kdegraphics/patches/post-3.5.8-kdegraphics-kpdf.diff

--- kpdf/xpdf/xpdf/Stream.cc
+++ kpdf/xpdf/xpdf/Stream.cc
@@ -1245,23 +1245,26 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
   columns = columnsA;
   if (columns < 1) {
     columns = 1;
-  }
-  if (columns + 4 <= 0) {
-    columns = INT_MAX - 4;
+  } else if (columns > INT_MAX - 2) {
+    columns = INT_MAX - 2;
   }
   rows = rowsA;
   endOfBlock = endOfBlockA;
   black = blackA;
-  refLine = (short *)gmallocn(columns + 3, sizeof(short));
-  codingLine = (short *)gmallocn(columns + 2, sizeof(short));
+  // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
+  // ---> max codingLine size = columns + 1
+  // refLine has one extra guard entry at the end
+  // ---> max refLine size = columns + 2
+  codingLine = (int *)gmallocn(columns + 1, sizeof(int));
+  refLine = (int *)gmallocn(columns + 2, sizeof(int));
 
   eof = gFalse;
   row = 0;
   nextLine2D = encoding < 0;
   inputBits = 0;
-  codingLine[0] = 0;
-  codingLine[1] = refLine[2] = columns;
-  a0 = 1;
+  codingLine[0] = columns;
+  a0i = 0;
+  outputBits = 0;
 
   buf = EOF;
 }
@@ -1280,9 +1283,9 @@ void CCITTFaxStream::reset() {
   row = 0;
   nextLine2D = encoding < 0;
   inputBits = 0;
-  codingLine[0] = 0;
-  codingLine[1] = columns;
-  a0 = 1;
+  codingLine[0] = columns;
+  a0i = 0;
+  outputBits = 0;
   buf = EOF;
 
   // skip any initial zero bits and end-of-line marker, and get the 2D
@@ -1299,211 +1302,230 @@ void CCITTFaxStream::reset() {
   }
 }
 
+inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
+  if (a1 > codingLine[a0i]) {
+    if (a1 > columns) {
+      error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+      err = gTrue;
+      a1 = columns;
+    }
+    if ((a0i & 1) ^ blackPixels) {
+      ++a0i;
+    }
+    codingLine[a0i] = a1;
+  }
+}
+
+inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
+  if (a1 > codingLine[a0i]) {
+    if (a1 > columns) {
+      error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+      err = gTrue;
+      a1 = columns;
+    }
+    if ((a0i & 1) ^ blackPixels) {
+      ++a0i;
+    }
+    codingLine[a0i] = a1;
+  } else if (a1 < codingLine[a0i]) {
+    if (a1 < 0) {
+      error(getPos(), "Invalid CCITTFax code");
+      err = gTrue;
+      a1 = 0;
+    }
+    while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
+      --a0i;
+    }
+    codingLine[a0i] = a1;
+  }
+}
+
 int CCITTFaxStream::lookChar() {
   short code1, code2, code3;
-  int a0New;
-  GBool err, gotEOL;
-  int ret;
-  int bits, i;
+  int b1i, blackPixels, i, bits;
+  GBool gotEOL;
 
-  // if at eof just return EOF
-  if (eof && codingLine[a0] >= columns) {
-    return EOF;
+  if (buf != EOF) {
+    return buf;
   }
 
   // read the next row
-  err = gFalse;
-  if (codingLine[a0] >= columns) {
+  if (outputBits == 0) {
+
+    // if at eof just return EOF
+    if (eof) {
+      return EOF;
+    }
+
+    err = gFalse;
 
