rebase to 'ghostscript-9.22'
This commit is contained in:
parent
74e266f70a
commit
9f6fa20804
1
.gitignore
vendored
1
.gitignore
vendored
@ -48,3 +48,4 @@ ghostscript-8.71.tar.xz
|
|||||||
/ghostscript-9.15-cleaned-1.tar.bz2
|
/ghostscript-9.15-cleaned-1.tar.bz2
|
||||||
/ghostscript-9.16-cleaned-1.tar.bz2
|
/ghostscript-9.16-cleaned-1.tar.bz2
|
||||||
/ghostscript-9.20.tar.xz
|
/ghostscript-9.20.tar.xz
|
||||||
|
/ghostscript-9.22.tar.xz
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
From 90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michael Vrhel <michael.vrhel@artifex.com>
|
|
||||||
Date: Thu, 29 Dec 2016 14:00:21 -0800
|
|
||||||
Subject: [PATCH] Bug 697456. Dont create new ctx when pdf14 device reenabled
|
|
||||||
|
|
||||||
This bug had yet another weird case where the user created a
|
|
||||||
file that pushed the pdf14 device twice. We were in that case,
|
|
||||||
creating a new ctx and blowing away the original one with out
|
|
||||||
proper clean up. To avoid, only create a new one when we need it.
|
|
||||||
---
|
|
||||||
base/gdevp14.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/base/gdevp14.c b/base/gdevp14.c
|
|
||||||
index fd56ec9..f19318e 100644
|
|
||||||
--- a/base/gdevp14.c
|
|
||||||
+++ b/base/gdevp14.c
|
|
||||||
@@ -1669,8 +1669,10 @@ pdf14_open(gx_device *dev)
|
|
||||||
rect.p.y = 0;
|
|
||||||
rect.q.x = dev->width;
|
|
||||||
rect.q.y = dev->height;
|
|
||||||
- pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components,
|
|
||||||
- pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev);
|
|
||||||
+ /* If we are reenabling the device dont create a new ctx. Bug 697456 */
|
|
||||||
+ if (pdev->ctx == NULL)
|
|
||||||
+ pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components,
|
|
||||||
+ pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev);
|
|
||||||
if (pdev->ctx == NULL)
|
|
||||||
return_error(gs_error_VMerror);
|
|
||||||
pdev->free_devicen = true;
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From c0502b3771e4eac89a199a3558182337d146d4ab Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michael Vrhel <michael.vrhel@artifex.com>
|
|
||||||
Date: Thu, 29 Dec 2016 12:00:40 -0800
|
|
||||||
Subject: [PATCH] Bug 697444 Unmatched transparency group pop
|
|
||||||
|
|
||||||
This issue can only occur if there is an unmatched group pop.
|
|
||||||
If the interpreter is doing that, then the interpreter is
|
|
||||||
broken. With this bug the user is intentionally doing it.
|
|
||||||
We now throw and error when it occurs.
|
|
||||||
---
|
|
||||||
base/gdevp14.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/base/gdevp14.c b/base/gdevp14.c
|
|
||||||
index ad3478f..84f0f40 100644
|
|
||||||
--- a/base/gdevp14.c
|
|
||||||
+++ b/base/gdevp14.c
|
|
||||||
@@ -985,6 +985,9 @@ pdf14_pop_transparency_group(gs_gstate *pgs, pdf14_ctx *ctx,
|
|
||||||
bool blendspot = pdev->blendspot;
|
|
||||||
bool nonicc_conversion = true;
|
|
||||||
|
|
||||||
+ if (nos == NULL)
|
|
||||||
+ return_error(gs_error_unknownerror); /* Unmatched group pop */
|
|
||||||
+
|
|
||||||
#ifdef DEBUG
|
|
||||||
pdf14_debug_mask_stack_state(ctx);
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,44 +0,0 @@
|
|||||||
From 4bef1a1d32e29b68855616020dbff574b9cda08f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Robin Watts <Robin.Watts@artifex.com>
|
|
||||||
Date: Thu, 29 Dec 2016 15:57:43 +0000
|
|
||||||
Subject: [PATCH] Bug 697453: Avoid divide by 0 in scan conversion code.
|
|
||||||
|
|
||||||
Arithmetic overflow due to extreme values in the scan conversion
|
|
||||||
code can cause a division by 0.
|
|
||||||
|
|
||||||
Avoid this with a simple extra check.
|
|
||||||
|
|
||||||
dx_old=cf814d81
|
|
||||||
endp->x_next=b0e859b9
|
|
||||||
alp->x_next=8069a73a
|
|
||||||
|
|
||||||
leads to dx_den = 0
|
|
||||||
---
|
|
||||||
base/gxfill.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/base/gxfill.c b/base/gxfill.c
|
|
||||||
index 99196c0..2f81bb0 100644
|
|
||||||
--- a/base/gxfill.c
|
|
||||||
+++ b/base/gxfill.c
|
|
||||||
@@ -1741,7 +1741,7 @@ intersect(active_line *endp, active_line *alp, fixed y, fixed y1, fixed *p_y_new
|
|
||||||
fixed dx_old = alp->x_current - endp->x_current;
|
|
||||||
fixed dx_den = dx_old + endp->x_next - alp->x_next;
|
|
||||||
|
|
||||||
- if (dx_den <= dx_old)
|
|
||||||
+ if (dx_den <= dx_old || dx_den == 0)
|
|
||||||
return false; /* Intersection isn't possible. */
|
|
||||||
dy = y1 - y;
|
|
||||||
if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n",
|
|
||||||
@@ -1750,7 +1750,7 @@ intersect(active_line *endp, active_line *alp, fixed y, fixed y1, fixed *p_y_new
|
|
||||||
/* Do the computation in single precision */
|
|
||||||
/* if the values are small enough. */
|
|
||||||
y_new =
|
|
||||||
- ((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ?
|
|
||||||
+ (((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ?
|
|
||||||
dy * dx_old / dx_den :
|
|
||||||
(INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den)))
|
|
||||||
+ y;
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,50 +0,0 @@
|
|||||||
From daf85701dab05f17e924a48a81edc9195b4a04e8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Wed, 21 Dec 2016 16:54:14 +0000
|
|
||||||
Subject: [PATCH] fix crash with bad data supplied to makeimagedevice
|
|
||||||
|
|
||||||
Bug #697450 "Null pointer dereference in gx_device_finalize()"
|
|
||||||
|
|
||||||
The problem here is that the code to finalise a device unconditionally
|
|
||||||
frees the icc_struct member of the device structure. However this
|
|
||||||
particular (weird) device is not setup as a normal device, probably
|
|
||||||
because its very, very ancient. Its possible for the initialisation
|
|
||||||
of the device to abort with an error before calling gs_make_mem_device()
|
|
||||||
which is where the icc_struct member gets allocated (or set to NULL).
|
|
||||||
|
|
||||||
If that happens, then the cleanup code tries to free the device, which
|
|
||||||
calls finalize() which tries to free a garbage pointer.
|
|
||||||
|
|
||||||
Setting the device memory to 0x00 after we allocate it means that the
|
|
||||||
icc_struct member will be NULL< and our memory manager allows for that
|
|
||||||
happily enough, which avoids the problem.
|
|
||||||
---
|
|
||||||
base/gsdevmem.c | 12 ++++++++++++
|
|
||||||
1 file changed, 12 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/base/gsdevmem.c b/base/gsdevmem.c
|
|
||||||
index 97b9cf4..fe75bcc 100644
|
|
||||||
--- a/base/gsdevmem.c
|
|
||||||
+++ b/base/gsdevmem.c
|
|
||||||
@@ -225,6 +225,18 @@ gs_makewordimagedevice(gx_device ** pnew_dev, const gs_matrix * pmat,
|
|
||||||
|
|
||||||
if (pnew == 0)
|
|
||||||
return_error(gs_error_VMerror);
|
|
||||||
+
|
|
||||||
+ /* Bug #697450 "Null pointer dereference in gx_device_finalize()"
|
|
||||||
+ * If we have incorrect data passed to gs_initialise_wordimagedevice() then the
|
|
||||||
+ * initialisation will fail, crucially it will fail *before* it calls
|
|
||||||
+ * gs_make_mem_device() which initialises the device. This means that the
|
|
||||||
+ * icc_struct member will be uninitialsed, but the device finalise method
|
|
||||||
+ * will unconditionally free that memory. Since its a garbage pointer, bad things happen.
|
|
||||||
+ * Apparently we do still need makeimagedevice to be available from
|
|
||||||
+ * PostScript, so in here just zero the device memory, which means that
|
|
||||||
+ * the finalise routine won't have a problem.
|
|
||||||
+ */
|
|
||||||
+ memset(pnew, 0x00, st_device_memory.ssize);
|
|
||||||
code = gs_initialize_wordimagedevice(pnew, pmat, width, height,
|
|
||||||
colors, num_colors, word_oriented,
|
|
||||||
page_device, mem);
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,180 +0,0 @@
|
|||||||
From fee19fa8d4f6f351e5a76f5801884880249d6a45 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Wed, 5 Oct 2016 09:55:55 +0100
|
|
||||||
Subject: [PATCH] Bug 697178: Add a file permissions callback
|
|
||||||
|
|
||||||
For the rare occasions when the graphics library directly opens a file
|
|
||||||
(currently for reading), this allows us to apply any restrictions on
|
|
||||||
file access normally applied in the interpteter.
