Overview

File ghostscript-8.64-jbig2broken.dif of Package ghostscript-library

--- jbig2dec/jbig2_text.c
+++ jbig2dec/jbig2_text.c	2009-06-19 12:58:20.613900664 +0000
@@ -74,7 +74,7 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
     int x,y;
     bool first_symbol;
     uint32_t index, SBNUMSYMS;
-    Jbig2Image *IB;
+    Jbig2Image *IB = NULL;
     Jbig2HuffmanState *hs = NULL;
     Jbig2HuffmanTable *SBSYMCODES = NULL;
     int code = 0;
@@ -279,6 +279,11 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
 		while (id >= dicts[index]->n_symbols)
 		    id -= dicts[index++]->n_symbols;
 		IB = jbig2_image_clone(ctx, dicts[index]->glyphs[id]);
+		if (!IB) {
+		    jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+			"memory allocation failure!");
+		    return -1;
+		}
 	    }
 	    if (params->SBREFINE) {
 	      if (params->SBHUFF) {
@@ -313,8 +318,18 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
 
 		/* 6.4.11 (6) */
 		IBO = IB;
+		if (IBO->width + RDW < 0 || IBO->height + RDH < 0) {
+		    jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+			"parameter out of range!");
+		    return -1;
+		}
 		image = jbig2_image_new(ctx, IBO->width + RDW,
 					     IBO->height + RDH);
+		if (!image) {
+		    jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+			"memory allocation failure!");
+		    return -1;
+		}
 
 		/* Table 12 */
 		rparams.GRTEMPLATE = params->SBRTEMPLATE;
openSUSE Build Service is sponsored by
Places