File xpdf-safe-int.patch of Package xpdf
--- xpdf-3.02/fofi/FoFiTrueType.cc
+++ xpdf-3.02/fofi/FoFiTrueType.cc
@@ -396,7 +396,7 @@
return nameToGID->lookupInt(name);
}
-Gushort *FoFiTrueType::getCIDToGIDMap(int *nCIDs) {
+Gushort *FoFiTrueType::getCIDToGIDMap(SafeInt *nCIDs) {
FoFiType1C *ff;
Gushort *map;
int i;
@@ -504,7 +504,7 @@
}
void FoFiTrueType::convertToCIDType2(char *psName,
- Gushort *cidMap, int nCIDs,
+ Gushort *cidMap, SafeInt nCIDs,
GBool needVerticalMetrics,
FoFiOutputFunc outputFunc,
void *outputStream) {
@@ -538,7 +538,7 @@
(*outputFunc)(outputStream, " end def\n", 10);
(*outputFunc)(outputStream, "/GDBytes 2 def\n", 15);
if (cidMap) {
- buf = GString::format("/CIDCount {0:d} def\n", nCIDs);
+ buf = GString::format("/CIDCount {0:d} def\n", nCIDs.Int());
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
if (nCIDs > 32767) {
@@ -577,13 +577,13 @@
}
} else {
// direct mapping - just fill the string(s) with s[i]=i
- buf = GString::format("/CIDCount {0:d} def\n", nGlyphs);
+ buf = GString::format("/CIDCount {0:d} def\n", nGlyphs.Int());
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
if (nGlyphs > 32767) {
(*outputFunc)(outputStream, "/CIDMap [\n", 10);
for (i = 0; i < nGlyphs; i += 32767) {
- j = nGlyphs - i < 32767 ? nGlyphs - i : 32767;
+ j = nGlyphs.Int() - i < 32767 ? nGlyphs.Int() - i : 32767;
buf = GString::format(" {0:d} string 0 1 {1:d} {{\n", 2 * j, j - 1);
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
@@ -599,10 +599,10 @@
}
(*outputFunc)(outputStream, "] def\n", 6);
} else {
- buf = GString::format("/CIDMap {0:d} string\n", 2 * nGlyphs);
+ buf = GString::format("/CIDMap {0:d} string\n", 2 * nGlyphs.Int());
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
- buf = GString::format(" 0 1 {0:d} {{\n", nGlyphs - 1);
+ buf = GString::format(" 0 1 {0:d} {{\n", nGlyphs.Int() - 1);
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
(*outputFunc)(outputStream,
@@ -654,7 +654,7 @@
delete ff;
}
-void FoFiTrueType::convertToType0(char *psName, Gushort *cidMap, int nCIDs,
+void FoFiTrueType::convertToType0(char *psName, Gushort *cidMap, SafeInt nCIDs,
GBool needVerticalMetrics,
FoFiOutputFunc outputFunc,
void *outputStream) {
@@ -672,7 +672,7 @@
delete sfntsName;
// write the descendant Type 42 fonts
- n = cidMap ? nCIDs : nGlyphs;
+ n = cidMap ? nCIDs.Int() : nGlyphs.Int();
for (i = 0; i < n; i += 256) {
(*outputFunc)(outputStream, "10 dict begin\n", 14);
(*outputFunc)(outputStream, "/FontName /", 11);
@@ -836,12 +836,13 @@
};
GBool missingCmap, missingName, missingPost, missingOS2;
GBool unsortedLoca, badCmapLen, abbrevHMTX;
- int nZeroLengthTables;
+ SafeInt nZeroLengthTables;
int nHMetrics, advWidth, lsb;
TrueTypeLoca *locaTable;
TrueTypeTable *newTables;
char *newNameTab, *newCmapTab, *newHHEATab, *newHMTXTab;
- int nNewTables, cmapIdx, cmapLen, glyfLen, newNameLen, newCmapLen, next;
+ SafeInt nNewTables;
+ int cmapIdx, cmapLen, glyfLen, newNameLen, newCmapLen, next;
int newHHEALen, newHMTXLen;
Guint locaChecksum, glyfChecksum, fileChecksum;
char *tableDir;
@@ -866,7 +867,7 @@
missingOS2 = seekTable("OS/2") < 0;
// read the loca table, check to see if it's sorted
- locaTable = (TrueTypeLoca *)gmallocn(nGlyphs + 1, sizeof(TrueTypeLoca));
+ locaTable = (TrueTypeLoca *)gmallocn(nGlyphs + SafeInt(1), sizeof(TrueTypeLoca));
unsortedLoca = gFalse;
i = seekTable("loca");
pos = tables[i].offset;
@@ -943,13 +944,13 @@
// the same pos value remain in the same order)
glyfLen = 0; // make gcc happy
if (unsortedLoca) {
- qsort(locaTable, nGlyphs + 1, sizeof(TrueTypeLoca),
+ qsort(locaTable, nGlyphs.Int() + 1, sizeof(TrueTypeLoca),
&cmpTrueTypeLocaOffset);
for (i = 0; i < nGlyphs; ++i) {
locaTable[i].len = locaTable[i+1].origOffset - locaTable[i].origOffset;
}
- locaTable[nGlyphs].len = 0;
- qsort(locaTable, nGlyphs + 1, sizeof(TrueTypeLoca),
+ locaTable[nGlyphs.Int()].len = 0;
+ qsort(locaTable, nGlyphs.Int() + 1, sizeof(TrueTypeLoca),
&cmpTrueTypeLocaIdx);
pos = 0;
for (i = 0; i <= nGlyphs; ++i) {
@@ -992,7 +993,7 @@
// construct the new name table
if (name) {
n = strlen(name);
- newNameLen = (6 + 4*12 + 2 * (3*n + 7) + 3) & ~3;
+ newNameLen = (6 + 4*12 + 2 * (3*SafeInt(n) + 7) + 3).Int() & ~3;
newNameTab = (char *)gmalloc(newNameLen);
memset(newNameTab, 0, newNameLen);
newNameTab[0] = 0; // format selector
@@ -1097,11 +1098,11 @@
for (i = 0; i < newHHEALen; ++i) {
newHHEATab[i] = getU8(pos++, &ok);
}
- newHHEATab[34] = nGlyphs >> 8;
- newHHEATab[35] = nGlyphs & 0xff;
+ newHHEATab[34] = nGlyphs.Int() >> 8;
+ newHHEATab[35] = nGlyphs.Int() & 0xff;
i = seekTable("hmtx");
pos = tables[i].offset;
- newHMTXLen = 4 * nGlyphs;
+ newHMTXLen = (4 * nGlyphs).Int();
newHMTXTab = (char *)gmalloc(newHMTXLen);
advWidth = 0;
for (i = 0; i < nHMetrics; ++i) {
@@ -1157,7 +1158,7 @@
} else if (newTables[j].tag == cmapTag && badCmapLen) {
newTables[j].len = cmapLen;
} else if (newTables[j].tag == locaTag && unsortedLoca) {
- newTables[j].len = (nGlyphs + 1) * (locaFmt ? 4 : 2);
+ newTables[j].len = (nGlyphs.Int() + 1) * (locaFmt ? 4 : 2);
newTables[j].checksum = locaChecksum;
} else if (newTables[j].tag == glyfTag && unsortedLoca) {
newTables[j].len = glyfLen;
@@ -1218,9 +1219,9 @@
newTables[j].len = sizeof(os2Tab);
++j;
}
- qsort(newTables, nNewTables, sizeof(TrueTypeTable),
+ qsort(newTables, nNewTables.Int(), sizeof(TrueTypeTable),
&cmpTrueTypeTableTag);
- pos = 12 + nNewTables * 16;
+ pos = 12 + nNewTables.Int() * 16;
for (i = 0; i < nNewTables; ++i) {
newTables[i].offset = pos;
pos += newTables[i].len;
@@ -1230,20 +1231,20 @@
}
// write the table directory
- tableDir = (char *)gmalloc(12 + nNewTables * 16);
+ tableDir = (char *)gmalloc((SafeInt(12) + nNewTables * SafeInt(16)).Int());
tableDir[0] = 0x00; // sfnt version
tableDir[1] = 0x01;
tableDir[2] = 0x00;
tableDir[3] = 0x00;
- tableDir[4] = (char)((nNewTables >> 8) & 0xff); // numTables
- tableDir[5] = (char)(nNewTables & 0xff);
- for (i = -1, t = (Guint)nNewTables; t; ++i, t >>= 1) ;
+ tableDir[4] = (char)((nNewTables.Int() >> 8) & 0xff); // numTables
+ tableDir[5] = (char)(nNewTables.Int() & 0xff);
+ for (i = -1, t = (Guint)nNewTables.Int(); t; ++i, t >>= 1) ;
t = 1 << (4 + i);
tableDir[6] = (char)((t >> 8) & 0xff); // searchRange
tableDir[7] = (char)(t & 0xff);
tableDir[8] = (char)((i >> 8) & 0xff); // entrySelector
tableDir[9] = (char)(i & 0xff);
- t = nNewTables * 16 - t;
+ t = nNewTables.Int() * 16 - t;
tableDir[10] = (char)((t >> 8) & 0xff); // rangeShift
tableDir[11] = (char)(t & 0xff);
pos = 12;
@@ -1266,11 +1267,11 @@
tableDir[pos+15] = (char) newTables[i].len;
pos += 16;
}
- (*outputFunc)(outputStream, tableDir, 12 + nNewTables * 16);
+ (*outputFunc)(outputStream, tableDir, 12 + nNewTables.Int() * 16);
// compute the file checksum
fileChecksum = computeTableChecksum((Guchar *)tableDir,
- 12 + nNewTables * 16);
+ 12 + nNewTables.Int() * 16);
for (i = 0; i < nNewTables; ++i) {
fileChecksum += newTables[i].checksum;
}
@@ -1458,7 +1459,7 @@
Guchar tableDir[12 + nT42Tables*16];
GBool ok;
Guint checksum;
- int nNewTables;
+ SafeInt nNewTables;
int length, pos, glyfPos, i, j, k;
Guchar vheaTab[36] = {
0, 1, 0, 0, // table version number
@@ -1499,7 +1500,7 @@
// table, cmpTrueTypeLocaPos uses offset as its primary sort key,
// and idx as its secondary key (ensuring that adjacent entries with
// the same pos value remain in the same order)
- locaTable = (TrueTypeLoca *)gmallocn(nGlyphs + 1, sizeof(TrueTypeLoca));
+ locaTable = (TrueTypeLoca *)gmallocn(nGlyphs + SafeInt(1), sizeof(TrueTypeLoca));
i = seekTable("loca");
pos = tables[i].offset;
ok = gTrue;
@@ -1511,13 +1512,13 @@
locaTable[i].origOffset = 2 * getU16BE(pos + i*2, &ok);
}
}
- qsort(locaTable, nGlyphs + 1, sizeof(TrueTypeLoca),
+ qsort(locaTable, nGlyphs.Int() + 1, sizeof(TrueTypeLoca),
&cmpTrueTypeLocaOffset);
for (i = 0; i < nGlyphs; ++i) {
locaTable[i].len = locaTable[i+1].origOffset - locaTable[i].origOffset;
}
- locaTable[nGlyphs].len = 0;
- qsort(locaTable, nGlyphs + 1, sizeof(TrueTypeLoca),
+ locaTable[nGlyphs.Int()].len = 0;
+ qsort(locaTable, nGlyphs.Int() + 1, sizeof(TrueTypeLoca),
&cmpTrueTypeLocaIdx);
pos = 0;
for (i = 0; i <= nGlyphs; ++i) {
@@ -1529,7 +1530,7 @@
}
// construct the new 'loca' table
- locaData = (Guchar *)gmallocn(nGlyphs + 1, (locaFmt ? 4 : 2));
+ locaData = (Guchar *)gmallocn(nGlyphs + SafeInt(1), (locaFmt ? 4 : 2));
for (i = 0; i <= nGlyphs; ++i) {
pos = locaTable[i].newOffset;
if (locaFmt) {
@@ -1570,7 +1571,7 @@
// construct the new table headers, including table checksums
// (pad each table out to a multiple of 4 bytes)
- pos = 12 + nNewTables*16;
+ pos = 12 + nNewTables.Int()*16;
k = 0;
for (i = 0; i < nT42Tables; ++i) {
length = -1;
@@ -1579,7 +1580,7 @@
length = 54;
checksum = computeTableChecksum(headData, 54);
} else if (i == t42LocaTable) {
- length = (nGlyphs + 1) * (locaFmt ? 4 : 2);
+ length = (nGlyphs.Int() + 1) * (locaFmt ? 4 : 2);
checksum = computeTableChecksum(locaData, length);
} else if (i == t42GlyfTable) {
length = 0;
@@ -1608,7 +1609,7 @@
length = sizeof(vheaTab);
checksum = computeTableChecksum(vheaTab, length);
} else if (needVerticalMetrics && i == t42VmtxTable) {
- length = 4 + (nGlyphs - 1) * 4;
+ length = (4 + (nGlyphs - 1) * 4).Int();
vmtxTab = (Guchar *)gmalloc(length);
vmtxTab[0] = advance / 256;
vmtxTab[1] = advance % 256;
@@ -1646,13 +1647,13 @@
tableDir[2] = 0x00;
tableDir[3] = 0x00;
tableDir[4] = 0; // numTables
- tableDir[5] = nNewTables;
+ tableDir[5] = nNewTables.Int();
tableDir[6] = 0; // searchRange
tableDir[7] = (Guchar)128;
tableDir[8] = 0; // entrySelector
tableDir[9] = 3;
tableDir[10] = 0; // rangeShift
- tableDir[11] = (Guchar)(16 * nNewTables - 128);
+ tableDir[11] = (Guchar)(16 * nNewTables.Int() - 128);
pos = 12;
for (i = 0; i < nNewTables; ++i) {
tableDir[pos ] = (Guchar)(newTables[i].tag >> 24);
@@ -1675,7 +1676,7 @@
}
// compute the font checksum and store it in the head table
- checksum = computeTableChecksum(tableDir, 12 + nNewTables*16);
+ checksum = computeTableChecksum(tableDir, 12 + nNewTables.Int()*16);
for (i = 0; i < nNewTables; ++i) {
checksum += newTables[i].checksum;
}
@@ -1695,14 +1696,14 @@
}
// write the table directory
- dumpString(tableDir, 12 + nNewTables*16, outputFunc, outputStream);
+ dumpString(tableDir, 12 + nNewTables.Int()*16, outputFunc, outputStream);
// write the tables
for (i = 0; i < nNewTables; ++i) {
if (i == t42HeadTable) {
dumpString(headData, 54, outputFunc, outputStream);
} else if (i == t42LocaTable) {
- length = (nGlyphs + 1) * (locaFmt ? 4 : 2);
+ length = (nGlyphs.Int() + 1) * (locaFmt ? 4 : 2);
dumpString(locaData, length, outputFunc, outputStream);
} else if (i == t42GlyfTable) {
glyfPos = tables[seekTable("glyf")].offset;
@@ -1909,7 +1910,7 @@
parsedOk = gFalse;
return;
}
- if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
+ if (tables[i].len < (nGlyphs.Int() + 1) * (locaFmt ? 4 : 2)) {
nGlyphs = tables[i].len / (locaFmt ? 4 : 2) - 1;
}
for (j = 0; j <= nGlyphs; ++j) {
@@ -1958,7 +1959,7 @@
goto err;
}
if (n > nGlyphs) {
- n = nGlyphs;
+ n = nGlyphs.Int();
}
stringIdx = 0;
stringPos = tablePos + 34 + 2*n;
--- xpdf-3.02/fofi/FoFiTrueType.h
+++ xpdf-3.02/fofi/FoFiTrueType.h
@@ -66,7 +66,7 @@
// Return the mapping from CIDs to GIDs, and return the number of
// CIDs in *<nCIDs>. This is only useful for CID fonts. (Only
// useful for OpenType CFF fonts.)
- Gushort *getCIDToGIDMap(int *nCIDs);
+ Gushort *getCIDToGIDMap(SafeInt *nCIDs);
// Returns the least restrictive embedding licensing right (as
// defined by the TrueType spec):
@@ -103,7 +103,7 @@
// name (so we don't need to depend on the 'name' table in the
// font). The <cidMap> array maps CIDs to GIDs; it has <nCIDs>
// entries. (Not useful for OpenType CFF fonts.)
- void convertToCIDType2(char *psName, Gushort *cidMap, int nCIDs,
+ void convertToCIDType2(char *psName, Gushort *cidMap, SafeInt nCIDs,
GBool needVerticalMetrics,
FoFiOutputFunc outputFunc, void *outputStream);
@@ -118,7 +118,7 @@
// PostScript font name (so we don't need to depend on the 'name'
// table in the font). The <cidMap> array maps CIDs to GIDs; it has
// <nCIDs> entries. (Not useful for OpenType CFF fonts.)
- void convertToType0(char *psName, Gushort *cidMap, int nCIDs,
+ void convertToType0(char *psName, Gushort *cidMap, SafeInt nCIDs,
GBool needVerticalMetrics,
FoFiOutputFunc outputFunc, void *outputStream);
@@ -159,10 +159,10 @@
int seekTable(char *tag);
TrueTypeTable *tables;
- int nTables;
+ SafeInt nTables;
TrueTypeCmap *cmaps;
int nCmaps;
- int nGlyphs;
+ SafeInt nGlyphs;
int locaFmt;
int bbox[4];
GHash *nameToGID;
--- xpdf-3.02/fofi/FoFiType1C.cc
+++ xpdf-3.02/fofi/FoFiType1C.cc
@@ -101,9 +101,10 @@
return encoding;
}
-Gushort *FoFiType1C::getCIDToGIDMap(int *nCIDs) {
+Gushort *FoFiType1C::getCIDToGIDMap(SafeInt *nCIDs) {
Gushort *map;
- int n, i;
+ SafeInt n;
+ int i;
// a CID font's top dict has ROS as the first operator
if (topDict.firstOp != 0x0c1e) {
@@ -121,7 +122,7 @@
}
++n;
map = (Gushort *)gmallocn(n, sizeof(Gushort));
- memset(map, 0, n * sizeof(Gushort));
+ memset(map, 0, n.Int() * sizeof(Gushort));
for (i = 0; i < nGlyphs; ++i) {
map[charset[i]] = i;
}
@@ -437,7 +438,8 @@
int *charStringOffsets;
Type1CIndex subrIdx;
Type1CIndexVal val;
- int nCIDs, gdBytes;
+ SafeInt nCIDs;
+ int gdBytes;
GString *buf;
char buf2[256];
GBool ok;
@@ -460,7 +462,7 @@
// build the charstrings
charStrings = new GString();
- charStringOffsets = (int *)gmallocn(nCIDs + 1, sizeof(int));
+ charStringOffsets = (int *)gmallocn(nCIDs + SafeInt(1), sizeof(int));
for (i = 0; i < nCIDs; ++i) {
charStringOffsets[i] = charStrings->getLength();
if ((gid = cidMap[i]) >= 0) {
@@ -476,13 +478,13 @@
}
}
}
- charStringOffsets[nCIDs] = charStrings->getLength();
+ charStringOffsets[nCIDs.Int()] = charStrings->getLength();
// compute gdBytes = number of bytes needed for charstring offsets
// (offset size needs to account for the charstring offset table,
// with a worst case of five bytes per entry, plus the charstrings
// themselves)
- i = (nCIDs + 1) * 5 + charStrings->getLength();
+ i = (nCIDs.Int() + 1) * 5 + charStrings->getLength();
if (i < 0x100) {
gdBytes = 1;
} else if (i < 0x10000) {
@@ -547,7 +549,7 @@
(*outputFunc)(outputStream, "end def\n", 8);
// CIDFont-specific entries
- buf = GString::format("/CIDCount {0:d} def\n", nCIDs);
+ buf = GString::format("/CIDCount {0:d} def\n", nCIDs.Int());
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
(*outputFunc)(outputStream, "/FDBytes 1 def\n", 15);
@@ -565,7 +567,7 @@
}
// FDArray entry
- buf = GString::format("/FDArray {0:d} array\n", nFDs);
+ buf = GString::format("/FDArray {0:d} array\n", nFDs.Int());
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
delete buf;
for (i = 0; i < nFDs; ++i) {
@@ -708,7 +710,7 @@
(*outputFunc)(outputStream, "def\n", 4);
// start the binary section
- offset = (nCIDs + 1) * (1 + gdBytes);
+ offset = (nCIDs.Int() + 1) * (1 + gdBytes);
buf = GString::format("(Hex) {0:d} StartData\n",
offset + charStrings->getLength());
(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
@@ -761,7 +763,7 @@
int *cidMap;
Type1CIndex subrIdx;
Type1CIndexVal val;
- int nCIDs;
+ SafeInt nCIDs;
GString *buf;
Type1CEexecBuf eb;
GBool ok;
--- xpdf-3.02/fofi/FoFiType1C.h
+++ xpdf-3.02/fofi/FoFiType1C.h
@@ -151,7 +151,7 @@
// Return the mapping from CIDs to GIDs, and return the number of
// CIDs in *<nCIDs>. This is only useful for CID fonts.