|
|
||||||
---
|
|
||||||
base/gsicc_manage.c | 10 ++++++----
|
|
||||||
base/gslibctx.c | 12 +++++++++++-
|
|
||||||
base/gslibctx.h | 7 +++++++
|
|
||||||
psi/imain.c | 2 ++
|
|
||||||
psi/int.mak | 2 +-
|
|
||||||
psi/zfile.c | 19 +++++++++++++++++++
|
|
||||||
psi/zfile.h | 7 +++++++
|
|
||||||
7 files changed, 53 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
|
|
||||||
index 931c2a6..e9c09c3 100644
|
|
||||||
--- a/base/gsicc_manage.c
|
|
||||||
+++ b/base/gsicc_manage.c
|
|
||||||
@@ -1124,10 +1124,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
|
|
||||||
}
|
|
||||||
|
|
||||||
/* First just try it like it is */
|
|
||||||
- str = sfopen(pname, "r", mem_gc);
|
|
||||||
- if (str != NULL) {
|
|
||||||
- *strp = str;
|
|
||||||
- return 0;
|
|
||||||
+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
|
|
||||||
+ str = sfopen(pname, "r", mem_gc);
|
|
||||||
+ if (str != NULL) {
|
|
||||||
+ *strp = str;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
|
|
||||||
diff --git a/base/gslibctx.c b/base/gslibctx.c
|
|
||||||
index fa4432a..f2c13e3 100644
|
|
||||||
--- a/base/gslibctx.c
|
|
||||||
+++ b/base/gslibctx.c
|
|
||||||
@@ -183,7 +183,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
|
|
||||||
mem->gs_lib_ctx = NULL;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
+ pio->client_check_file_permission = NULL;
|
|
||||||
gp_get_realtime(pio->real_time_0);
|
|
||||||
|
|
||||||
/* Set scanconverter to 1 (default) */
|
|
||||||
@@ -336,3 +336,13 @@ void errflush(const gs_memory_t *mem)
|
|
||||||
fflush(mem->gs_lib_ctx->fstderr);
|
|
||||||
/* else nothing to flush */
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
|
|
||||||
+{
|
|
||||||
+ int code = 0;
|
|
||||||
+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
|
|
||||||
+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
|
|
||||||
+ }
|
|
||||||
+ return code;
|
|
||||||
+}
|
|
||||||
diff --git a/base/gslibctx.h b/base/gslibctx.h
|
|
||||||
index 84ec205..55eb4a6 100644
|
|
||||||
--- a/base/gslibctx.h
|
|
||||||
+++ b/base/gslibctx.h
|
|
||||||
@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
|
|
||||||
# define gs_font_dir_DEFINED
|
|
||||||
typedef struct gs_font_dir_s gs_font_dir;
|
|
||||||
#endif
|
|
||||||
+
|
|
||||||
+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
|
|
||||||
+
|
|
||||||
typedef struct gs_lib_ctx_s
|
|
||||||
{
|
|
||||||
gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */
|
|
||||||
@@ -61,6 +64,7 @@ typedef struct gs_lib_ctx_s
|
|
||||||
struct gx_io_device_s **io_device_table;
|
|
||||||
int io_device_table_count;
|
|
||||||
int io_device_table_size;
|
|
||||||
+ client_check_file_permission_t client_check_file_permission;
|
|
||||||
/* Define the default value of AccurateScreens that affects setscreen
|
|
||||||
and setcolorscreen. */
|
|
||||||
bool screen_accurate_screens;
|
|
||||||
@@ -132,6 +136,9 @@ int
|
|
||||||
gs_lib_ctx_get_default_device_list(const gs_memory_t *mem, char** dev_list_str,
|
|
||||||
int *list_str_len);
|
|
||||||
|
|
||||||
+int
|
|
||||||
+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
|
|
||||||
+
|
|
||||||
#define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
|
|
||||||
#define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
|
|
||||||
|
|
||||||
diff --git a/psi/imain.c b/psi/imain.c
|
|
||||||
index 9a9bb5d..6874128 100644
|
|
||||||
--- a/psi/imain.c
|
|
||||||
+++ b/psi/imain.c
|
|
||||||
@@ -57,6 +57,7 @@
|
|
||||||
#include "ivmspace.h"
|
|
||||||
#include "idisp.h" /* for setting display device callback */
|
|
||||||
#include "iplugin.h"
|
|
||||||
+#include "zfile.h"
|
|
||||||
|
|
||||||
#ifdef PACIFY_VALGRIND
|
|
||||||
#include "valgrind.h"
|
|
||||||
@@ -212,6 +213,7 @@ gs_main_init1(gs_main_instance * minst)
|
|
||||||
"the_gs_name_table");
|
|
||||||
if (code < 0)
|
|
||||||
return code;
|
|
||||||
+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
|
|
||||||
}
|
|
||||||
code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */
|
|
||||||
if (code < 0)
|
|
||||||
diff --git a/psi/int.mak b/psi/int.mak
|
|
||||||
index 4654afc..bb30d51 100644
|
|
||||||
--- a/psi/int.mak
|
|
||||||
+++ b/psi/int.mak
|
|
||||||
@@ -2024,7 +2024,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
|
|
||||||
$(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
|
|
||||||
$(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
|
|
||||||
$(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
|
|
||||||
- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)\
|
|
||||||
+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)\
|
|
||||||
$(INT_MAK) $(MAKEDIRS)
|
|
||||||
$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
|
|
||||||
|
|
||||||
diff --git a/psi/zfile.c b/psi/zfile.c
|
|
||||||
index b6caea2..fd94f67 100644
|
|
||||||
--- a/psi/zfile.c
|
|
||||||
+++ b/psi/zfile.c
|
|
||||||
@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
|
|
||||||
return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* z_check_file_permissions: see zfile.h for explanation
|
|
||||||
+ */
|
|
||||||
+int
|
|
||||||
+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
|
|
||||||
+{
|
|
||||||
+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
|
|
||||||
+ gs_parsed_file_name_t pname;
|
|
||||||
+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
|
|
||||||
+ int code = gs_parse_file_name(&pname, fname, len, imemory);
|
|
||||||
+ if (code < 0)
|
|
||||||
+ return code;
|
|
||||||
+
|
|
||||||
+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
|
|
||||||
+ return gs_error_invalidfileaccess;
|
|
||||||
+
|
|
||||||
+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
|
|
||||||
+ return code;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* <name_string> <access_string> file <file> */
|
|
||||||
int /* exported for zsysvm.c */
|
|
||||||
zfile(i_ctx_t *i_ctx_p)
|
|
||||||
diff --git a/psi/zfile.h b/psi/zfile.h
|
|
||||||
index fdf1373..a9399c7 100644
|
|
||||||
--- a/psi/zfile.h
|
|
||||||
+++ b/psi/zfile.h
|
|
||||||
@@ -22,4 +22,11 @@
|
|
||||||
int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
|
|
||||||
const char *file_access, stream **ps, gs_memory_t *mem);
|
|
||||||
|
|
||||||
+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
|
|
||||||
+ * to allow applying the above permissions checks when opening file(s) from
|
|
||||||
+ * the graphics library
|
|
||||||
+ */
|
|
||||||
+int
|
|
||||||
+z_check_file_permissions(gs_memory_t *mem, const char *fname,
|
|
||||||
+ const int len, const char *permission);
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From 8abd22010eb4db0fb1b10e430d5f5d83e015ef70 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Mon, 3 Oct 2016 01:46:28 +0100
|
|
||||||
Subject: [PATCH] Bug 697169: Be rigorous with SAFER permissions
|
|
||||||
|
|
||||||
Once we've opened our input file from the command line, enforce the SAFER
|
|
||||||
rules.
|
|
||||||
---
|
|
||||||
psi/zfile.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/psi/zfile.c b/psi/zfile.c
|
|
||||||
index b6caea2..2c6c958 100644
|
|
||||||
--- a/psi/zfile.c
|
|
||||||
+++ b/psi/zfile.c
|
|
||||||
@@ -1081,6 +1081,9 @@ lib_file_open(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx
|
|
||||||
gs_main_instance *minst = get_minst_from_memory(mem);
|
|
||||||
int code;
|
|
||||||
|
|
||||||
+ if (i_ctx_p && starting_arg_file)
|
|
||||||
+ i_ctx_p->starting_arg_file = false;
|
|
||||||
+
|
|
||||||
/* when starting arg files (@ files) iodev_default is not yet set */
|
|
||||||
if (iodev == 0)
|
|
||||||
iodev = (gx_io_device *)gx_io_device_table[0];
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Wed, 5 Oct 2016 09:59:25 +0100
|
|
||||||
Subject: [PATCH] Bug 697179: Reference count device icc profile
|
|
||||||
|
|
||||||
when copying a device
|
|
||||||
---
|
|
||||||
base/gsdevice.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/base/gsdevice.c b/base/gsdevice.c
|
|
||||||
index 778106f..aea986a 100644
|
|
||||||
--- a/base/gsdevice.c
|
|
||||||
+++ b/base/gsdevice.c
|
|
||||||
@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem,
|
|
||||||
dev->memory = mem;
|
|
||||||
dev->retained = !internal;
|
|
||||||
rc_init(dev, mem, (internal ? 0 : 1));
|
|
||||||
+ rc_increment(dev->icc_struct);
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
@ -1,43 +0,0 @@
|
|||||||
From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Wed, 5 Oct 2016 10:10:58 +0100
|
|
||||||
Subject: [PATCH] DSC parser - validate parameters
|
|
||||||
|
|
||||||
Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."
|
|
||||||
|
|
||||||
Regardless of any security implications, its simply wrong for a PostScript
|
|
||||||
operator not to validate its parameter(s).
|
|
||||||
|
|
||||||
No differences expected.
|
|
||||||
---
|
|
||||||
psi/zdscpars.c | 13 +++++++++----
|
|
||||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/psi/zdscpars.c b/psi/zdscpars.c
|
|
||||||
index c05e154..9b4b605 100644
|
|
||||||
--- a/psi/zdscpars.c
|
|
||||||
+++ b/psi/zdscpars.c
|
|
||||||
@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
|
|
||||||
ref local_ref;
|
|
||||||
int code;
|
|
||||||
os_ptr const op = osp;
|
|
||||||
- dict * const pdict = op->value.pdict;
|
|
||||||
- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
|
|
||||||
- dsc_data_t * const data =
|
|
||||||
- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
|
|
||||||
+ dict *pdict;
|
|
||||||
+ gs_memory_t *mem;
|
|
||||||
+ dsc_data_t *data;
|
|
||||||
|
|
||||||
+ check_read_type(*op, t_dictionary);
|
|
||||||
+
|
|
||||||
+ pdict = op->value.pdict;
|
|
||||||
+ mem = (gs_memory_t *)dict_memory(pdict);
|
|
||||||
+
|
|
||||||
+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
|
|
||||||
if (!data)
|
|
||||||
return_error(gs_error_VMerror);
|
|
||||||
data->document_level = 0;
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Sat, 8 Oct 2016 16:10:27 +0100
|
|
||||||
Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
|
|
||||||
|
|
||||||
and param types
|
|
||||||
---
|
|
||||||
psi/zht2.c | 12 ++++++++++--
|
|
||||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/psi/zht2.c b/psi/zht2.c
|
|
||||||
index fb4a264..dfa27a4 100644
|
|
||||||
--- a/psi/zht2.c
|
|
||||||
+++ b/psi/zht2.c
|
|
||||||
@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
|
|
||||||
gs_memory_t *mem;
|
|
||||||
uint edepth = ref_stack_count(&e_stack);
|
|
||||||
int npop = 2;
|
|
||||||
- int dict_enum = dict_first(op);
|
|
||||||
+ int dict_enum;
|
|
||||||
ref rvalue[2];
|
|
||||||
int cname, colorant_number;
|
|
||||||
byte * pname;
|
|
||||||
uint name_size;
|
|
||||||
int halftonetype, type = 0;
|
|
||||||
gs_gstate *pgs = igs;
|
|
||||||
- int space_index = r_space_index(op - 1);
|
|
||||||
+ int space_index;
|
|
||||||
+
|
|
||||||
+ if (ref_stack_count(&o_stack) < 2)
|
|
||||||
+ return_error(gs_error_stackunderflow);
|
|
||||||
+ check_type(*op, t_dictionary);
|
|
||||||
+ check_type(*(op - 1), t_dictionary);
|
|
||||||
+
|
|
||||||
+ dict_enum = dict_first(op);
|
|
||||||
+ space_index = r_space_index(op - 1);
|
|
||||||
|
|
||||||
mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
|
|
||||||
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
@ -1,897 +0,0 @@
|
|||||||
From cecf6b592945d247bf932f6a4f50065db4acfba8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Robin Watts <robin.watts@artifex.com>
|
|
||||||
Date: Mon, 12 Dec 2016 17:47:17 +0000
|
|
||||||
Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build.
