ -165,7 +164,6 @@ static RELOC_PTRS_WITH(device_pdfwrite_reloc_ptrs, gx_device_pdf *pdev) - RELOC_PTR(gx_device_pdf, pres_soft_mask_dict); - RELOC_PTR(gx_device_pdf, PDFXTrimBoxToMediaBoxOffset.data); - RELOC_PTR(gx_device_pdf, PDFXBleedBoxToTrimBoxOffset.data); -- RELOC_PTR(gx_device_pdf, DSCEncodingToUnicode.data); - RELOC_PTR(gx_device_pdf, Identity_ToUnicode_CMaps[0]); - RELOC_PTR(gx_device_pdf, Identity_ToUnicode_CMaps[1]); - RELOC_PTR(gx_device_pdf, vgstack); -diff --git a/devices/vector/gdevpdfb.h b/devices/vector/gdevpdfb.h -index 08f18c5..447f0f5 100644 ---- a/devices/vector/gdevpdfb.h -+++ b/devices/vector/gdevpdfb.h -@@ -141,7 +141,6 @@ const gx_device_pdf PDF_DEVICE_IDENT = - 12000, /* MaxClipPathSize */ /* HP LaserJet 1320 hangs with 14000. */ - 256000, /* MaxShadingBitmapSize */ - PDF_DEVICE_MaxInlineImageSize, /* MaxInlineImageSize */ -- {0, 0}, /* DSCEncodingToUnicode */ - {0, 0, 0}, /* OwnerPassword */ - {0, 0, 0}, /* UserPassword */ - 0, /* KeyLength */ -diff --git a/devices/vector/gdevpdfe.c b/devices/vector/gdevpdfe.c -index 1aa1f25..f23a02d 100644 ---- a/devices/vector/gdevpdfe.c -+++ b/devices/vector/gdevpdfe.c -@@ -26,7 +26,6 @@ - #include "gdevpdfx.h" - #include "gdevpdfg.h" - #include "gdevpdfo.h" --#include "ConvertUTF.h" - - char PDFDocEncodingLookup [92] = { - 0x20, 0x22, 0x20, 0x20, 0x20, 0x21, 0x20, 0x26, -@@ -343,155 +342,162 @@ decode_escape(const byte *data, int data_length, int *index) - return c; /* A wrong escapement sequence. */ - } - --static int --pdf_xmp_write_translated(gx_device_pdf *pdev, stream *s, const byte *data, int data_length, -- void(*write)(stream *s, const byte *data, int data_length)) -+/* -+ * Once the bits are split out into bytes of UTF-8, this is a mask OR-ed -+ * into the first byte, depending on how many bytes follow. There are -+ * as many entries in this table as there are UTF-8 sequence types. -+ * (I.e., one byte sequence, two byte... etc.). Remember that sequencs -+ * for *legal* UTF-8 will be 4 or fewer bytes total. -+ */ -+static const char firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC }; -+ -+static int gs_ConvertUTF16(char *UTF16, int UTF16Len, unsigned char **UTF8Start, int UTF8Len) - { -- if (pdev->DSCEncodingToUnicode.data == 0) { -- int i, j=0; -- unsigned char *buf0; -+ int i, bytes = 0; -+ short U16; -+ unsigned char *UTF8 = *UTF8Start; -+ unsigned char *UTF8End = UTF8 + UTF8Len; - -- buf0 = (unsigned char *)gs_alloc_bytes(pdev->memory, data_length * sizeof(unsigned char), -- "pdf_xmp_write_translated"); -- if (buf0 == NULL) -- return_error(gs_error_VMerror); -- for (i = 0; i < data_length; i++) { -- byte c = data[i]; -+ if (fabs(UTF16Len % sizeof(short)) != 0) -+ return gs_note_error(gs_error_rangecheck); -+ -+ for (i=0;i= 0xD800 && U16 <= 0xDBFF) { -+ return gs_note_error(gs_error_rangecheck); - } -- if (buf0[0] != 0xfe || buf0[1] != 0xff) { -- unsigned char *buf1; -- /* We must assume that the information is PDFDocEncoding. In this case -- * we need to convert it into UTF-8. If we just convert it to UTF-16 -- * then we can safely fall through to the code below. -- */ -- /* NB the code below skips the BOM in positions 0 