     // 2-D encoding
     if (nextLine2D) {
-      // state:
-      //   a0New = current position in coding line (0 <= a0New <= columns)
-      //   codingLine[a0] = last change in coding line
-      //                    (black-to-white if a0 is even,
-      //                     white-to-black if a0 is odd)
-      //   refLine[b1] = next change in reference line of opposite color
-      //                 to a0
-      // invariants:
-      //   0 <= codingLine[a0] <= a0New
-      //           <= refLine[b1] <= refLine[b1+1] <= columns
-      //   0 <= a0 <= columns+1
-      //   refLine[0] = 0
-      //   refLine[n] = refLine[n+1] = columns
-      //     -- for some 1 <= n <= columns+1
-      // end condition:
-      //   0 = codingLine[0] <= codingLine[1] < codingLine[2] < ...
-      //     < codingLine[n-1] < codingLine[n] = columns
-      //     -- where 1 <= n <= columns+1
       for (i = 0; codingLine[i] < columns; ++i) {
 	refLine[i] = codingLine[i];
       }
-      refLine[i] = refLine[i + 1] = columns;
-      b1 = 1;
-      a0New = codingLine[a0 = 0] = 0;
-      do {
+      refLine[i++] = columns;
+      refLine[i] = columns;
+      codingLine[0] = 0;
+      a0i = 0;
+      b1i = 0;
+      blackPixels = 0;
+      // invariant:
+      // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
+      //                                                             <= columns
+      // exception at left edge:
+      //   codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
+      // exception at right edge:
+      //   refLine[b1i] = refLine[b1i+1] = columns is possible
+      while (codingLine[a0i] < columns) {
 	code1 = getTwoDimCode();
 	switch (code1) {
 	case twoDimPass:
-	  if (refLine[b1] < columns) {
-	    a0New = refLine[b1 + 1];
-	    b1 += 2;
+	  addPixels(refLine[b1i + 1], blackPixels);
+	  if (refLine[b1i + 1] < columns) {
+	    b1i += 2;
 	  }
 	  break;
 	case twoDimHoriz:
-	  if ((a0 & 1) == 0) {
-	    code1 = code2 = 0;
+	  code1 = code2 = 0;
+	  if (blackPixels) {
 	    do {
-	      code1 += code3 = getWhiteCode();
+	      code1 += code3 = getBlackCode();
 	    } while (code3 >= 64);
 	    do {
-	      code2 += code3 = getBlackCode();
+	      code2 += code3 = getWhiteCode();
 	    } while (code3 >= 64);
 	  } else {
-	    code1 = code2 = 0;
 	    do {
-	      code1 += code3 = getBlackCode();
+	      code1 += code3 = getWhiteCode();
 	    } while (code3 >= 64);
 	    do {
-	      code2 += code3 = getWhiteCode();
+	      code2 += code3 = getBlackCode();
 	    } while (code3 >= 64);
 	  }
-	  if (code1 > 0 || code2 > 0) {
-	    if (a0New + code1 <= columns) {
-	      codingLine[a0 + 1] = a0New + code1;
-	    } else {
-	      codingLine[a0 + 1] = columns;
-	    }
-	    ++a0;
-	    if (codingLine[a0] + code2 <= columns) {
-	      codingLine[a0 + 1] = codingLine[a0] + code2;
-	    } else {
-	      codingLine[a0 + 1] = columns;
-	    }
-	    ++a0;
-	    a0New = codingLine[a0];
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	  addPixels(codingLine[a0i] + code1, blackPixels);
+	  if (codingLine[a0i] < columns) {
+	    addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
+	  }
+	  while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	    b1i += 2;
+	  }
+	  break;
+	case twoDimVertR3:
+	  addPixels(refLine[b1i] + 3, blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    ++b1i;
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
 	  }
 	  break;
-	case twoDimVert0:
-	  if (refLine[b1] < columns) {
-	    a0New = codingLine[++a0] = refLine[b1];
-	    ++b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	case twoDimVertR2:
+	  addPixels(refLine[b1i] + 2, blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    ++b1i;
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
-	  } else {
-	    a0New = codingLine[++a0] = columns;
 	  }
 	  break;
 	case twoDimVertR1:
-	  if (refLine[b1] + 1 < columns) {
-	    a0New = codingLine[++a0] = refLine[b1] + 1;
-	    ++b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	  addPixels(refLine[b1i] + 1, blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    ++b1i;
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
-	  } else {
-	    a0New = codingLine[++a0] = columns;
 	  }
 	  break;
-	case twoDimVertL1:
-	  if (refLine[b1] - 1 > a0New || (a0 == 0 && refLine[b1] == 1)) {
-	    a0New = codingLine[++a0] = refLine[b1] - 1;
-	    --b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	case twoDimVert0:
+	  addPixels(refLine[b1i], blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    ++b1i;
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
 	  }
 	  break;
-	case twoDimVertR2:
-	  if (refLine[b1] + 2 < columns) {
-	    a0New = codingLine[++a0] = refLine[b1] + 2;
-	    ++b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	case twoDimVertL3:
+	  addPixelsNeg(refLine[b1i] - 3, blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    if (b1i > 0) {
+	      --b1i;
+	    } else {
+	      ++b1i;
+	    }
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
-	  } else {
-	    a0New = codingLine[++a0] = columns;
 	  }
 	  break;
 	case twoDimVertL2:
-	  if (refLine[b1] - 2 > a0New || (a0 == 0 && refLine[b1] == 2)) {
-	    a0New = codingLine[++a0] = refLine[b1] - 2;
-	    --b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	  addPixelsNeg(refLine[b1i] - 2, blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    if (b1i > 0) {
+	      --b1i;
+	    } else {
+	      ++b1i;
 	    }
-	  }
-	  break;
-	case twoDimVertR3:
-	  if (refLine[b1] + 3 < columns) {
-	    a0New = codingLine[++a0] = refLine[b1] + 3;
-	    ++b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
-	  } else {
-	    a0New = codingLine[++a0] = columns;
 	  }
 	  break;
-	case twoDimVertL3:
-	  if (refLine[b1] - 3 > a0New || (a0 == 0 && refLine[b1] == 3)) {
-	    a0New = codingLine[++a0] = refLine[b1] - 3;
-	    --b1;
-	    while (refLine[b1] <= a0New && refLine[b1] < columns) {
-	      b1 += 2;
+	case twoDimVertL1:
+	  addPixelsNeg(refLine[b1i] - 1, blackPixels);
+	  blackPixels ^= 1;
+	  if (codingLine[a0i] < columns) {
+	    if (b1i > 0) {
+	      --b1i;
+	    } else {
+	      ++b1i;
+	    }
+	    while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+	      b1i += 2;
 	    }
 	  }
 	  break;
 	case EOF:
+	  addPixels(columns, 0);
 	  eof = gTrue;
-	  codingLine[a0 = 0] = columns;
-	  return EOF;
+	  break;
 	default:
 	  error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
+	  addPixels(columns, 0);
 	  err = gTrue;
 	  break;
 	}
-      } while (codingLine[a0] < columns);
+      }
 