|
|
||||||
|
|
||||||
Also rename "new" to "new_dict", because "new" is a bad
|
|
||||||
variable name.
|
|
||||||
---
|
|
||||||
jbig2dec/jbig2.c | 4 +--
|
|
||||||
jbig2dec/jbig2.h | 8 +++--
|
|
||||||
jbig2dec/jbig2_generic.c | 2 +-
|
|
||||||
jbig2dec/jbig2_halftone.c | 24 +++++++--------
|
|
||||||
jbig2dec/jbig2_huffman.c | 10 +++---
|
|
||||||
jbig2dec/jbig2_huffman.h | 2 +-
|
|
||||||
jbig2dec/jbig2_image.c | 32 +++++++++----------
|
|
||||||
jbig2dec/jbig2_mmr.c | 66 ++++++++++++++++++++-------------------
|
|
||||||
jbig2dec/jbig2_page.c | 6 ++--
|
|
||||||
jbig2dec/jbig2_priv.h | 4 +--
|
|
||||||
jbig2dec/jbig2_segment.c | 10 +++---
|
|
||||||
jbig2dec/jbig2_symbol_dict.c | 73 ++++++++++++++++++++++----------------------
|
|
||||||
jbig2dec/jbig2_symbol_dict.h | 6 ++--
|
|
||||||
jbig2dec/jbig2_text.c | 16 +++++-----
|
|
||||||
jbig2dec/jbig2_text.h | 2 +-
|
|
||||||
15 files changed, 134 insertions(+), 131 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/jbig2dec/jbig2.c b/jbig2dec/jbig2.c
|
|
||||||
index f729e29..e51380f 100644
|
|
||||||
--- a/jbig2dec/jbig2.c
|
|
||||||
+++ b/jbig2dec/jbig2.c
|
|
||||||
@@ -379,7 +379,7 @@ typedef struct {
|
|
||||||
} Jbig2WordStreamBuf;
|
|
||||||
|
|
||||||
static int
|
|
||||||
-jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word)
|
|
||||||
+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word)
|
|
||||||
{
|
|
||||||
Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
|
|
||||||
const byte *data = z->data;
|
|
||||||
@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t
|
|
||||||
else if (offset > z->size)
|
|
||||||
return -1;
|
|
||||||
else {
|
|
||||||
- int i;
|
|
||||||
+ size_t i;
|
|
||||||
|
|
||||||
result = 0;
|
|
||||||
for (i = 0; i < z->size - offset; i++)
|
|
||||||
diff --git a/jbig2dec/jbig2.h b/jbig2dec/jbig2.h
|
|
||||||
index d5aa52f..624e0ed 100644
|
|
||||||
--- a/jbig2dec/jbig2.h
|
|
||||||
+++ b/jbig2dec/jbig2.h
|
|
||||||
@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary;
|
|
||||||
*/
|
|
||||||
|
|
||||||
struct _Jbig2Image {
|
|
||||||
- int width, height, stride;
|
|
||||||
+ uint32_t width;
|
|
||||||
+ uint32_t height;
|
|
||||||
+ uint32_t stride;
|
|
||||||
uint8_t *data;
|
|
||||||
int refcount;
|
|
||||||
};
|
|
||||||
|
|
||||||
-Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height);
|
|
||||||
+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height);
|
|
||||||
Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image);
|
|
||||||
void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image);
|
|
||||||
void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image);
|
|
||||||
void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value);
|
|
||||||
-Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height);
|
|
||||||
+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height);
|
|
||||||
|
|
||||||
/* errors are returned from the library via a callback. If no callback
|
|
||||||
is provided (a NULL argument is passed ot jbig2_ctx_new) a default
|
|
||||||
diff --git a/jbig2dec/jbig2_generic.c b/jbig2dec/jbig2_generic.c
|
|
||||||
index 02fdbfb..9656198 100644
|
|
||||||
--- a/jbig2dec/jbig2_generic.c
|
|
||||||
+++ b/jbig2dec/jbig2_generic.c
|
|
||||||
@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte
|
|
||||||
byte seg_flags;
|
|
||||||
int8_t gbat[8];
|
|
||||||
int offset;
|
|
||||||
- int gbat_bytes = 0;
|
|
||||||
+ uint32_t gbat_bytes = 0;
|
|
||||||
Jbig2GenericRegionParams params;
|
|
||||||
int code = 0;
|
|
||||||
Jbig2Image *image = NULL;
|
|
||||||
diff --git a/jbig2dec/jbig2_halftone.c b/jbig2dec/jbig2_halftone.c
|
|
||||||
index aeab576..acfbc56 100644
|
|
||||||
--- a/jbig2dec/jbig2_halftone.c
|
|
||||||
+++ b/jbig2dec/jbig2_halftone.c
|
|
||||||
@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
{
|
|
||||||
uint8_t **GSVALS = NULL;
|
|
||||||
size_t consumed_bytes = 0;
|
|
||||||
- int i, j, code, stride;
|
|
||||||
- int x, y;
|
|
||||||
+ uint32_t i, j, stride, x, y;
|
|
||||||
+ int code;
|
|
||||||
Jbig2Image **GSPLANES;
|
|
||||||
Jbig2GenericRegionParams rparams;
|
|
||||||
Jbig2WordStream *ws = NULL;
|
|
||||||
@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
if (GSPLANES[i] == NULL) {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH);
|
|
||||||
/* free already allocated */
|
|
||||||
- for (j = i - 1; j >= 0; --j) {
|
|
||||||
- jbig2_image_release(ctx, GSPLANES[j]);
|
|
||||||
- }
|
|
||||||
+ for (j = i; j > 0;)
|
|
||||||
+ jbig2_image_release(ctx, GSPLANES[--j]);
|
|
||||||
jbig2_free(ctx->allocator, GSPLANES);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
}
|
|
||||||
|
|
||||||
/* C.5 step 2. Set j = GSBPP-2 */
|
|
||||||
- j = GSBPP - 2;
|
|
||||||
+ j = GSBPP - 1;
|
|
||||||
/* C.5 step 3. decode loop */
|
|
||||||
- while (j >= 0) {
|
|
||||||
+ while (j > 0) {
|
|
||||||
+ j--;
|
|
||||||
/* C.5 step 3. (a) */
|
|
||||||
if (GSMMR) {
|
|
||||||
code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes);
|
|
||||||
@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i];
|
|
||||||
|
|
||||||
/* C.5 step 3. (c) */
|
|
||||||
- --j;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* allocate GSVALS */
|
|
||||||
@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
if (GSVALS[i] == NULL) {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW);
|
|
||||||
/* free already allocated */
|
|
||||||
- for (j = i - 1; j >= 0; --j) {
|
|
||||||
- jbig2_free(ctx->allocator, GSVALS[j]);
|
|
||||||
- }
|
|
||||||
+ for (j = i; j > 0;)
|
|
||||||
+ jbig2_free(ctx->allocator, GSVALS[--j]);
|
|
||||||
jbig2_free(ctx->allocator, GSVALS);
|
|
||||||
GSVALS = NULL;
|
|
||||||
goto cleanup;
|
|
||||||
@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
uint8_t **GI;
|
|
||||||
Jbig2Image *HSKIP = NULL;
|
|
||||||
Jbig2PatternDict *HPATS;
|
|
||||||
- int i;
|
|
||||||
+ uint32_t i;
|
|
||||||
uint32_t mg, ng;
|
|
||||||
int32_t x, y;
|
|
||||||
uint8_t gray_val;
|
|
||||||
@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
|
|
||||||
/* calculate ceil(log2(HNUMPATS)) */
|
|
||||||
HBPP = 0;
|
|
||||||
- while (HNUMPATS > (1 << ++HBPP));
|
|
||||||
+ while (HNUMPATS > (1U << ++HBPP));
|
|
||||||
|
|
||||||
/* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */
|
|
||||||
GI = jbig2_decode_gray_scale_image(ctx, segment, data, size,
|
|
||||||
diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c
|
|
||||||
index 4521b48..f77981b 100644
|
|
||||||
--- a/jbig2dec/jbig2_huffman.c
|
|
||||||
+++ b/jbig2dec/jbig2_huffman.c
|
|
||||||
@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState {
|
|
||||||
is (offset + 4) * 8. */
|
|
||||||
uint32_t this_word;
|
|
||||||
uint32_t next_word;
|
|
||||||
- int offset_bits;
|
|
||||||
- int offset;
|
|
||||||
- int offset_limit;
|
|
||||||
+ uint32_t offset_bits;
|
|
||||||
+ uint32_t offset;
|
|
||||||
+ uint32_t offset_limit;
|
|
||||||
|
|
||||||
Jbig2WordStream *ws;
|
|
||||||
Jbig2Ctx *ctx;
|
|
||||||
};
|
|
||||||
|
|
||||||
static uint32_t
|
|
||||||
-huff_get_next_word(Jbig2HuffmanState *hs, int offset)
|
|
||||||
+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset)
|
|
||||||
{
|
|
||||||
uint32_t word = 0;
|
|
||||||
Jbig2WordStream *ws = hs->ws;
|
|
||||||
@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset)
|
|
||||||
/* return the offset of the huffman decode pointer (in bytes)
|
|
||||||
* from the beginning of the WordStream
|
|
||||||
*/
|
|
||||||
-int
|
|
||||||
+uint32_t
|
|
||||||
jbig2_huffman_offset(Jbig2HuffmanState *hs)
|
|
||||||
{
|
|
||||||
return hs->offset + (hs->offset_bits >> 3);
|
|
||||||
diff --git a/jbig2dec/jbig2_huffman.h b/jbig2dec/jbig2_huffman.h
|
|
||||||
index 5d1e6e0..cfda9e0 100644
|
|
||||||
--- a/jbig2dec/jbig2_huffman.h
|
|
||||||
+++ b/jbig2dec/jbig2_huffman.h
|
|
||||||
@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs);
|
|
||||||
|
|
||||||
void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset);
|
|
||||||
|
|
||||||
-int jbig2_huffman_offset(Jbig2HuffmanState *hs);
|
|
||||||
+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs);
|
|
||||||
|
|
||||||
int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob);
|
|
||||||
|
|
||||||
diff --git a/jbig2dec/jbig2_image.c b/jbig2dec/jbig2_image.c
|
|
||||||
index 1ae614e..94e5a4c 100644
|
|
||||||
--- a/jbig2dec/jbig2_image.c
|
|
||||||
+++ b/jbig2dec/jbig2_image.c
|
|
||||||
@@ -32,10 +32,10 @@
|
|
||||||
|
|
||||||
/* allocate a Jbig2Image structure and its associated bitmap */
|
|
||||||
Jbig2Image *
|
|
||||||
-jbig2_image_new(Jbig2Ctx *ctx, int width, int height)
|
|
||||||
+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
|
|
||||||
{
|
|
||||||
Jbig2Image *image;
|
|
||||||
- int stride;
|
|
||||||
+ uint32_t stride;
|
|
||||||
int64_t check;
|
|
||||||
|
|
||||||
image = jbig2_new(ctx, Jbig2Image, 1);
|
|
||||||
@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image)
|
|
||||||
|
|
||||||
/* resize a Jbig2Image */
|
|
||||||
Jbig2Image *
|
|
||||||
-jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
|
|
||||||
+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height)
|
|
||||||
{
|
|
||||||
if (width == image->width) {
|
|
