Fix a potential resize bug and apply xpdf 3.02pl4 and 3.02pl5 security patches.

This partially resolves bug report 1175.
author: Darrell Anderson <humanreadable@yahoo.com> 2012-08-22 13:05:27 -0500
committer: Darrell Anderson <humanreadable@yahoo.com> 2012-08-22 13:05:27 -0500
commit: 561d1d6802dd50ddc9f441442cc2c351dd2759d6 (patch)
tree: 16397d32c394eda320ac37ec273701b2bd323591 /kpdf/xpdf/xpdf/Stream.cc
parent: debc30baa40bdc687b00414733a50c61f71572de (diff)
download: tdegraphics-561d1d6802dd50ddc9f441442cc2c351dd2759d6.tar.gz
tdegraphics-561d1d6802dd50ddc9f441442cc2c351dd2759d6.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/kpdf/xpdf/xpdf/Stream.cc b/kpdf/xpdf/xpdf/Stream.cc
index 20219522..2c1db5b4 100644
--- a/kpdf/xpdf/xpdf/Stream.cc
+++ b/kpdf/xpdf/xpdf/Stream.cc
@@ -323,6 +323,10 @@ ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
   } else {
     imgLineSize = nVals;
   }
+  if (width > INT_MAX / nComps) {
+    // force a call to gmallocn(-1,...), which will throw an exception
+    imgLineSize = -1;
+  }
   imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar));
   imgIdx = nVals;
 }
author	Darrell Anderson <humanreadable@yahoo.com>	2012-08-22 13:05:27 -0500
committer	Darrell Anderson <humanreadable@yahoo.com>	2012-08-22 13:05:27 -0500
commit	561d1d6802dd50ddc9f441442cc2c351dd2759d6 (patch)
tree	16397d32c394eda320ac37ec273701b2bd323591 /kpdf/xpdf/xpdf/Stream.cc
parent	debc30baa40bdc687b00414733a50c61f71572de (diff)
download	tdegraphics-561d1d6802dd50ddc9f441442cc2c351dd2759d6.tar.gz tdegraphics-561d1d6802dd50ddc9f441442cc2c351dd2759d6.zip