     // 1-D encoding
     } else {
-      codingLine[a0 = 0] = 0;
-      while (1) {
+      codingLine[0] = 0;
+      a0i = 0;
+      blackPixels = 0;
+      while (codingLine[a0i] < columns) {
 	code1 = 0;
-	do {
-	  code1 += code3 = getWhiteCode();
-	} while (code3 >= 64);
-	codingLine[a0+1] = codingLine[a0] + code1;
-	++a0;
-	if (codingLine[a0] >= columns) {
-	  break;
-	}
-	code2 = 0;
-	do {
-	  code2 += code3 = getBlackCode();
-	} while (code3 >= 64);
-	codingLine[a0+1] = codingLine[a0] + code2;
-	++a0;
-	if (codingLine[a0] >= columns) {
-	  break;
+	if (blackPixels) {
+	  do {
+	    code1 += code3 = getBlackCode();
+	  } while (code3 >= 64);
+	} else {
+	  do {
+	    code1 += code3 = getWhiteCode();
+	  } while (code3 >= 64);
 	}
+	addPixels(codingLine[a0i] + code1, blackPixels);
+	blackPixels ^= 1;
       }
     }
 
-    if (codingLine[a0] != columns) {
-      error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
-      // force the row to be the correct length
-      while (codingLine[a0] > columns) {
-	--a0;
-      }
-      codingLine[++a0] = columns;
-      err = gTrue;
-    }
-
     // byte-align the row
     if (byteAlign) {
       inputBits &= ~7;
@@ -1562,14 +1584,17 @@ int CCITTFaxStream::lookChar() {
     // this if we know the stream contains end-of-line markers because
     // the "just plow on" technique tends to work better otherwise
     } else if (err && endOfLine) {
-      do {
+      while (1) {
+	code1 = lookBits(13);
 	if (code1 == EOF) {
 	  eof = gTrue;
 	  return EOF;
 	}
+	if ((code1 >> 1) == 0x001) {
+	  break;
+	}
 	eatBits(1);
-	code1 = lookBits(13);
-      } while ((code1 >> 1) != 0x001);
+      }
       eatBits(12); 
       if (encoding > 0) {
 	eatBits(1);
@@ -1577,11 +1602,11 @@ int CCITTFaxStream::lookChar() {
       }
     }
 
-    a0 = 0;
-    outputBits = codingLine[1] - codingLine[0];
-    if (outputBits == 0) {
-      a0 = 1;
-      outputBits = codingLine[2] - codingLine[1];
+    // set up for output
+    if (codingLine[0] > 0) {
+      outputBits = codingLine[a0i = 0];
+    } else {
+      outputBits = codingLine[a0i = 1];
     }
 