||||||
/* check for integer multiplication overflow */
|
|
||||||
@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
|
|
||||||
static int
|
|
||||||
jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
|
|
||||||
{
|
|
||||||
- int i, j;
|
|
||||||
- int sw = src->width;
|
|
||||||
- int sh = src->height;
|
|
||||||
- int sx = 0;
|
|
||||||
- int sy = 0;
|
|
||||||
+ uint32_t i, j;
|
|
||||||
+ uint32_t sw = src->width;
|
|
||||||
+ uint32_t sh = src->height;
|
|
||||||
+ uint32_t sx = 0;
|
|
||||||
+ uint32_t sy = 0;
|
|
||||||
|
|
||||||
/* clip to the dst image boundaries */
|
|
||||||
if (x < 0) {
|
|
||||||
@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x
|
|
||||||
int
|
|
||||||
jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
|
|
||||||
{
|
|
||||||
- int i, j;
|
|
||||||
- int w, h;
|
|
||||||
- int leftbyte, rightbyte;
|
|
||||||
- int shift;
|
|
||||||
+ uint32_t i, j;
|
|
||||||
+ uint32_t w, h;
|
|
||||||
+ uint32_t leftbyte, rightbyte;
|
|
||||||
+ uint32_t shift;
|
|
||||||
uint8_t *s, *ss;
|
|
||||||
uint8_t *d, *dd;
|
|
||||||
uint8_t mask, rightmask;
|
|
||||||
@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
|
|
||||||
h += y;
|
|
||||||
y = 0;
|
|
||||||
}
|
|
||||||
- w = (x + w < dst->width) ? w : dst->width - x;
|
|
||||||
- h = (y + h < dst->height) ? h : dst->height - y;
|
|
||||||
+ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);
|
|
||||||
+ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0);
|
|
||||||
#ifdef JBIG2_DEBUG
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y);
|
|
||||||
#endif
|
|
||||||
@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
- leftbyte = x >> 3;
|
|
||||||
- rightbyte = (x + w - 1) >> 3;
|
|
||||||
+ leftbyte = (uint32_t)x >> 3;
|
|
||||||
+ rightbyte = ((uint32_t)x + w - 1) >> 3;
|
|
||||||
shift = x & 7;
|
|
||||||
|
|
||||||
/* general OR case */
|
|
||||||
diff --git a/jbig2dec/jbig2_mmr.c b/jbig2dec/jbig2_mmr.c
|
|
||||||
index d4cd3a2..390e27c 100644
|
|
||||||
--- a/jbig2dec/jbig2_mmr.c
|
|
||||||
+++ b/jbig2dec/jbig2_mmr.c
|
|
||||||
@@ -38,19 +38,21 @@
|
|
||||||
#include "jbig2_mmr.h"
|
|
||||||
|
|
||||||
typedef struct {
|
|
||||||
- int width;
|
|
||||||
- int height;
|
|
||||||
+ uint32_t width;
|
|
||||||
+ uint32_t height;
|
|
||||||
const byte *data;
|
|
||||||
size_t size;
|
|
||||||
- int data_index;
|
|
||||||
- int bit_index;
|
|
||||||
+ uint32_t data_index;
|
|
||||||
+ uint32_t bit_index;
|
|
||||||
uint32_t word;
|
|
||||||
} Jbig2MmrCtx;
|
|
||||||
|
|
||||||
+#define MINUS1 ((uint32_t)-1)
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size)
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
+ size_t i;
|
|
||||||
uint32_t word = 0;
|
|
||||||
|
|
||||||
mmr->width = width;
|
|
||||||
@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = {
|
|
||||||
#define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
|
|
||||||
|
|
||||||
static int
|
|
||||||
-jbig2_find_changing_element(const byte *line, int x, int w)
|
|
||||||
+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
|
|
||||||
{
|
|
||||||
int a, b;
|
|
||||||
|
|
||||||
if (line == 0)
|
|
||||||
- return w;
|
|
||||||
+ return (int)w;
|
|
||||||
|
|
||||||
- if (x == -1) {
|
|
||||||
+ if (x == MINUS1) {
|
|
||||||
a = 0;
|
|
||||||
x = 0;
|
|
||||||
} else {
|
|
||||||
@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w)
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
-jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color)
|
|
||||||
+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
|
|
||||||
{
|
|
||||||
if (line == 0)
|
|
||||||
return w;
|
|
||||||
@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 };
|
|
||||||
static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
|
|
||||||
|
|
||||||
static void
|
|
||||||
-jbig2_set_bits(byte *line, int x0, int x1)
|
|
||||||
+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1)
|
|
||||||
{
|
|
||||||
- int a0, a1, b0, b1, a;
|
|
||||||
+ uint32_t a0, a1, b0, b1, a;
|
|
||||||
|
|
||||||
a0 = x0 >> 3;
|
|
||||||
a1 = x1 >> 3;
|
|
||||||
@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_
|
|
||||||
static int
|
|
||||||
jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
{
|
|
||||||
- int a0 = -1;
|
|
||||||
- int a1, a2, b1, b2;
|
|
||||||
+ uint32_t a0 = MINUS1;
|
|
||||||
+ uint32_t a1, a2, b1, b2;
|
|
||||||
int c = 0; /* 0 is white, black is 1 */
|
|
||||||
|
|
||||||
while (1) {
|
|
||||||
@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
|
|
||||||
/* printf ("%08x\n", word); */
|
|
||||||
|
|
||||||
- if (a0 >= mmr->width)
|
|
||||||
+ if (a0 != MINUS1 && a0 >= mmr->width)
|
|
||||||
break;
|
|
||||||
|
|
||||||
if ((word >> (32 - 3)) == 1) {
|
|
||||||
@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
|
|
||||||
jbig2_decode_mmr_consume(mmr, 3);
|
|
||||||
|
|
||||||
- if (a0 == -1)
|
|
||||||
+ if (a0 == MINUS1)
|
|
||||||
a0 = 0;
|
|
||||||
|
|
||||||
if (c == 0) {
|
|
||||||
@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
a1 = mmr->width;
|
|
||||||
if (a2 > mmr->width)
|
|
||||||
a2 = mmr->width;
|
|
||||||
- if (a2 < a1 || a1 < 0)
|
|
||||||
+ if (a1 == MINUS1 || a2 < a1)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a1, a2);
|
|
||||||
a0 = a2;
|
|
||||||
@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
a1 = mmr->width;
|
|
||||||
if (a2 > mmr->width)
|
|
||||||
a2 = mmr->width;
|
|
||||||
- if (a1 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || a1 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, a1);
|
|
||||||
a0 = a2;
|
|
||||||
@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
|
|
||||||
b2 = jbig2_find_changing_element(ref, b1, mmr->width);
|
|
||||||
if (c) {
|
|
||||||
- if (b2 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b2 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b2);
|
|
||||||
}
|
|
||||||
@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
jbig2_decode_mmr_consume(mmr, 1);
|
|
||||||
b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
|
|
||||||
if (c) {
|
|
||||||
- if (b1 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b1 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b1);
|
|
||||||
}
|
|
||||||
@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
if (b1 + 1 > mmr->width)
|
|
||||||
break;
|
|
||||||
if (c) {
|
|
||||||
- if (b1 + 1 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b1 + 1 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b1 + 1);
|
|
||||||
}
|
|
||||||
@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
if (b1 + 2 > mmr->width)
|
|
||||||
break;
|
|
||||||
if (c) {
|
|
||||||
- if (b1 + 2 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b1 + 2 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b1 + 2);
|
|
||||||
}
|
|
||||||
@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
/* printf ("VR(3)\n"); */
|
|
||||||
jbig2_decode_mmr_consume(mmr, 7);
|
|
||||||
b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
|
|
||||||
- if (b1 + 3 > mmr->width)
|
|
||||||
+ if (b1 + 3 > (int)mmr->width)
|
|
||||||
break;
|
|
||||||
if (c) {
|
|
||||||
- if (b1 + 3 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b1 + 3 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b1 + 3);
|
|
||||||
}
|
|
||||||
@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
/* printf ("VL(1)\n"); */
|
|
||||||
jbig2_decode_mmr_consume(mmr, 3);
|
|
||||||
b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
|
|
||||||
- if (b1 - 1 < 0)
|
|
||||||
+ if (b1 < 1)
|
|
||||||
break;
|
|
||||||
if (c) {
|
|
||||||
- if (b1 - 1 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b1 - 1 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b1 - 1);
|
|
||||||
}
|
|
||||||
@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
/* printf ("VL(2)\n"); */
|
|
||||||
jbig2_decode_mmr_consume(mmr, 6);
|
|
||||||
b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
|
|
||||||
- if (b1 - 2 < 0)
|
|
||||||
+ if (b1 < 2)
|
|
||||||
break;
|
|
||||||
if (c) {
|
|
||||||
if (b1 - 2 < a0 || a0 < 0)
|
|
||||||
@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
|
|
||||||
/* printf ("VL(3)\n"); */
|
|
||||||
jbig2_decode_mmr_consume(mmr, 7);
|
|
||||||
b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
|
|
||||||
- if (b1 - 3 < 0)
|
|
||||||
+ if (b1 < 3)
|
|
||||||
break;
|
|
||||||
if (c) {
|
|
||||||
- if (b1 - 3 < a0 || a0 < 0)
|
|
||||||
+ if (a0 == MINUS1 || b1 - 3 < a0)
|
|
||||||
return -1;
|
|
||||||
jbig2_set_bits(dst, a0, b1 - 3);
|
|
||||||
}
|
|
||||||
@@ -1009,10 +1011,10 @@ int
|
|
||||||
jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image)
|
|
||||||
{
|
|
||||||
Jbig2MmrCtx mmr;
|
|
||||||
- const int rowstride = image->stride;
|
|
||||||
+ const uint32_t rowstride = image->stride;
|
|
||||||
byte *dst = image->data;
|
|
||||||
byte *ref = NULL;
|
|
||||||
- int y;
|
|
||||||
+ uint32_t y;
|
|
||||||
int code = 0;
|
|
||||||
|
|
||||||
jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size);
|
|
||||||
@@ -1047,10 +1049,10 @@ int
|
|
||||||
jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes)
|
|
||||||
{
|
|
||||||
Jbig2MmrCtx mmr;
|
|
||||||
- const int rowstride = image->stride;
|
|
||||||