and 1, so we need -- * two extra bytes, to be ignored. -- */ -- buf1 = (unsigned char *)gs_alloc_bytes(pdev->memory, (j * sizeof(UTF16)) + 2, -- "pdf_xmp_write_translated"); -- if (buf1 == NULL) { -- gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- return_error(gs_error_VMerror); -- } -- memset(buf1, 0x00, (j * sizeof(UTF16)) + 2); -- for (i = 0; i < j; i++) { -- if (buf0[i] <= 0x7f || buf0[i] >= 0xAE) { -- if (buf0[i] == 0x7f) { -- emprintf1(pdev->memory, "PDFDocEncoding %x cannot be represented in Unicode\n", -- buf0[i]); -- } else -- buf1[(i * 2) + 3] = buf0[i]; -+ if (U16 >= 0xDC00 && U16 <= 0xDFFF) { -+ return gs_note_error(gs_error_rangecheck); -+ } -+ -+ if(U16 < 0x80) { -+ bytes = 1; -+ } else { -+ if (U16 < 0x800) { -+ bytes = 2; -+ } else { -+ if (U16 < 0x10000) { -+ bytes = 3; - } else { -- buf1[(i * 2) + 2] = PDFDocEncodingLookup[(buf0[i] - 0x80) * 2]; -- buf1[(i * 2) + 3] = PDFDocEncodingLookup[((buf0[i] - 0x80) * 2) + 1]; -- if (PDFDocEncodingLookup[((buf0[i] - 0x80) * 2) + 1] == 0x00) -- emprintf1(pdev->memory, "PDFDocEncoding %x cannot be represented in Unicode\n", -- PDFDocEncodingLookup[((buf0[i] - 0x80) * 2) + 1]); -+ if (U16 < 0x111000) { -+ bytes = 4; -+ } else { -+ bytes = 3; -+ U16 = 0xFFFD; -+ } - } - } -+ } -+ if (UTF8 + bytes > UTF8End) -+ return gs_note_error(gs_error_VMerror); -+ -+ /* Write from end to beginning, low bytes first */ -+ UTF8 += bytes; -+ -+ switch(bytes) { -+ case 4: -+ *--UTF8 = (unsigned char)((U16 | 0x80) & 0xBF); -+ U16 >>= 6; -+ case 3: -+ *--UTF8 = (unsigned char)((U16 | 0x80) & 0xBF); -+ U16 >>= 6; -+ case 2: -+ *--UTF8 = (unsigned char)((U16 | 0x80) & 0xBF); -+ U16 >>= 6; -+ case 1: -+ *--UTF8 = (unsigned char)(U16 | firstByteMark[bytes]); -+ break; -+ default: -+ return gs_note_error(gs_error_rangecheck); -+ } -+ -+ /* Move to start of next set */ -+ UTF8 += bytes; -+ } -+ *UTF8Start = UTF8; -+ return 0; -+} -+ -+static int -+pdf_xmp_write_translated(gx_device_pdf *pdev, stream *s, const byte *data, int data_length, -+ void(*write)(stream *s, const byte *data, int data_length)) -+{ -+ int i, j=0; -+ unsigned char *buf0; -+ -+ buf0 = (unsigned char *)gs_alloc_bytes(pdev->memory, data_length * sizeof(unsigned char), -+ "pdf_xmp_write_translated"); -+ if (buf0 == NULL) -+ return_error(gs_error_VMerror); -+ for (i = 0; i < data_length; i++) { -+ byte c = data[i]; -+ -+ if (c == '\\') -+ c = decode_escape(data, data_length, &i); -+ buf0[j] = c; -+ j++; -+ } -+ if (buf0[0] != 0xfe || buf0[1] != 0xff) { -+ unsigned char *buf1; -+ /* We must assume that the information is PDFDocEncoding. In this case -+ * we need to convert it into UTF-8. If we just convert it to UTF-16 -+ * then we can safely fall through to the code below. -+ */ -+ /* NB the code below skips the BOM in positions 0 and 1, so we need -+ * two extra bytes, to be ignored. -+ */ -+ buf1 = (unsigned char *)gs_alloc_bytes(pdev->memory, (j * sizeof(short)) + 2, -+ "pdf_xmp_write_translated"); -+ if (buf1 == NULL) { - gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- buf0 = buf1; -- data_length = j = (j * 2) + 2; -+ return_error(gs_error_VMerror); - } -- { -- /* Its a Unicode (UTF-16BE) string, convert