Contents of /trunk/ghostscript-gpl/patches/ghostscript-gpl-8.70-jbig2dec-nullderef.patch
Parent Directory | Revision Log
Revision 907 -
(show annotations)
(download)
Mon Oct 26 18:29:14 2009 UTC (14 years, 11 months ago) by niro
File size: 3591 byte(s)
Mon Oct 26 18:29:14 2009 UTC (14 years, 11 months ago) by niro
File size: 3591 byte(s)
patchset for ghostscript-gpl
1 | diff -up ghostscript-8.70/jbig2dec/jbig2_generic.c.jbig2dec-nullderef ghostscript-8.70/jbig2dec/jbig2_generic.c |
2 | --- ghostscript-8.70/jbig2dec/jbig2_generic.c.jbig2dec-nullderef 2009-05-29 07:48:44.000000000 +0100 |
3 | +++ ghostscript-8.70/jbig2dec/jbig2_generic.c 2009-08-03 17:51:13.864875636 +0100 |
4 | @@ -596,6 +596,10 @@ jbig2_immediate_generic_region(Jbig2Ctx |
5 | memcpy (params.gbat, gbat, gbat_bytes); |
6 | |
7 | image = jbig2_image_new(ctx, rsi.width, rsi.height); |
8 | + if (image == NULL) |
9 | + return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, |
10 | + "failed to allocate buffer for image"); |
11 | + |
12 | jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, |
13 | "allocated %d x %d image buffer for region decode results", |
14 | rsi.width, rsi.height); |
15 | diff -up ghostscript-8.70/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef ghostscript-8.70/jbig2dec/jbig2_symbol_dict.c |
16 | --- ghostscript-8.70/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef 2009-05-29 07:48:44.000000000 +0100 |
17 | +++ ghostscript-8.70/jbig2dec/jbig2_symbol_dict.c 2009-08-03 17:52:35.318750131 +0100 |
18 | @@ -367,6 +367,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, |
19 | memcpy(region_params.gbat, params->sdat, sdat_bytes); |
20 | |
21 | image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT); |
22 | + if (image == NULL) { |
23 | + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, |
24 | + "failed to allocate image storage"); |
25 | + return NULL; |
26 | + } |
27 | |
28 | code = jbig2_decode_generic_region(ctx, segment, ®ion_params, |
29 | as, image, GB_stats); |
30 | @@ -517,6 +522,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, |
31 | ID, RDX, RDY); |
32 | |
33 | image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT); |
34 | + if (image == NULL) { |
35 | + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, |
36 | + "failed to allocate image storage"); |
37 | + return NULL; |
38 | + } |
39 | |
40 | /* Table 18 */ |
41 | rparams.GRTEMPLATE = params->SDRTEMPLATE; |
42 | @@ -635,6 +645,16 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, |
43 | for (j = HCFIRSTSYM; j < NSYMSDECODED; j++) { |
44 | Jbig2Image *glyph; |
45 | glyph = jbig2_image_new(ctx, SDNEWSYMWIDTHS[j], HCHEIGHT); |
46 | + if (glyph == NULL) { |
47 | + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, |
48 | + "error allocating image storage for glyph"); |
49 | + while (--j >= HCFIRSTSYM) { |
50 | + jbig2_image_release(ctx, SDNEWSYMS->glyphs[j]); |
51 | + SDNEWSYMS->glyphs[j] = NULL; |
52 | + } |
53 | + jbig2_image_release(ctx, image); |
54 | + return NULL; |
55 | + } |
56 | jbig2_image_compose(ctx, glyph, image, |
57 | -x, 0, JBIG2_COMPOSE_REPLACE); |
58 | x += SDNEWSYMWIDTHS[j]; |
59 | diff -up ghostscript-8.70/jbig2dec/jbig2_text.c.jbig2dec-nullderef ghostscript-8.70/jbig2dec/jbig2_text.c |
60 | --- ghostscript-8.70/jbig2dec/jbig2_text.c.jbig2dec-nullderef 2009-05-29 07:48:44.000000000 +0100 |
61 | +++ ghostscript-8.70/jbig2dec/jbig2_text.c 2009-08-03 17:53:05.166750610 +0100 |
62 | @@ -312,6 +312,9 @@ jbig2_decode_text_region(Jbig2Ctx *ctx, |
63 | IBO = IB; |
64 | refimage = jbig2_image_new(ctx, IBO->width + RDW, |
65 | IBO->height + RDH); |
66 | + if (image == NULL) |
67 | + return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, |
68 | + "could not allocate image storage"); |
69 | |
70 | /* Table 12 */ |
71 | rparams.GRTEMPLATE = params->SBRTEMPLATE; |
72 | @@ -676,6 +679,9 @@ jbig2_parse_text_region(Jbig2Ctx *ctx, J |
73 | } |
74 | |
75 | image = jbig2_image_new(ctx, region_info.width, region_info.height); |
76 | + if (image == NULL) |
77 | + return jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, |
78 | + "unable to allocate image storage"); |
79 | |
80 | ws = jbig2_word_stream_buf_new(ctx, segment_data + offset, segment->data_length - offset); |
81 | if (!params.SBHUFF) { |