+ const uint32_t rowstride = image->stride;
|
|
||||||
byte *dst = image->data;
|
|
||||||
byte *ref = NULL;
|
|
||||||
- int y;
|
|
||||||
+ uint32_t y;
|
|
||||||
int code = 0;
|
|
||||||
const uint32_t EOFB = 0x001001;
|
|
||||||
|
|
||||||
diff --git a/jbig2dec/jbig2_page.c b/jbig2dec/jbig2_page.c
|
|
||||||
index 110ff7c..1ed1c8a 100644
|
|
||||||
--- a/jbig2dec/jbig2_page.c
|
|
||||||
+++ b/jbig2dec/jbig2_page.c
|
|
||||||
@@ -155,9 +155,9 @@ int
|
|
||||||
jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data)
|
|
||||||
{
|
|
||||||
Jbig2Page page = ctx->pages[ctx->current_page];
|
|
||||||
- int end_row;
|
|
||||||
+ uint32_t end_row;
|
|
||||||
|
|
||||||
- end_row = jbig2_get_int32(segment_data);
|
|
||||||
+ end_row = jbig2_get_uint32(segment_data);
|
|
||||||
if (end_row < page.end_row) {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
|
|
||||||
"end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row);
|
|
||||||
@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x,
|
|
||||||
|
|
||||||
/* grow the page to accomodate a new stripe if necessary */
|
|
||||||
if (page->striped) {
|
|
||||||
- int new_height = y + image->height + page->end_row;
|
|
||||||
+ uint32_t new_height = y + image->height + page->end_row;
|
|
||||||
|
|
||||||
if (page->image->height < new_height) {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height);
|
|
||||||
diff --git a/jbig2dec/jbig2_priv.h b/jbig2dec/jbig2_priv.h
|
|
||||||
index 42ba496..3d44b42 100644
|
|
||||||
--- a/jbig2dec/jbig2_priv.h
|
|
||||||
+++ b/jbig2dec/jbig2_priv.h
|
|
||||||
@@ -132,7 +132,7 @@ struct _Jbig2Page {
|
|
||||||
uint32_t x_resolution, y_resolution; /* in pixels per meter */
|
|
||||||
uint16_t stripe_size;
|
|
||||||
bool striped;
|
|
||||||
- int end_row;
|
|
||||||
+ uint32_t end_row;
|
|
||||||
uint8_t flags;
|
|
||||||
Jbig2Image *image;
|
|
||||||
};
|
|
||||||
@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm
|
|
||||||
typedef struct _Jbig2WordStream Jbig2WordStream;
|
|
||||||
|
|
||||||
struct _Jbig2WordStream {
|
|
||||||
- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word);
|
|
||||||
+ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word);
|
|
||||||
};
|
|
||||||
|
|
||||||
Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size);
|
|
||||||
diff --git a/jbig2dec/jbig2_segment.c b/jbig2dec/jbig2_segment.c
|
|
||||||
index 2e0db67..5b63706 100644
|
|
||||||
--- a/jbig2dec/jbig2_segment.c
|
|
||||||
+++ b/jbig2dec/jbig2_segment.c
|
|
||||||
@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
|
|
||||||
uint8_t rtscarf;
|
|
||||||
uint32_t rtscarf_long;
|
|
||||||
uint32_t *referred_to_segments;
|
|
||||||
- int referred_to_segment_count;
|
|
||||||
- int referred_to_segment_size;
|
|
||||||
- int pa_size;
|
|
||||||
- int offset;
|
|
||||||
+ uint32_t referred_to_segment_count;
|
|
||||||
+ uint32_t referred_to_segment_size;
|
|
||||||
+ uint32_t pa_size;
|
|
||||||
+ uint32_t offset;
|
|
||||||
|
|
||||||
/* minimum possible size of a jbig2 segment header */
|
|
||||||
if (buf_size < 11)
|
|
||||||
@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
|
|
||||||
|
|
||||||
/* 7.2.5 */
|
|
||||||
if (referred_to_segment_count) {
|
|
||||||
- int i;
|
|
||||||
+ uint32_t i;
|
|
||||||
|
|
||||||
referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size);
|
|
||||||
if (referred_to_segments == NULL) {
|
|
||||||
diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
|
|
||||||
index 2c71a4c..11a2252 100644
|
|
||||||
--- a/jbig2dec/jbig2_symbol_dict.c
|
|
||||||
+++ b/jbig2dec/jbig2_symbol_dict.c
|
|
||||||
@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment)
|
|
||||||
|
|
||||||
/* return a new empty symbol dict */
|
|
||||||
Jbig2SymbolDict *
|
|
||||||
-jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols)
|
|
||||||
+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
|
|
||||||
{
|
|
||||||
- Jbig2SymbolDict *new = NULL;
|
|
||||||
+ Jbig2SymbolDict *new_dict = NULL;
|
|
||||||
|
|
||||||
if (n_symbols < 0) {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- new = jbig2_new(ctx, Jbig2SymbolDict, 1);
|
|
||||||
- if (new != NULL) {
|
|
||||||
- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
|
|
||||||
- new->n_symbols = n_symbols;
|
|
||||||
+ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
|
|
||||||
+ if (new_dict != NULL) {
|
|
||||||
+ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
|
|
||||||
+ new_dict->n_symbols = n_symbols;
|
|
||||||
} else {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict");
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (new->glyphs != NULL) {
|
|
||||||
- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
|
|
||||||
+ if (new_dict->glyphs != NULL) {
|
|
||||||
+ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
|
|
||||||
} else {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict");
|
|
||||||
- jbig2_free(ctx->allocator, new);
|
|
||||||
+ jbig2_free(ctx->allocator, new_dict);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- return new;
|
|
||||||
+ return new_dict;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* release the memory associated with a symbol dict */
|
|
||||||
void
|
|
||||||
jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict)
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
+ uint32_t i;
|
|
||||||
|
|
||||||
if (dict == NULL)
|
|
||||||
return;
|
|
||||||
@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id)
|
|
||||||
}
|
|
||||||
|
|
||||||
/* count the number of dictionary segments referred to by the given segment */
|
|
||||||
-int
|
|
||||||
+uint32_t
|
|
||||||
jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
|
|
||||||
{
|
|
||||||
int index;
|
|
||||||
Jbig2Segment *rsegment;
|
|
||||||
- int n_dicts = 0;
|
|
||||||
+ uint32_t n_dicts = 0;
|
|
||||||
|
|
||||||
for (index = 0; index < segment->referred_to_segment_count; index++) {
|
|
||||||
rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]);
|
|
||||||
@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
|
|
||||||
int index;
|
|
||||||
Jbig2Segment *rsegment;
|
|
||||||
Jbig2SymbolDict **dicts;
|
|
||||||
- int n_dicts = jbig2_sd_count_referred(ctx, segment);
|
|
||||||
- int dindex = 0;
|
|
||||||
+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
|
|
||||||
+ uint32_t dindex = 0;
|
|
||||||
|
|
||||||
dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts);
|
|
||||||
if (dicts == NULL) {
|
|
||||||
@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
|
|
||||||
/* generate a new symbol dictionary by concatenating a list of
|
|
||||||
existing dictionaries */
|
|
||||||
Jbig2SymbolDict *
|
|
||||||
-jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
|
|
||||||
+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts)
|
|
||||||
{
|
|
||||||
- int i, j, k, symbols;
|
|
||||||
- Jbig2SymbolDict *new = NULL;
|
|
||||||
+ uint32_t i, j, k, symbols;
|
|
||||||
+ Jbig2SymbolDict *new_dict = NULL;
|
|
||||||
|
|
||||||
/* count the imported symbols and allocate a new array */
|
|
||||||
symbols = 0;
|
|
||||||
@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
|
|
||||||
symbols += dicts[i]->n_symbols;
|
|
||||||
|
|
||||||
/* fill a new array with cloned glyph pointers */
|
|
||||||
- new = jbig2_sd_new(ctx, symbols);
|
|
||||||
- if (new != NULL) {
|
|
||||||
+ new_dict = jbig2_sd_new(ctx, symbols);
|
|
||||||
+ if (new_dict != NULL) {
|
|
||||||
k = 0;
|
|
||||||
for (i = 0; i < n_dicts; i++)
|
|
||||||
for (j = 0; j < dicts[i]->n_symbols; j++)
|
|
||||||
- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
|
|
||||||
+ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
|
|
||||||
} else {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary");
|
|
||||||
}
|
|
||||||
|
|
||||||
- return new;
|
|
||||||
+ return new_dict;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Decoding routines */
|
|
||||||
@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
|
||||||
|
|
||||||
if (REFAGGNINST > 1) {
|
|
||||||
Jbig2Image *image;
|
|
||||||
- int i;
|
|
||||||
+ uint32_t i;
|
|
||||||
|
|
||||||
if (tparams == NULL) {
|
|
||||||
/* First time through, we need to initialise the */
|
|
||||||
@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
|
||||||
uint32_t ID;
|
|
||||||
int32_t RDX, RDY;
|
|
||||||
int BMSIZE = 0;
|
|
||||||
- int ninsyms = params->SDNUMINSYMS;
|
|
||||||
+ uint32_t ninsyms = params->SDNUMINSYMS;
|
|
||||||
int code1 = 0;
|
|
||||||
int code2 = 0;
|
|
||||||
int code3 = 0;
|
|
||||||
@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
|
||||||
if (params->SDHUFF && !params->SDREFAGG) {
|
|
||||||
/* 6.5.9 */
|
|
||||||
Jbig2Image *image;
|
|
||||||
- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
|
|
||||||
- int j, x;
|
|
||||||
+ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
|
|
||||||
+ uint32_t j;
|
|
||||||
+ int x;
|
|
||||||
|
|
||||||
if (code || (BMSIZE < 0)) {
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
|
|
||||||
@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary");
|
|
||||||
goto cleanup4;
|
|
||||||
} else {
|
|
||||||
- int i = 0;
|
|
||||||
- int j = 0;
|
|
||||||
- int k;
|
|
||||||