     ++row;
@@ -1589,39 +1614,43 @@ int CCITTFaxStream::lookChar() {
 
   // get a byte
   if (outputBits >= 8) {
-    ret = ((a0 & 1) == 0) ? 0xff : 0x00;
-    if ((outputBits -= 8) == 0) {
-      ++a0;
-      if (codingLine[a0] < columns) {
-	outputBits = codingLine[a0 + 1] - codingLine[a0];
-      }
+    buf = (a0i & 1) ? 0x00 : 0xff;
+    outputBits -= 8;
+    if (outputBits == 0 && codingLine[a0i] < columns) {
+      ++a0i;
+      outputBits = codingLine[a0i] - codingLine[a0i - 1];
     }
   } else {
     bits = 8;
-    ret = 0;
+    buf = 0;
     do {
       if (outputBits > bits) {
-	i = bits;
-	bits = 0;
-	if ((a0 & 1) == 0) {
-	  ret |= 0xff >> (8 - i);
+	buf <<= bits;
+	if (!(a0i & 1)) {
+	  buf |= 0xff >> (8 - bits);
 	}
-	outputBits -= i;
+	outputBits -= bits;
+	bits = 0;
       } else {
-	i = outputBits;
-	bits -= outputBits;
-	if ((a0 & 1) == 0) {
-	  ret |= (0xff >> (8 - i)) << bits;
+	buf <<= outputBits;
+	if (!(a0i & 1)) {
+	  buf |= 0xff >> (8 - outputBits);
 	}
+	bits -= outputBits;
 	outputBits = 0;
-	++a0;
-	if (codingLine[a0] < columns) {
-	  outputBits = codingLine[a0 + 1] - codingLine[a0];
+	if (codingLine[a0i] < columns) {
+	  ++a0i;
+	  outputBits = codingLine[a0i] - codingLine[a0i - 1];
+	} else if (bits > 0) {
+	  buf <<= bits;
+	  bits = 0;
 	}
       }
-    } while (bits > 0 && codingLine[a0] < columns);
+    } while (bits);
+  }
+  if (black) {
+    buf ^= 0xff;
   }
-  buf = black ? (ret ^ 0xff) : ret;
   return buf;
 }
 
@@ -1663,6 +1692,9 @@ short CCITTFaxStream::getWhiteCode() {
   code = 0; // make gcc happy
   if (endOfBlock) {
     code = lookBits(12);
+    if (code == EOF) {
+      return 1;
+    }
     if ((code >> 5) == 0) {
       p = &whiteTab1[code];
     } else {
@@ -1675,6 +1707,9 @@ short CCITTFaxStream::getWhiteCode() {
   } else {
     for (n = 1; n <= 9; ++n) {
       code = lookBits(n);
+      if (code == EOF) {
+	return 1;
+      }
       if (n < 9) {
 	code <<= 9 - n;
       }
@@ -1686,6 +1721,9 @@ short CCITTFaxStream::getWhiteCode() {
     }
     for (n = 11; n <= 12; ++n) {
       code = lookBits(n);
+      if (code == EOF) {
+	return 1;
+      }
       if (n < 12) {
 	code <<= 12 - n;
       }
@@ -1711,9 +1749,12 @@ short CCITTFaxStream::getBlackCode() {
   code = 0; // make gcc happy
   if (endOfBlock) {
     code = lookBits(13);
+    if (code == EOF) {
+      return 1;
+    }
     if ((code >> 7) == 0) {
       p = &blackTab1[code];
-    } else if ((code >> 9) == 0) {
+    } else if ((code >> 9) == 0 && (code >> 7) != 0) {
       p = &blackTab2[(code >> 1) - 64];
     } else {
       p = &blackTab3[code >> 7];
@@ -1725,6 +1766,9 @@ short CCITTFaxStream::getBlackCode() {
   } else {
     for (n = 2; n <= 6; ++n) {
       code = lookBits(n);
+      if (code == EOF) {
+	return 1;
+      }
       if (n < 6) {
 	code <<= 6 - n;
       }
@@ -1736,6 +1780,9 @@ short CCITTFaxStream::getBlackCode() {
     }
     for (n = 7; n <= 12; ++n) {
       code = lookBits(n);
+      if (code == EOF) {
+	return 1;
+      }
       if (n < 12) {
 	code <<= 12 - n;
       }
@@ -1749,6 +1796,9 @@ short CCITTFaxStream::getBlackCode() {
     }
     for (n = 10; n <= 13; ++n) {
       code = lookBits(n);
+      if (code == EOF) {
+	return 1;
+      }
       if (n < 13) {
 	code <<= 13 - n;
       }
@@ -1963,6 +2013,12 @@ void DCTStream::reset() {
     // allocate a buffer for the whole image
     bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
     bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
+    if (bufWidth <= 0 || bufHeight <= 0 ||
+	bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
+      error(getPos(), "Invalid image size in DCT stream");
+      y = height;
+      return;
+    }
     for (i = 0; i < numComps; ++i) {
       frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
       memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
@@ -3038,6 +3094,11 @@ GBool DCTStream::readScanInfo() {
   }
   scanInfo.firstCoeff = str->getChar();
   scanInfo.lastCoeff = str->getChar();
+  if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
+      scanInfo.firstCoeff > scanInfo.lastCoeff) {
+    error(getPos(), "Bad DCT coefficient numbers in scan info block");
+    return gFalse;
+  }
   c = str->getChar();
   scanInfo.ah = (c >> 4) & 0x0f;
   scanInfo.al = c & 0x0f;
--- kpdf/xpdf/xpdf/Stream.h
+++ kpdf/xpdf/xpdf/Stream.h
@@ -528,13 +528,15 @@ private:
   int row;			// current row
   int inputBuf;			// input buffer
   int inputBits;		// number of bits in input buffer
-  short *refLine;		// reference line changing elements
-  int b1;			// index into refLine
-  short *codingLine;		// coding line changing elements
-  int a0;			// index into codingLine
+  int *codingLine;		// coding line changing elements
+  int *refLine;			// reference line changing elements
+  int a0i;			// index into codingLine
+  GBool err;			// error on current line
   int outputBits;		// remaining ouput bits
   int buf;			// character buffer
 
