TDE
/
koffice
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/koffice
0
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2bc2bc6789'
${ noResults }
koffice/filters/kword/pdf/diffs/xpdf_security_integer_overf...

148 lines
4.5 KiB
Raw Blame History

Index: goo/GHash.cpp
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/goo/GHash.cpp,v
retrieving revision 1.3
retrieving revision 1.2.2.1
diff -u -p -r1.3 -r1.2.2.1
--- goo/GHash.cpp 10 Oct 2004 21:37:09 -0000 1.3
+++ goo/GHash.cpp 21 Oct 2004 20:32:51 -0000 1.2.2.1
@@ -8,7 +8,6 @@
#include <aconf.h>
-
#include "gmem.h"
#include "GString.h"
#include "GHash.h"
Index: goo/GHash.h
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/goo/GHash.h,v
retrieving revision 1.3
retrieving revision 1.2.2.1
diff -u -p -r1.3 -r1.2.2.1
--- goo/GHash.h 10 Oct 2004 21:37:09 -0000 1.3
+++ goo/GHash.h 21 Oct 2004 20:32:51 -0000 1.2.2.1
@@ -11,7 +11,6 @@
#include <aconf.h>
-
#include "gtypes.h"
class GString;
Index: goo/GList.cpp
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/goo/GList.cpp,v
retrieving revision 1.2
retrieving revision 1.1.2.1
diff -u -p -r1.2 -r1.1.2.1
--- goo/GList.cpp 10 Oct 2004 21:37:09 -0000 1.2
+++ goo/GList.cpp 21 Oct 2004 20:32:51 -0000 1.1.2.1
@@ -8,7 +8,6 @@
#include <aconf.h>
-
#include <string.h>
#include "gmem.h"
#include "GList.h"
Index: goo/GList.h
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/goo/GList.h,v
retrieving revision 1.2
retrieving revision 1.1.2.1
diff -u -p -r1.2 -r1.1.2.1
--- goo/GList.h 10 Oct 2004 21:37:09 -0000 1.2
+++ goo/GList.h 21 Oct 2004 20:32:51 -0000 1.1.2.1
@@ -11,7 +11,6 @@
#include <aconf.h>
-
#include "gtypes.h"
//------------------------------------------------------------------------
Index: goo/GString.cpp
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/goo/GString.cpp,v
retrieving revision 1.2
retrieving revision 1.1.2.1
diff -u -p -r1.2 -r1.1.2.1
--- goo/GString.cpp 10 Oct 2004 21:37:09 -0000 1.2
+++ goo/GString.cpp 21 Oct 2004 20:32:51 -0000 1.1.2.1
@@ -10,7 +10,6 @@
#include <aconf.h>
-
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
Index: goo/GString.h
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/goo/GString.h,v
retrieving revision 1.3
retrieving revision 1.2.2.1
diff -u -p -r1.3 -r1.2.2.1
--- goo/GString.h 10 Oct 2004 21:37:09 -0000 1.3
+++ goo/GString.h 21 Oct 2004 20:32:51 -0000 1.2.2.1
@@ -13,7 +13,6 @@
#include <aconf.h>
-
#include <string.h>
class GString {
Index: xpdf/Gfx.cpp
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/xpdf/Gfx.cpp,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -p -r1.3 -r1.3.2.1
--- xpdf/Gfx.cpp 25 Jan 2003 23:17:44 -0000 1.3
+++ xpdf/Gfx.cpp 22 Dec 2004 12:07:12 -0000 1.3.2.1
@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s
haveMask = gFalse;
dict->lookup("Mask", &maskObj);
if (maskObj.isArray()) {
- for (i = 0; i < maskObj.arrayGetLength(); ++i) {
+ for (i = 0;
+ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
+ ++i) {
maskObj.arrayGet(i, &obj1);
maskColors[i] = obj1.getInt();
obj1.free();
Index: xpdf/GfxState.cpp
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/xpdf/GfxState.cpp,v
retrieving revision 1.3
retrieving revision 1.3.2.2
diff -u -p -r1.3 -r1.3.2.2
--- xpdf/GfxState.cpp 25 Jan 2003 23:17:44 -0000 1.3
+++ xpdf/GfxState.cpp 22 Dec 2004 13:50:53 -0000 1.3.2.2
@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
}
nCompsA = obj2.getInt();
obj2.free();
+ if (nCompsA > gfxColorMaxComps) {
+ error(-1, "ICCBased color space with too many (%d > %d) components",
+ nCompsA, gfxColorMaxComps);
+ nCompsA = gfxColorMaxComps;
+ }
if (dict->lookup("Alternate", &obj2)->isNull() ||
!(altA = GfxColorSpace::parse(&obj2))) {
switch (nCompsA) {
@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par
goto err2;
}
nCompsA = obj1.arrayGetLength();
+ if (nCompsA > gfxColorMaxComps) {
+ error(-1, "DeviceN color space with too many (%d > %d) components",
+ nCompsA, gfxColorMaxComps);
+ nCompsA = gfxColorMaxComps;
+ }
for (i = 0; i < nCompsA; ++i) {
if (!obj1.arrayGet(i, &obj2)->isName()) {
error(-1, "Bad DeviceN color space (names)");
View Git Blame Copy Permalink