- Gushort *getCIDToGIDMap(int *nCIDs);
+ Gushort *getCIDToGIDMap(SafeInt *nCIDs);
// Convert to a Type 1 font, suitable for embedding in a PostScript
// file. This is only useful with 8-bit fonts. If <newEncoding> is
@@ -216,7 +216,7 @@
Type1CPrivateDict *privateDicts;
int nGlyphs;
- int nFDs;
+ SafeInt nFDs;
Guchar *fdSelect;
Gushort *charset;
int gsubrBias;
--- xpdf-3.02/goo/GHash.cc
+++ xpdf-3.02/goo/GHash.cc
@@ -311,7 +311,8 @@
void GHash::expand() {
GHashBucket **oldTab;
GHashBucket *p;
- int oldSize, h, i;
+ int h, i;
+ SafeInt oldSize;
oldSize = size;
oldTab = tab;
@@ -365,7 +366,7 @@
for (p = key->getCString(), i = 0; i < key->getLength(); ++p, ++i) {
h = 17 * h + (int)(*p & 0xff);
}
- return (int)(h % size);
+ return (int)(h % size.Int());
}
int GHash::hash(char *key) {
@@ -376,5 +377,5 @@
for (p = key; *p; ++p) {
h = 17 * h + (int)(*p & 0xff);
}
- return (int)(h % size);
+ return (int)(h % size.Int());
}
--- xpdf-3.02/goo/GHash.h
+++ xpdf-3.02/goo/GHash.h
@@ -55,7 +55,7 @@
int hash(char *key);
GBool deleteKeys; // set if key strings should be deleted
- int size; // number of buckets
+ SafeInt size; // number of buckets
int len; // number of entries
GHashBucket **tab;
};
--- xpdf-3.02/goo/GList.cc
+++ xpdf-3.02/goo/GList.cc
@@ -43,7 +43,7 @@
if (length >= size) {
expand();
}
- data[length++] = p;
+ data[(length++).Int()] = p;
}
void GList::append(GList *list) {
@@ -53,7 +53,7 @@
expand();
}
for (i = 0; i < list->length; ++i) {
- data[length++] = list->data[i];
+ data[(length++).Int()] = list->data[i];
}
}
@@ -62,7 +62,7 @@
expand();
}
if (i < length) {
- memmove(data+i+1, data+i, (length - i) * sizeof(void *));
+ memmove(data+i+1, data+i, (length.Int() - i) * sizeof(void *));
}
data[i] = p;
++length;
@@ -73,7 +73,7 @@
p = data[i];
if (i < length - 1) {
- memmove(data+i, data+i+1, (length - i - 1) * sizeof(void *));
+ memmove(data+i, data+i+1, (length.Int() - i - 1) * sizeof(void *));
}
--length;
if (size - length >= ((inc > 0) ? inc : size/2)) {
@@ -83,7 +83,7 @@
}
void GList::sort(int (*cmp)(const void *obj1, const void *obj2)) {
- qsort(data, length, sizeof(void *), cmp);
+ qsort(data, length.Int(), sizeof(void *), cmp);
}
void GList::expand() {
--- xpdf-3.02/goo/GList.h
+++ xpdf-3.02/goo/GList.h
@@ -16,6 +16,7 @@
#endif
#include "gtypes.h"
+#include "gmem.h"
//------------------------------------------------------------------------
// GList
@@ -36,7 +37,7 @@
//----- general
// Get the number of elements.
- int getLength() { return length; }
+ int getLength() { return length.Int(); }
//----- ordered list support
@@ -76,9 +77,9 @@
void shrink();
void **data; // the list elements
- int size; // size of data array
- int length; // number of elements on list
- int inc; // allocation increment
+ SafeInt size; // size of data array
+ SafeInt length; // number of elements on list
+ SafeInt inc; // allocation increment
};
#define deleteGList(list, T) \
--- xpdf-3.02/goo/GString.cc
+++ xpdf-3.02/goo/GString.cc
@@ -224,7 +224,8 @@
GString *GString::appendfv(char *fmt, va_list argList) {
GStringFormatArg *args;
- int argsLen, argsSize;
+ int argsLen;
+ SafeInt argsSize;
GStringFormatArg arg;
int idx, width, prec;
GBool reverseAlign, zeroFill;
--- xpdf-3.02/goo/gmem.cc
+++ xpdf-3.02/goo/gmem.cc
@@ -186,14 +186,335 @@
#endif
}
-void *gmallocn(int nObjs, int objSize) GMEM_EXCEP {
- int n;
+SafeInt::SafeInt(const long long int cA)
+{
+ if (cA < -INT_MAX || INT_MAX < cA)
+ integer_overflow("SafeInt::SafeInt(long long): ");
+ c = cA;
+}
+
+SafeInt::SafeInt()
+{ }
+
+SafeInt::SafeInt(const SafeInt& copy): c(copy.c)
+{ }
+
+SafeInt SafeInt::create(const long long int cA)
+{
+ return SafeInt(cA);
+}
+
+int SafeInt::Int(void) const
+{
+ return c;
+}
+
+void SafeInt::integer_overflow(const char * prefix)
+{
+ fprintf(stderr, "error: %sinteger overflow", prefix);
+ exit (1);
+}
+
+void SafeInt::division_by_zero(const char * prefix)
+{
+ fprintf(stderr, "error: %sdivide by zero", prefix);
+ exit(1);
+}
+
+void SafeInt::shift_is_negative(const char * prefix)
+{
+ fprintf(stderr, "warning: %sbitwise shift amount is negative", prefix);
+}
+
+SafeInt& SafeInt::operator=(const int& cA)
+{
+ *this = SafeInt(cA);
+ return *this;
+}
+
+bool SafeInt::operator==(const SafeInt& right) const
+{
+ return c == right.c;
+}
+
+bool SafeInt::operator!=(const SafeInt& right) const
+{
+ return c != right.c;
+}
+
+bool SafeInt::operator<(const SafeInt& right) const
+{
+ return c < right.c;
+}
+
+bool SafeInt::operator<=(const SafeInt& right) const
+{
+ return c <= right.c;
+}
+
+bool SafeInt::operator>(const SafeInt& right) const
+{
+ return c > right.c;
+}
+
+bool SafeInt::operator>=(const SafeInt& right) const
+{
+ return c >= right.c;
+}
+
+bool SafeInt::operator==(const int& right) const
+{
+ return c == right;
+}
+
+bool SafeInt::operator!=(const int& right) const
+{
+ return c != right;
+}
+
+bool SafeInt::operator<(const int& right) const
+{
+ return c < right;
+}
+
+bool SafeInt::operator<=(const int& right) const
+{
+ return c <= right;
+}
+
+bool SafeInt::operator>(const int& right) const
+{
+ return c > right;
+}
+
+bool SafeInt::operator>=(const int& right) const
+{
+ return c >= right;
+}
+
+bool operator==(const int& left, const SafeInt& right)
+{
+ return left == right.c;
+}
+
+bool operator!=(const int& left, const SafeInt& right)
+{
+ return left != right.c;
+}
+
+bool operator<(const int& left, const SafeInt& right)
+{
+ return left < right.c;
+}
+
+bool operator<=(const int& left, const SafeInt& right)
+{
+ return left <= right.c;
+}
+
+bool operator>(const int& left, const SafeInt& right)
+{
+ return left > right.c;
+}
+
+bool operator>=(const int& left, const SafeInt& right)
+{
+ return left >= right.c;
+}
+
+SafeInt SafeInt::operator+() const
+{
+ return SafeInt(*this);
+}
+
+SafeInt SafeInt::operator+(const SafeInt& right) const
+{
+ if (c*right.c > 0 &&
+ ((c > 0 && c > INT_MAX - right.c) ||
+ (c < 0 && c < -INT_MAX - right.c)))
+ integer_overflow("SafeInt::operator+(): ");
+ return SafeInt(c + right.c);
+}
+
+SafeInt SafeInt::operator-() const
+{
+ return SafeInt(-c);
+}
+
+SafeInt SafeInt::operator-(const SafeInt& right) const
+{
+ return *this + (-right);
+}
+
+SafeInt SafeInt::operator*(const SafeInt& right) const
+{
+ if (right.c != 0 && c*right.c/right.c != c)
+ integer_overflow("SafeInt::operator*(): ");
+ return SafeInt(c * right.c);
+}
+
+SafeInt SafeInt::operator/(const SafeInt& right) const
+{
+ return SafeInt(c / right.c);
+}
+
+SafeInt SafeInt::operator%(const SafeInt& right) const
+{
+ return SafeInt(c % right.c);
+}
+
+SafeInt SafeInt::operator/(const int& right) const
+{
+ if (right == 0)
+ division_by_zero("SafeInt::operator/(): ");
+ return SafeInt(c / right);
+}
+
+SafeInt SafeInt::operator%(const int& right) const
+{
+ return SafeInt(c % right);
+}
+
+SafeInt& SafeInt::operator+=(const SafeInt& right)
+{
+ *this = *this + right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator-=(const SafeInt& right)
+{
+ *this = *this - right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator*=(const SafeInt& right)
+{
+ *this = *this * right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator/=(const SafeInt& right)
+{
+ *this = *this / right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator%=(const SafeInt& right)
+{
+ *this = *this % right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator/=(const int& right)
+{
+ *this = *this / right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator%=(const int& right)
+{
+ *this = *this % right;
+ return *this;
+}
+
+SafeInt& SafeInt::operator++()
+{
+ *this += one;
+ return *this;
+}
+
+SafeInt SafeInt::operator++(int)
+{
+ SafeInt res(*this);
+ *this += one;
+ return res;
+}
+
+SafeInt& SafeInt::operator--()
+{
+ *this -= one;
+ return *this;
+}
+
+SafeInt SafeInt::operator--(int)
+{
+ SafeInt res(*this);
+ *this -= one;
+ return res;
+}
+
+SafeInt operator+(const int& left, const SafeInt& right)
+{
+ return SafeInt(left) + right;
+}
+
+SafeInt operator-(const int& left, const SafeInt& right)
+{
+ return SafeInt(left) - right;
+}
+
+SafeInt operator*(const int& left, const SafeInt& right)
+{
+ return SafeInt(left) * right;
+}
+
+SafeInt operator/(const int& left, const SafeInt& right)
+{
+ return SafeInt(left) / right;
+}
+
+SafeInt operator%(const int& left, const SafeInt& right)
+{
+ return SafeInt(left) % right;
+}
+
+SafeInt SafeInt::operator<<(const int offset)
+{
+ if (offset < 0)
+ {
+ shift_is_negative("SafeInt::operator<<(): ");
+ return *this >> -offset;
+ }
+
+ if ((c & (-1 << (sizeof(c)*8 - offset))) != 0)
+ integer_overflow("SafeInt::operator<<(): ");
+ return SafeInt(c << offset);
+}
+
+SafeInt SafeInt::operator>>(const int offset)
+{
+ if (offset < 0)
+ {
+ shift_is_negative("SafeInt::operator>>(): ");
+ return *this << -offset;
+ }
+
+ return SafeInt(c >> offset);
+}
+
+SafeInt& SafeInt::operator<<=(const int offset)
+{
+ *this = *this << offset;
+ return *this;
+}
+
+SafeInt& SafeInt::operator>>=(const int offset)
+{
+ *this = *this >> offset;
+ return *this;
+}
+
+const SafeInt SafeInt::zero = SafeInt(0);
+const SafeInt SafeInt::one = SafeInt(1);
+
+void *gmallocn(SafeInt nObjs, SafeInt objSize) GMEM_EXCEP {
+ SafeInt n;
- if (nObjs == 0) {
+ if (nObjs == SafeInt::create(0)) {
return NULL;
}
n = nObjs * objSize;
- if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) {
+ if (objSize <= SafeInt::create(0) || nObjs < SafeInt::create(0)) {
#if USE_EXCEPTIONS
throw GMemException();
#else
@@ -201,20 +522,20 @@
exit(1);
#endif
}
- return gmalloc(n);
+ return gmalloc(n.Int());
}
-void *greallocn(void *p, int nObjs, int objSize) GMEM_EXCEP {
- int n;
+void *greallocn(void *p, SafeInt nObjs, SafeInt objSize) GMEM_EXCEP {
+ SafeInt n;
- if (nObjs == 0) {
+ if (nObjs == SafeInt::create(0)) {
if (p) {
gfree(p);
}
return NULL;
}
n = nObjs * objSize;
- if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) {
+ if (objSize <= SafeInt::create(0) || nObjs < SafeInt::create(0)) {
#if USE_EXCEPTIONS
throw GMemException();
#else
@@ -222,7 +543,7 @@
exit(1);
#endif
}
- return grealloc(p, n);
+ return grealloc(p, n.Int());
}
void gfree(void *p) {
--- xpdf-3.02/goo/gmem.h
+++ xpdf-3.02/goo/gmem.h
@@ -28,6 +28,98 @@
#endif // USE_EXCEPTIONS
+class SafeInt
+{
+ int c;
+
+public:
+ SafeInt();
+ SafeInt(const SafeInt& copy);
+ SafeInt(const long long int cA);
+ static SafeInt create(const long long int cA);
+ int Int(void) const;
+
+ const static SafeInt zero;
+ const static SafeInt one;
+
+ static void integer_overflow(const char * prefix = NULL);
+ static void division_by_zero(const char * prefix = NULL);
+ static void shift_is_negative(const char * prefix = NULL);
+
+ SafeInt& operator=(const int& cA);
+
+ bool operator==(const SafeInt& right) const;
+ bool operator!=(const SafeInt& right) const;
+ bool operator<(const SafeInt& right) const;
+ bool operator<=(const SafeInt& right) const;
+ bool operator >(const SafeInt& right) const;
+ bool operator >=(const SafeInt& right) const;
+
+ bool operator==(const int& right) const;
+ bool operator!=(const int& right) const;
+ bool operator<(const int& right) const;
+ bool operator<=(const int& right) const;
+ bool operator >(const int& right) const;
+ bool operator >=(const int& right) const;
+
+ friend bool operator ==(const int &left, const SafeInt& right);
+ friend bool operator !=(const int &left, const SafeInt& right);
+ friend bool operator <(const int &left, const SafeInt& right);
+ friend bool operator <=(const int &left, const SafeInt& right);
+ friend bool operator >(const int &left, const SafeInt& right);
+ friend bool operator >=(const int &left, const SafeInt& right);
+
+ SafeInt operator+() const;
+ SafeInt operator+(const SafeInt& right) const;
+ SafeInt operator-() const;
+ SafeInt operator-(const SafeInt& right) const;
+ SafeInt operator*(const SafeInt& right) const;
+ SafeInt operator/(const SafeInt& right) const;
+ SafeInt operator%(const SafeInt& right) const;
+
+ SafeInt operator/(const int& right) const;
+ SafeInt operator%(const int& right) const;
+
+ SafeInt& operator+=(const SafeInt& right);
+ SafeInt& operator-=(const SafeInt& right);
+ SafeInt& operator*=(const SafeInt& right);
+ SafeInt& operator/=(const SafeInt& right);
+ SafeInt& operator%=(const SafeInt& right);
+
+ SafeInt& operator/=(const int& right);
+ SafeInt& operator%=(const int& right);
+
+ friend SafeInt operator+(const int& left, const SafeInt& right);
+ friend SafeInt operator-(const int& left, const SafeInt& right);
+ friend SafeInt operator*(const int& left, const SafeInt& right);
+ friend SafeInt operator/(const int& left, const SafeInt& right);
+ friend SafeInt operator%(const int& left, const SafeInt& right);
+
+ SafeInt& operator++();
+ SafeInt operator++(int);
+ SafeInt& operator--();
+ SafeInt operator--(int);
+
+ SafeInt operator<<(const int offset);
+ SafeInt operator>>(const int offset);
+
+ SafeInt& operator<<=(const int offset);
+ SafeInt& operator>>=(const int offset);
+};
+
+bool operator==(const int& left, const SafeInt& right);
+bool operator!=(const int& left, const SafeInt& right);
+bool operator<(const int& left, const SafeInt& right);
+bool operator<=(const int& left, const SafeInt& right);
+bool operator>(const int& left, const SafeInt& right);
+bool operator>=(const int& left, const SafeInt& right);
+
+SafeInt operator+(const int& left, const SafeInt& right);
+SafeInt operator-(const int& left, const SafeInt& right);
+SafeInt operator*(const int& left, const SafeInt& right);
+SafeInt operator/(const int& left, const SafeInt& right);
+SafeInt operator%(const int& left, const SafeInt& right);
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -50,8 +142,8 @@
* bytes, but there is an additional error check that the total size
* doesn't overflow an int.
*/
-extern void *gmallocn(int nObjs, int objSize) GMEM_EXCEP;
-extern void *greallocn(void *p, int nObjs, int objSize) GMEM_EXCEP;
+extern void *gmallocn(SafeInt nObjs, SafeInt objSize) GMEM_EXCEP;
+extern void *greallocn(void *p, SafeInt nObjs, SafeInt objSize) GMEM_EXCEP;
/*
* Same as free, but checks for and ignores NULL pointers.