+  void addPixels(int a1, int black);
+  void addPixelsNeg(int a1, int black);
   short getTwoDimCode();
   short getWhiteCode();
   short getBlackCode();
1	niro	424	--- kpdf/xpdf/xpdf/Stream.cc
2			+++ kpdf/xpdf/xpdf/Stream.cc
3			@@ -1245,23 +1245,26 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
4			columns = columnsA;
5			if (columns < 1) {
6			columns = 1;
7			- }
8			- if (columns + 4 <= 0) {
9			- columns = INT_MAX - 4;
10			+ } else if (columns > INT_MAX - 2) {
11			+ columns = INT_MAX - 2;
12			}
13			rows = rowsA;
14			endOfBlock = endOfBlockA;
15			black = blackA;
16			- refLine = (short *)gmallocn(columns + 3, sizeof(short));
17			- codingLine = (short *)gmallocn(columns + 2, sizeof(short));
18			+ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
19			+ // ---> max codingLine size = columns + 1
20			+ // refLine has one extra guard entry at the end
21			+ // ---> max refLine size = columns + 2
22			+ codingLine = (int *)gmallocn(columns + 1, sizeof(int));
23			+ refLine = (int *)gmallocn(columns + 2, sizeof(int));
24
25			eof = gFalse;
26			row = 0;
27			nextLine2D = encoding < 0;
28			inputBits = 0;
29			- codingLine[0] = 0;
30			- codingLine[1] = refLine[2] = columns;
31			- a0 = 1;
32			+ codingLine[0] = columns;
33			+ a0i = 0;
34			+ outputBits = 0;
35
36			buf = EOF;
37			}
38			@@ -1280,9 +1283,9 @@ void CCITTFaxStream::reset() {
39			row = 0;
40			nextLine2D = encoding < 0;
41			inputBits = 0;
42			- codingLine[0] = 0;
43			- codingLine[1] = columns;
44			- a0 = 1;
45			+ codingLine[0] = columns;
46			+ a0i = 0;
47			+ outputBits = 0;
48			buf = EOF;
49
50			// skip any initial zero bits and end-of-line marker, and get the 2D
51			@@ -1299,211 +1302,230 @@ void CCITTFaxStream::reset() {
52			}
53			}
54
55			+inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
56			+ if (a1 > codingLine[a0i]) {
57			+ if (a1 > columns) {
58			+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
59			+ err = gTrue;
60			+ a1 = columns;
61			+ }
62			+ if ((a0i & 1) ^ blackPixels) {
63			+ ++a0i;
64			+ }
65			+ codingLine[a0i] = a1;
66			+ }
67			+}
68			+
69			+inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
70			+ if (a1 > codingLine[a0i]) {
71			+ if (a1 > columns) {
72			+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
73			+ err = gTrue;
74			+ a1 = columns;
75			+ }
76			+ if ((a0i & 1) ^ blackPixels) {
77			+ ++a0i;
78			+ }
79			+ codingLine[a0i] = a1;
80			+ } else if (a1 < codingLine[a0i]) {
81			+ if (a1 < 0) {
82			+ error(getPos(), "Invalid CCITTFax code");
83			+ err = gTrue;
84			+ a1 = 0;
85			+ }
86			+ while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
87			+ --a0i;
88			+ }
89			+ codingLine[a0i] = a1;
90			+ }
91			+}
92			+
93			int CCITTFaxStream::lookChar() {
94			short code1, code2, code3;
95			- int a0New;
96			- GBool err, gotEOL;
97			- int ret;
98			- int bits, i;
99			+ int b1i, blackPixels, i, bits;
100			+ GBool gotEOL;
101
102			- // if at eof just return EOF
103			- if (eof && codingLine[a0] >= columns) {
104			- return EOF;
105			+ if (buf != EOF) {
106			+ return buf;
107			}
108
109			// read the next row
110			- err = gFalse;
111			- if (codingLine[a0] >= columns) {
112			+ if (outputBits == 0) {
113			+
114			+ // if at eof just return EOF
115			+ if (eof) {
116			+ return EOF;
117			+ }
118			+
119			+ err = gFalse;
120
121			// 2-D encoding
122			if (nextLine2D) {
123			- // state:
124			- // a0New = current position in coding line (0 <= a0New <= columns)
125			- // codingLine[a0] = last change in coding line
126			- // (black-to-white if a0 is even,
127			- // white-to-black if a0 is odd)
128			- // refLine[b1] = next change in reference line of opposite color
129			- // to a0
130			- // invariants:
131			- // 0 <= codingLine[a0] <= a0New
132			- // <= refLine[b1] <= refLine[b1+1] <= columns
133			- // 0 <= a0 <= columns+1
134			- // refLine[0] = 0
135			- // refLine[n] = refLine[n+1] = columns
136			- // -- for some 1 <= n <= columns+1
137			- // end condition:
138			- // 0 = codingLine[0] <= codingLine[1] < codingLine[2] < ...
139			- // < codingLine[n-1] < codingLine[n] = columns
140			- // -- where 1 <= n <= columns+1
141			for (i = 0; codingLine[i] < columns; ++i) {
142			refLine[i] = codingLine[i];
143			}
144			- refLine[i] = refLine[i + 1] = columns;
145			- b1 = 1;
146			- a0New = codingLine[a0 = 0] = 0;
147			- do {
148			+ refLine[i++] = columns;
149			+ refLine[i] = columns;
150			+ codingLine[0] = 0;
151			+ a0i = 0;
152			+ b1i = 0;
153			+ blackPixels = 0;
154			+ // invariant:
155			+ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
156			+ // <= columns
157			+ // exception at left edge:
158			+ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
159			+ // exception at right edge:
160			+ // refLine[b1i] = refLine[b1i+1] = columns is possible
161			+ while (codingLine[a0i] < columns) {
162			code1 = getTwoDimCode();
163			switch (code1) {
164			case twoDimPass:
165			- if (refLine[b1] < columns) {
166			- a0New = refLine[b1 + 1];
167			- b1 += 2;
168			+ addPixels(refLine[b1i + 1], blackPixels);
169			+ if (refLine[b1i + 1] < columns) {
170			+ b1i += 2;
171			}
172			break;
173			case twoDimHoriz:
174			- if ((a0 & 1) == 0) {
175			- code1 = code2 = 0;
176			+ code1 = code2 = 0;
177			+ if (blackPixels) {
178			do {
179			- code1 += code3 = getWhiteCode();
180			+ code1 += code3 = getBlackCode();
181			} while (code3 >= 64);
182			do {
183			- code2 += code3 = getBlackCode();
184			+ code2 += code3 = getWhiteCode();
185			} while (code3 >= 64);
186			} else {
187			- code1 = code2 = 0;
188			do {
189			- code1 += code3 = getBlackCode();
190			+ code1 += code3 = getWhiteCode();
191			} while (code3 >= 64);
192			do {
193			- code2 += code3 = getWhiteCode();
194			+ code2 += code3 = getBlackCode();
195			} while (code3 >= 64);
196			}
197			- if (code1 > 0 \|\| code2 > 0) {
198			- if (a0New + code1 <= columns) {
199			- codingLine[a0 + 1] = a0New + code1;
200			- } else {
201			- codingLine[a0 + 1] = columns;
202			- }
203			- ++a0;
204			- if (codingLine[a0] + code2 <= columns) {
205			- codingLine[a0 + 1] = codingLine[a0] + code2;
206			- } else {
207			- codingLine[a0 + 1] = columns;
208			- }
209			- ++a0;
210			- a0New = codingLine[a0];
211			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
212			- b1 += 2;
213			+ addPixels(codingLine[a0i] + code1, blackPixels);
214			+ if (codingLine[a0i] < columns) {
215			+ addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
216			+ }
217			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
218			+ b1i += 2;
219			+ }
220			+ break;
221			+ case twoDimVertR3:
222			+ addPixels(refLine[b1i] + 3, blackPixels);
223			+ blackPixels ^= 1;
224			+ if (codingLine[a0i] < columns) {
225			+ ++b1i;
226			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
227			+ b1i += 2;
228			}
229			}
230			break;