+ uint32_t i = 0;
|
|
||||||
+ uint32_t j = 0;
|
|
||||||
+ uint32_t k;
|
|
||||||
int exflag = 0;
|
|
||||||
- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
|
|
||||||
- int32_t exrunlength;
|
|
||||||
+ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
|
|
||||||
+ uint32_t exrunlength;
|
|
||||||
int zerolength = 0;
|
|
||||||
|
|
||||||
while (i < limit) {
|
|
||||||
if (params->SDHUFF)
|
|
||||||
exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code);
|
|
||||||
else
|
|
||||||
- code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
|
|
||||||
+ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
|
|
||||||
/* prevent infinite loop */
|
|
||||||
zerolength = exrunlength > 0 ? 0 : zerolength + 1;
|
|
||||||
- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) {
|
|
||||||
+ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
|
|
||||||
if (code)
|
|
||||||
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
|
|
||||||
else if (exrunlength <= 0)
|
|
||||||
@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
|
|
||||||
{
|
|
||||||
Jbig2SymbolDictParams params;
|
|
||||||
uint16_t flags;
|
|
||||||
- int sdat_bytes;
|
|
||||||
- int offset;
|
|
||||||
+ uint32_t sdat_bytes;
|
|
||||||
+ uint32_t offset;
|
|
||||||
Jbig2ArithCx *GB_stats = NULL;
|
|
||||||
Jbig2ArithCx *GR_stats = NULL;
|
|
||||||
int table_index = 0;
|
|
||||||
@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
|
|
||||||
|
|
||||||
/* 7.4.2.2 (2) */
|
|
||||||
{
|
|
||||||
- int n_dicts = jbig2_sd_count_referred(ctx, segment);
|
|
||||||
+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
|
|
||||||
Jbig2SymbolDict **dicts = NULL;
|
|
||||||
|
|
||||||
if (n_dicts > 0) {
|
|
||||||
diff --git a/jbig2dec/jbig2_symbol_dict.h b/jbig2dec/jbig2_symbol_dict.h
|
|
||||||
index d56d62d..30211d4 100644
|
|
||||||
--- a/jbig2dec/jbig2_symbol_dict.h
|
|
||||||
+++ b/jbig2dec/jbig2_symbol_dict.h
|
|
||||||
@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se
|
|
||||||
Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id);
|
|
||||||
|
|
||||||
/* return a new empty symbol dict */
|
|
||||||
-Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols);
|
|
||||||
+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols);
|
|
||||||
|
|
||||||
/* release the memory associated with a symbol dict */
|
|
||||||
void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict);
|
|
||||||
|
|
||||||
/* generate a new symbol dictionary by concatenating a list of
|
|
||||||
existing dictionaries */
|
|
||||||
-Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts);
|
|
||||||
+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts);
|
|
||||||
|
|
||||||
/* count the number of dictionary segments referred
|
|
||||||
to by the given segment */
|
|
||||||
-int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
|
|
||||||
+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
|
|
||||||
|
|
||||||
/* return an array of pointers to symbol dictionaries referred
|
|
||||||
to by a segment */
|
|
||||||
diff --git a/jbig2dec/jbig2_text.c b/jbig2dec/jbig2_text.c
|
|
||||||
index 5c99640..e77460f 100644
|
|
||||||
--- a/jbig2dec/jbig2_text.c
|
|
||||||
+++ b/jbig2dec/jbig2_text.c
|
|
||||||
@@ -55,7 +55,7 @@
|
|
||||||
int
|
|
||||||
jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
const Jbig2TextRegionParams *params,
|
|
||||||
- const Jbig2SymbolDict *const *dicts, const int n_dicts,
|
|
||||||
+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
|
|
||||||
Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws)
|
|
||||||
{
|
|
||||||
/* relevent bits of 6.4.4 */
|
|
||||||
@@ -476,19 +476,19 @@ cleanup2:
|
|
||||||
int
|
|
||||||
jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data)
|
|
||||||
{
|
|
||||||
- int offset = 0;
|
|
||||||
+ uint32_t offset = 0;
|
|
||||||
Jbig2RegionSegmentInfo region_info;
|
|
||||||
Jbig2TextRegionParams params;
|
|
||||||
Jbig2Image *image = NULL;
|
|
||||||
Jbig2SymbolDict **dicts = NULL;
|
|
||||||
- int n_dicts = 0;
|
|
||||||
+ uint32_t n_dicts = 0;
|
|
||||||
uint16_t flags = 0;
|
|
||||||
uint16_t huffman_flags = 0;
|
|
||||||
Jbig2ArithCx *GR_stats = NULL;
|
|
||||||
int code = 0;
|
|
||||||
Jbig2WordStream *ws = NULL;
|
|
||||||
Jbig2ArithState *as = NULL;
|
|
||||||
- int table_index = 0;
|
|
||||||
+ uint32_t table_index = 0;
|
|
||||||
const Jbig2HuffmanParams *huffman_params = NULL;
|
|
||||||
|
|
||||||
/* 7.4.1 */
|
|
||||||
@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
|
|
||||||
code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?");
|
|
||||||
goto cleanup1;
|
|
||||||
} else {
|
|
||||||
- int index;
|
|
||||||
+ uint32_t index;
|
|
||||||
|
|
||||||
if (dicts[0] == NULL) {
|
|
||||||
code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!");
|
|
||||||
@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!params.SBHUFF) {
|
|
||||||
- int SBSYMCODELEN, index;
|
|
||||||
- int SBNUMSYMS = 0;
|
|
||||||
+ uint32_t SBSYMCODELEN, index;
|
|
||||||
+ uint32_t SBNUMSYMS = 0;
|
|
||||||
|
|
||||||
for (index = 0; index < n_dicts; index++) {
|
|
||||||
SBNUMSYMS += dicts[index]->n_symbols;
|
|
||||||
@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Table 31 */
|
|
||||||
- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
|
|
||||||
+ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
|
|
||||||
}
|
|
||||||
params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
|
|
||||||
params.IARI = jbig2_arith_int_ctx_new(ctx);
|
|
||||||
diff --git a/jbig2dec/jbig2_text.h b/jbig2dec/jbig2_text.h
|
|
||||||
index aec2732..51d242e 100644
|
|
||||||
--- a/jbig2dec/jbig2_text.h
|
|
||||||
+++ b/jbig2dec/jbig2_text.h
|
|
||||||
@@ -70,5 +70,5 @@ typedef struct {
|
|
||||||
int
|
|
||||||
jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
|
|
||||||
const Jbig2TextRegionParams *params,
|
|
||||||
- const Jbig2SymbolDict *const *dicts, const int n_dicts,
|
|
||||||
+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
|
|
||||||
Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws);
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,39 +0,0 @@
|
|||||||
From bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Thu, 6 Apr 2017 16:44:54 +0100
|
|
||||||
Subject: [PATCH] Bug 697548: use the correct param list enumerator
|
|
||||||
|
|
||||||
When we encountered dictionary in a ref_param_list, we were using the enumerator
|
|
||||||
for the "parent" param_list, rather than the enumerator for the param_list
|
|
||||||
we just created for the dictionary. That parent was usually the stack
|
|
||||||
list enumerator, and caused a segfault.
|
|
||||||
|
|
||||||
Using the correct enumerator works better.
|
|
||||||
---
|
|
||||||
psi/iparam.c | 7 ++++---
|
|
||||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/psi/iparam.c b/psi/iparam.c
|
|
||||||
index 4e63b6d..b2fa85f 100644
|
|
||||||
--- a/psi/iparam.c
|
|
||||||
+++ b/psi/iparam.c
|
|
||||||
@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * plist, gs_param_name pkey,
|
|
||||||
gs_param_enumerator_t enumr;
|
|
||||||
gs_param_key_t key;
|
|
||||||
ref_type keytype;
|
|
||||||
+ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list;
|
|
||||||
|
|
||||||
param_init_enumerator(&enumr);
|
|
||||||
- if (!(*((iparam_list *) plist)->enumerate)
|
|
||||||
- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype)
|
|
||||||
+ if (!(*(dlist->enumerate))
|
|
||||||
+ ((iparam_list *) dlist, &enumr, &key, &keytype)
|
|
||||||
&& keytype == t_integer) {
|
|
||||||
- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1;
|
|
||||||
+ dlist->int_keys = 1;
|
|
||||||
pvalue->type = gs_param_type_dict_int_keys;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Mon, 20 Mar 2017 09:34:11 +0000
|
|
||||||
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
|
|
||||||
|
|
||||||
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
|
|
||||||
|
|
||||||
This is only possible by abusing/mis-using Ghostscript-specific
|
|
||||||
language extensions, so cannot happen in a general PostScript program.
|
|
||||||
|
|
||||||
Nevertheless, Ghostscript should not crash. So this commit checks the
|
|
||||||
memory device to see if raster memory has been allocated, before trying
|
|
||||||
to read from it.
|
|
||||||
---
|
|
||||||
base/gdevmem.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/base/gdevmem.c b/base/gdevmem.c
|
|
||||||
index afd05bd..d52d684 100644
|
|
||||||
--- a/base/gdevmem.c
|
|
||||||
+++ b/base/gdevmem.c
|
|
||||||
@@ -606,6 +606,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
|
|
||||||
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
|
|
||||||
return_error(gs_error_rangecheck);
|
|
||||||
}
|
|
||||||
+ if (mdev->line_ptrs == 0x00)
|
|
||||||
+ return_error(gs_error_rangecheck);
|
|
||||||
if ((w <= 0) | (h <= 0)) {
|
|
||||||
if ((w | h) < 0)
|
|
||||||
return_error(gs_error_rangecheck);
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
|
|
||||||
Date: Wed, 26 Apr 2017 22:12:14 +0100
|
|
||||||
Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
|
|
||||||
|
|
||||||
While building a Huffman table, the start and end points were susceptible
|
|
||||||
to integer overflow.