--- xpdf-3.02/splash/Splash.cc
+++ xpdf-3.02/splash/Splash.cc
@@ -1912,7 +1912,7 @@
xq = w % scaledWidth;
// allocate pixel buffer
- pixBuf = (SplashColorPtr)gmalloc((yp + 1) * w);
+ pixBuf = (SplashColorPtr)gmalloc(((SafeInt(yp) + SafeInt(1)) * SafeInt(w)).Int());
// initialize the pixel pipe
pipeInit(&pipe, 0, 0, state->fillPattern, NULL, state->fillAlpha,
@@ -2208,9 +2208,9 @@
xq = w % scaledWidth;
// allocate pixel buffers
- colorBuf = (SplashColorPtr)gmalloc((yp + 1) * w * nComps);
+ colorBuf = (SplashColorPtr)gmalloc(((SafeInt(yp) + SafeInt(1)) * SafeInt(w) * SafeInt(nComps)).Int());
if (srcAlpha) {
- alphaBuf = (Guchar *)gmalloc((yp + 1) * w);
+ alphaBuf = (Guchar *)gmalloc(((SafeInt(yp) + SafeInt(1)) * SafeInt(w)).Int());
} else {
alphaBuf = NULL;
}
@@ -3064,7 +3064,7 @@
// draw the start cap
pathOut->moveTo(pathIn->pts[i].x - wdy, pathIn->pts[i].y + wdx);
if (i == subpathStart) {
- firstPt = pathOut->length - 1;
+ firstPt = pathOut->length.Int() - 1;
}
if (first && !closed) {
switch (state->lineCap) {
@@ -3099,7 +3099,7 @@
}
// draw the left side of the segment rectangle
- left2 = pathOut->length - 1;
+ left2 = pathOut->length.Int() - 1;
pathOut->lineTo(pathIn->pts[i+1].x + wdy, pathIn->pts[i+1].y - wdx);
// draw the end cap
@@ -3136,11 +3136,11 @@
}
// draw the right side of the segment rectangle
- right2 = pathOut->length - 1;
+ right2 = pathOut->length.Int() - 1;
pathOut->close();
// draw the join
- join2 = pathOut->length;
+ join2 = pathOut->length.Int();
if (!last || closed) {
crossprod = dx * dyNext - dy * dxNext;
dotprod = -(dx * dxNext + dy * dyNext);
@@ -3254,10 +3254,10 @@
if (i >= subpathStart + 2) {
pathOut->addStrokeAdjustHint(left1, right1, left0 + 1, right0);
pathOut->addStrokeAdjustHint(left1, right1,
- join0, pathOut->length - 1);
+ join0, pathOut->length.Int() - 1);
} else {
pathOut->addStrokeAdjustHint(left1, right1,
- firstPt, pathOut->length - 1);
+ firstPt, pathOut->length.Int() - 1);
}
if (closed) {
pathOut->addStrokeAdjustHint(left1, right1, firstPt, leftFirst);
@@ -3266,7 +3266,7 @@
pathOut->addStrokeAdjustHint(leftFirst, rightFirst,
left1 + 1, right1);
pathOut->addStrokeAdjustHint(leftFirst, rightFirst,
- join1, pathOut->length - 1);
+ join1, pathOut->length.Int() - 1);
}
}
}
--- xpdf-3.02/splash/SplashBitmap.cc
+++ xpdf-3.02/splash/SplashBitmap.cc
@@ -44,13 +44,13 @@
}
rowSize += rowPad - 1;
rowSize -= rowSize % rowPad;
- data = (SplashColorPtr)gmalloc(rowSize * height);
+ data = (SplashColorPtr)gmallocn(rowSize, height);
if (!topDown) {
data += (height - 1) * rowSize;
rowSize = -rowSize;
}
if (alphaA) {
- alpha = (Guchar *)gmalloc(width * height);
+ alpha = (Guchar *)gmallocn(width, height);
} else {
alpha = NULL;
}
--- xpdf-3.02/splash/SplashClip.cc
+++ xpdf-3.02/splash/SplashClip.cc
@@ -55,7 +55,8 @@
paths = NULL;
flags = NULL;
scanners = NULL;
- length = size = 0;
+ length = 0;
+ size = 0;
}
SplashClip::SplashClip(SplashClip *clip) {
@@ -124,7 +125,8 @@
paths = NULL;
flags = NULL;
scanners = NULL;
- length = size = 0;
+ length = 0;
+ size = 0;
if (x0 < x1) {
xMin = x0;
--- xpdf-3.02/splash/SplashClip.h
+++ xpdf-3.02/splash/SplashClip.h
@@ -101,7 +101,8 @@
SplashXPath **paths;
Guchar *flags;
SplashXPathScanner **scanners;
- int length, size;
+ int length;
+ SafeInt size;
};
#endif
--- xpdf-3.02/splash/SplashFTFont.cc
+++ xpdf-3.02/splash/SplashFTFont.cc
@@ -157,7 +157,7 @@
FT_Vector offset;
FT_GlyphSlot slot;
FT_UInt gid;
- int rowSize;
+ SafeInt rowSize;
Guchar *p, *q;
int i;
@@ -210,14 +210,14 @@
if (aa) {
rowSize = bitmap->w;
} else {
- rowSize = (bitmap->w + 7) >> 3;
+ rowSize = (SafeInt(bitmap->w) + SafeInt(7)) >> 3;
}
- bitmap->data = (Guchar *)gmalloc(rowSize * bitmap->h);
+ bitmap->data = (Guchar *)gmallocn(rowSize, bitmap->h);
bitmap->freeData = gTrue;
for (i = 0, p = bitmap->data, q = slot->bitmap.buffer;
i < bitmap->h;
- ++i, p += rowSize, q += slot->bitmap.pitch) {
- memcpy(p, q, rowSize);
+ ++i, p += rowSize.Int(), q += slot->bitmap.pitch) {
+ memcpy(p, q, rowSize.Int());
}
return gTrue;
--- xpdf-3.02/splash/SplashFTFontEngine.cc
+++ xpdf-3.02/splash/SplashFTFontEngine.cc
@@ -91,7 +91,7 @@
GBool deleteFile) {
FoFiType1C *ff;
Gushort *cidToGIDMap;
- int nCIDs;
+ SafeInt nCIDs;
SplashFontFile *ret;
// check for a CFF font
@@ -106,7 +106,7 @@
nCIDs = 0;
}
ret = SplashFTFontFile::loadCIDFont(this, idA, fileName, deleteFile,
- cidToGIDMap, nCIDs);
+ cidToGIDMap, nCIDs.Int());
if (!ret) {
gfree(cidToGIDMap);
}
@@ -119,7 +119,7 @@
FoFiTrueType *ff;
GBool isCID;
Gushort *cidToGIDMap;
- int nCIDs;
+ SafeInt nCIDs;
SplashFontFile *ret;
cidToGIDMap = NULL;
@@ -134,7 +134,7 @@
}
}
ret = SplashFTFontFile::loadCIDFont(this, idA, fileName, deleteFile,
- cidToGIDMap, nCIDs);
+ cidToGIDMap, nCIDs.Int());
if (!ret) {
gfree(cidToGIDMap);
}
--- xpdf-3.02/splash/SplashFont.cc
+++ xpdf-3.02/splash/SplashFont.cc
@@ -78,7 +78,7 @@
cacheTags = (SplashFontCacheTag *)gmallocn(cacheSets * cacheAssoc,
sizeof(SplashFontCacheTag));
for (i = 0; i < cacheSets * cacheAssoc; ++i) {
- cacheTags[i].mru = i & (cacheAssoc - 1);
+ cacheTags[i].mru = i & (cacheAssoc.Int() - 1);
}
}
@@ -106,7 +106,7 @@
}
// check the cache
- i = (c & (cacheSets - 1)) * cacheAssoc;
+ i = (c & (cacheSets.Int() - 1)) * cacheAssoc.Int();
for (j = 0; j < cacheAssoc; ++j) {
if ((cacheTags[i+j].mru & 0x80000000) &&
cacheTags[i+j].c == c &&
@@ -151,7 +151,7 @@
}
p = NULL; // make gcc happy
for (j = 0; j < cacheAssoc; ++j) {
- if ((cacheTags[i+j].mru & 0x7fffffff) == cacheAssoc - 1) {
+ if ((cacheTags[i+j].mru & 0x7fffffff) == cacheAssoc.Int() - 1) {
cacheTags[i+j].mru = 0x80000000;
cacheTags[i+j].c = c;
cacheTags[i+j].xFrac = (short)xFrac;
--- xpdf-3.02/splash/SplashFont.h
+++ xpdf-3.02/splash/SplashFont.h
@@ -97,8 +97,8 @@
cacheTags;
int glyphW, glyphH; // size of glyph bitmaps
int glyphSize; // size of glyph bitmaps, in bytes
- int cacheSets; // number of sets in cache
- int cacheAssoc; // cache associativity (glyphs per set)
+ SafeInt cacheSets; // number of sets in cache
+ SafeInt cacheAssoc; // cache associativity (glyphs per set)
};
#endif
--- xpdf-3.02/splash/SplashPath.cc
+++ xpdf-3.02/splash/SplashPath.cc
@@ -44,13 +44,13 @@
size = path->size;
pts = (SplashPathPoint *)gmallocn(size, sizeof(SplashPathPoint));
flags = (Guchar *)gmallocn(size, sizeof(Guchar));
- memcpy(pts, path->pts, length * sizeof(SplashPathPoint));
- memcpy(flags, path->flags, length * sizeof(Guchar));
+ memcpy(pts, path->pts, length.Int() * sizeof(SplashPathPoint));
+ memcpy(flags, path->flags, length.Int() * sizeof(Guchar));
curSubpath = path->curSubpath;
if (path->hints) {
hintsLength = hintsSize = path->hintsLength;
hints = (SplashPathHint *)gmallocn(hintsSize, sizeof(SplashPathHint));
- memcpy(hints, path->hints, hintsLength * sizeof(SplashPathHint));
+ memcpy(hints, path->hints, hintsLength.Int() * sizeof(SplashPathHint));
} else {
hints = NULL;
}
@@ -79,11 +79,11 @@
void SplashPath::append(SplashPath *path) {
int i;
- curSubpath = length + path->curSubpath;
- grow(path->length);
+ curSubpath = length.Int() + path->curSubpath;
+ grow(path->length.Int());
for (i = 0; i < path->length; ++i) {
- pts[length] = path->pts[i];
- flags[length] = path->flags[i];
+ pts[length.Int()] = path->pts[i];
+ flags[length.Int()] = path->flags[i];
++length;
}
}
@@ -93,10 +93,10 @@
return splashErrBogusPath;
}
grow(1);
- pts[length].x = x;
- pts[length].y = y;
- flags[length] = splashPathFirst | splashPathLast;
- curSubpath = length++;
+ pts[length.Int()].x = x;
+ pts[length.Int()].y = y;
+ flags[length.Int()] = splashPathFirst | splashPathLast;
+ curSubpath = (length++).Int();
return splashOk;
}
@@ -104,11 +104,11 @@
if (noCurrentPoint()) {
return splashErrNoCurPt;
}
- flags[length-1] &= ~splashPathLast;
+ flags[(length-1).Int()] &= ~splashPathLast;
grow(1);
- pts[length].x = x;
- pts[length].y = y;
- flags[length] = splashPathLast;
+ pts[length.Int()].x = x;
+ pts[length.Int()].y = y;
+ flags[length.Int()] = splashPathLast;
++length;
return splashOk;
}
@@ -119,19 +119,19 @@
if (noCurrentPoint()) {
return splashErrNoCurPt;
}
- flags[length-1] &= ~splashPathLast;
+ flags[(length-1).Int()] &= ~splashPathLast;
grow(3);
- pts[length].x = x1;
- pts[length].y = y1;
- flags[length] = splashPathCurve;
+ pts[length.Int()].x = x1;
+ pts[length.Int()].y = y1;
+ flags[length.Int()] = splashPathCurve;
++length;
- pts[length].x = x2;
- pts[length].y = y2;
- flags[length] = splashPathCurve;
+ pts[length.Int()].x = x2;
+ pts[length.Int()].y = y2;
+ flags[length.Int()] = splashPathCurve;
++length;
- pts[length].x = x3;
- pts[length].y = y3;
- flags[length] = splashPathLast;
+ pts[length.Int()].x = x3;
+ pts[length.Int()].y = y3;
+ flags[length.Int()] = splashPathLast;
++length;
return splashOk;
}
@@ -140,28 +140,28 @@
if (noCurrentPoint()) {
return splashErrNoCurPt;
}
- if (curSubpath == length - 1 ||
- pts[length - 1].x != pts[curSubpath].x ||
- pts[length - 1].y != pts[curSubpath].y) {
+ if (curSubpath == length.Int() - 1 ||
+ pts[length.Int() - 1].x != pts[curSubpath].x ||
+ pts[length.Int() - 1].y != pts[curSubpath].y) {
lineTo(pts[curSubpath].x, pts[curSubpath].y);
}
flags[curSubpath] |= splashPathClosed;
- flags[length - 1] |= splashPathClosed;
- curSubpath = length;
+ flags[length.Int() - 1] |= splashPathClosed;
+ curSubpath = length.Int();
return splashOk;
}
void SplashPath::addStrokeAdjustHint(int ctrl0, int ctrl1,
int firstPt, int lastPt) {
if (hintsLength == hintsSize) {
- hintsSize = hintsLength ? 2 * hintsLength : 8;
+ hintsSize = hintsLength.Int() ? 2 * hintsLength : 8;
hints = (SplashPathHint *)greallocn(hints, hintsSize,
sizeof(SplashPathHint));
}
- hints[hintsLength].ctrl0 = ctrl0;
- hints[hintsLength].ctrl1 = ctrl1;
- hints[hintsLength].firstPt = firstPt;
- hints[hintsLength].lastPt = lastPt;
+ hints[hintsLength.Int()].ctrl0 = ctrl0;
+ hints[hintsLength.Int()].ctrl1 = ctrl1;
+ hints[hintsLength.Int()].firstPt = firstPt;
+ hints[hintsLength.Int()].lastPt = lastPt;
++hintsLength;
}
@@ -178,7 +178,7 @@
if (noCurrentPoint()) {
return gFalse;
}
- *x = pts[length - 1].x;
- *y = pts[length - 1].y;
+ *x = pts[length.Int() - 1].x;
+ *y = pts[length.Int() - 1].y;
return gTrue;
}
--- xpdf-3.02/splash/SplashPath.h
+++ xpdf-3.02/splash/SplashPath.h
@@ -91,7 +91,7 @@
void offset(SplashCoord dx, SplashCoord dy);
// Get the points on the path.
- int getLength() { return length; }
+ int getLength() { return length.Int(); }
void getPoint(int i, double *x, double *y, Guchar *f)
{ *x = pts[i].x; *y = pts[i].y; *f = flags[i]; }
@@ -108,11 +108,11 @@
SplashPathPoint *pts; // array of points
Guchar *flags; // array of flags
- int length, size; // length/size of the pts and flags arrays
+ SafeInt length, size; // length/size of the pts and flags arrays
int curSubpath; // index of first point in last subpath
SplashPathHint *hints; // list of hints
- int hintsLength, hintsSize;
+ SafeInt hintsLength, hintsSize;
friend class SplashXPath;
friend class Splash;
--- xpdf-3.02/splash/SplashScreen.cc
+++ xpdf-3.02/splash/SplashScreen.cc
@@ -12,7 +12,6 @@
#include <stdlib.h>
#include <string.h>
-#include "gmem.h"
#include "SplashMath.h"
#include "SplashScreen.h"
@@ -61,7 +60,7 @@
// size must be a power of 2
for (size = 1; size < params->size; size <<= 1) ;
mat = (Guchar *)gmallocn(size * size, sizeof(Guchar));
- buildDispersedMatrix(size/2, size/2, 1, size/2, 1);
+ buildDispersedMatrix((size/2).Int(), (size/2).Int(), 1, (size/2).Int(), 1);
break;
case splashScreenClustered:
@@ -76,8 +75,8 @@
case splashScreenStochasticClustered:
// size must be at least 2*r
- if (params->size < 2 * params->dotRadius) {
- size = 2 * params->dotRadius;
+ if (SafeInt(params->size) < 2 * SafeInt(params->dotRadius)) {
+ size = 2 * SafeInt(params->dotRadius);
} else {
size = params->size;
}
@@ -118,15 +117,15 @@
int delta, int offset) {
if (delta == 0) {
// map values in [1, size^2] --> [1, 255]
- mat[i * size + j] = 1 + (254 * (val - 1)) / (size * size - 1);
+ mat[i * size.Int() + j] = 1 + (254 * (val - 1)) / (size.Int() * size.Int() - 1);
} else {
buildDispersedMatrix(i, j,
val, delta / 2, 4*offset);
- buildDispersedMatrix((i + delta) % size, (j + delta) % size,
+ buildDispersedMatrix((i + delta) % size.Int(), (j + delta) % size.Int(),
val + offset, delta / 2, 4*offset);
- buildDispersedMatrix((i + delta) % size, j,
+ buildDispersedMatrix((i + delta) % size.Int(), j,
val + 2*offset, delta / 2, 4*offset);
- buildDispersedMatrix((i + 2*delta) % size, (j + delta) % size,
+ buildDispersedMatrix((i + 2*delta) % size.Int(), (j + delta) % size.Int(),
val + 3*offset, delta / 2, 4*offset);
}
}
@@ -135,14 +134,15 @@
SplashCoord *dist;
SplashCoord u, v, d;
Guchar val;
- int size2, x, y, x1, y1, i;
+ SafeInt size2;
+ int x, y, x1, y1, i;
size2 = size >> 1;
// initialize the threshold matrix
for (y = 0; y < size; ++y) {
for (x = 0; x < size; ++x) {
- mat[y * size + x] = 0;
+ mat[y * size.Int() + x] = 0;
}
}
@@ -154,22 +154,22 @@
u = (SplashCoord)x + 0.5 - 0;
v = (SplashCoord)y + 0.5 - 0;
} else {
- u = (SplashCoord)x + 0.5 - (SplashCoord)size2;
- v = (SplashCoord)y + 0.5 - (SplashCoord)size2;
+ u = (SplashCoord)x + 0.5 - (SplashCoord)size2.Int();
+ v = (SplashCoord)y + 0.5 - (SplashCoord)size2.Int();
}
- dist[y * size2 + x] = u*u + v*v;
+ dist[y * size2.Int() + x] = u*u + v*v;
}
}
for (y = 0; y < size2; ++y) {
for (x = 0; x < size2; ++x) {
if (x < y) {
u = (SplashCoord)x + 0.5 - 0;
- v = (SplashCoord)y + 0.5 - (SplashCoord)size2;
+ v = (SplashCoord)y + 0.5 - (SplashCoord)size2.Int();
} else {
- u = (SplashCoord)x + 0.5 - (SplashCoord)size2;
+ u = (SplashCoord)x + 0.5 - (SplashCoord)size2.Int();
v = (SplashCoord)y + 0.5 - 0;
}
- dist[(size2 + y) * size2 + x] = u*u + v*v;
+ dist[(size2.Int() + y) * size2.Int() + x] = u*u + v*v;
}
}
@@ -181,22 +181,22 @@
d = -1;
for (y = 0; y < size; ++y) {
for (x = 0; x < size2; ++x) {
- if (mat[y * size + x] == 0 &&
- dist[y * size2 + x] > d) {
+ if (mat[y * size.Int() + x] == 0 &&
+ dist[y * size2.Int() + x] > d) {
x1 = x;
y1 = y;
- d = dist[y1 * size2 + x1];
+ d = dist[y1 * size2.Int() + x1];
}
}
}
// map values in [0, 2*size*size2-1] --> [1, 255]
- val = 1 + (254 * (2*i)) / (2*size*size2 - 1);
- mat[y1 * size + x1] = val;
- val = 1 + (254 * (2*i+1)) / (2*size*size2 - 1);
- if (y1 < size2) {
- mat[(y1 + size2) * size + x1 + size2] = val;
+ val = 1 + (254 * (2*i)) / (2*size.Int()*size2.Int() - 1);
+ mat[y1 * size.Int() + x1] = val;
+ val = 1 + (254 * (2*i+1)) / (2*size.Int()*size2.Int() - 1);
+ if (y1 < size2.Int()) {
+ mat[(y1 + size2.Int()) * size.Int() + x1 + size2.Int()] = val;
} else {
- mat[(y1 - size2) * size + x1 + size2] = val;
+ mat[(y1 - size2.Int()) * size.Int() + x1 + size2.Int()] = val;
}
}
@@ -208,10 +208,10 @@
int dx0, dx1, dx, dy0, dy1, dy;
dx0 = abs(x0 - x1);
- dx1 = size - dx0;
+ dx1 = size.Int() - dx0;
dx = dx0 < dx1 ? dx0 : dx1;
dy0 = abs(y0 - y1);
- dy1 = size - dy0;
+ dy1 = size.Int() - dy0;
dy = dy0 < dy1 ? dy0 : dy1;
return dx * dx + dy * dy;
}
@@ -222,7 +222,7 @@
// Hardcopy, and Graphic Arts IV, SPIE Vol. 3648, pp. 496-505, 1999.