to UTF-8 */ -- UTF16 *buf0b, U16; -- UTF8 *buf1, *buf1b; -- -- /* A single UTF-16 (2 bytes) can end up as 4 bytes in UTF-8 */ -- buf1 = (UTF8 *)gs_alloc_bytes(pdev->memory, data_length * 2 * sizeof(unsigned char), -- "pdf_xmp_write_translated"); -- if (buf1 == NULL) { -- gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- return_error(gs_error_VMerror); -- } -- buf1b = buf1; -- /* Skip the Byte Order Mark (0xfe 0xff) */ -- buf0b = (UTF16 *)(buf0 + 2); -- /* ConvertUTF16to UTF8 expects a buffer of UTF16s in the local -- * endian-ness, but the data is big-endian. In case this is a little-endian -- * machine, process the buffer from big-endian to whatever is right for this platform. -- */ -- for (i = 2; i < j; i+=2) { -- U16 = (buf0[i] << 8) + buf0[i + 1]; -- *(buf0b++) = U16; -- } -- buf0b = (UTF16 *)(buf0 + 2); -- switch (ConvertUTF16toUTF8((const UTF16**)&buf0b, (UTF16 *)(buf0 + j), -- &buf1b, buf1 + (data_length * 2 * sizeof(unsigned char)), strictConversion)) { -- case conversionOK: -- write(s, buf1, buf1b - buf1); -- gs_free_object(pdev->memory, buf1, "pdf_xmp_write_translated"); -- break; -- case sourceExhausted: -- case targetExhausted: -- case sourceIllegal: -- default: -- gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- gs_free_object(pdev->memory, buf1, "pdf_xmp_write_translated"); -- return_error(gs_error_rangecheck); -+ memset(buf1, 0x00, (j * sizeof(short)) + 2); -+ for (i = 0; i < j; i++) { -+ if (buf0[i] <= 0x7f || buf0[i] >= 0xAE) { -+ if (buf0[i] == 0x7f) { -+ emprintf1(pdev->memory, "PDFDocEncoding %x cannot be represented in Unicode\n", -+ buf0[i]); -+ } else -+ buf1[(i * 2) + 3] = buf0[i]; -+ } else { -+ buf1[(i * 2) + 2] = PDFDocEncodingLookup[(buf0[i] - 0x80) * 2]; -+ buf1[(i * 2) + 3] = PDFDocEncodingLookup[((buf0[i] - 0x80) * 2) + 1]; -+ if (PDFDocEncodingLookup[((buf0[i] - 0x80) * 2) + 1] == 0x00) -+ emprintf1(pdev->memory, "PDFDocEncoding %x cannot be represented in Unicode\n", -+ PDFDocEncodingLookup[((buf0[i] - 0x80) * 2) + 1]); - } - } - gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- return 0; -- } else { -- UTF16 *buf0; -- const UTF16 *buf0b; -- UTF8 *buf1, *buf1b; -- int i, j = 0; -- -- buf0 = (UTF16 *)gs_alloc_bytes(pdev->memory, data_length * sizeof(UTF16), -- "pdf_xmp_write_translated"); -- if (buf0 == NULL) -- return_error(gs_error_VMerror); -- buf1 = (UTF8 *)gs_alloc_bytes(pdev->memory, data_length * 2, -- "pdf_xmp_write_translated"); -+ buf0 = buf1; -+ data_length = j = (j * 2) + 2; -+ } -+ { -+ /* Its a Unicode (UTF-16BE) string, convert to UTF-8 */ -+ short *buf0b; -+ char *buf1, *buf1b; -+ int code; -+ -+ /* A single UTF-16 (2 bytes) can end up as 4 bytes in UTF-8 */ -+ buf1 = (char *)gs_alloc_bytes(pdev->memory, data_length * 2 * sizeof(unsigned char), -+ "pdf_xmp_write_translated"); - if (buf1 == NULL) { - gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); - return_error(gs_error_VMerror); - } -- buf0b = buf0; - buf1b = buf1; -- for (i = 0; i < data_length; i++) { -- byte c = data[i]; -- int v; -- -- if (c == '\\') -- c = decode_escape(data, data_length, &i); -- if (c > pdev->DSCEncodingToUnicode.size) { -- gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- gs_free_object(pdev->memory, buf1, "pdf_xmp_write_translated"); -- return_error(gs_error_rangecheck); -- } -- -- v = pdev->DSCEncodingToUnicode.data[c]; -- if (v == -1) -- v = '?'; /* Arbitrary. */ -- buf0[j] = v; -- j++; -- } -- switch (ConvertUTF16toUTF8(&buf0b, buf0 + j, -- &buf1b, buf1 + data_length * 2, strictConversion)) { -- case conversionOK: -- write(s, buf1, buf1b - buf1); -- break; -- case sourceExhausted: -- case targetExhausted: -- case sourceIllegal: -- default: -- gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- gs_free_object(pdev->memory, buf1, "pdf_xmp_write_translated"); -- return_error(gs_error_rangecheck); -- } -- gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -- gs_free_object(pdev->memory, buf1, "pdf_xmp_write_translated"); -- return 0; -+ /* Skip the Byte Order Mark (0xfe 0xff) */ -+ buf0b = (short *)(buf0 + 2); -+ code = gs_ConvertUTF16((char *)buf0b, j - 2, (unsigned char **)&buf1b, data_length * 2 * sizeof(unsigned char)); -+ if (code < 0) -+ return code; -+ write(s, (const byte *)buf1, buf1b - buf1); - } -+ gs_free_object(pdev->memory, buf0, "pdf_xmp_write_translated"); -+ return 0; - } - - static int -diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c -index 0fa07e3..6ebcb0d 100644 ---- a/devices/vector/gdevpdfp.c -+++ b/devices/vector/gdevpdfp.c -@@ -77,7 +77,6 @@ static const gs_param_item_t pdf_param_items[] = { - pi("CompressStreams", gs_param_type_bool, CompressStreams), - pi("PrintStatistics", gs_param_type_bool, PrintStatistics), - pi("MaxInlineImageSize", gs_param_type_long, MaxInlineImageSize), -- pi("DSCEncodingToUnicode", gs_param_type_int_array, DSCEncodingToUnicode), - - /* PDF Encryption */ - pi("OwnerPassword", gs_param_type_string, OwnerPassword), -diff --git a/devices/vector/gdevpdfx.h b/devices/vector/gdevpdfx.h -index 308900a..c436220 100644 ---- a/devices/vector/gdevpdfx.h -+++ b/devices/vector/gdevpdfx.h -@@ -601,7 +601,6 @@ struct gx_device_pdf_s { - a bitmap representation of a shading. - (Bigger shadings to be downsampled). */ - long MaxInlineImageSize; -- gs_param_int_array DSCEncodingToUnicode; - /* Encryption parameters */ - gs_param_string OwnerPassword; - gs_param_string UserPassword; -@@ -911,14 +910,14 @@ struct gx_device_pdf_s { - m(28,sbstack) m(29,substream_Resources) m(30,font3)\ - m(31,accumulating_substream_resource) \ - m(32,pres_soft_mask_dict) m(33,PDFXTrimBoxToMediaBoxOffset.data)\ -- m(34,PDFXBleedBoxToTrimBoxOffset.data) m(35, DSCEncodingToUnicode.data)\ -- m(36,Identity_ToUnicode_CMaps[0]) m(37,Identity_ToUnicode_CMaps[1])\ -- m(38,vgstack)\ -- m(39, outline_levels) -- m(40, gx_device_pdf, EmbeddedFiles); -- m(41, gx_device_pdf, pdf_font_dir); -- m(42, gx_device_pdf, Extension_Metadata);*/ --#define gx_device_pdf_num_ptrs 43 -+ m(34,PDFXBleedBoxToTrimBoxOffset.data) -+ m(35,Identity_ToUnicode_CMaps[0]) m(36,Identity_ToUnicode_CMaps[1])\ -+ m(37,vgstack)\ -+ m(38, outline_levels) -+ m(39, gx_device_pdf, EmbeddedFiles); -+ m(40, gx_device_pdf, pdf_font_dir); -+ m(41, gx_device_pdf, Extension_Metadata);*/ -+#define gx_device_pdf_num_ptrs 42 - #define gx_device_pdf_do_param_strings(m)\ - m(0, OwnerPassword) m(1, UserPassword) m(2, NoEncrypt)\ - m(3, DocumentUUID) m(4, InstanceUUID) -diff --git a/windows/ghostscript.vcproj b/windows/ghostscript.vcproj -index a96d317..450cb26 100644 ---- a/windows/ghostscript.vcproj -+++ b/windows/ghostscript.vcproj -@@ -1794,10 +1794,6 @@ - > - - -- -- - -@@ -3330,10 +3326,6 @@ - > - - -- -- - -diff --git a/windows/ghostscript_rt.vcxproj b/windows/ghostscript_rt.vcxproj -index 2348f08..fae2e1f 100644 ---- a/windows/ghostscript_rt.vcxproj -+++ b/windows/ghostscript_rt.vcxproj -@@ -427,7 +427,6 @@ - - - -- - - - -@@ -1689,7 +1688,6 @@ - - - -- - - - --- -2.9.3 - diff --git a/ghostscript-9.20-urw-fonts-naming.patch b/ghostscript-9.20-urw-fonts-naming.patch deleted file mode 100644 index 5b5644d..0000000 --- a/ghostscript-9.20-urw-fonts-naming.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a3b95bec1e3e07abdb4b29e3642777d2963fec80 Mon Sep 17 00:00:00 2001 -From: "David Kaspar [Dee'Kej]" -Date: Wed, 27 Sep 2017 12:59:18 +0200 -Subject: [PATCH] Resource/Init/Fontmap.GS: Use latest (URW)++ fonts - - Taken from ghostscript-9.22 RC1. ---- - Resource/Init/Fontmap.GS | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Resource/Init/Fontmap.GS b/Resource/Init/Fontmap.GS -index a9fa335..7770c67 100644 ---- a/Resource/Init/Fontmap.GS -+++ b/Resource/Init/Fontmap.GS -@@ -94,13 +94,13 @@ - /Courier /NimbusMonoPS-Regular ; - /Courier-Oblique /NimbusMonoPS-Italic ; - /Helvetica-Bold /NimbusSans-Bold ; --/Helvetica-BoldOblique /NimbusSans-BoldOblique ; -+/Helvetica-BoldOblique /NimbusSans-BoldItalic ; - /Helvetica-Narrow-Bold /NimbusSansNarrow-Bold ; - /Helvetica-Narrow-BoldOblique /NimbusSansNarrow-BdOblique ; - /Helvetica-Narrow /NimbusSansNarrow-Regular ; - /Helvetica-Narrow-Oblique /NimbusSansNarrow-Oblique ; - /Helvetica /NimbusSans-Regular ; --/Helvetica-Oblique /NimbusSans-Oblique ; -+/Helvetica-Oblique /NimbusSans-Italic ; - /NewCenturySchlbk-Bold /C059-Bold ; - /NewCenturySchlbk-BoldItalic /C059-BdIta ; - /NewCenturySchlbk-Italic /C059-Italic ; --- -2.9.5 - diff --git a/ghostscript.spec b/ghostscript.spec index caa1f45..3cf3d09 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,43 +1,23 @@ -%define gs_ver 9.20 -%define gs_dot_ver 9.20 +%define gs_ver 9.22 +%define gs_dot_ver 9.22 %{expand: %%define build_with_freetype %{?_with_freetype:1}%{!?_with_freetype:0}} Summary: A PostScript interpreter and renderer Name: ghostscript Version: %{gs_ver} -Release: 14%{?dist} +Release: 1%{?dist} # Included CMap data is Redistributable, no modification permitted, # see http://bugzilla.redhat.com/487510 License: AGPLv3+ and Redistributable, no modification permitted URL: http://www.ghostscript.com/ Group: Applications/Publishing -Source0: ghostscript-9.20.tar.xz +Source0: ghostscript-9.22.tar.xz Source1: CIDFnmap Source2: cidfmap -Patch1: ghostscript-9.20-fix-openjpeg-system-build.patch -Patch2: ghostscript-9.20-runlibfileifexists.patch -Patch3: ghostscript-9.20-run-dvipdf-securely.patch -Patch4: ghostscript-9.20-urw-fonts-naming.patch -Patch10: ghostscript-9.20-handle-glyphdirectory-correctly.patch -Patch11: ghostscript-9.20-remove-and-reimplement-ConvertUTF.patch - -# Security