|
|
||||||
|
|
||||||
Thank you to Jiaqi for finding this issue and suggesting a patch.
|
|
||||||
---
|
|
||||||
jbig2dec/jbig2_huffman.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c
|
|
||||||
index 511e461..b4189a1 100644
|
|
||||||
--- a/jbig2dec/jbig2_huffman.c
|
|
||||||
+++ b/jbig2dec/jbig2_huffman.c
|
|
||||||
@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
|
|
||||||
|
|
||||||
if (PREFLEN == CURLEN) {
|
|
||||||
int RANGELEN = lines[CURTEMP].RANGELEN;
|
|
||||||
- int start_j = CURCODE << shift;
|
|
||||||
- int end_j = (CURCODE + 1) << shift;
|
|
||||||
+ uint32_t start_j = CURCODE << shift;
|
|
||||||
+ uint32_t end_j = (CURCODE + 1) << shift;
|
|
||||||
byte eflags = 0;
|
|
||||||
|
|
||||||
if (end_j > max_j) {
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,92 +0,0 @@
|
|||||||
From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Thu, 27 Apr 2017 13:03:33 +0100
|
|
||||||
Subject: [PATCH 1/2] Bug 697799: have .eqproc check its parameters
|
|
||||||
|
|
||||||
The Ghostscript custom operator .eqproc was not check the number or type of
|
|
||||||
the parameters it was given.
|
|
||||||
---
|
|
||||||
psi/zmisc3.c | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/psi/zmisc3.c b/psi/zmisc3.c
|
|
||||||
index 54b3042..37293ff 100644
|
|
||||||
--- a/psi/zmisc3.c
|
|
||||||
+++ b/psi/zmisc3.c
|
|
||||||
@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
|
|
||||||
ref2_t stack[MAX_DEPTH + 1];
|
|
||||||
ref2_t *top = stack;
|
|
||||||
|
|
||||||
+ if (ref_stack_count(&o_stack) < 2)
|
|
||||||
+ return_error(gs_error_stackunderflow);
|
|
||||||
+ if (!r_is_array(op - 1) || !r_is_array(op)) {
|
|
||||||
+ return_error(gs_error_typecheck);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
make_array(&stack[0].proc1, 0, 1, op - 1);
|
|
||||||
make_array(&stack[0].proc2, 0, 1, op);
|
|
||||||
for (;;) {
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
||||||
|
|
||||||
From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Thu, 27 Apr 2017 13:21:31 +0100
|
|
||||||
Subject: [PATCH 2/2] Bug 697799: have .rsdparams check its parameters
|
|
||||||
|
|
||||||
The Ghostscript internal operator .rsdparams wasn't checking the number or
|
|
||||||
type of the operands it was being passed. Do so.
|
|
||||||
---
|
|
||||||
psi/zfrsd.c | 22 +++++++++++++++-------
|
|
||||||
1 file changed, 15 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/psi/zfrsd.c b/psi/zfrsd.c
|
|
||||||
index 191107d..950588d 100644
|
|
||||||
--- a/psi/zfrsd.c
|
|
||||||
+++ b/psi/zfrsd.c
|
|
||||||
@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
|
|
||||||
ref *pFilter;
|
|
||||||
ref *pDecodeParms;
|
|
||||||
int Intent = 0;
|
|
||||||
- bool AsyncRead;
|
|
||||||
+ bool AsyncRead = false;
|
|
||||||
ref empty_array, filter1_array, parms1_array;
|
|
||||||
uint i;
|
|
||||||
- int code;
|
|
||||||
+ int code = 0;
|
|
||||||
+
|
|
||||||
+ if (ref_stack_count(&o_stack) < 1)
|
|
||||||
+ return_error(gs_error_stackunderflow);
|
|
||||||
+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
|
|
||||||
+ return_error(gs_error_typecheck);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
make_empty_array(&empty_array, a_readonly);
|
|
||||||
- if (dict_find_string(op, "Filter", &pFilter) > 0) {
|
|
||||||
+ if (r_has_type(op, t_dictionary)
|
|
||||||
+ && dict_find_string(op, "Filter", &pFilter) > 0) {
|
|
||||||
if (!r_is_array(pFilter)) {
|
|
||||||
if (!r_has_type(pFilter, t_name))
|
|
||||||
return_error(gs_error_typecheck);
|
|
||||||
@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
|
|
||||||
return_error(gs_error_typecheck);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
|
|
||||||
+ if (r_has_type(op, t_dictionary))
|
|
||||||
+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
|
|
||||||
if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
|
|
||||||
return code;
|
|
||||||
- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
|
|
||||||
- )
|
|
||||||
- return code;
|
|
||||||
+ if (r_has_type(op, t_dictionary))
|
|
||||||
+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
|
|
||||||
+ return code;
|
|
||||||
push(1);
|
|
||||||
op[-1] = *pFilter;
|
|
||||||
if (pDecodeParms)
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
|||||||
From 99cf218dbd5f6fbdbda2ce6872eb9ab7f475c353 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Tue, 27 Sep 2016 11:22:18 +0100
|
|
||||||
Subject: [PATCH 1/2] Add pre-processor define for shared OpenJPEG
|
|
||||||
|
|
||||||
---
|
|
||||||
Makefile.in | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Makefile.in b/Makefile.in
|
|
||||||
index 25875ad..2ca2a80 100644
|
|
||||||
--- a/Makefile.in
|
|
||||||
+++ b/Makefile.in
|
|
||||||
@@ -290,7 +290,7 @@ JBIG2_CFLAGS=@JBIG2_AUTOCONF_CFLAGS@
|
|
||||||
JPX_LIB=@JPX_DECODER@
|
|
||||||
SHARE_JPX=@SHARE_JPX@
|
|
||||||
JPXSRCDIR=@JPXDIR@
|
|
||||||
-JPX_CFLAGS=@JPX_AUTOCONF_CFLAGS@ @JPX_SSE_CFLAGS@
|
|
||||||
+JPX_CFLAGS=-DSHARE_JPX=$(SHARE_JPX) @JPX_AUTOCONF_CFLAGS@ @JPX_SSE_CFLAGS@
|
|
||||||
|
|
||||||
# uncomment the following three lines and one of the last two to
|
|
||||||
# compile in the Luratech lwf_jp2 codec
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
||||||
|
|
||||||
From 4f19ab99cac2d8a7d21aea34d8aea0727fad52d3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Didier Raboud <odyx@debian.org>
|
|
||||||
Date: Thu, 6 Oct 2016 17:08:41 +0200
|
|
||||||
Subject: [PATCH 2/2] Don't pass -DOPJ_STATIC when compiling the OpenJPEG code.
|
|
||||||
|
|
||||||
It makes the symbols hidden when including
|
|
||||||
/usr/include/openjpeg-2.1/openjpeg.h.
|
|
||||||
Fixes a FTBFS against libopenjp2-7 (>= 2.1.1).
|
|
||||||
|
|
||||||
Debian bug: https://bugs.debian.org/832873
|
|
||||||
---
|
|
||||||
base/lib.mak | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/base/lib.mak b/base/lib.mak
|
|
||||||
index 173e2c6..cffdc9d 100644
|
|
||||||
--- a/base/lib.mak
|
|
||||||
+++ b/base/lib.mak
|
|
||||||
@@ -1849,7 +1849,7 @@ $(GLOBJ)sjpx_openjpeg.$(OBJ) : $(GLSRC)sjpx_openjpeg.c $(AK) \
|
|
||||||
$(memory__h) $(gserror_h) $(gserrors_h) \
|
|
||||||
$(gdebug_h) $(strimpl_h) $(sjpx_openjpeg_h) $(LIB_MAK) $(MAKEDIRS)
|
|
||||||
$(GLJPXOPJCC) $(GLO_)sjpx_openjpeg.$(OBJ) \
|
|
||||||
- $(C_) -DOPJ_STATIC $(GLSRC)sjpx_openjpeg.c
|
|
||||||
+ $(C_) $(GLSRC)sjpx_openjpeg.c
|
|
||||||
|
|
||||||
# ---------------- Pixel-difference filters ---------------- #
|
|
||||||
# The Predictor facility of the LZW and Flate filters uses these.
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
|||||||
From 329e0a6d187cc5b5698689d76636ed3214d7efa7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Thu, 3 Nov 2016 13:09:27 +0000
|
|
||||||
Subject: [PATCH] Bug 697286: handle GlyphDirectory as an array
|
|
||||||
|
|
||||||
For high level devices that need to copy CIDFonts, we need to establish the
|
|
||||||
highest CID in a given CIDFont. If the font has a GlyphDirectory dictionary
|
|
||||||
the only way to do so is to iterate through the keys to find the highest.
|
|
||||||
|
|
||||||
The code handling this ignored that the GlyphDirectory could be an array,
|
|
||||||
which confused the dictionary content iterator, and caused a segfault.
|
|
||||||
|
|
||||||
In the case of an array, set the high CID to the highest index available in the
|
|
||||||
array.
|
|
||||||
---
|
|
||||||
psi/zfcid.c | 18 +++++++++++-------
|
|
||||||
1 file changed, 11 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/psi/zfcid.c b/psi/zfcid.c
|
|
||||||
index ce583af..3098a22 100644
|
|
||||||
--- a/psi/zfcid.c
|
|
||||||
+++ b/psi/zfcid.c
|
|
||||||
@@ -76,15 +76,19 @@ cid_font_data_param(os_ptr op, gs_font_cid_data *pdata, ref *pGlyphDirectory)
|
|
||||||
* the number of CIDs in the font. We need to know the maximum CID
|
|
||||||
* when copying fonts, so calculate and store it now.