void SplashScreen::buildSCDMatrix(int r) {
SplashScreenPoint *dots, *pts;
- int dotsLen, dotsSize;
+ SafeInt dotsLen, dotsSize;
char *tmpl;
char *grid;
int *region, *dist;
@@ -242,7 +242,7 @@
}
}
for (i = 0; i < size * size; ++i) {
- j = i + (int)((double)(size * size - i) *
+ j = i + (int)((double)(size.Int() * size.Int() - i) *
(double)rand() / ((double)RAND_MAX + 1.0));
x = pts[i].x;
y = pts[i].y;
@@ -253,7 +253,7 @@
}
// construct the circle template
- tmpl = (char *)gmallocn((r+1)*(r+1), sizeof(char));
+ tmpl = (char *)gmallocn((SafeInt(r)+SafeInt(1))*(SafeInt(r)+SafeInt(1)), sizeof(char));
for (y = 0; y <= r; ++y) {
for (x = 0; x <= r; ++x) {
tmpl[y*(r+1) + x] = (x * y <= r * r) ? 1 : 0;
@@ -264,7 +264,7 @@
grid = (char *)gmallocn(size * size, sizeof(char));
for (y = 0; y < size; ++y) {
for (x = 0; x < size; ++x) {
- grid[y*size + x] = 0;
+ grid[y*size.Int() + x] = 0;
}
}
@@ -272,27 +272,27 @@
dotsLen = 0;
dotsSize = 32;
dots = (SplashScreenPoint *)gmallocn(dotsSize, sizeof(SplashScreenPoint));
- for (i = 0; i < size * size; ++i) {
+ for (i = 0; i < size.Int() * size.Int(); ++i) {
x = pts[i].x;
y = pts[i].y;
- if (!grid[y*size + x]) {
+ if (!grid[y*size.Int() + x]) {
if (dotsLen == dotsSize) {
dotsSize *= 2;
dots = (SplashScreenPoint *)greallocn(dots, dotsSize,
sizeof(SplashScreenPoint));
}
- dots[dotsLen++] = pts[i];
+ dots[(dotsLen++).Int()] = pts[i];
for (yy = 0; yy <= r; ++yy) {
- y0 = (y + yy) % size;
- y1 = (y - yy + size) % size;
+ y0 = (y + yy) % size.Int();
+ y1 = (y - yy + size.Int()) % size.Int();
for (xx = 0; xx <= r; ++xx) {
if (tmpl[yy*(r+1) + xx]) {
- x0 = (x + xx) % size;
- x1 = (x - xx + size) % size;
- grid[y0*size + x0] = 1;
- grid[y0*size + x1] = 1;
- grid[y1*size + x0] = 1;
- grid[y1*size + x1] = 1;
+ x0 = (x + xx) % size.Int();
+ x1 = (x - xx + size.Int()) % size.Int();
+ grid[y0*size.Int() + x0] = 1;
+ grid[y0*size.Int() + x1] = 1;
+ grid[y1*size.Int() + x0] = 1;
+ grid[y1*size.Int() + x1] = 1;
}
}
}
@@ -316,17 +316,17 @@
dMin = d;
}
}
- region[y*size + x] = iMin;
- dist[y*size + x] = dMin;
+ region[y*size.Int() + x] = iMin;
+ dist[y*size.Int() + x] = dMin;
}
}
// compute threshold values
for (i = 0; i < dotsLen; ++i) {
n = 0;
- for (y = 0; y < size; ++y) {
- for (x = 0; x < size; ++x) {
- if (region[y*size + x] == i) {
+ for (y = 0; y < size.Int(); ++y) {
+ for (x = 0; x < size.Int(); ++x) {
+ if (region[y*size.Int() + x] == i) {
pts[n].x = x;
pts[n].y = y;
pts[n].dist = distance(dots[i].x, dots[i].y, x, y);
@@ -337,7 +337,7 @@
qsort(pts, n, sizeof(SplashScreenPoint), &cmpDistances);
for (j = 0; j < n; ++j) {
// map values in [0 .. n-1] --> [255 .. 1]
- mat[pts[j].y * size + pts[j].x] = 255 - (254 * j) / (n - 1);
+ mat[pts[j].y * size.Int() + pts[j].x] = 255 - (254 * j) / (n - 1);
}
}
@@ -351,7 +351,7 @@
SplashScreen::SplashScreen(SplashScreen *screen) {
size = screen->size;
mat = (Guchar *)gmallocn(size * size, sizeof(Guchar));
- memcpy(mat, screen->mat, size * size * sizeof(Guchar));
+ memcpy(mat, screen->mat, (size * size).Int() * sizeof(Guchar));
minVal = screen->minVal;
maxVal = screen->maxVal;
}
@@ -369,13 +369,13 @@
if (value >= maxVal) {
return 1;
}
- if ((xx = x % size) < 0) {
+ if ((xx = x % size.Int()) < 0) {
xx = -xx;
}
- if ((yy = y % size) < 0) {
+ if ((yy = y % size.Int()) < 0) {
yy = -yy;
}
- return value < mat[yy * size + xx] ? 0 : 1;
+ return value < mat[yy * size.Int() + xx] ? 0 : 1;
}
GBool SplashScreen::isStatic(Guchar value) {
--- xpdf-3.02/splash/SplashScreen.h
+++ xpdf-3.02/splash/SplashScreen.h
@@ -14,11 +14,14 @@
#endif
#include "SplashTypes.h"
+#include "gmem.h"
//------------------------------------------------------------------------
// SplashScreen
//------------------------------------------------------------------------
+class SafeInt;
+
class SplashScreen {
public:
@@ -46,7 +49,7 @@
void buildSCDMatrix(int r);
Guchar *mat; // threshold matrix
- int size; // size of the threshold matrix
+ SafeInt size; // size of the threshold matrix
Guchar minVal; // any pixel value below minVal generates
// solid black
Guchar maxVal; // any pixel value above maxVal generates
--- xpdf-3.02/splash/SplashT1Font.cc
+++ xpdf-3.02/splash/SplashT1Font.cc
@@ -183,7 +183,8 @@
GBool SplashT1Font::makeGlyph(int c, int xFrac, int yFrac,
SplashGlyphBitmap *bitmap) {
GLYPH *glyph;
- int n, i;
+ int i;
+ SafeInt n;
if (aa) {
glyph = T1_AASetChar(t1libID, c, size, NULL);
@@ -203,7 +204,7 @@
bitmap->data = (Guchar *)glyph->bits;
bitmap->freeData = gFalse;
} else {
- n = bitmap->h * ((bitmap->w + 7) >> 3);
+ n = SafeInt(bitmap->h) * ((SafeInt(bitmap->w) + SafeInt(7)) >> SafeInt(3));
bitmap->data = (Guchar *)gmalloc(n);
for (i = 0; i < n; ++i) {
bitmap->data[i] = bitReverse[glyph->bits[i] & 0xff];
--- xpdf-3.02/splash/SplashT1FontFile.cc
+++ xpdf-3.02/splash/SplashT1FontFile.cc
@@ -31,7 +31,7 @@
int t1libIDA;
char **encTmp;
char *encStrTmp;
- int encStrSize;
+ SafeInt encStrSize;
char *encPtr;
int i;
@@ -45,7 +45,7 @@
encStrSize = 0;
for (i = 0; i < 256; ++i) {
if (encA[i]) {
- encStrSize += strlen(encA[i]) + 1;
+ encStrSize += SafeInt(strlen(encA[i])) + SafeInt(1);
}
}
encTmp = (char **)gmallocn(257, sizeof(char *));
--- xpdf-3.02/splash/SplashXPath.cc
+++ xpdf-3.02/splash/SplashXPath.cc
@@ -147,7 +147,7 @@
xsp = x0;
ysp = y0;
curSubpath = i;
- curSubpathX = length;
+ curSubpathX = length.Int();
++i;
} else {
@@ -236,7 +236,7 @@
length = xPath->length;
size = xPath->size;
segs = (SplashXPathSeg *)gmallocn(size, sizeof(SplashXPathSeg));
- memcpy(segs, xPath->segs, length * sizeof(SplashXPathSeg));
+ memcpy(segs, xPath->segs, length.Int() * sizeof(SplashXPathSeg));
}
SplashXPath::~SplashXPath() {
@@ -344,51 +344,51 @@
SplashCoord x1, SplashCoord y1,
GBool first, GBool last, GBool end0, GBool end1) {
grow(1);
- segs[length].x0 = x0;
- segs[length].y0 = y0;
- segs[length].x1 = x1;
- segs[length].y1 = y1;
- segs[length].flags = 0;
+ segs[length.Int()].x0 = x0;
+ segs[length.Int()].y0 = y0;
+ segs[length.Int()].x1 = x1;
+ segs[length.Int()].y1 = y1;
+ segs[length.Int()].flags = 0;
if (first) {
- segs[length].flags |= splashXPathFirst;
+ segs[length.Int()].flags |= splashXPathFirst;
}
if (last) {
- segs[length].flags |= splashXPathLast;
+ segs[length.Int()].flags |= splashXPathLast;
}
if (end0) {
- segs[length].flags |= splashXPathEnd0;
+ segs[length.Int()].flags |= splashXPathEnd0;
}
if (end1) {
- segs[length].flags |= splashXPathEnd1;
+ segs[length.Int()].flags |= splashXPathEnd1;
}
if (y1 == y0) {
- segs[length].dxdy = segs[length].dydx = 0;
- segs[length].flags |= splashXPathHoriz;
+ segs[length.Int()].dxdy = segs[length.Int()].dydx = 0;
+ segs[length.Int()].flags |= splashXPathHoriz;
if (x1 == x0) {
- segs[length].flags |= splashXPathVert;
+ segs[length.Int()].flags |= splashXPathVert;
}
} else if (x1 == x0) {
- segs[length].dxdy = segs[length].dydx = 0;
- segs[length].flags |= splashXPathVert;
+ segs[length.Int()].dxdy = segs[length.Int()].dydx = 0;
+ segs[length.Int()].flags |= splashXPathVert;
} else {
#if USE_FIXEDPOINT
- if (FixedPoint::divCheck(x1 - x0, y1 - y0, &segs[length].dxdy)) {
- segs[length].dydx = (SplashCoord)1 / segs[length].dxdy;
+ if (FixedPoint::divCheck(x1 - x0, y1 - y0, &segs[length.Int()].dxdy)) {
+ segs[length.Int()].dydx = (SplashCoord)1 / segs[length.Int()].dxdy;
} else {
- segs[length].dxdy = segs[length].dydx = 0;
+ segs[length.Int()].dxdy = segs[length.Int()].dydx = 0;
if (splashAbs(x1 - x0) > splashAbs(y1 - y0)) {
- segs[length].flags |= splashXPathHoriz;
+ segs[length.Int()].flags |= splashXPathHoriz;
} else {
- segs[length].flags |= splashXPathVert;
+ segs[length.Int()].flags |= splashXPathVert;
}
}
#else
- segs[length].dxdy = (x1 - x0) / (y1 - y0);
- segs[length].dydx = (SplashCoord)1 / segs[length].dxdy;
+ segs[length.Int()].dxdy = (x1 - x0) / (y1 - y0);
+ segs[length.Int()].dydx = (SplashCoord)1 / segs[length.Int()].dxdy;
#endif
}
if (y0 > y1) {
- segs[length].flags |= splashXPathFlip;
+ segs[length.Int()].flags |= splashXPathFlip;
}
++length;
}
@@ -434,5 +434,5 @@
}
void SplashXPath::sort() {
- qsort(segs, length, sizeof(SplashXPathSeg), &cmpXPathSegs);
+ qsort(segs, length.Int(), sizeof(SplashXPathSeg), &cmpXPathSegs);
}
--- xpdf-3.02/splash/SplashXPath.h
+++ xpdf-3.02/splash/SplashXPath.h
@@ -90,7 +90,7 @@
GBool first, GBool last, GBool end0, GBool end1);
SplashXPathSeg *segs;
- int length, size; // length and size of segs array
+ SafeInt length, size; // length and size of segs array
friend class SplashXPathScanner;
friend class SplashClip;
--- xpdf-3.02/splash/SplashXPathScanner.cc
+++ xpdf-3.02/splash/SplashXPathScanner.cc
@@ -92,7 +92,8 @@
interY = yMin - 1;
xPathIdx = 0;
inter = NULL;
- interLen = interSize = 0;
+ interLen = 0;
+ interSize = 0;
}
SplashXPathScanner::~SplashXPathScanner() {
--- xpdf-3.02/splash/SplashXPathScanner.h
+++ xpdf-3.02/splash/SplashXPathScanner.h
@@ -81,7 +81,7 @@
// computeIntersections
SplashIntersect *inter; // intersections array for <interY>
int interLen; // number of intersections in <inter>
- int interSize; // size of the <inter> array
+ SafeInt interSize; // size of the <inter> array
};
#endif
--- xpdf-3.02/xpdf/Annot.cc
+++ xpdf-3.02/xpdf/Annot.cc
@@ -1437,7 +1437,7 @@
Annot *annot;
Object obj1;
Ref ref;
- int size;
+ SafeInt size;
int i;
annots = NULL;
--- xpdf-3.02/xpdf/Array.cc
+++ xpdf-3.02/xpdf/Array.cc
@@ -46,7 +46,7 @@
}
elems = (Object *)greallocn(elems, size, sizeof(Object));
}
- elems[length] = *elem;
+ elems[length.Int()] = *elem;
++length;
}
--- xpdf-3.02/xpdf/Array.h
+++ xpdf-3.02/xpdf/Array.h
@@ -37,7 +37,7 @@
int decRef() { return --ref; }
// Get number of elements.
- int getLength() { return length; }
+ int getLength() { return length.Int(); }
// Add an element.
