diff options
author | Peter Alfredsen <loki_val@gentoo.org> | 2009-04-17 00:36:08 +0000 |
---|---|---|
committer | Peter Alfredsen <loki_val@gentoo.org> | 2009-04-17 00:36:08 +0000 |
commit | da1eda54baeebbb071c0fc5130bbfa93ff3f3288 (patch) | |
tree | d52604ef8042dd310aa8307fa5fe4ee400b3dd73 | |
parent | Bump w.r.t. bug 263028. (diff) | |
download | gentoo-2-da1eda54baeebbb071c0fc5130bbfa93ff3f3288.tar.gz gentoo-2-da1eda54baeebbb071c0fc5130bbfa93ff3f3288.tar.bz2 gentoo-2-da1eda54baeebbb071c0fc5130bbfa93ff3f3288.zip |
Bump w.r.t. bug 263028.
(Portage version: 2.2_rc28/cvs/Linux x86_64)
-rw-r--r-- | app-text/poppler/ChangeLog | 9 | ||||
-rw-r--r-- | app-text/poppler/files/poppler-0.10.5-xpdf-3.02pl3.patch | 760 | ||||
-rw-r--r-- | app-text/poppler/files/poppler-CVE-2009-1188.patch | 11 | ||||
-rw-r--r-- | app-text/poppler/poppler-0.10.5-r1.ebuild | 63 |
4 files changed, 842 insertions, 1 deletions
diff --git a/app-text/poppler/ChangeLog b/app-text/poppler/ChangeLog index 3c732b7903c5..6d621700e371 100644 --- a/app-text/poppler/ChangeLog +++ b/app-text/poppler/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for app-text/poppler # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-text/poppler/ChangeLog,v 1.195 2009/04/01 14:42:17 loki_val Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/poppler/ChangeLog,v 1.196 2009/04/17 00:36:08 loki_val Exp $ + +*poppler-0.10.5-r1 (17 Apr 2009) + + 17 Apr 2009; Peter Alfredsen <loki_val@gentoo.org> + +files/poppler-0.10.5-xpdf-3.02pl3.patch, + +files/poppler-CVE-2009-1188.patch, +poppler-0.10.5-r1.ebuild: + Bump w.r.t. bug 263028. 01 Apr 2009; Peter Alfredsen <loki_val@gentoo.org> poppler-0.8.7.ebuild, poppler-0.10.4.ebuild, poppler-0.10.5.ebuild: diff --git a/app-text/poppler/files/poppler-0.10.5-xpdf-3.02pl3.patch b/app-text/poppler/files/poppler-0.10.5-xpdf-3.02pl3.patch new file mode 100644 index 000000000000..8957c429f8a8 --- /dev/null +++ b/app-text/poppler/files/poppler-0.10.5-xpdf-3.02pl3.patch @@ -0,0 +1,760 @@ +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index 938927e..33cd427 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -438,12 +438,14 @@ void JBIG2HuffmanDecoder::buildTable(JBIG2HuffmanTable *table, Guint len) { + table[i] = table[len]; + + // assign prefixes +- i = 0; +- prefix = 0; +- table[i++].prefix = prefix++; +- for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) { +- prefix <<= table[i].prefixLen - table[i-1].prefixLen; +- table[i].prefix = prefix++; ++ if (table[0].rangeLen != jbig2HuffmanEOT) { ++ i = 0; ++ prefix = 0; ++ table[i++].prefix = prefix++; ++ for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) { ++ prefix <<= table[i].prefixLen - table[i-1].prefixLen; ++ table[i].prefix = prefix++; ++ } + } + } + +@@ -507,7 +509,7 @@ int JBIG2MMRDecoder::get2DCode() { + } + if (p->bits < 0) { + error(str->getPos(), "Bad two dim code in JBIG2 MMR stream"); +- return 0; ++ return EOF; + } + bufLen -= p->bits; + return p->n; +@@ -779,6 +781,8 @@ void JBIG2Bitmap::clearToOne() { + inline void JBIG2Bitmap::getPixelPtr(int x, int y, JBIG2BitmapPtr *ptr) { + if (y < 0 || y >= h || x >= w) { + ptr->p = NULL; ++ ptr->shift = 0; // make gcc happy ++ ptr->x = 0; // make gcc happy + } else if (x < 0) { + ptr->p = &data[y * line]; + ptr->shift = 7; +@@ -823,6 +827,10 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, + Guint src0, src1, src, dest, s1, s2, m1, m2, m3; + GBool oneByte; + ++ // check for the pathological case where y = -2^31 ++ if (y < -0x7fffffff) { ++ return; ++ } + if (y < 0) { + y0 = -y; + } else { +@@ -1325,6 +1333,13 @@ void JBIG2Stream::readSegments() { + // keep track of the start of the segment data + segDataPos = getPos(); + ++ // check for missing page information segment ++ if (!pageBitmap && ((segType >= 4 && segType <= 7) || ++ (segType >= 20 && segType <= 43))) { ++ error(getPos(), "First JBIG2 segment associated with a page must be a page information segment"); ++ goto syntaxError; ++ } ++ + // read the segment data + switch (segType) { + case 0: +@@ -1479,6 +1494,8 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + Guint i, j, k; + Guchar *p; + ++ symWidths = NULL; ++ + // symbol dictionary flags + if (!readUWord(&flags)) { + goto eofError; +@@ -1539,7 +1556,13 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + // part of it + if ((seg = findSegment(refSegs[i]))) { + if (seg->getType() == jbig2SegSymbolDict) { +- numInputSyms += ((JBIG2SymbolDict *)seg)->getSize(); ++ j = ((JBIG2SymbolDict *)seg)->getSize(); ++ if (numInputSyms > UINT_MAX - j) { ++ error(getPos(), "Too many input symbols in JBIG2 symbol dictionary"); ++ delete codeTables; ++ goto eofError; ++ } ++ numInputSyms += j; + } else if (seg->getType() == jbig2SegCodeTable) { + codeTables->append(seg); + } +@@ -1548,13 +1571,18 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + return gFalse; + } + } ++ if (numInputSyms > UINT_MAX - numNewSyms) { ++ error(getPos(), "Too many input symbols in JBIG2 symbol dictionary"); ++ delete codeTables; ++ goto eofError; ++ } + + // compute symbol code length +- symCodeLen = 0; +- i = 1; +- while (i < numInputSyms + numNewSyms) { ++ symCodeLen = 1; ++ i = (numInputSyms + numNewSyms) >> 1; ++ while (i) { + ++symCodeLen; +- i <<= 1; ++ i >>= 1; + } + + // get the input symbol bitmaps +@@ -1585,6 +1613,9 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + } else if (huffDH == 1) { + huffDHTable = huffTableE; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffDW == 0) { +@@ -1592,17 +1623,26 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + } else if (huffDW == 1) { + huffDWTable = huffTableC; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffBMSize == 0) { + huffBMSizeTable = huffTableA; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffBMSizeTable = + ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffAggInst == 0) { + huffAggInstTable = huffTableA; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffAggInstTable = + ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } +@@ -1635,7 +1675,6 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + } + + // allocate symbol widths storage +- symWidths = NULL; + if (huff && !refAgg) { + symWidths = (Guint *)gmallocn(numNewSyms, sizeof(Guint)); + } +@@ -1677,6 +1716,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + goto syntaxError; + } + symWidth += dw; ++ if (i >= numNewSyms) { ++ error(getPos(), "Too many symbols in JBIG2 symbol dictionary"); ++ goto syntaxError; ++ } + + // using a collective bitmap, so don't read a bitmap here + if (huff && !refAgg) { +@@ -1713,6 +1756,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + arithDecoder->decodeInt(&refDX, iardxStats); + arithDecoder->decodeInt(&refDY, iardyStats); + } ++ if (symID >= numInputSyms + i) { ++ error(getPos(), "Invalid symbol ID in JBIG2 symbol dictionary"); ++ goto syntaxError; ++ } + refBitmap = bitmaps[symID]; + bitmaps[numInputSyms + i] = + readGenericRefinementRegion(symWidth, symHeight, +@@ -1779,6 +1826,13 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + } else { + arithDecoder->decodeInt(&run, iaexStats); + } ++ if (i + run > numInputSyms + numNewSyms || ++ (ex && j + run > numExSyms)) { ++ error(getPos(), "Too many exported symbols in JBIG2 symbol dictionary"); ++ for ( ; j < numExSyms; ++j) symbolDict->setBitmap(j, NULL); ++ delete symbolDict; ++ goto