|
|
||||||
*/
|
|
||||||
- index = dict_first(pgdir);
|
|
||||||
- while (index >= 0) {
|
|
||||||
- index = dict_next(pgdir, index, (ref *)&element);
|
|
||||||
- if (index >= 0) {
|
|
||||||
- if (element[0].value.intval > pdata->MaxCID)
|
|
||||||
- pdata->MaxCID = element[0].value.intval;
|
|
||||||
+ if (r_has_type(pgdir, t_dictionary)) {
|
|
||||||
+ index = dict_first(pgdir);
|
|
||||||
+ while (index >= 0) {
|
|
||||||
+ index = dict_next(pgdir, index, (ref *)&element);
|
|
||||||
+ if (index >= 0) {
|
|
||||||
+ if (element[0].value.intval > pdata->MaxCID)
|
|
||||||
+ pdata->MaxCID = element[0].value.intval;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-
|
|
||||||
+ else {
|
|
||||||
+ pdata->MaxCID = r_size(pgdir) - 1;
|
|
||||||
+ }
|
|
||||||
return code;
|
|
||||||
} else {
|
|
||||||
return_error(gs_error_typecheck);
|
|
||||||
--
|
|
||||||
2.7.4
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,33 +0,0 @@
|
|||||||
From a3b95bec1e3e07abdb4b29e3642777d2963fec80 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "David Kaspar [Dee'Kej]" <dkaspar@redhat.com>
|
|
||||||
Date: Wed, 27 Sep 2017 12:59:18 +0200
|
|
||||||
Subject: [PATCH] Resource/Init/Fontmap.GS: Use latest (URW)++ fonts
|
|
||||||
|
|
||||||
Taken from ghostscript-9.22 RC1.
|
|
||||||
---
|
|
||||||
Resource/Init/Fontmap.GS | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Resource/Init/Fontmap.GS b/Resource/Init/Fontmap.GS
|
|
||||||
index a9fa335..7770c67 100644
|
|
||||||
--- a/Resource/Init/Fontmap.GS
|
|
||||||
+++ b/Resource/Init/Fontmap.GS
|
|
||||||
@@ -94,13 +94,13 @@
|
|
||||||
/Courier /NimbusMonoPS-Regular ;
|
|
||||||
/Courier-Oblique /NimbusMonoPS-Italic ;
|
|
||||||
/Helvetica-Bold /NimbusSans-Bold ;
|
|
||||||
-/Helvetica-BoldOblique /NimbusSans-BoldOblique ;
|
|
||||||
+/Helvetica-BoldOblique /NimbusSans-BoldItalic ;
|
|
||||||
/Helvetica-Narrow-Bold /NimbusSansNarrow-Bold ;
|
|
||||||
/Helvetica-Narrow-BoldOblique /NimbusSansNarrow-BdOblique ;
|
|
||||||
/Helvetica-Narrow /NimbusSansNarrow-Regular ;
|
|
||||||
/Helvetica-Narrow-Oblique /NimbusSansNarrow-Oblique ;
|
|
||||||
/Helvetica /NimbusSans-Regular ;
|
|
||||||
-/Helvetica-Oblique /NimbusSans-Oblique ;
|
|
||||||
+/Helvetica-Oblique /NimbusSans-Italic ;
|
|
||||||
/NewCenturySchlbk-Bold /C059-Bold ;
|
|
||||||
/NewCenturySchlbk-BoldItalic /C059-BdIta ;
|
|
||||||
/NewCenturySchlbk-Italic /C059-Italic ;
|
|
||||||
--
|
|
||||||
2.9.5
|
|
||||||
|
|
@ -1,43 +1,23 @@
|
|||||||
%define gs_ver 9.20
|
%define gs_ver 9.22
|
||||||
%define gs_dot_ver 9.20
|
%define gs_dot_ver 9.22
|
||||||
%{expand: %%define build_with_freetype %{?_with_freetype:1}%{!?_with_freetype:0}}
|
%{expand: %%define build_with_freetype %{?_with_freetype:1}%{!?_with_freetype:0}}
|
||||||
Summary: A PostScript interpreter and renderer
|
Summary: A PostScript interpreter and renderer
|
||||||
Name: ghostscript
|
Name: ghostscript
|
||||||
Version: %{gs_ver}
|
Version: %{gs_ver}
|
||||||
|
|
||||||
Release: 14%{?dist}
|
Release: 1%{?dist}
|
||||||
|
|
||||||
# Included CMap data is Redistributable, no modification permitted,
|
# Included CMap data is Redistributable, no modification permitted,
|
||||||
# see http://bugzilla.redhat.com/487510
|
# see http://bugzilla.redhat.com/487510
|
||||||
License: AGPLv3+ and Redistributable, no modification permitted
|
License: AGPLv3+ and Redistributable, no modification permitted
|
||||||
URL: http://www.ghostscript.com/
|
URL: http://www.ghostscript.com/
|
||||||
Group: Applications/Publishing
|
Group: Applications/Publishing
|
||||||
Source0: ghostscript-9.20.tar.xz
|
Source0: ghostscript-9.22.tar.xz
|
||||||
Source1: CIDFnmap
|
Source1: CIDFnmap
|
||||||
Source2: cidfmap
|
Source2: cidfmap
|
||||||
|
|
||||||
Patch1: ghostscript-9.20-fix-openjpeg-system-build.patch
|
Patch1: ghostscript-9.20-runlibfileifexists.patch
|
||||||
Patch2: ghostscript-9.20-runlibfileifexists.patch
|
Patch2: ghostscript-9.20-run-dvipdf-securely.patch
|
||||||
Patch3: ghostscript-9.20-run-dvipdf-securely.patch
|
|
||||||
Patch4: ghostscript-9.20-urw-fonts-naming.patch
|
|
||||||
Patch10: ghostscript-9.20-handle-glyphdirectory-correctly.patch
|
|
||||||
Patch11: ghostscript-9.20-remove-and-reimplement-ConvertUTF.patch
|
|
||||||
|
|
||||||
# Security patches:
|
|
||||||
Patch5: ghostscript-9.20-cve-2016-7979.patch
|
|
||||||
Patch6: ghostscript-9.20-cve-2016-7976.patch
|
|
||||||
Patch7: ghostscript-9.20-cve-2016-7978.patch
|
|
||||||
Patch8: ghostscript-9.20-cve-2016-8602.patch
|
|
||||||
Patch9: ghostscript-9.20-cve-2016-7977.patch
|
|
||||||
Patch12: ghostscript-9.20-cve-2016-9601.patch
|
|
||||||
Patch13: ghostscript-9.20-cve-2017-7207.patch
|
|
||||||
Patch14: ghostscript-9.20-cve-2016-10217.patch
|
|
||||||
Patch15: ghostscript-9.20-cve-2016-10218.patch
|
|
||||||
Patch16: ghostscript-9.20-cve-2016-10219.patch
|
|
||||||
Patch17: ghostscript-9.20-cve-2016-10220.patch
|
|
||||||
Patch18: ghostscript-9.20-cve-2017-5951.patch
|
|
||||||
Patch19: ghostscript-9.20-cve-2017-8291.patch
|
|
||||||
Patch20: ghostscript-9.20-cve-2017-7975.patch
|
|
||||||
|
|
||||||
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
||||||
@ -126,66 +106,12 @@ A GTK-enabled version of Ghostscript, called 'gsx'.
|
|||||||
%setup -q -n %{name}-%{gs_ver}
|
%setup -q -n %{name}-%{gs_ver}
|
||||||
rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib cups/libs
|
rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib cups/libs
|
||||||
|
|
||||||
# Fix building with system's OpenJPEG shared library:
|
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
# Fix error when using 'convert' from ImageMagick, and
|
# Fix error when using 'convert' from ImageMagick, and
|
||||||
# make sure the configuration in /etc/ghostscript/Fonts.local is used:
|
# make sure the configuration in /etc/ghostscript/Fonts.local is used:
|
||||||
%patch2 -p1
|
%patch1 -p1
|
||||||
|
|
||||||
# Fix some shell scripts
|
# Fix some shell scripts
|
||||||
%patch3 -p1
|
%patch2 -p1
|
||||||
|
|
||||||
# Use latest names for new 'urw-base35-fonts' package.
|
|
||||||
%patch4 -p1
|
|
||||||
|
|
||||||
# DSC parser - validate parameters (bug #1382305):
|
|
||||||
%patch5 -p1
|
|
||||||
|
|
||||||
# Add a file permissions callaback (bug #1382294):
|
|
||||||
%patch6 -p1
|
|
||||||
|
|
||||||
# Reference count device icc profile (bug #1382300):
|
|
||||||
%patch7 -p1
|
|
||||||
|
|
||||||
# Check for sufficient params in .sethalftone5 (bug #1383940):
|
|
||||||
%patch8 -p1
|
|
||||||
|
|
||||||
# Honor -dSAFER in .libfile (bug #1380415):
|
|
||||||
%patch9 -p1
|
|
||||||
|
|
||||||
# handle GlyphDirectory as an array (http://bugs.ghostscript.com/show_bug.cgi?id=697286):
|
|
||||||
%patch10 -p1
|
|
||||||
|
|
||||||
# Remove (and re-implement) ConvertUTF.c because of licensing issues (bug #1404933):
|
|
||||||
%patch11 -p1
|
|
||||||
|
|
||||||
# Squash signed/unsigned warnings in MSVC jbig2 build (bug #1410021):
|
|
||||||
%patch12 -p1
|
|
||||||
|
|
||||||
# Check for null-pointer dereference in mem_get_bits_rectangle() (bug #1434497):
|
|
||||||
%patch13 -p1
|
|
||||||
|
|
||||||
# CVE-2016-10217 (bug #1441564):
|
|
||||||
%patch14 -p1
|
|
||||||
|
|
||||||
# CVE-2016-10218 (bug #1441568):
|
|
||||||
%patch15 -p1
|
|
||||||
|
|
||||||
# CVE-2016-10219 (bug #1441569):
|
|
||||||
%patch16 -p1
|
|
||||||
|
|
||||||
# CVE-2016-10220 (bug #1441571):
|
|
||||||
%patch17 -p1
|
|
||||||
|
|
||||||
# CVE-2017-5951 (bug #1441572):
|
|
||||||
%patch18 -p1
|
|
||||||
|
|
||||||
# CVE-2017-8291 (bug #1446063):
|
|
||||||
%patch19 -p1
|
|
||||||
|
|
||||||
# CVE-2017-7975 (bug #1443940):
|
|
||||||
%patch20 -p1
|
|
||||||
|
|
||||||
# Convert manual pages to UTF-8
|
# Convert manual pages to UTF-8
|
||||||
from8859_1() {
|
from8859_1() {
|
||||||
@ -380,6 +306,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/libgs.so
|
%{_libdir}/libgs.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 27 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.22-1
|
||||||
|
- Rebase to latest upstream version (no API/ABI changes according to upstream)
|
||||||
|
|
||||||
* Wed Sep 27 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-14
|
* Wed Sep 27 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-14
|
||||||
- Rebuilt with updated 'search path' for fonts (bug #1500105)
|
- Rebuilt with updated 'search path' for fonts (bug #1500105)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user