void add(Object *elem);
@@ -50,8 +50,8 @@
XRef *xref; // the xref table for this PDF file
Object *elems; // array of elements
- int size; // size of <elems> array
- int length; // number of elements in array
+ SafeInt size; // size of <elems> array
+ SafeInt length; // number of elements in array
int ref; // reference count
};
--- xpdf-3.02/xpdf/Catalog.cc
+++ xpdf-3.02/xpdf/Catalog.cc
@@ -38,7 +38,7 @@
xref = xrefA;
pages = NULL;
pageRefs = NULL;
- numPages = pagesSize = 0;
+ pagesSize = numPages = 0;
baseURI = NULL;
xref->getCatalog(&catDict);
@@ -219,7 +219,7 @@
pagesSize += 32;
pages = (Page **)greallocn(pages, pagesSize, sizeof(Page *));
pageRefs = (Ref *)greallocn(pageRefs, pagesSize, sizeof(Ref));
- for (j = pagesSize - 32; j < pagesSize; ++j) {
+ for (j = (pagesSize - 32).Int(); j < pagesSize; ++j) {
pages[j] = NULL;
pageRefs[j].num = -1;
pageRefs[j].gen = -1;
--- xpdf-3.02/xpdf/Catalog.h
+++ xpdf-3.02/xpdf/Catalog.h
@@ -79,7 +79,7 @@
Page **pages; // array of pages
Ref *pageRefs; // object ID for each page
int numPages; // number of pages
- int pagesSize; // size of pages array
+ SafeInt pagesSize; // size of pages array
Object dests; // named destination dictionary
Object nameTree; // name tree
GString *baseURI; // base URI for URI-type links
--- xpdf-3.02/xpdf/CharCodeToUnicode.cc
+++ xpdf-3.02/xpdf/CharCodeToUnicode.cc
@@ -58,7 +58,8 @@
GString *collection) {
FILE *f;
Unicode *mapA;
- CharCode size, mapLenA;
+ CharCode mapLenA;
+ SafeInt size;
char buf[64];
Unicode u;
CharCodeToUnicode *ctu;
@@ -100,7 +101,8 @@
FILE *f;
Unicode *mapA;
CharCodeToUnicodeString *sMapA;
- CharCode size, oldSize, len, sMapSizeA, sMapLenA;
+ CharCode len, sMapLenA;
+ SafeInt size, oldSize, sMapSizeA;
char buf[256];
char *tok;
Unicode u0;
@@ -116,7 +118,7 @@
size = 4096;
mapA = (Unicode *)gmallocn(size, sizeof(Unicode));
- memset(mapA, 0, size * sizeof(Unicode));
+ memset(mapA, 0, size.Int() * sizeof(Unicode));
len = 0;
sMapA = NULL;
sMapSizeA = sMapLenA = 0;
@@ -153,7 +155,7 @@
size *= 2;
}
mapA = (Unicode *)greallocn(mapA, size, sizeof(Unicode));
- memset(mapA + oldSize, 0, (size - oldSize) * sizeof(Unicode));
+ memset(mapA + oldSize.Int(), 0, (size - oldSize).Int() * sizeof(Unicode));
}
if (n == 1) {
mapA[u0] = uBuf[0];
@@ -178,7 +180,7 @@
fclose(f);
ctu = new CharCodeToUnicode(fileName->copy(), mapA, len, gTrue,
- sMapA, sMapLenA, sMapSizeA);
+ sMapA, sMapLenA, sMapSizeA.Int());
gfree(mapA);
return ctu;
}
@@ -319,7 +321,7 @@
if (code >= mapLen) {
oldLen = mapLen;
- mapLen = (code + 256) & ~255;
+ mapLen = (SafeInt(code) + 256).Int() & ~255;
map = (Unicode *)greallocn(map, mapLen, sizeof(Unicode));
for (i = oldLen; i < mapLen; ++i) {
map[i] = 0;
@@ -362,7 +364,7 @@
map[i] = 0;
}
sMap = NULL;
- sMapLen = sMapSize = 0;
+ sMapSize = sMapLen = 0;
refCnt = 1;
#if MULTITHREADED
gInitMutex(&mutex);
--- xpdf-3.02/xpdf/CharCodeToUnicode.h
+++ xpdf-3.02/xpdf/CharCodeToUnicode.h
@@ -87,7 +87,8 @@
Unicode *map;
CharCode mapLen;
CharCodeToUnicodeString *sMap;
- int sMapLen, sMapSize;
+ int sMapLen;
+ SafeInt sMapSize;
int refCnt;
#if MULTITHREADED
GMutex mutex;
--- xpdf-3.02/xpdf/Decrypt.cc
+++ xpdf-3.02/xpdf/Decrypt.cc
@@ -113,7 +113,7 @@
GBool ok;
// generate file key
- buf = (Guchar *)gmalloc(72 + fileID->getLength());
+ buf = (Guchar *)gmalloc((SafeInt(72) + SafeInt(fileID->getLength())).Int());
if (userPassword) {
len = userPassword->getLength();
if (len < 32) {
--- xpdf-3.02/xpdf/Dict.h
+++ xpdf-3.02/xpdf/Dict.h
@@ -67,7 +67,7 @@
XRef *xref; // the xref table for this PDF file
DictEntry *entries; // array of entries
- int size; // size of <entries> array
+ SafeInt size; // size of <entries> array
int length; // number of entries in dictionary
int ref; // reference count
--- xpdf-3.02/xpdf/Function.cc
+++ xpdf-3.02/xpdf/Function.cc
@@ -212,7 +212,7 @@
}
//----- buffer
- sBuf = (double *)gmallocn(1 << m, sizeof(double));
+ sBuf = (double *)gmallocn((SafeInt(1) << m).Int(), sizeof(double));
//----- get the stream
if (!funcObj->isStream()) {
@@ -364,8 +364,8 @@
SampledFunction::SampledFunction(SampledFunction *func) {
memcpy(this, func, sizeof(SampledFunction));
samples = (double *)gmallocn(nSamples, sizeof(double));
- memcpy(samples, func->samples, nSamples * sizeof(double));
- sBuf = (double *)gmallocn(1 << m, sizeof(double));
+ memcpy(samples, func->samples, (nSamples * sizeof(double)).Int());
+ sBuf = (double *)gmallocn((SafeInt(1) << m).Int(), sizeof(double));
}
void SampledFunction::transform(double *in, double *out) {
@@ -570,8 +570,8 @@
}
k = obj1.arrayGetLength();
funcs = (Function **)gmallocn(k, sizeof(Function *));
- bounds = (double *)gmallocn(k + 1, sizeof(double));
- encode = (double *)gmallocn(2 * k, sizeof(double));
+ bounds = (double *)gmallocn(k + SafeInt(1), sizeof(double));
+ encode = (double *)gmallocn(SafeInt(2) * k, sizeof(double));
scale = (double *)gmallocn(k, sizeof(double));
for (i = 0; i < k; ++i) {
funcs[i] = NULL;
@@ -604,7 +604,7 @@
bounds[i] = obj2.getNum();
obj2.free();
}
- bounds[k] = domain[0][1];
+ bounds[k.Int()] = domain[0][1];
obj1.free();
//----- Encode
@@ -651,12 +651,12 @@
for (i = 0; i < k; ++i) {
funcs[i] = func->funcs[i]->copy();
}
- bounds = (double *)gmallocn(k + 1, sizeof(double));
- memcpy(bounds, func->bounds, (k + 1) * sizeof(double));
- encode = (double *)gmallocn(2 * k, sizeof(double));
- memcpy(encode, func->encode, 2 * k * sizeof(double));
+ bounds = (double *)gmallocn(k + SafeInt(1), sizeof(double));
+ memcpy(bounds, func->bounds, ((k + 1) * sizeof(double)).Int());
+ encode = (double *)gmallocn(SafeInt(2) * k, sizeof(double));
+ memcpy(encode, func->encode, (2 * k * sizeof(double)).Int());
scale = (double *)gmallocn(k, sizeof(double));
- memcpy(scale, func->scale, k * sizeof(double));
+ memcpy(scale, func->scale, (k * sizeof(double)).Int());
ok = gTrue;
}
@@ -1051,7 +1051,7 @@
PostScriptFunction::PostScriptFunction(PostScriptFunction *func) {
memcpy(this, func, sizeof(PostScriptFunction));
code = (PSObject *)gmallocn(codeSize, sizeof(PSObject));
- memcpy(code, func->code, codeSize * sizeof(PSObject));
+ memcpy(code, func->code, (codeSize * sizeof(PSObject)).Int());
codeString = func->codeString->copy();
}
--- xpdf-3.02/xpdf/Function.h
+++ xpdf-3.02/xpdf/Function.h
@@ -131,7 +131,7 @@
inputMul[funcMaxInputs];
int idxMul[funcMaxInputs]; // sample array index multipliers
double *samples; // the samples
- int nSamples; // size of the samples array
+ SafeInt nSamples; // size of the samples array
double *sBuf; // buffer for the transform function
GBool ok;
};
@@ -178,7 +178,7 @@
virtual void transform(double *in, double *out);
virtual GBool isOk() { return ok; }
- int getNumFuncs() { return k; }
+ int getNumFuncs() { return k.Int(); }
Function *getFunc(int i) { return funcs[i]; }
double *getBounds() { return bounds; }
double *getEncode() { return encode; }
@@ -188,7 +188,7 @@
StitchingFunction(StitchingFunction *func);
- int k;
+ SafeInt k;
Function **funcs;
double *bounds;
double *encode;
@@ -222,7 +222,7 @@
GString *codeString;
PSObject *code;
- int codeSize;
+ SafeInt codeSize;
GBool ok;
};
--- xpdf-3.02/xpdf/GfxFont.cc
+++ xpdf-3.02/xpdf/GfxFont.cc
@@ -368,7 +368,8 @@
Object obj1, obj2;
Stream *str;
int c;
- int size, i;
+ SafeInt size;
+ int i;
obj1.initRef(embFontID.num, embFontID.gen);
obj1.fetch(xref, &obj2);
@@ -382,12 +383,12 @@
str = obj2.getStream();
buf = NULL;
- i = size = 0;
+ size = i = 0;
str->reset();
while ((c = str->getChar()) != EOF) {
if (i == size) {
size += 4096;
- buf = (char *)grealloc(buf, size);
+ buf = (char *)grealloc(buf, size.Int());
}
buf[i++] = c;
}
@@ -1086,7 +1087,8 @@
CharCode c;
Unicode uBuf[8];
int c1, c2;
- int excepsSize, i, j, k, n;
+ int j, k, n;
+ SafeInt i, excepsSize;
ascent = 0.95;
descent = -0.35;
@@ -1247,10 +1249,10 @@
excepsSize = 0;
i = 0;
while (i + 1 < obj1.arrayGetLength()) {
- obj1.arrayGet(i, &obj2);
- obj1.arrayGet(i + 1, &obj3);
- if (obj2.isInt() && obj3.isInt() && i + 2 < obj1.arrayGetLength()) {
- if (obj1.arrayGet(i + 2, &obj4)->isNum()) {
+ obj1.arrayGet(i.Int(), &obj2);
+ obj1.arrayGet((i + 1).Int(), &obj3);
+ if (obj2.isInt() && obj3.isInt() && (i + 2).Int() < obj1.arrayGetLength()) {
+ if (obj1.arrayGet((i + 2).Int(), &obj4)->isNum()) {
if (widths.nExceps == excepsSize) {
excepsSize += 16;
widths.exceps = (GfxFontCIDWidthExcep *)
@@ -1268,7 +1270,7 @@
i += 3;
} else if (obj2.isInt() && obj3.isArray()) {
if (widths.nExceps + obj3.arrayGetLength() > excepsSize) {
- excepsSize = (widths.nExceps + obj3.arrayGetLength() + 15) & ~15;
+ excepsSize = (SafeInt(widths.nExceps) + SafeInt(obj3.arrayGetLength()) + 15).Int() & ~15;
widths.exceps = (GfxFontCIDWidthExcep *)
greallocn(widths.exceps,
excepsSize, sizeof(GfxFontCIDWidthExcep));
@@ -1318,12 +1320,12 @@
excepsSize = 0;
i = 0;
while (i + 1 < obj1.arrayGetLength()) {
- obj1.arrayGet(i, &obj2);
- obj1.arrayGet(i+ 1, &obj3);
- if (obj2.isInt() && obj3.isInt() && i + 4 < obj1.arrayGetLength()) {
- if (obj1.arrayGet(i + 2, &obj4)->isNum() &&
- obj1.arrayGet(i + 3, &obj5)->isNum() &&
- obj1.arrayGet(i + 4, &obj6)->isNum()) {
+ obj1.arrayGet(i.Int(), &obj2);
+ obj1.arrayGet((i+ 1).Int(), &obj3);
+ if (obj2.isInt() && obj3.isInt() && (i + 4).Int() < obj1.arrayGetLength()) {
+ if (obj1.arrayGet((i + 2).Int(), &obj4)->isNum() &&
+ obj1.arrayGet((i + 3).Int(), &obj5)->isNum() &&
+ obj1.arrayGet((i + 4).Int(), &obj6)->isNum()) {
if (widths.nExcepsV == excepsSize) {
excepsSize += 16;
widths.excepsV = (GfxFontCIDWidthExcepV *)
@@ -1511,7 +1513,7 @@
Unicode u[64];
const int ulen = sizeof(u) / sizeof(Unicode);
int code, i;
- int mapsize;
+ SafeInt mapsize;
int cidlen;
*mapsizep = 0;
@@ -1529,7 +1531,7 @@
cidlen = 0;
mapsize = 64;
- map = (Gushort *)gmalloc(mapsize * sizeof(Gushort));
+ map = (Gushort *)gmallocn(mapsize, sizeof(Gushort));
while (cidlen < ctu->getMapLen()) {
int n;
@@ -1540,7 +1542,7 @@
if (cidlen >= mapsize) {
while (cidlen >= mapsize)
mapsize *= 2;
- map = (Gushort *)grealloc(map, mapsize * sizeof(Gushort));
+ map = (Gushort *)greallocn(map, mapsize, sizeof(Gushort));
}
if (n == 1)
map[cidlen] = ff->mapCodeToGID(cmap, u[0]);
--- xpdf-3.02/xpdf/GfxState.cc
+++ xpdf-3.02/xpdf/GfxState.cc
@@ -925,7 +925,7 @@
int indexHighA) {
base = baseA;
indexHigh = indexHighA;
- lookup = (Guchar *)gmallocn((indexHigh + 1) * base->getNComps(),
+ lookup = (Guchar *)gmallocn((SafeInt(indexHigh) + SafeInt(1)) * SafeInt(base->getNComps()),
sizeof(Guchar));
}
@@ -2337,7 +2337,7 @@
vertices = (GfxGouraudVertex *)gmallocn(nVertices, sizeof(GfxGouraudVertex));
memcpy(vertices, shading->vertices, nVertices * sizeof(GfxGouraudVertex));
nTriangles = shading->nTriangles;
- triangles = (int (*)[3])gmallocn(nTriangles * 3, sizeof(int));
+ triangles = (int (*)[3])gmallocn(SafeInt(nTriangles) * SafeInt(3), sizeof(int));
memcpy(triangles, shading->triangles, nTriangles * 3 * sizeof(int));
nFuncs = shading->nFuncs;
for (i = 0; i < nFuncs; ++i) {
@@ -2368,7 +2368,8 @@
double cMul[gfxColorMaxComps];
GfxGouraudVertex *verticesA;
int (*trianglesA)[3];
- int nComps, nVerticesA, nTrianglesA, vertSize, triSize;
+ int nComps, nVerticesA, nTrianglesA;
+ SafeInt vertSize, triSize;
Guint x, y, flag;
Guint c[gfxColorMaxComps];
GfxShadingBitBuf *bitBuf;
@@ -2506,7 +2507,7 @@
if (nTrianglesA == triSize) {
triSize = (triSize == 0) ? 16 : 2 * triSize;
trianglesA = (int (*)[3])
- greallocn(trianglesA, triSize * 3, sizeof(int));
+ greallocn(trianglesA, SafeInt(triSize) * SafeInt(3), sizeof(int));
}
if (state == 2) {
trianglesA[nTrianglesA][0] = nVerticesA - 3;
@@ -2531,8 +2532,9 @@
delete bitBuf;
if (typeA == 5) {
nRows = nVerticesA / vertsPerRow;
- nTrianglesA = (nRows - 1) * 2 * (vertsPerRow - 1);
- trianglesA = (int (*)[3])gmallocn(nTrianglesA * 3, sizeof(int));
+ nTrianglesA = ((SafeInt(nRows) - SafeInt(1)) * SafeInt(2)
+ * (SafeInt(vertsPerRow) - SafeInt(1))).Int();
+ trianglesA = (int (*)[3])gmallocn(SafeInt(nTrianglesA) * SafeInt(3), sizeof(int));
k = 0;
for (i = 0; i < nRows - 1; ++i) {
for (j = 0; j < vertsPerRow - 1; ++j) {
@@ -2673,7 +2675,8 @@
double xMul, yMul;
double cMul[gfxColorMaxComps];
GfxPatch *patchesA, *p;
- int nComps, nPatchesA, patchesSize, nPts, nColors;
+ int nComps, nPatchesA, nPts, nColors;
+ SafeInt patchesSize;
Guint flag;
double x[16], y[16];
Guint xi, yi;
@@ -3253,7 +3256,7 @@
lookup2 = indexedCS->getLookup();
colorSpace2->getDefaultRanges(x, y, indexHigh);
for (k = 0; k < nComps2; ++k) {
- lookup[k] = (GfxColorComp *)gmallocn(maxPixel + 1,
+ lookup[k] = (GfxColorComp *)gmallocn(SafeInt(maxPixel) + SafeInt(1),
sizeof(GfxColorComp));
for (i = 0; i <= maxPixel; ++i) {
j = (int)(decodeLow[0] + (i * decodeRange[0]) / maxPixel + 0.5);
@@ -3272,7 +3275,7 @@
nComps2 = colorSpace2->getNComps();
sepFunc = sepCS->getFunc();
for (k = 0; k < nComps2; ++k) {
- lookup[k] = (GfxColorComp *)gmallocn(maxPixel + 1,
+ lookup[k] = (GfxColorComp *)gmallocn(SafeInt(maxPixel) + SafeInt(1),
sizeof(GfxColorComp));
for (i = 0; i <= maxPixel; ++i) {
x[0] = decodeLow[0] + (i * decodeRange[0]) / maxPixel;
@@ -3282,7 +3285,7 @@
}
} else {
for (k = 0; k < nComps; ++k) {
- lookup[k] = (GfxColorComp *)gmallocn(maxPixel + 1,
+ lookup[k] = (GfxColorComp *)gmallocn(SafeInt(maxPixel) + SafeInt(1),
sizeof(GfxColorComp));
for (i = 0; i <= maxPixel; ++i) {
lookup[k][i] = dblToCol(decodeLow[k] +
@@ -3300,7 +3303,8 @@
}
GfxImageColorMap::GfxImageColorMap(GfxImageColorMap *colorMap) {
- int n, i, k;
+ int i, k;
+ SafeInt n;
colorSpace = colorMap->colorSpace->copy();
bits = colorMap->bits;
@@ -3310,23 +3314,23 @@
for (k = 0; k < gfxColorMaxComps; ++k) {
lookup[k] = NULL;
}
- n = 1 << bits;
+ n = SafeInt(1) << bits;
if (colorSpace->getMode() == csIndexed) {
colorSpace2 = ((GfxIndexedColorSpace *)colorSpace)->getBase();
for (k = 0; k < nComps2; ++k) {
lookup[k] = (GfxColorComp *)gmallocn(n, sizeof(GfxColorComp));
- memcpy(lookup[k], colorMap->lookup[k], n * sizeof(GfxColorComp));
+ memcpy(lookup[k], colorMap->lookup[k], n.Int() * sizeof(GfxColorComp));
}
} else if (colorSpace->getMode() == csSeparation) {
colorSpace2 = ((GfxSeparationColorSpace *)colorSpace)->getAlt();
for (k = 0; k < nComps2; ++k) {
lookup[k] = (GfxColorComp *)gmallocn(n, sizeof(GfxColorComp));
- memcpy(lookup[k], colorMap->lookup[k], n * sizeof(GfxColorComp));
+ memcpy(lookup[k], colorMap->lookup[k], n.Int() * sizeof(GfxColorComp));
}
} else {
for (k = 0; k < nComps; ++k) {
lookup[k] = (GfxColorComp *)gmallocn(n, sizeof(GfxColorComp));
- memcpy(lookup[k], colorMap->lookup[k], n * sizeof(GfxColorComp));
+ memcpy(lookup[k], colorMap->lookup[k], n.Int() * sizeof(GfxColorComp));
}
}
for (i = 0; i < nComps; ++i) {
@@ -3506,7 +3510,7 @@
// Used for copy().
GfxPath::GfxPath(GBool justMoved1, double firstX1, double firstY1,
- GfxSubpath **subpaths1, int n1, int size1) {
+ GfxSubpath **subpaths1, SafeInt n1, SafeInt size1) {
int i;
justMoved = justMoved1;
@@ -3532,11 +3536,11 @@
subpaths = (GfxSubpath **)
greallocn(subpaths, size, sizeof(GfxSubpath *));
}
- subpaths[n] = new GfxSubpath(firstX, firstY);
+ subpaths[n.Int()] = new GfxSubpath(firstX, firstY);
++n;
justMoved = gFalse;
}
- subpaths[n-1]->lineTo(x, y);
+ subpaths[n.Int()-1]->lineTo(x, y);
}
void GfxPath::curveTo(double x1, double y1, double x2, double y2,
@@ -3547,11 +3551,11 @@
subpaths = (GfxSubpath **)
greallocn(subpaths, size, sizeof(GfxSubpath *));
}
- subpaths[n] = new GfxSubpath(firstX, firstY);
+ subpaths[n.Int()] = new GfxSubpath(firstX, firstY);
++n;
justMoved = gFalse;
}
- subpaths[n-1]->curveTo(x1, y1, x2, y2, x3, y3);
+ subpaths[n.Int()-1]->curveTo(x1, y1, x2, y2, x3, y3);
}
void GfxPath::close() {
@@ -3563,11 +3567,11 @@
subpaths = (GfxSubpath **)
greallocn(subpaths, size, sizeof(GfxSubpath *));
}
- subpaths[n] = new GfxSubpath(firstX, firstY);
+ subpaths[n.Int()] = new GfxSubpath(firstX, firstY);
++n;
justMoved = gFalse;
}
- subpaths[n-1]->close();
+ subpaths[n.Int()-1]->close();
}
void GfxPath::append(GfxPath *path) {
@@ -3579,7 +3583,7 @@
greallocn(subpaths, size, sizeof(GfxSubpath *));
}
for (i = 0; i < path->n; ++i) {
- subpaths[n++] = path->subpaths[i]->copy();
+ subpaths[(n++).Int()] = path->subpaths[i]->copy();
}
justMoved = gFalse;
}
--- xpdf-3.02/xpdf/GfxState.h
+++ xpdf-3.02/xpdf/GfxState.h
@@ -942,7 +942,7 @@
GBool *curve; // curve[i] => point i is a control point
// for a Bezier curve
int n; // number of points
- int size; // size of x/y arrays
+ SafeInt size; // size of x/y arrays
GBool closed; // set if path is closed
GfxSubpath(GfxSubpath *subpath);
@@ -968,12 +968,12 @@
GBool isPath() { return n > 0; }
// Get subpaths.
- int getNumSubpaths() { return n; }
+ int getNumSubpaths() { return n.Int(); }
GfxSubpath *getSubpath(int i) { return subpaths[i]; }
// Get last point on last subpath.