syntaxError; ++ } + if (ex) { + for (cnt = 0; cnt < run; ++cnt) { + symbolDict->setBitmap(j++, bitmaps[i++]->copy()); +@@ -1788,10 +1842,11 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + } + ex = !ex; + } +- for ( ; j < numExSyms; ++j) { +- // this should never happen but happens on PDF we don't parse +- // correctly like bug #19702 +- symbolDict->setBitmap(j, NULL); ++ if (j != numExSyms) { ++ error(getPos(), "Too few symbols in JBIG2 symbol dictionary"); ++ for ( ; j < numExSyms; ++j) symbolDict->setBitmap(j, NULL); ++ delete symbolDict; ++ goto syntaxError; + } + + for (i = 0; i < numNewSyms; ++i) { +@@ -1815,6 +1870,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, + + return gTrue; + ++ codeTableError: ++ error(getPos(), "Missing code table in JBIG2 symbol dictionary"); ++ delete codeTables; ++ + syntaxError: + for (i = 0; i < numNewSyms; ++i) { + if (bitmaps[numInputSyms + i]) { +@@ -1917,6 +1976,8 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } + } else { + error(getPos(), "Invalid segment reference in JBIG2 text region"); ++ delete codeTables; ++ return; + } + } + symCodeLen = 0; +@@ -1951,6 +2012,9 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffFS == 1) { + huffFSTable = huffTableG; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffFSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffDS == 0) { +@@ -1960,6 +2024,9 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffDS == 2) { + huffDSTable = huffTableJ; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffDT == 0) { +@@ -1969,6 +2036,9 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffDT == 2) { + huffDTTable = huffTableM; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDTTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDW == 0) { +@@ -1976,6 +2046,9 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffRDW == 1) { + huffRDWTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDH == 0) { +@@ -1983,6 +2056,9 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffRDH == 1) { + huffRDHTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDX == 0) { +@@ -1990,6 +2066,9 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffRDX == 1) { + huffRDXTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDXTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDY == 0) { +@@ -1997,11 +2076,17 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + } else if (huffRDY == 1) { + huffRDYTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDYTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRSize == 0) { + huffRSizeTable = huffTableA; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRSizeTable = + ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } +@@ -2098,8 +2183,15 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm, + + return; + ++ codeTableError: ++ error(getPos(), "Missing code table in JBIG2 text region"); ++ gfree(codeTables); ++ delete syms; ++ return; ++ + eofError: + error(getPos(), "Unexpected EOF in JBIG2 stream"); ++ return; + } + + JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine, +@@ -2134,6 +2226,10 @@ JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine, + + // allocate the bitmap + bitmap = new JBIG2Bitmap(0, w, h); ++ if (!bitmap->isOk()) { ++ delete bitmap; ++ return NULL; ++ } + if (defPixel) { + bitmap->clearToOne(); + } else { +@@ -2226,7 +2322,7 @@ JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine, + decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdy, iardyStats); + } + +- if (decodeSuccess) ++ if (decodeSuccess && syms[symID]) + { + refDX = ((rdw >= 0) ? rdw : rdw - 1) / 2 + rdx; + refDY = ((rdh >= 0) ? rdh : rdh - 1) / 2 + rdy; +@@ -2577,7 +2673,9 @@ void JBIG2Stream::readGenericRegionSeg(Guint segNum, GBool imm, + + // read the bitmap + bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse, +- NULL, atx, aty, mmr ? 