patches: -Patch5: ghostscript-9.20-cve-2016-7979.patch -Patch6: ghostscript-9.20-cve-2016-7976.patch -Patch7: ghostscript-9.20-cve-2016-7978.patch -Patch8: ghostscript-9.20-cve-2016-8602.patch -Patch9: ghostscript-9.20-cve-2016-7977.patch -Patch12: ghostscript-9.20-cve-2016-9601.patch -Patch13: ghostscript-9.20-cve-2017-7207.patch -Patch14: ghostscript-9.20-cve-2016-10217.patch -Patch15: ghostscript-9.20-cve-2016-10218.patch -Patch16: ghostscript-9.20-cve-2016-10219.patch -Patch17: ghostscript-9.20-cve-2016-10220.patch -Patch18: ghostscript-9.20-cve-2017-5951.patch -Patch19: ghostscript-9.20-cve-2017-8291.patch -Patch20: ghostscript-9.20-cve-2017-7975.patch +Patch1: ghostscript-9.20-runlibfileifexists.patch +Patch2: ghostscript-9.20-run-dvipdf-securely.patch Requires: %{name}-core%{?_isa} = %{version}-%{release} Requires: %{name}-x11%{?_isa} = %{version}-%{release} @@ -126,66 +106,12 @@ A GTK-enabled version of Ghostscript, called 'gsx'. %setup -q -n %{name}-%{gs_ver} rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib cups/libs -# Fix building with system's OpenJPEG shared library: -%patch1 -p1 - # Fix error when using 'convert' from ImageMagick, and # make sure the configuration in /etc/ghostscript/Fonts.local is used: -%patch2 -p1 +%patch1 -p1 # Fix some shell scripts -%patch3 -p1 - -# Use latest names for new 'urw-base35-fonts' package. -%patch4 -p1 - -# DSC parser - validate parameters (bug #1382305): -%patch5 -p1 - -# Add a file permissions callaback (bug #1382294): -%patch6 -p1 - -# Reference count device icc profile (bug #1382300): -%patch7 -p1 - -# Check for sufficient params in .sethalftone5 (bug #1383940): -%patch8 -p1 - -# Honor -dSAFER in .libfile (bug #1380415): -%patch9 -p1 - -# handle GlyphDirectory as an array (http://bugs.ghostscript.com/show_bug.cgi?id=697286): -%patch10 -p1 - -# Remove (and re-implement) ConvertUTF.c because of licensing issues (bug #1404933): -%patch11 -p1 - -# Squash signed/unsigned warnings in MSVC jbig2 build (bug #1410021): -%patch12 -p1 - -# Check for null-pointer dereference in mem_get_bits_rectangle() (bug #1434497): -%patch13 -p1 - -# CVE-2016-10217 (bug #1441564): -%patch14 -p1 - -# CVE-2016-10218 (bug #1441568): -%patch15 -p1 - -# CVE-2016-10219 (bug #1441569): -%patch16 -p1 - -# CVE-2016-10220 (bug #1441571): -%patch17 -p1 - -# CVE-2017-5951 (bug #1441572): -%patch18 -p1 - -# CVE-2017-8291 (bug #1446063): -%patch19 -p1 - -# CVE-2017-7975 (bug #1443940): -%patch20 -p1 +%patch2 -p1 # Convert manual pages to UTF-8 from8859_1() { @@ -380,6 +306,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Wed Sep 27 2017 David Kaspar [Dee'Kej] - 9.22-1 +- Rebase to latest upstream version (no API/ABI changes according to upstream) + * Wed Sep 27 2017 David Kaspar [Dee'Kej] - 9.20-14 - Rebuilt with updated 'search path' for fonts (bug #1500105) diff --git a/sources b/sources index d38a3fd..1f22bc5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8f3d383d48da22345937b66b01ab2960 ghostscript-9.20.tar.xz +SHA512 (ghostscript-9.22.tar.xz) = 67739ace64090ab1951cba4cb011a5a6829ee60b32ba4157d0f17e744e345ea268335304db6722677ae33565ea5b696c2ff7b889d42a463acf2933c8230523d4