- double getLastX() { return subpaths[n-1]->getLastX(); }
- double getLastY() { return subpaths[n-1]->getLastY(); }
+ double getLastX() { return subpaths[n.Int()-1]->getLastX(); }
+ double getLastY() { return subpaths[n.Int()-1]->getLastY(); }
// Move the current point.
void moveTo(double x, double y);
@@ -999,11 +999,11 @@
GBool justMoved; // set if a new subpath was just started
double firstX, firstY; // first point in new subpath
GfxSubpath **subpaths; // subpaths
- int n; // number of subpaths
- int size; // size of subpaths array
+ SafeInt n; // number of subpaths
+ SafeInt size; // size of subpaths array
GfxPath(GBool justMoved1, double firstX1, double firstY1,
- GfxSubpath **subpaths1, int n1, int size1);
+ GfxSubpath **subpaths1, SafeInt n1, SafeInt size1);
};
//------------------------------------------------------------------------
--- xpdf-3.02/xpdf/ImageOutputDev.cc
+++ xpdf-3.02/xpdf/ImageOutputDev.cc
@@ -26,7 +26,7 @@
ImageOutputDev::ImageOutputDev(char *fileRootA, GBool dumpJPEGA) {
fileRoot = copyString(fileRootA);
- fileName = (char *)gmalloc(strlen(fileRoot) + 20);
+ fileName = (char *)gmalloc((SafeInt(strlen(fileRoot)) + SafeInt(20)).Int());
dumpJPEG = dumpJPEGA;
imgNum = 0;
ok = gTrue;
--- xpdf-3.02/xpdf/JArithmeticDecoder.cc
+++ xpdf-3.02/xpdf/JArithmeticDecoder.cc
@@ -7,6 +7,7 @@
//========================================================================
#include <aconf.h>
+#include <stdlib.h>
#ifdef USE_GCC_PRAGMAS
#pragma implementation
@@ -47,6 +48,10 @@
}
void JArithmeticDecoderStats::setEntry(Guint cx, int i, int mps) {
+ if (cx >= contextSize) {
+ fprintf(stderr, "index out of bounds");
+ exit(1);
+ }
cxTab[cx] = (i << 1) + mps;
}
--- xpdf-3.02/xpdf/JBIG2Stream.cc
+++ xpdf-3.02/xpdf/JBIG2Stream.cc
@@ -684,7 +684,7 @@
{
w = wA;
h = hA;
- line = (wA + 7) >> 3;
+ line = (SafeInt(wA) + SafeInt(7) >> 3).Int();
if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
// force a call to gmalloc(-1), which will throw an exception
h = -1;
@@ -1522,7 +1522,7 @@
}
// get the input symbol bitmaps
- bitmaps = (JBIG2Bitmap **)gmallocn(numInputSyms + numNewSyms,
+ bitmaps = (JBIG2Bitmap **)gmallocn(SafeInt(numInputSyms) + SafeInt(numNewSyms),
sizeof(JBIG2Bitmap *));
for (i = 0; i < numInputSyms + numNewSyms; ++i) {
bitmaps[i] = NULL;
@@ -1845,7 +1845,8 @@
int sOffset;
Guint huffFlags, huffFS, huffDS, huffDT;
Guint huffRDW, huffRDH, huffRDX, huffRDY, huffRSize;
- Guint numInstances, numSyms, symCodeLen;
+ Guint numInstances, symCodeLen;
+ SafeInt numSyms;
int atx[2], aty[2];
Guint i, k, kk;
int j;
@@ -2048,7 +2049,7 @@
runLengthTab[35].prefixLen = 0;
runLengthTab[35].rangeLen = jbig2HuffmanEOT;
huffDecoder->buildTable(runLengthTab, 35);
- symCodeTab = (JBIG2HuffmanTable *)gmallocn(numSyms + 1,
+ symCodeTab = (JBIG2HuffmanTable *)gmallocn(numSyms + SafeInt(1),
sizeof(JBIG2HuffmanTable));
for (i = 0; i < numSyms; ++i) {
symCodeTab[i].val = i;
@@ -2070,9 +2071,9 @@
symCodeTab[i++].prefixLen = j;
}
}
- symCodeTab[numSyms].prefixLen = 0;
- symCodeTab[numSyms].rangeLen = jbig2HuffmanEOT;
- huffDecoder->buildTable(symCodeTab, numSyms);
+ symCodeTab[numSyms.Int()].prefixLen = 0;
+ symCodeTab[numSyms.Int()].rangeLen = jbig2HuffmanEOT;
+ huffDecoder->buildTable(symCodeTab, numSyms.Int());
huffDecoder->reset();
// set up the arithmetic decoder
@@ -2086,7 +2087,7 @@
}
bitmap = readTextRegion(huff, refine, w, h, numInstances,
- logStrips, numSyms, symCodeTab, symCodeLen, syms,
+ logStrips, numSyms.Int(), symCodeTab, symCodeLen, syms,
defPixel, combOp, transposed, refCorner, sOffset,
huffFSTable, huffDSTable, huffDTTable,
huffRDWTable, huffRDHTable,
@@ -2638,6 +2639,7 @@
error(getPos(), "Bad width in JBIG2 generic bitmap");
// force a call to gmalloc(-1), which will throw an exception
w = -3;
+ gmallocn(w + 2, sizeof(int));
}
refLine = (int *)gmallocn(w + 2, sizeof(int));
codingLine = (int *)gmallocn(w + 2, sizeof(int));
@@ -3314,7 +3316,7 @@
val = lowVal;
while (val < highVal) {
if (i == huffTabSize) {
- huffTabSize *= 2;
+ huffTabSize = (SafeInt(huffTabSize) * 2).Int();
huffTab = (JBIG2HuffmanTable *)
greallocn(huffTab, huffTabSize, sizeof(JBIG2HuffmanTable));
}
--- xpdf-3.02/xpdf/JPXStream.cc
+++ xpdf-3.02/xpdf/JPXStream.cc
@@ -652,7 +652,7 @@
}
palette.bpc = (Guint *)gmallocn(palette.nComps, sizeof(Guint));
palette.c =
- (int *)gmallocn(palette.nEntries * palette.nComps, sizeof(int));
+ (int *)gmallocn(SafeInt(palette.nEntries) * SafeInt(palette.nComps), sizeof(int));
for (i = 0; i < palette.nComps; ++i) {
if (!readUByte(&palette.bpc[i])) {
error(getPos(), "Unexpected EOF in JPX stream");
@@ -910,7 +910,7 @@
error(getPos(), "Bad tile count in JPX SIZ marker segment");
return gFalse;
}
- img.tiles = (JPXTile *)gmallocn(img.nXTiles * img.nYTiles,
+ img.tiles = (JPXTile *)gmallocn(SafeInt(img.nXTiles) * SafeInt(img.nYTiles),
sizeof(JPXTile));
for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
img.tiles[i].tileComps = (JPXTileComp *)gmallocn(img.nComps,
@@ -978,7 +978,7 @@
}
img.tiles[i].tileComps[comp].resLevels =
(JPXResLevel *)gmallocn(
- (img.tiles[i].tileComps[comp].nDecompLevels + 1),
+ (SafeInt(img.tiles[i].tileComps[comp].nDecompLevels) + SafeInt(1)),
sizeof(JPXResLevel));
for (r = 0; r <= img.tiles[i].tileComps[comp].nDecompLevels; ++r) {
img.tiles[i].tileComps[comp].resLevels[r].precincts = NULL;
@@ -1055,7 +1055,7 @@
img.tiles[i].tileComps[comp].resLevels =
(JPXResLevel *)greallocn(
img.tiles[i].tileComps[comp].resLevels,
- (img.tiles[i].tileComps[comp].nDecompLevels + 1),
+ (SafeInt(img.tiles[i].tileComps[comp].nDecompLevels) + SafeInt(1)),
sizeof(JPXResLevel));
for (r = 0; r <= img.tiles[i].tileComps[comp].nDecompLevels; ++r) {
img.tiles[i].tileComps[comp].resLevels[r].precincts = NULL;
@@ -1457,7 +1457,7 @@
img.tiles[tileIdx].tileComps[comp].resLevels =
(JPXResLevel *)greallocn(
img.tiles[tileIdx].tileComps[comp].resLevels,
- (img.tiles[tileIdx].tileComps[comp].nDecompLevels + 1),
+ (SafeInt(img.tiles[tileIdx].tileComps[comp].nDecompLevels) + SafeInt(1)),
sizeof(JPXResLevel));
for (r = 0;
r <= img.tiles[tileIdx].tileComps[comp].nDecompLevels;
@@ -1512,7 +1512,7 @@
img.tiles[tileIdx].tileComps[comp].resLevels =
(JPXResLevel *)greallocn(
img.tiles[tileIdx].tileComps[comp].resLevels,
- (img.tiles[tileIdx].tileComps[comp].nDecompLevels + 1),
+ (SafeInt(img.tiles[tileIdx].tileComps[comp].nDecompLevels) + SafeInt(1)),
sizeof(JPXResLevel));
for (r = 0; r <= img.tiles[tileIdx].tileComps[comp].nDecompLevels; ++r) {
img.tiles[tileIdx].tileComps[comp].resLevels[r].precincts = NULL;
@@ -1775,15 +1775,15 @@
tileComp->y1 = jpxCeilDiv(tile->y1, tileComp->hSep);
tileComp->cbW = 1 << tileComp->codeBlockW;
tileComp->cbH = 1 << tileComp->codeBlockH;
- tileComp->data = (int *)gmallocn((tileComp->x1 - tileComp->x0) *
- (tileComp->y1 - tileComp->y0),
+ tileComp->data = (int *)gmallocn((SafeInt(tileComp->x1) - SafeInt(tileComp->x0)) *
+ (SafeInt(tileComp->y1) - SafeInt(tileComp->y0)),
sizeof(int));
if (tileComp->x1 - tileComp->x0 > tileComp->y1 - tileComp->y0) {
n = tileComp->x1 - tileComp->x0;
} else {
n = tileComp->y1 - tileComp->y0;
}
- tileComp->buf = (int *)gmallocn(n + 8, sizeof(int));
+ tileComp->buf = (int *)gmallocn(SafeInt(n) + SafeInt(8), sizeof(int));
for (r = 0; r <= tileComp->nDecompLevels; ++r) {
resLevel = &tileComp->resLevels[r];
k = r == 0 ? tileComp->nDecompLevels
@@ -1844,7 +1844,7 @@
for (level = subband->maxTTLevel; level >= 0; --level) {
nx = jpxCeilDivPow2(subband->nXCBs, level);
ny = jpxCeilDivPow2(subband->nYCBs, level);
- n += nx * ny;
+ n += (SafeInt(nx) * SafeInt(ny)).Int();
}
subband->inclusion =
(JPXTagTreeNode *)gmallocn(n, sizeof(JPXTagTreeNode));
@@ -1856,8 +1856,8 @@
subband->zeroBitPlane[k].finished = gFalse;
subband->zeroBitPlane[k].val = 0;
}
- subband->cbs = (JPXCodeBlock *)gmallocn(subband->nXCBs *
- subband->nYCBs,
+ subband->cbs = (JPXCodeBlock *)gmallocn(SafeInt(subband->nXCBs) *
+ SafeInt(subband->nYCBs),
sizeof(JPXCodeBlock));
sbx0 = jpxFloorDivPow2(subband->x0, tileComp->codeBlockW);
sby0 = jpxFloorDivPow2(subband->y0, tileComp->codeBlockH);
@@ -1885,8 +1885,8 @@
cb->nextPass = jpxPassCleanup;
cb->nZeroBitPlanes = 0;
cb->coeffs =
- (JPXCoeff *)gmallocn((1 << (tileComp->codeBlockW
- + tileComp->codeBlockH)),
+ (JPXCoeff *)gmallocn((SafeInt(1) << (SafeInt(tileComp->codeBlockW)
+ + SafeInt(tileComp->codeBlockH)).Int()),
sizeof(JPXCoeff));
for (cbi = 0;
cbi < (Guint)(1 << (tileComp->codeBlockW
--- xpdf-3.02/xpdf/Link.cc
+++ xpdf-3.02/xpdf/Link.cc
@@ -725,7 +725,7 @@
Links::Links(Object *annots, GString *baseURI) {
Link *link;
Object obj1, obj2;
- int size;
+ SafeInt size;
int i;
links = NULL;
--- xpdf-3.02/xpdf/NameToCharCode.cc
+++ xpdf-3.02/xpdf/NameToCharCode.cc
@@ -49,7 +49,8 @@
void NameToCharCode::add(char *name, CharCode c) {
NameToCharCodeEntry *oldTab;
- int h, i, oldSize;
+ int h, i;
+ SafeInt oldSize;
// expand the table if necessary
if (len >= size / 2) {
@@ -112,5 +113,5 @@
for (p = name; *p; ++p) {
h = 17 * h + (int)(*p & 0xff);
}
- return (int)(h % size);
+ return (int)(h % size.Int());
}
--- xpdf-3.02/xpdf/NameToCharCode.h
+++ xpdf-3.02/xpdf/NameToCharCode.h
@@ -35,7 +35,7 @@
int hash(char *name);
NameToCharCodeEntry *tab;
- int size;
+ SafeInt size;
int len;
};
--- xpdf-3.02/xpdf/PSOutputDev.cc
+++ xpdf-3.02/xpdf/PSOutputDev.cc
@@ -2253,11 +2253,11 @@
if (fontFileNameLen >= fontFileNameSize) {
fontFileNameSize += 64;
fontFileNames =
- (GString **)grealloc(fontFileNames,
- fontFileNameSize * sizeof(GString *));
+ (GString **)greallocn(fontFileNames,
+ fontFileNameSize, sizeof(GString *));
psFileNames =
- (GString **)grealloc(psFileNames,
- fontFileNameSize * sizeof(GString *));
+ (GString **)greallocn(psFileNames,
+ fontFileNameSize, sizeof(GString *));
}
}
fontFileNames[fontFileNameLen] = myFileName;
@@ -2274,7 +2274,7 @@
if ((ffTT = FoFiTrueType::load(fileName->getCString(), faceIndex))) {
int n = ((GfxCIDFont *)font)->getCIDToGIDLen();
if (n) {
- codeToGID = (Gushort *)gmalloc(n * sizeof(Gushort));
+ codeToGID = (Gushort *)gmallocn(n, sizeof(Gushort));
memcpy(codeToGID, ((GfxCIDFont *)font)->getCIDToGID(), n * sizeof(Gushort));
} else {
codeToGID = ((GfxCIDFont *)font)->getCodeToGIDMap(ffTT, &n);
@@ -4412,7 +4412,7 @@
width, -height, height);
// allocate a line buffer
- lineBuf = (Guchar *)gmalloc(4 * width);
+ lineBuf = (Guchar *)gmallocn(4, width);
// set up to process the data stream
imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(),
@@ -4465,7 +4465,8 @@
ImageStream *imgStr;
Guchar *line;
PSOutImgClipRect *rects0, *rects1, *rectsTmp, *rectsOut;
- int rects0Len, rects1Len, rectsSize, rectsOutLen, rectsOutSize;
+ int rects0Len, rects1Len, rectsOutLen;
+ SafeInt rectsOutSize, rectsSize;
GBool emitRect, addRect, extendRect;
GString *s;
int n, numComps;
--- xpdf-3.02/xpdf/PSOutputDev.h
+++ xpdf-3.02/xpdf/PSOutputDev.h
@@ -328,10 +328,10 @@
Ref *fontIDs; // list of object IDs of all used fonts
int fontIDLen; // number of entries in fontIDs array
- int fontIDSize; // size of fontIDs array
+ SafeInt fontIDSize; // size of fontIDs array
Ref *fontFileIDs; // list of object IDs of all embedded fonts
int fontFileIDLen; // number of entries in fontFileIDs array
- int fontFileIDSize; // size of fontFileIDs array
+ SafeInt fontFileIDSize; // size of fontFileIDs array
GString **fontFileNames; // list of names of all embedded external fonts
GString **psFileNames; // list of names of all embedded external ps names
int fontFileNameLen; // number of entries in fontFileNames array
@@ -340,16 +340,16 @@
// font name
PSFont8Info *font8Info; // info for 8-bit fonts
int font8InfoLen; // number of entries in font8Info array
- int font8InfoSize; // size of font8Info array
+ SafeInt font8InfoSize; // size of font8Info array
PSFont16Enc *font16Enc; // encodings for substitute 16-bit fonts
int font16EncLen; // number of entries in font16Enc array
- int font16EncSize; // size of font16Enc array
+ SafeInt font16EncSize; // size of font16Enc array
Ref *imgIDs; // list of image IDs for in-memory images
int imgIDLen; // number of entries in imgIDs array
- int imgIDSize; // size of imgIDs array
+ SafeInt imgIDSize; // size of imgIDs array
Ref *formIDs; // list of IDs for predefined forms
int formIDLen; // number of entries in formIDs array
- int formIDSize; // size of formIDs array
+ SafeInt formIDSize; // size of formIDs array
GList *xobjStack; // stack of XObject dicts currently being
// processed
int numSaves; // current number of gsaves
--- xpdf-3.02/xpdf/SplashOutputDev.cc
+++ xpdf-3.02/xpdf/SplashOutputDev.cc
@@ -488,8 +488,8 @@
int glyphW, glyphH; // size of glyph bitmaps, in pixels
GBool validBBox; // false if the bbox was [0 0 0 0]
int glyphSize; // size of glyph bitmaps, in bytes
- int cacheSets; // number of sets in cache
- int cacheAssoc; // cache associativity (glyphs per set)
+ SafeInt cacheSets; // number of sets in cache
+ SafeInt cacheAssoc; // cache associativity (glyphs per set)
Guchar *cacheData; // glyph pixmap cache
T3FontCacheTag *cacheTags; // cache tags, i.e., char codes
};
@@ -529,7 +529,7 @@
cacheTags = (T3FontCacheTag *)gmallocn(cacheSets * cacheAssoc,
sizeof(T3FontCacheTag));
for (i = 0; i < cacheSets * cacheAssoc; ++i) {
- cacheTags[i].mru = i & (cacheAssoc - 1);
+ cacheTags[i].mru = i & (cacheAssoc.Int() - 1);
}
}
@@ -1537,7 +1537,7 @@
t3Font = t3FontCache[0];
// is the glyph in the cache?