0 : length - 18); ++ NULL, atx, aty, mmr ? length - 18 : 0); ++ if (!bitmap) ++ return; + + // combine the region bitmap into the page bitmap + if (imm) { +@@ -2599,6 +2697,43 @@ void JBIG2Stream::readGenericRegionSeg(Guint segNum, GBool imm, + error(getPos(), "Unexpected EOF in JBIG2 stream"); + } + ++inline void JBIG2Stream::mmrAddPixels(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w) { ++ if (a1 > codingLine[*a0i]) { ++ if (a1 > w) { ++ error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1); ++ a1 = w; ++ } ++ if ((*a0i & 1) ^ blackPixels) { ++ ++*a0i; ++ } ++ codingLine[*a0i] = a1; ++ } ++} ++ ++inline void JBIG2Stream::mmrAddPixelsNeg(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w) { ++ if (a1 > codingLine[*a0i]) { ++ if (a1 > w) { ++ error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1); ++ a1 = w; ++ } ++ if ((*a0i & 1) ^ blackPixels) { ++ ++*a0i; ++ } ++ codingLine[*a0i] = a1; ++ } else if (a1 < codingLine[*a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid JBIG2 MMR code"); ++ a1 = 0; ++ } ++ while (*a0i > 0 && a1 <= codingLine[*a0i - 1]) { ++ --*a0i; ++ } ++ codingLine[*a0i] = a1; ++ } ++} ++ + JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, + int templ, GBool tpgdOn, + GBool useSkip, JBIG2Bitmap *skip, +@@ -2611,9 +2746,13 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, + JBIG2BitmapPtr atPtr0 = {0}, atPtr1 = {0}, atPtr2 = {0}, atPtr3 = {0}; + int *refLine, *codingLine; + int code1, code2, code3; +- int x, y, a0, pix, i, refI, codingI; ++ int x, y, a0i, b1i, blackPixels, pix, i; + + bitmap = new JBIG2Bitmap(0, w, h); ++ if (!bitmap->isOk()) { ++ delete bitmap; ++ return NULL; ++ } + bitmap->clearToZero(); + + //----- MMR decode +@@ -2621,9 +2760,18 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, + if (mmr) { + + mmrDecoder->reset(); ++ if (w > INT_MAX - 2) { ++ error(getPos(), "Bad width in JBIG2 generic bitmap"); ++ // force a call to gmalloc(-1), which will throw an exception ++ w = -3; ++ } ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = w ++ // ---> max codingLine size = w + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = w + 2 ++ codingLine = (int *)gmallocn(w + 1, sizeof(int)); + refLine = (int *)gmallocn(w + 2, sizeof(int)); +- codingLine = (int *)gmallocn(w + 2, sizeof(int)); +- codingLine[0] = codingLine[1] = w; ++ codingLine[0] = w; + + for (y = 0; y < h; ++y) { + +@@ -2631,128 +2779,157 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, + for (i = 0; codingLine[i] < w; ++i) { + refLine[i] = codingLine[i]; + } +- refLine[i] = refLine[i + 1] = w; ++ refLine[i++] = w; ++ refLine[i] = w; + + // decode a line +- refI = 0; // b1 = refLine[refI] +- codingI = 0; // a1 = codingLine[codingI] +- a0 = 0; +- do { ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] <= w ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = w is possible ++ while (codingLine[a0i] < w) { + code1 = mmrDecoder->get2DCode(); + switch (code1) { + case twoDimPass: +- if (refLine[refI] < w) { +- a0 = refLine[refI + 1]; +- refI += 2; +- } +- break; ++ mmrAddPixels(refLine[b1i + 1], blackPixels, codingLine, &a0i, w); ++ if (refLine[b1i + 1] < w) { ++ b1i += 2; ++ } ++ break; + case twoDimHoriz: +- if (codingI & 1) { +- code1 = 0; +- do { +- code1 += code3 = mmrDecoder->getBlackCode(); +- } while (code3 >= 64); +- code2 = 0; +- do { +- code2 += code3 = mmrDecoder->getWhiteCode(); +- } while (code3 >= 64); +- } else { +- code1 = 0; +- do { +- code1 += code3 = mmrDecoder->getWhiteCode(); +- } while (code3 >= 64); +- code2 = 0; +- do { +- code2 += code3 = mmrDecoder->getBlackCode(); +- } while (code3 >= 64); +- } +- if (code1 > 0 || code2 > 0) { +- a0 = codingLine[codingI++] = a0 + code1; +- a0 = codingLine[codingI++] = a0 + code2; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; +- case twoDimVert0: +- a0 = codingLine[codingI++] = refLine[refI]; +- if (refLine[refI] < w) { +- ++refI; +- } +- break; +- case twoDimVertR1: +- a0 = codingLine[codingI++] = refLine[refI] + 1; +- if (refLine[refI] < w) { +- ++refI; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; +- case twoDimVertR2: +- a0 = codingLine[codingI++] = refLine[refI] + 2; +- if (refLine[refI] < w) { +- ++refI; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; ++ code1 = code2 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = mmrDecoder->getBlackCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = mmrDecoder->getWhiteCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = mmrDecoder->getWhiteCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = mmrDecoder->getBlackCode(); ++ } while (code3 >= 64); ++ } ++ mmrAddPixels(codingLine[a0i] + code1, blackPixels, ++ codingLine, &a0i, w); ++ if (codingLine[a0i] < w) { ++ mmrAddPixels(codingLine[a0i] + code2, blackPixels ^ 1, ++ codingLine, &a0i, w); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ break; + case twoDimVertR3: +- a0 = codingLine[codingI++] = refLine[refI] + 3; +- if (refLine[refI] < w) { +- ++refI; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; +- case twoDimVertL1: +- a0 = codingLine[codingI++] = refLine[refI] - 1; +- if (refI > 0) { +- --refI; +- } else { +- ++refI; +- } +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- break; +- case twoDimVertL2: +- a0 = codingLine[codingI++] = refLine[refI] - 2; +- if (refI > 0) { +- --refI; +- } else { +- ++refI; +- } +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- break; ++ mmrAddPixels(refLine[b1i] + 3, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR2: ++ mmrAddPixels(refLine[b1i] + 2, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR1: ++ mmrAddPixels(refLine[b1i] + 1, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVert0: ++ mmrAddPixels(refLine[b1i], blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; + case twoDimVertL3: +- a0 = codingLine[codingI++] = refLine[refI] - 3; +- if (refI > 0) { +- --refI; +- } else { +- ++refI; +- } +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- break; ++ mmrAddPixelsNeg(refLine[b1i] - 3, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL2: ++ mmrAddPixelsNeg(refLine[b1i] - 2, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL1: ++ mmrAddPixelsNeg(refLine[b1i] - 1, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case EOF: ++ mmrAddPixels(w, 0, codingLine, &a0i, w); ++ break; + default: + error(getPos(), "Illegal code in JBIG2 MMR bitmap data"); ++ mmrAddPixels(w, 0, codingLine, &a0i, w); + break; + } +- } while (a0 < w); +- codingLine[codingI++] = w; ++ } + + // convert the run lengths to a bitmap line + i = 0; +- while (codingLine[i] < w) { ++ while (1) { + for (x = codingLine[i]; x < codingLine[i+1]; ++x) { + bitmap->setPixel(x, y); + } ++ if (codingLine[i+1] >= w || codingLine[i+2] >= w) { ++ break; ++ } + i += 2; + } + } +@@ -2800,7 +2977,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, + ltp = !ltp; + } + if (ltp) { +- bitmap->duplicateRow(y, y-1); ++ if (y > 0) { ++ bitmap->duplicateRow(y, y-1); ++ } + continue; + } + } +@@ -3111,6 +3290,10 @@ JBIG2Bitmap *JBIG2Stream::readGenericRefinementRegion(int w, int h, + tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); ++ } else { ++ tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy ++ tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0; ++ tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0; + } + + for (x = 0; x < w; ++x) { +@@ -3182,6 +3365,10 @@ JBIG2Bitmap *JBIG2Stream::readGenericRefinementRegion(int w, int h, + tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); ++ } else { ++ tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy ++ tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0; ++ tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0; + } + + for (x = 0; x < w; ++x) { +@@ -3247,6 +3434,12 @@ void JBIG2Stream::readPageInfoSeg(Guint length) { + } + pageBitmap = new JBIG2Bitmap(0, pageW, curPageH); + ++ if (!pageBitmap->isOk()) { ++ delete pageBitmap; ++ pageBitmap = NULL; ++ return; ++ } ++ + // default pixel value + if (pageDefPixel) { + pageBitmap->clearToOne(); +diff --git a/poppler/JBIG2Stream.h b/poppler/JBIG2Stream.h +index 7a73938..ca1fee7 100644 +--- a/poppler/JBIG2Stream.h ++++ b/poppler/JBIG2Stream.h +@@ -76,6 +76,10 @@ private: + Guint *refSegs, Guint nRefSegs); + void readGenericRegionSeg(Guint segNum, GBool imm, + GBool lossless, Guint length); ++ void mmrAddPixels(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w); ++ void mmrAddPixelsNeg(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w); + JBIG2Bitmap *readGenericBitmap(GBool mmr, int w, int h, + int templ, GBool tpgdOn, + GBool useSkip, JBIG2Bitmap *skip, diff --git a/app-text/poppler/files/poppler-CVE-2009-1188.patch b/app-text/poppler/files/poppler-CVE-2009-1188.patch new file mode 100644 index 000000000000..70f98a0f5723 --- /dev/null +++ b/app-text/poppler/files/poppler-CVE-2009-1188.patch @@ -0,0 +1,11 @@ +--- a/splash/SplashBitmap.cc ++++ b/splash/SplashBitmap.cc +@@ -62,7 +62,7 @@ SplashBitmap::SplashBitmap(int widthA, int heightA, int rowPad, + } + rowSize += rowPad - 1; + rowSize -= rowSize % rowPad; +- data = (SplashColorPtr)gmalloc(rowSize * height); ++ data = (SplashColorPtr)gmallocn(rowSize, height); + if (!topDown) { + data += (height - 1) * rowSize; + rowSize = -rowSize; diff --git a/app-text/poppler/poppler-0.10.5-r1.ebuild b/app-text/poppler/poppler-0.10.5-r1.ebuild new file mode 100644 index 000000000000..086ab1bef91a --- /dev/null +++ b/app-text/poppler/poppler-0.10.5-r1.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-text/poppler/poppler-0.10.5-r1.ebuild,v 1.1 2009/04/17 00:36:08 loki_val Exp $ + +EAPI=2 + +inherit libtool eutils + +DESCRIPTION="PDF rendering library based on the xpdf-3.0 code base" +HOMEPAGE="http://poppler.freedesktop.org/" +SRC_URI="http://poppler.freedesktop.org/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="doc" + +RDEPEND=" + >=media-libs/freetype-2.1.8 + >=media-libs/fontconfig-2 + app-text/poppler-data + >=media-libs/jpeg-6b + media-libs/openjpeg + sys-libs/zlib + dev-libs/libxml2 + !app-text/pdftohtml + !dev-libs/poppler-qt3 + !dev-libs/poppler-qt4 + !dev-libs/poppler + !dev-libs/poppler-glib + !app-text/poppler-utils + " +DEPEND=" + ${RDEPEND} + dev-util/pkgconfig + doc? ( >=dev-util/gtk-doc-1.0 ) + " + +src_prepare () { + epatch "${FILESDIR}/poppler-0.10.5-xpdf-3.02pl3.patch" + epatch "${FILESDIR}/poppler-CVE-2009-1188.patch" +} + +src_configure() { + econf --disable-static \ + --disable-poppler-qt4 \ + --disable-poppler-glib \ + --disable-poppler-qt \ + --disable-gtk-test \ + --disable-cairo-output \ + --enable-xpdf-headers \ + --enable-libjpeg \ + --enable-libopenjpeg \ + --enable-zlib \ + $(use_enable doc gtk-doc) \ + || die "configuration failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + dodoc README AUTHORS ChangeLog NEWS README-XPDF TODO + rm -f $(find "${D}" -name '*.la') +} |