231			- case twoDimVert0:
232			- if (refLine[b1] < columns) {
233			- a0New = codingLine[++a0] = refLine[b1];
234			- ++b1;
235			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
236			- b1 += 2;
237			+ case twoDimVertR2:
238			+ addPixels(refLine[b1i] + 2, blackPixels);
239			+ blackPixels ^= 1;
240			+ if (codingLine[a0i] < columns) {
241			+ ++b1i;
242			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
243			+ b1i += 2;
244			}
245			- } else {
246			- a0New = codingLine[++a0] = columns;
247			}
248			break;
249			case twoDimVertR1:
250			- if (refLine[b1] + 1 < columns) {
251			- a0New = codingLine[++a0] = refLine[b1] + 1;
252			- ++b1;
253			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
254			- b1 += 2;
255			+ addPixels(refLine[b1i] + 1, blackPixels);
256			+ blackPixels ^= 1;
257			+ if (codingLine[a0i] < columns) {
258			+ ++b1i;
259			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
260			+ b1i += 2;
261			}
262			- } else {
263			- a0New = codingLine[++a0] = columns;
264			}
265			break;
266			- case twoDimVertL1:
267			- if (refLine[b1] - 1 > a0New \|\| (a0 == 0 && refLine[b1] == 1)) {
268			- a0New = codingLine[++a0] = refLine[b1] - 1;
269			- --b1;
270			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
271			- b1 += 2;
272			+ case twoDimVert0:
273			+ addPixels(refLine[b1i], blackPixels);
274			+ blackPixels ^= 1;
275			+ if (codingLine[a0i] < columns) {
276			+ ++b1i;
277			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
278			+ b1i += 2;
279			}
280			}
281			break;
282			- case twoDimVertR2:
283			- if (refLine[b1] + 2 < columns) {
284			- a0New = codingLine[++a0] = refLine[b1] + 2;
285			- ++b1;
286			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
287			- b1 += 2;
288			+ case twoDimVertL3:
289			+ addPixelsNeg(refLine[b1i] - 3, blackPixels);
290			+ blackPixels ^= 1;
291			+ if (codingLine[a0i] < columns) {
292			+ if (b1i > 0) {
293			+ --b1i;
294			+ } else {
295			+ ++b1i;
296			+ }
297			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
298			+ b1i += 2;
299			}
300			- } else {
301			- a0New = codingLine[++a0] = columns;
302			}
303			break;
304			case twoDimVertL2:
305			- if (refLine[b1] - 2 > a0New \|\| (a0 == 0 && refLine[b1] == 2)) {
306			- a0New = codingLine[++a0] = refLine[b1] - 2;
307			- --b1;
308			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
309			- b1 += 2;
310			+ addPixelsNeg(refLine[b1i] - 2, blackPixels);
311			+ blackPixels ^= 1;
312			+ if (codingLine[a0i] < columns) {
313			+ if (b1i > 0) {
314			+ --b1i;
315			+ } else {
316			+ ++b1i;
317			}
318			- }
319			- break;
320			- case twoDimVertR3:
321			- if (refLine[b1] + 3 < columns) {
322			- a0New = codingLine[++a0] = refLine[b1] + 3;
323			- ++b1;
324			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
325			- b1 += 2;
326			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
327			+ b1i += 2;
328			}
329			- } else {
330			- a0New = codingLine[++a0] = columns;
331			}
332			break;
333			- case twoDimVertL3:
334			- if (refLine[b1] - 3 > a0New \|\| (a0 == 0 && refLine[b1] == 3)) {
335			- a0New = codingLine[++a0] = refLine[b1] - 3;
336			- --b1;
337			- while (refLine[b1] <= a0New && refLine[b1] < columns) {
338			- b1 += 2;
339			+ case twoDimVertL1:
340			+ addPixelsNeg(refLine[b1i] - 1, blackPixels);
341			+ blackPixels ^= 1;
342			+ if (codingLine[a0i] < columns) {
343			+ if (b1i > 0) {
344			+ --b1i;
345			+ } else {
346			+ ++b1i;