- i = (code & (t3Font->cacheSets - 1)) * t3Font->cacheAssoc;
+ i = (code & (t3Font->cacheSets.Int() - 1)) * t3Font->cacheAssoc.Int();
for (j = 0; j < t3Font->cacheAssoc; ++j) {
if ((t3Font->cacheTags[i+j].mru & 0x8000) &&
t3Font->cacheTags[i+j].code == code) {
@@ -1644,7 +1644,7 @@
}
// allocate a cache entry
- i = (t3GlyphStack->code & (t3Font->cacheSets - 1)) * t3Font->cacheAssoc;
+ i = (t3GlyphStack->code & (t3Font->cacheSets.Int() - 1)) * t3Font->cacheAssoc.Int();
for (j = 0; j < t3Font->cacheAssoc; ++j) {
if ((t3Font->cacheTags[i+j].mru & 0x7fff) == t3Font->cacheAssoc - 1) {
t3Font->cacheTags[i+j].mru = 0x8000;
@@ -2008,7 +2008,7 @@
// build a lookup table here
imgData.lookup = NULL;
if (colorMap->getNumPixelComps() == 1) {
- n = 1 << colorMap->getBits();
+ n = (SafeInt(1) << colorMap->getBits()).Int();
switch (colorMode) {
case splashModeMono1:
case splashModeMono8:
@@ -2021,7 +2021,7 @@
break;
case splashModeRGB8:
case splashModeBGR8:
- imgData.lookup = (SplashColorPtr)gmalloc(3 * n);
+ imgData.lookup = (SplashColorPtr)gmallocn(3, n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
colorMap->getRGB(&pix, &rgb);
@@ -2032,7 +2032,7 @@
break;
#if SPLASH_CMYK
case splashModeCMYK8:
- imgData.lookup = (SplashColorPtr)gmalloc(4 * n);
+ imgData.lookup = (SplashColorPtr)gmallocn(4, n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
colorMap->getCMYK(&pix, &cmyk);
@@ -2252,7 +2252,7 @@
// build a lookup table here
imgData.lookup = NULL;
if (colorMap->getNumPixelComps() == 1) {
- n = 1 << colorMap->getBits();
+ n = (SafeInt(1) << colorMap->getBits()).Int();
switch (colorMode) {
case splashModeMono1:
case splashModeMono8:
@@ -2265,7 +2265,7 @@
break;
case splashModeRGB8:
case splashModeBGR8:
- imgData.lookup = (SplashColorPtr)gmalloc(3 * n);
+ imgData.lookup = (SplashColorPtr)gmallocn(3, n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
colorMap->getRGB(&pix, &rgb);
@@ -2276,7 +2276,7 @@
break;
#if SPLASH_CMYK
case splashModeCMYK8:
- imgData.lookup = (SplashColorPtr)gmalloc(4 * n);
+ imgData.lookup = (SplashColorPtr)gmallocn(4, n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
colorMap->getCMYK(&pix, &cmyk);
@@ -2347,7 +2347,7 @@
imgMaskData.width = maskWidth;
imgMaskData.height = maskHeight;
imgMaskData.y = 0;
- n = 1 << maskColorMap->getBits();
+ n = (SafeInt(1) << maskColorMap->getBits()).Int();
imgMaskData.lookup = (SplashColorPtr)gmalloc(n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
@@ -2384,7 +2384,7 @@
// build a lookup table here
imgData.lookup = NULL;
if (colorMap->getNumPixelComps() == 1) {
- n = 1 << colorMap->getBits();
+ n = (SafeInt(1) << colorMap->getBits()).Int();
switch (colorMode) {
case splashModeMono1:
case splashModeMono8:
@@ -2397,7 +2397,7 @@
break;
case splashModeRGB8:
case splashModeBGR8:
- imgData.lookup = (SplashColorPtr)gmalloc(3 * n);
+ imgData.lookup = (SplashColorPtr)gmallocn(3, n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
colorMap->getRGB(&pix, &rgb);
@@ -2408,7 +2408,7 @@
break;
#if SPLASH_CMYK
case splashModeCMYK8:
- imgData.lookup = (SplashColorPtr)gmalloc(4 * n);
+ imgData.lookup = (SplashColorPtr)gmallocn(4, n);
for (i = 0; i < n; ++i) {
pix = (Guchar)i;
colorMap->getCMYK(&pix, &cmyk);
--- xpdf-3.02/xpdf/Stream.cc
+++ xpdf-3.02/xpdf/Stream.cc
@@ -319,7 +319,7 @@
nVals = width * nComps;
if (nBits == 1) {
- imgLineSize = (nVals + 7) & ~7;
+ imgLineSize = (SafeInt(nVals) + SafeInt(7)).Int() & ~7;
} else {
imgLineSize = nVals;
}
@@ -492,7 +492,7 @@
break;
case 13: // PNG average
predLine[i] = ((predLine[i - pixBytes] + predLine[i]) >> 1) +
- (Guchar)c;
+ (Guchar)c;
break;
case 14: // PNG Paeth
left = predLine[i - pixBytes];
@@ -1253,8 +1253,8 @@
// ---> max codingLine size = columns + 1
// refLine has one extra guard entry at the end
// ---> max refLine size = columns + 2
- codingLine = (int *)gmallocn(columns + 1, sizeof(int));
- refLine = (int *)gmallocn(columns + 2, sizeof(int));
+ codingLine = (int *)gmallocn(SafeInt(columns) + SafeInt(1), sizeof(int));
+ refLine = (int *)gmallocn(SafeInt(columns) + SafeInt(2), sizeof(int));
eof = gFalse;
row = 0;
@@ -1969,7 +1969,7 @@
restartInterval = 0;
if (!readHeader()) {
- y = height;
+ y = height.Int();
return;
}
@@ -2014,12 +2014,12 @@
if (bufWidth <= 0 || bufHeight <= 0 ||
bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
error(getPos(), "Invalid image size in DCT stream");
- y = height;
+ y = height.Int();
return;
}
for (i = 0; i < numComps; ++i) {
frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
- memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
+ memset(frameBuf[i], 0, (bufWidth * bufHeight * sizeof(int)).Int());
}
// read the image data
@@ -2051,7 +2051,7 @@
comp = 0;
x = 0;
y = 0;
- dy = mcuHeight;
+ dy = mcuHeight.Int();
restartMarker = 0xd0;
restart();
@@ -2079,7 +2079,7 @@
return EOF;
}
if (progressive || !interleaved) {
- c = frameBuf[comp][y * bufWidth + x];
+ c = frameBuf[comp][y * bufWidth.Int() + x];
if (++comp == numComps) {
comp = 0;
if (++x == width) {
@@ -2090,7 +2090,7 @@
} else {
if (dy >= mcuHeight) {
if (!readMCURow()) {
- y = height;
+ y = height.Int();
return EOF;
}
comp = 0;
@@ -2118,11 +2118,11 @@
return EOF;
}
if (progressive || !interleaved) {
- return frameBuf[comp][y * bufWidth + x];
+ return frameBuf[comp][y * bufWidth.Int() + x];
} else {
if (dy >= mcuHeight) {
if (!readMCURow()) {
- y = height;
+ y = height.Int();
return EOF;
}
comp = 0;
@@ -2154,7 +2154,7 @@
int x1, x2, y2, x3, y3, x4, y4, x5, y5, cc, i;
int c;
- for (x1 = 0; x1 < width; x1 += mcuWidth) {
+ for (x1 = 0; x1 < width; x1 += mcuWidth.Int()) {
// deal with restart marker
if (restartInterval > 0 && restartCtr == 0) {
@@ -2172,8 +2172,8 @@
for (cc = 0; cc < numComps; ++cc) {
h = compInfo[cc].hSample;
v = compInfo[cc].vSample;
- horiz = mcuWidth / h;
- vert = mcuHeight / v;
+ horiz = mcuWidth.Int() / h;
+ vert = mcuHeight.Int() / v;
hSub = horiz / 8;
vSub = vert / 8;
for (y2 = 0; y2 < mcuHeight; y2 += vert) {
@@ -2279,11 +2279,11 @@
break;
}
}
- dx1 = mcuWidth / compInfo[cc].hSample;
- dy1 = mcuHeight / compInfo[cc].vSample;
+ dx1 = mcuWidth.Int() / compInfo[cc].hSample;
+ dy1 = mcuHeight.Int() / compInfo[cc].vSample;
} else {
- dx1 = mcuWidth;
- dy1 = mcuHeight;
+ dx1 = mcuWidth.Int();
+ dy1 = mcuHeight.Int();
}
for (y1 = 0; y1 < height; y1 += dy1) {
@@ -2310,14 +2310,14 @@
h = compInfo[cc].hSample;
v = compInfo[cc].vSample;
- horiz = mcuWidth / h;
- vert = mcuHeight / v;
+ horiz = mcuWidth.Int() / h;
+ vert = mcuHeight.Int() / v;
vSub = vert / 8;
for (y2 = 0; y2 < dy1; y2 += vert) {
for (x2 = 0; x2 < dx1; x2 += horiz) {
// pull out the current values
- p1 = &frameBuf[cc][(y1+y2) * bufWidth + (x1+x2)];
+ p1 = &frameBuf[cc][(y1+y2) * bufWidth.Int() + (x1+x2)];
for (y3 = 0, i = 0; y3 < 8; ++y3, i += 8) {
data[i] = p1[0];
data[i+1] = p1[1];
@@ -2327,7 +2327,7 @@
data[i+5] = p1[5];
data[i+6] = p1[6];
data[i+7] = p1[7];
- p1 += bufWidth * vSub;
+ p1 += bufWidth.Int() * vSub;
}
// read one data unit
@@ -2349,7 +2349,7 @@
}
// add the data unit into frameBuf
- p1 = &frameBuf[cc][(y1+y2) * bufWidth + (x1+x2)];
+ p1 = &frameBuf[cc][(y1+y2) * bufWidth.Int() + (x1+x2)];
for (y3 = 0, i = 0; y3 < 8; ++y3, i += 8) {
p1[0] = data[i];
p1[1] = data[i+1];
@@ -2359,7 +2359,7 @@
p1[5] = data[i+5];
p1[6] = data[i+6];
p1[7] = data[i+7];
- p1 += bufWidth * vSub;
+ p1 += bufWidth.Int() * vSub;
}
}
}
@@ -2556,21 +2556,21 @@
int h, v, horiz, vert, hSub, vSub;
int *p0, *p1, *p2;
- for (y1 = 0; y1 < bufHeight; y1 += mcuHeight) {
- for (x1 = 0; x1 < bufWidth; x1 += mcuWidth) {
+ for (y1 = 0; y1 < bufHeight; y1 += mcuHeight.Int()) {
+ for (x1 = 0; x1 < bufWidth; x1 += mcuWidth.Int()) {
for (cc = 0; cc < numComps; ++cc) {
quantTable = quantTables[compInfo[cc].quantTable];
h = compInfo[cc].hSample;
v = compInfo[cc].vSample;
- horiz = mcuWidth / h;
- vert = mcuHeight / v;
+ horiz = mcuWidth.Int() / h;
+ vert = mcuHeight.Int() / v;
hSub = horiz / 8;
vSub = vert / 8;
for (y2 = 0; y2 < mcuHeight; y2 += vert) {
for (x2 = 0; x2 < mcuWidth; x2 += horiz) {
// pull out the coded data unit
- p1 = &frameBuf[cc][(y1+y2) * bufWidth + (x1+x2)];
+ p1 = &frameBuf[cc][(y1+y2) * bufWidth.Int() + (x1+x2)];
for (y3 = 0, i = 0; y3 < 8; ++y3, i += 8) {
dataIn[i] = p1[0];
dataIn[i+1] = p1[1];
@@ -2580,7 +2580,7 @@
dataIn[i+5] = p1[5];
dataIn[i+6] = p1[6];
dataIn[i+7] = p1[7];
- p1 += bufWidth * vSub;
+ p1 += bufWidth.Int() * vSub;
}
// transform
@@ -2588,7 +2588,7 @@
// store back into frameBuf, doing replication for
// subsampled components
- p1 = &frameBuf[cc][(y1+y2) * bufWidth + (x1+x2)];
+ p1 = &frameBuf[cc][(y1+y2) * bufWidth.Int() + (x1+x2)];
if (hSub == 1 && vSub == 1) {
for (y3 = 0, i = 0; y3 < 8; ++y3, i += 8) {
p1[0] = dataOut[i] & 0xff;
@@ -2599,10 +2599,10 @@
p1[5] = dataOut[i+5] & 0xff;
p1[6] = dataOut[i+6] & 0xff;
p1[7] = dataOut[i+7] & 0xff;
- p1 += bufWidth;
+ p1 += bufWidth.Int();
}
} else if (hSub == 2 && vSub == 2) {
- p2 = p1 + bufWidth;
+ p2 = p1 + bufWidth.Int();
for (y3 = 0, i = 0; y3 < 16; y3 += 2, i += 8) {
p1[0] = p1[1] = p2[0] = p2[1] = dataOut[i] & 0xff;
p1[2] = p1[3] = p2[2] = p2[3] = dataOut[i+1] & 0xff;
@@ -2612,8 +2612,8 @@
p1[10] = p1[11] = p2[10] = p2[11] = dataOut[i+5] & 0xff;
p1[12] = p1[13] = p2[12] = p2[13] = dataOut[i+6] & 0xff;
p1[14] = p1[15] = p2[14] = p2[15] = dataOut[i+7] & 0xff;
- p1 += bufWidth * 2;
- p2 += bufWidth * 2;
+ p1 += bufWidth.Int() * 2;
+ p2 += bufWidth.Int() * 2;
}
} else {
i = 0;
@@ -2624,11 +2624,11 @@
for (x5 = 0; x5 < hSub; ++x5) {
p2[x5] = dataOut[i] & 0xff;
}
- p2 += bufWidth;
+ p2 += bufWidth.Int();
}
++i;
}
- p1 += bufWidth * vSub;
+ p1 += bufWidth.Int() * vSub;
}
}
}
@@ -2640,9 +2640,9 @@
// convert YCbCr to RGB
if (numComps == 3) {
for (y2 = 0; y2 < mcuHeight; ++y2) {
- p0 = &frameBuf[0][(y1+y2) * bufWidth + x1];
- p1 = &frameBuf[1][(y1+y2) * bufWidth + x1];
- p2 = &frameBuf[2][(y1+y2) * bufWidth + x1];
+ p0 = &frameBuf[0][(y1+y2) * bufWidth.Int() + x1];
+ p1 = &frameBuf[1][(y1+y2) * bufWidth.Int() + x1];
+ p2 = &frameBuf[2][(y1+y2) * bufWidth.Int() + x1];
for (x2 = 0; x2 < mcuWidth; ++x2) {
pY = *p0;
pCb = *p1 - 128;
@@ -2659,9 +2659,9 @@
// convert YCbCrK to CMYK (K is passed through unchanged)
} else if (numComps == 4) {
for (y2 = 0; y2 < mcuHeight; ++y2) {
- p0 = &frameBuf[0][(y1+y2) * bufWidth + x1];
- p1 = &frameBuf[1][(y1+y2) * bufWidth + x1];
- p2 = &frameBuf[2][(y1+y2) * bufWidth + x1];
+ p0 = &frameBuf[0][(y1+y2) * bufWidth.Int() + x1];
+ p1 = &frameBuf[1][(y1+y2) * bufWidth.Int() + x1];
+ p2 = &frameBuf[2][(y1+y2) * bufWidth.Int() + x1];
for (x2 = 0; x2 < mcuWidth; ++x2) {
pY = *p0;
pCb = *p1 - 128;
@@ -4321,7 +4321,7 @@
}
// allocate the table
- tabSize = 1 << tab->maxLen;
+ tabSize = (SafeInt(1) << tab->maxLen).Int();
tab->codes = (FlateCode *)gmallocn(tabSize, sizeof(FlateCode));
// clear the table
--- xpdf-3.02/xpdf/Stream.h
+++ xpdf-3.02/xpdf/Stream.h
@@ -592,9 +592,9 @@
GBool progressive; // set if in progressive mode
GBool interleaved; // set if in interleaved mode
- int width, height; // image size
- int mcuWidth, mcuHeight; // size of min coding unit, in data units
- int bufWidth, bufHeight; // frameBuf size
+ SafeInt width, height; // image size
+ SafeInt mcuWidth, mcuHeight; // size of min coding unit, in data units
+ SafeInt bufWidth, bufHeight; // frameBuf size
DCTCompInfo compInfo[4]; // info for each component
DCTScanInfo scanInfo; // info for the current scan
int numComps; // number of components in image
--- xpdf-3.02/xpdf/TextOutputDev.cc
+++ xpdf-3.02/xpdf/TextOutputDev.cc
@@ -263,7 +263,7 @@
}
text = NULL;
edge = NULL;
- len = size = 0;
+ size = len = 0;
spaceAfter = gFalse;
next = NULL;
@@ -346,9 +346,9 @@
yMax = word->yMax;
}
if (len + word->len > size) {
- size = len + word->len;
+ size = SafeInt(len) + SafeInt(word->len);
text = (Unicode *)greallocn(text, size, sizeof(Unicode));
- edge = (double *)greallocn(edge, size + 1, sizeof(double));
+ edge = (double *)greallocn(edge, size + SafeInt(1), sizeof(double));
}
for (i = 0; i < word->len; ++i) {
text[len + i] = word->text[i];
@@ -481,11 +481,11 @@
}
TextPool::~TextPool() {
- int baseIdx;
+ SafeInt baseIdx;
TextWord *word, *word2;
for (baseIdx = minBaseIdx; baseIdx <= maxBaseIdx; ++baseIdx) {
- for (word = pool[baseIdx - minBaseIdx]; word; word = word2) {
+ for (word = pool[(baseIdx - minBaseIdx).Int()]; word; word = word2) {
word2 = word->next;
delete word;
}
@@ -498,17 +498,17 @@
baseIdx = (int)(base / textPoolStep);
if (baseIdx < minBaseIdx) {
- return minBaseIdx;
+ return minBaseIdx.Int();
}
if (baseIdx > maxBaseIdx) {
- return maxBaseIdx;
+ return maxBaseIdx.Int();
}
return baseIdx;
}
void TextPool::addWord(TextWord *word) {
TextWord **newPool;
- int wordBaseIdx, newMinBaseIdx, newMaxBaseIdx, baseIdx;
+ SafeInt wordBaseIdx, newMinBaseIdx, newMaxBaseIdx, baseIdx;
TextWord *w0, *w1;
// expand the array if needed
@@ -516,29 +516,29 @@
if (minBaseIdx > maxBaseIdx) {
minBaseIdx = wordBaseIdx - 128;
maxBaseIdx = wordBaseIdx + 128;
- pool = (TextWord **)gmallocn(maxBaseIdx - minBaseIdx + 1,
+ pool = (TextWord **)gmallocn(maxBaseIdx - minBaseIdx + SafeInt(1),
sizeof(TextWord *));
for (baseIdx = minBaseIdx; baseIdx <= maxBaseIdx; ++baseIdx) {
- pool[baseIdx - minBaseIdx] = NULL;
+ pool[(baseIdx - minBaseIdx).Int()] = NULL;
}
} else if (wordBaseIdx < minBaseIdx) {
newMinBaseIdx = wordBaseIdx - 128;
- newPool = (TextWord **)gmallocn(maxBaseIdx - newMinBaseIdx + 1,
+ newPool = (TextWord **)gmallocn(maxBaseIdx - newMinBaseIdx + SafeInt(1),
sizeof(TextWord *));
for (baseIdx = newMinBaseIdx; baseIdx < minBaseIdx; ++baseIdx) {
- newPool[baseIdx - newMinBaseIdx] = NULL;
+ newPool[(baseIdx - newMinBaseIdx).Int()] = NULL;
}
- memcpy(&newPool[minBaseIdx - newMinBaseIdx], pool,
- (maxBaseIdx - minBaseIdx + 1) * sizeof(TextWord *));
+ memcpy(&newPool[(minBaseIdx - newMinBaseIdx).Int()], pool,
+ ((maxBaseIdx - minBaseIdx + 1) * sizeof(TextWord *)).Int());
gfree(pool);
pool = newPool;
minBaseIdx = newMinBaseIdx;
} else if (wordBaseIdx > maxBaseIdx) {
newMaxBaseIdx = wordBaseIdx + 128;
- pool = (TextWord **)greallocn(pool, newMaxBaseIdx - minBaseIdx + 1,
+ pool = (TextWord **)greallocn(pool, newMaxBaseIdx - minBaseIdx + SafeInt(1),
sizeof(TextWord *));
for (baseIdx = maxBaseIdx + 1; baseIdx <= newMaxBaseIdx; ++baseIdx) {
- pool[baseIdx - minBaseIdx] = NULL;
+ pool[(baseIdx - minBaseIdx).Int()] = NULL;
}
maxBaseIdx = newMaxBaseIdx;
}
@@ -550,17 +550,17 @@
w1 = cursor->next;
} else {
w0 = NULL;
- w1 = pool[wordBaseIdx - minBaseIdx];
+ w1 = pool[(wordBaseIdx - minBaseIdx).Int()];
}
for (; w1 && word->primaryCmp(w1) > 0; w0 = w1, w1 = w1->next) ;
word->next = w1;
if (w0) {
w0->next = word;
} else {
- pool[wordBaseIdx - minBaseIdx] = word;
+ pool[(wordBaseIdx - minBaseIdx).Int()] = word;
