Overview

File ghostscript-9.00-jbig2broken.dif of Package ghostscript-library

--- jbig2dec/jbig2_text.c
+++ jbig2dec/jbig2_text.c	2010-09-29 11:43:20.379926022 +0000
@@ -71,7 +71,7 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
     int x,y;
     bool first_symbol;
     uint32_t index, SBNUMSYMS;
-    Jbig2Image *IB;
+    Jbig2Image *IB = NULL;
     Jbig2HuffmanState *hs = NULL;
     Jbig2HuffmanTable *SBSYMCODES = NULL;
     int code = 0;
@@ -276,6 +276,11 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
 		while (id >= dicts[index]->n_symbols)
 		    id -= dicts[index++]->n_symbols;
 		IB = jbig2_image_clone(ctx, dicts[index]->glyphs[id]);
+		if (!IB) {
+		    jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+			"memory allocation failure!");
+		    return -1;
+		}
 	    }
 	    if (params->SBREFINE) {
 	      if (params->SBHUFF) {
@@ -310,6 +315,11 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
 
 		/* 6.4.11 (6) */
 		IBO = IB;
+		if (IBO->width + RDW < 0 || IBO->height + RDH < 0) {
+		    jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+			"parameter out of range!");
+		    return -1;
+		}
 		refimage = jbig2_image_new(ctx, IBO->width + RDW,
 						IBO->height + RDH);
 		if (refimage == NULL) {
openSUSE Build Service is sponsored by
Places