}
cursor = word;
- cursorBaseIdx = wordBaseIdx;
+ cursorBaseIdx = wordBaseIdx.Int();
}
//------------------------------------------------------------------------
@@ -763,7 +763,7 @@
}
}
text = (Unicode *)gmallocn(len, sizeof(Unicode));
- edge = (double *)gmallocn(len + 1, sizeof(double));
+ edge = (double *)gmallocn(len + SafeInt(1), sizeof(double));
i = 0;
for (word1 = words; word1; word1 = word1->next) {
for (j = 0; j < word1->len; ++j) {
@@ -779,7 +779,7 @@
}
// compute convertedLen and set up the col array
- col = (int *)gmallocn(len + 1, sizeof(int));
+ col = (int *)gmallocn(len + SafeInt(1), sizeof(int));
convertedLen = 0;
for (i = 0; i < len; ++i) {
col[i] = convertedLen;
@@ -789,11 +789,11 @@
convertedLen += uMap->mapUnicode(text[i], buf, sizeof(buf));
}
}
- col[len] = convertedLen;
+ col[len.Int()] = convertedLen;
// check for hyphen at end of line
//~ need to check for other chars used as hyphens
- hyphenated = text[len - 1] == (Unicode)'-';
+ hyphenated = text[(len - 1).Int()] == (Unicode)'-';
}
//------------------------------------------------------------------------
@@ -1163,7 +1163,7 @@
int i, j, k;
// discard duplicated text (fake boldface, drop shadows)
- for (idx0 = pool->minBaseIdx; idx0 <= pool->maxBaseIdx; ++idx0) {
+ for (idx0 = pool->minBaseIdx.Int(); idx0 <= pool->maxBaseIdx.Int(); ++idx0) {
word0 = pool->getPool(idx0);
while (word0) {
priDelta = dupMaxPriDelta * word0->fontSize;
@@ -1227,7 +1227,7 @@
// build the lines
curLine = NULL;
- poolMinBaseIdx = pool->minBaseIdx;
+ poolMinBaseIdx = pool->minBaseIdx.Int();
charCount = 0;
nLines = 0;
while (1) {
@@ -1329,7 +1329,7 @@
line->next = line1;
curLine = line;
line->coalesce(uMap);
- charCount += line->len;
+ charCount += line->len.Int();
++nLines;
}
@@ -1338,7 +1338,7 @@
for (line = lines, i = 0; line; line = line->next, ++i) {
lineArray[i] = line;
}
- qsort(lineArray, nLines, sizeof(TextLine *), &TextLine::cmpXY);
+ qsort(lineArray, nLines.Int(), sizeof(TextLine *), &TextLine::cmpXY);
// column assignment
nColumns = 0;
@@ -1348,7 +1348,7 @@
for (j = 0; j < i; ++j) {
line1 = lineArray[j];
if (line1->primaryDelta(line0) >= 0) {
- col2 = line1->col[line1->len] + 1;
+ col2 = line1->col[line1->len.Int()] + 1;
} else {
k = 0; // make gcc happy
switch (rot) {
@@ -1386,8 +1386,8 @@
for (k = 0; k <= line0->len; ++k) {
line0->col[k] += col1;
}
- if (line0->col[line0->len] > nColumns) {
- nColumns = line0->col[line0->len];
+ if (line0->col[line0->len.Int()] > nColumns) {
+ nColumns = line0->col[line0->len.Int()];
}
}
gfree(lineArray);
@@ -1660,7 +1660,8 @@
TextLine *line;
TextWord *word;
TextWord **wordArray;
- int nWords, i;
+ SafeInt nWords;
+ int i;
words = new GList();
@@ -2125,7 +2126,8 @@
GBool found;
int count[4];
int lrCount;
- int firstBlkIdx, nBlocksLeft;
+ int firstBlkIdx;
+ SafeInt nBlocksLeft;
int col1, col2;
int i, j, n;
@@ -2311,7 +2313,7 @@
// build blocks for each rotation value
for (rot = 0; rot < 4; ++rot) {
pool = pools[rot];
- poolMinBaseIdx = pool->minBaseIdx;
+ poolMinBaseIdx = pool->minBaseIdx.Int();
count[rot] = 0;
// add blocks until no more words are left
@@ -2679,7 +2681,7 @@
for (blk = blkList, i = 0; blk; blk = blk->next, ++i) {
blocks[i] = blk;
}
- qsort(blocks, nBlocks, sizeof(TextBlock *), &TextBlock::cmpXYPrimaryRot);
+ qsort(blocks, nBlocks.Int(), sizeof(TextBlock *), &TextBlock::cmpXYPrimaryRot);
// column assignment
for (i = 0; i < nBlocks; ++i) {
@@ -2771,7 +2773,7 @@
//----- reading order sort
// sort blocks into yx order (in preparation for reading order sort)
- qsort(blocks, nBlocks, sizeof(TextBlock *), &TextBlock::cmpYXPrimaryRot);
+ qsort(blocks, nBlocks.Int(), sizeof(TextBlock *), &TextBlock::cmpYXPrimaryRot);
// compute space on left and right sides of each block
for (i = 0; i < nBlocks; ++i) {
@@ -2811,7 +2813,7 @@
//~ this needs to be adjusted for writing mode (vertical text)
//~ this also needs to account for right-to-left column ordering
blkArray = (TextBlock **)gmallocn(nBlocks, sizeof(TextBlock *));
- memcpy(blkArray, blocks, nBlocks * sizeof(TextBlock *));
+ memcpy(blkArray, blocks, nBlocks.Int() * sizeof(TextBlock *));
flows = lastFlow = NULL;
firstBlkIdx = 0;
nBlocksLeft = nBlocks;
@@ -2983,7 +2985,7 @@
xMin0 = xMax0 = yMin0 = yMax0 = 0; // make gcc happy
xMin1 = xMax1 = yMin1 = yMax1 = 0; // make gcc happy
- for (i = backward ? nBlocks - 1 : 0;
+ for (i = backward ? (nBlocks - 1).Int() : 0;
backward ? i >= 0 : i < nBlocks;
i += backward ? -1 : 1) {
blk = blocks[i];
@@ -3013,7 +3015,7 @@
}
// convert the line to uppercase
- m = line->len;
+ m = line->len.Int();
if (!caseSensitive) {
if (m > txtSize) {
txt = (Unicode *)greallocn(txt, m, sizeof(Unicode));
@@ -3134,7 +3136,8 @@
TextBlock *blk;
TextLine *line;
TextLineFrag *frags;
- int nFrags, fragsSize;
+ int nFrags;
+ SafeInt fragsSize;
TextLineFrag *frag;
char space[8], eol[16];
int spaceLen, eolLen;
@@ -3197,7 +3200,7 @@
}
++j;
}
- j = line->len - 1;
+ j = (line->len - 1).Int();
while (j >= 0) {
if (0.5 * (line->edge[j] + line->edge[j+1]) < xMax) {
idx1 = j;
@@ -3218,7 +3221,7 @@
}
++j;
}
- j = line->len - 1;
+ j = (line->len - 1).Int();
while (j >= 0) {
if (0.5 * (line->edge[j] + line->edge[j+1]) < yMax) {
idx1 = j;
@@ -3239,7 +3242,7 @@
}
++j;
}
- j = line->len - 1;
+ j = (line->len - 1).Int();
while (j >= 0) {
if (0.5 * (line->edge[j] + line->edge[j+1]) > xMin) {
idx1 = j;
@@ -3260,7 +3263,7 @@
}
++j;
}
- j = line->len - 1;
+ j = (line->len - 1).Int();
while (j >= 0) {
if (0.5 * (line->edge[j] + line->edge[j+1]) > yMin) {
idx1 = j;
@@ -3449,7 +3452,8 @@
TextLine *line;
TextLineFrag *frags;
TextWord *word;
- int nFrags, fragsSize;
+ int nFrags;
+ SafeInt fragsSize;
TextLineFrag *frag;
char space[8], eol[16], eop[8];
int spaceLen, eolLen, eopLen;
@@ -3515,7 +3519,7 @@
frags = (TextLineFrag *)greallocn(frags,
fragsSize, sizeof(TextLineFrag));
}
- frags[nFrags].init(line, 0, line->len);
+ frags[nFrags].init(line, 0, line->len.Int());
frags[nFrags].computeCoords(gTrue);
++nFrags;
}
@@ -3592,7 +3596,7 @@
for (flow = flows; flow; flow = flow->next) {
for (blk = flow->blocks; blk; blk = blk->next) {
for (line = blk->lines; line; line = line->next) {
- n = line->len;
+ n = line->len.Int();
if (line->hyphenated && (line->next || blk->next)) {
--n;
}
--- xpdf-3.02/xpdf/TextOutputDev.h
+++ xpdf-3.02/xpdf/TextOutputDev.h
@@ -145,7 +145,7 @@
double *edge; // "near" edge x or y coord of each char
// (plus one extra entry for the last char)
int len; // length of text and edge arrays
- int size; // size of text and edge arrays
+ SafeInt size; // size of text and edge arrays
int charPos; // character position (within content stream)
int charLen; // number of content stream characters in
// this word
@@ -182,8 +182,8 @@
TextPool();
~TextPool();
- TextWord *getPool(int baseIdx) { return pool[baseIdx - minBaseIdx]; }
- void setPool(int baseIdx, TextWord *p) { pool[baseIdx - minBaseIdx] = p; }
+ TextWord *getPool(int baseIdx) { return pool[(baseIdx - minBaseIdx).Int()]; }
+ void setPool(int baseIdx, TextWord *p) { pool[(baseIdx - minBaseIdx).Int()] = p; }
int getBaseIdx(double base);
@@ -191,8 +191,8 @@
private:
- int minBaseIdx; // min baseline bucket index
- int maxBaseIdx; // max baseline bucket index
+ SafeInt minBaseIdx; // min baseline bucket index
+ SafeInt maxBaseIdx; // max baseline bucket index
TextWord **pool; // array of linked lists, one for each
// baseline value (multiple of 4 pts)
TextWord *cursor; // pointer to last-accessed word
@@ -256,7 +256,7 @@
double *edge; // "near" edge x or y coord of each char
// (plus one extra entry for the last char)
int *col; // starting column number of each Unicode char
- int len; // number of Unicode chars
+ SafeInt len; // number of Unicode chars
int convertedLen; // total number of converted characters
GBool hyphenated; // set if last char is a hyphen
TextLine *next; // next line in block
@@ -315,7 +315,7 @@
// are built)
TextLine *lines; // linked list of lines
TextLine *curLine; // most recently added line
- int nLines; // number of lines
+ SafeInt nLines; // number of lines
int charCount; // number of characters in the block
int col; // starting column
int nColumns; // number of columns in the block
@@ -506,7 +506,7 @@
TextPool *pools[4]; // a "pool" of TextWords for each rotation
TextFlow *flows; // linked list of flows
TextBlock **blocks; // array of blocks, in yx order
- int nBlocks; // number of blocks
+ SafeInt nBlocks; // number of blocks
int primaryRot; // primary rotation
GBool primaryLR; // primary direction (true means L-to-R,
// false means R-to-L)
--- xpdf-3.02/xpdf/UnicodeMap.cc
+++ xpdf-3.02/xpdf/UnicodeMap.cc
@@ -39,7 +39,7 @@
UnicodeMap *map;
UnicodeMapRange *range;
UnicodeMapExt *eMap;
- int size, eMapsSize;
+ SafeInt size, eMapsSize;
char buf[256];
int line, nBytes, i, x;
char *tok1, *tok2, *tok3;
--- xpdf-3.02/xpdf/XPDFCore.cc
+++ xpdf-3.02/xpdf/XPDFCore.cc
@@ -763,7 +763,8 @@
int nVisuals;
XColor xcolor;
XColor *xcolors;
- int r, g, b, n, m;
+ int r, g, b, n;
+ SafeInt m;
GBool ok;
// for some reason, querying XmNvisual doesn't work (even if done
@@ -808,13 +809,13 @@
// set colors in private colormap
if (installCmap) {
for (rgbCubeSize = xMaxRGBCube; rgbCubeSize >= 2; --rgbCubeSize) {
- m = rgbCubeSize * rgbCubeSize * rgbCubeSize;
- if (XAllocColorCells(display, colormap, False, NULL, 0, colors, m)) {
+ m = SafeInt(rgbCubeSize) * SafeInt(rgbCubeSize) * SafeInt(rgbCubeSize);
+ if (XAllocColorCells(display, colormap, False, NULL, 0, colors, m.Int())) {
break;
}
}
if (rgbCubeSize >= 2) {
- m = rgbCubeSize * rgbCubeSize * rgbCubeSize;
+ m = SafeInt(rgbCubeSize) * SafeInt(rgbCubeSize) * SafeInt(rgbCubeSize);
xcolors = (XColor *)gmallocn(m, sizeof(XColor));
n = 0;
for (r = 0; r < rgbCubeSize; ++r) {
@@ -829,7 +830,7 @@
}
}
}
- XStoreColors(display, colormap, xcolors, m);
+ XStoreColors(display, colormap, xcolors, m.Int());
gfree(xcolors);
} else {
rgbCubeSize = 1;
@@ -1174,7 +1175,7 @@
w = tile->xMax - tile->xMin;
h = tile->yMax - tile->yMin;
image = XCreateImage(display, visual, depth, ZPixmap, 0, NULL, w, h, 8, 0);
- image->data = (char *)gmalloc(h * image->bytes_per_line);
+ image->data = (char *)gmalloc((SafeInt(h) * SafeInt(image->bytes_per_line)).Int());
tile->image = image;
} else {
image = (XImage *)tile->image;
@@ -1247,9 +1248,9 @@
}
} else {
// do Floyd-Steinberg dithering on the whole bitmap
- errDownR = (int *)gmallocn(width + 2, sizeof(int));
- errDownG = (int *)gmallocn(width + 2, sizeof(int));
- errDownB = (int *)gmallocn(width + 2, sizeof(int));
+ errDownR = (int *)gmallocn(SafeInt(width) + SafeInt(2), sizeof(int));
+ errDownG = (int *)gmallocn(SafeInt(width) + SafeInt(2), sizeof(int));
+ errDownB = (int *)gmallocn(SafeInt(width) + SafeInt(2), sizeof(int));
errRightR = errRightG = errRightB = 0;
errDownRightR = errDownRightG = errDownRightB = 0;
memset(errDownR, 0, (width + 2) * sizeof(int));
--- xpdf-3.02/xpdf/XPDFViewer.cc
+++ xpdf-3.02/xpdf/XPDFViewer.cc
@@ -262,7 +262,7 @@
ok = gFalse;
#ifndef DISABLE_OUTLINE
outlineLabels = NULL;
- outlineLabelsLength = outlineLabelsSize = 0;
+ outlineLabelsSize = outlineLabelsLength = 0;
outlinePaneWidth = 175;
#endif
viewerTitle = NULL;
@@ -323,7 +323,7 @@
ok = gFalse;
#ifndef DISABLE_OUTLINE
outlineLabels = NULL;
- outlineLabelsLength = outlineLabelsSize = 0;
+ outlineLabelsSize = outlineLabelsLength = 0;
outlinePaneWidth = 175;
#endif
viewerTitle = NULL;
@@ -2756,7 +2756,7 @@
}
gfree(outlineLabels);
outlineLabels = NULL;
- outlineLabelsLength = outlineLabelsSize = 0;
+ outlineLabelsSize = outlineLabelsLength = 0;
}
if (core->getDoc()) {
--- xpdf-3.02/xpdf/XPDFViewer.h
+++ xpdf-3.02/xpdf/XPDFViewer.h
@@ -305,7 +305,7 @@
Widget outlineTree;
Widget *outlineLabels;
int outlineLabelsLength;
- int outlineLabelsSize;
+ SafeInt outlineLabelsSize;
Dimension outlinePaneWidth;
#endif
XPDFCore *core;
--- xpdf-3.02/xpdf/XRef.cc
+++ xpdf-3.02/xpdf/XRef.cc
@@ -350,7 +350,8 @@
GBool more;
Object obj, obj2;
Guint pos2;
- int first, n, newSize, i;
+ int first, n, i;
+ SafeInt newSize;
while (1) {
parser->getObj(&obj);
@@ -372,7 +373,7 @@
goto err1;
}
if (first + n > size) {
- for (newSize = size ? 2 * size : 1024;
+ for (newSize = size ? SafeInt(2) * SafeInt(size) : 1024;
first + n > newSize && newSize > 0;
newSize <<= 1) ;
if (newSize < 0) {
@@ -383,7 +384,7 @@
entries[i].offset = 0xffffffff;
entries[i].type = xrefEntryFree;
}
- size = newSize;
+ size = newSize.Int();
}
for (i = first; i < first + n; ++i) {
if (!parser->getObj(&obj)->isInt()) {
@@ -471,7 +472,7 @@
int w[3];
GBool more;
Object obj, obj2, idx;
- int newSize, first, n, i;
+ int first, n, i, newSize;
dict = xrefStr->getDict();
@@ -562,13 +563,14 @@
GBool XRef::readXRefStreamSection(Stream *xrefStr, int *w, int first, int n) {
Guint offset;
- int type, gen, c, newSize, i, j;
+ int type, gen, c, i, j;
+ SafeInt newSize;
if (first + n < 0) {
return gFalse;
}
if (first + n > size) {
- for (newSize = size ? 2 * size : 1024;
+ for (newSize = size ? SafeInt(2) * SafeInt(size) : 1024;
first + n > newSize && newSize > 0;
newSize <<= 1) ;
if (newSize < 0) {
@@ -579,7 +581,7 @@
entries[i].offset = 0xffffffff;
entries[i].type = xrefEntryFree;
}
- size = newSize;
+ size = newSize.Int();
}
for (i = first; i < first + n; ++i) {
if (w[0] == 0) {
@@ -637,8 +639,8 @@
char buf[256];
Guint pos;
int num, gen;
- int newSize;
- int streamEndsSize;
+ SafeInt newSize;
+ SafeInt streamEndsSize;
char *p;
int i;
GBool gotRoot;
@@ -649,7 +651,7 @@
error(-1, "PDF file is damaged - attempting to reconstruct xref table...");
gotRoot = gFalse;
- streamEndsLen = streamEndsSize = 0;
+ streamEndsSize = streamEndsLen = 0;
str->reset();
while (1) {
@@ -708,7 +710,7 @@
} while (*p && isspace(*p));
if (!strncmp(p, "obj", 3)) {
if (num >= size) {
- newSize = (num + 1 + 255) & ~255;
+ newSize = (SafeInt(num) + 1 + 255).Int() & ~255;
if (newSize < 0) {
error(-1, "Bad object number");
return gFalse;
@@ -719,7 +721,7 @@
entries[i].offset = 0xffffffff;
entries[i].type = xrefEntryFree;
}
- size = newSize;
+ size = newSize.Int();
}
if (entries[num].type == xrefEntryFree ||
gen >= entries[num].gen) {
--- xpdf-3.02/xpdf/pdffonts.cc
+++ xpdf-3.02/xpdf/pdffonts.cc
@@ -77,7 +77,7 @@
static Ref *fonts;
static int fontsLen;
-static int fontsSize;
+static SafeInt fontsSize;
int main(int argc, char *argv[]) {
PDFDoc *doc;
@@ -143,7 +143,7 @@
printf("name type emb sub uni object ID\n");
printf("------------------------------------ ----------------- --- --- --- ---------\n");
fonts = NULL;
- fontsLen = fontsSize = 0;
+ fontsSize = fontsLen = 0;
for (pg = firstPage; pg <= lastPage; ++pg) {
page = doc->getCatalog()->getPage(pg);
if ((resDict = page->getResourceDict())) {