347			+ }
348			+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
349			+ b1i += 2;
350			}
351			}
352			break;
353			case EOF:
354			+ addPixels(columns, 0);
355			eof = gTrue;
356			- codingLine[a0 = 0] = columns;
357			- return EOF;
358			+ break;
359			default:
360			error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
361			+ addPixels(columns, 0);
362			err = gTrue;
363			break;
364			}
365			- } while (codingLine[a0] < columns);
366			+ }
367
368			// 1-D encoding
369			} else {
370			- codingLine[a0 = 0] = 0;
371			- while (1) {
372			+ codingLine[0] = 0;
373			+ a0i = 0;
374			+ blackPixels = 0;
375			+ while (codingLine[a0i] < columns) {
376			code1 = 0;
377			- do {
378			- code1 += code3 = getWhiteCode();
379			- } while (code3 >= 64);
380			- codingLine[a0+1] = codingLine[a0] + code1;
381			- ++a0;
382			- if (codingLine[a0] >= columns) {
383			- break;
384			- }
385			- code2 = 0;
386			- do {
387			- code2 += code3 = getBlackCode();
388			- } while (code3 >= 64);
389			- codingLine[a0+1] = codingLine[a0] + code2;
390			- ++a0;
391			- if (codingLine[a0] >= columns) {
392			- break;
393			+ if (blackPixels) {
394			+ do {
395			+ code1 += code3 = getBlackCode();
396			+ } while (code3 >= 64);
397			+ } else {
398			+ do {
399			+ code1 += code3 = getWhiteCode();
400			+ } while (code3 >= 64);
401			}
402			+ addPixels(codingLine[a0i] + code1, blackPixels);
403			+ blackPixels ^= 1;
404			}
405			}
406
407			- if (codingLine[a0] != columns) {
408			- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
409			- // force the row to be the correct length
410			- while (codingLine[a0] > columns) {
411			- --a0;
412			- }
413			- codingLine[++a0] = columns;
414			- err = gTrue;
415			- }
416			-
417			// byte-align the row
418			if (byteAlign) {
419			inputBits &= ~7;
420			@@ -1562,14 +1584,17 @@ int CCITTFaxStream::lookChar() {
421			// this if we know the stream contains end-of-line markers because
422			// the "just plow on" technique tends to work better otherwise
423			} else if (err && endOfLine) {
424			- do {
425			+ while (1) {
426			+ code1 = lookBits(13);
427			if (code1 == EOF) {
428			eof = gTrue;
429			return EOF;
430			}
431			+ if ((code1 >> 1) == 0x001) {
432			+ break;
433			+ }
434			eatBits(1);
435			- code1 = lookBits(13);
436			- } while ((code1 >> 1) != 0x001);
437			+ }
438			eatBits(12);
439			if (encoding > 0) {
440			eatBits(1);
441			@@ -1577,11 +1602,11 @@ int CCITTFaxStream::lookChar() {
442			}
443			}
444
445			- a0 = 0;
446			- outputBits = codingLine[1] - codingLine[0];
447			- if (outputBits == 0) {
448			- a0 = 1;
449			- outputBits = codingLine[2] - codingLine[1];
450			+ // set up for output
451			+ if (codingLine[0] > 0) {
452			+ outputBits = codingLine[a0i = 0];
453			+ } else {
454			+ outputBits = codingLine[a0i = 1];
455			}
456
457			++row;
458			@@ -1589,39 +1614,43 @@ int CCITTFaxStream::lookChar() {
459
460			// get a byte
461			if (outputBits >= 8) {
462			- ret = ((a0 & 1) == 0) ? 0xff : 0x00;
463			- if ((outputBits -= 8) == 0) {
464			- ++a0;
465			- if (codingLine[a0] < columns) {
466			- outputBits = codingLine[a0 + 1] - codingLine[a0];
467			- }
468			+ buf = (a0i & 1) ? 0x00 : 0xff;
469			+ outputBits -= 8;
470			+ if (outputBits == 0 && codingLine[a0i] < columns) {
471			+ ++a0i;
472			+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
473			}
474			} else {
475			bits = 8;
476			- ret = 0;
477			+ buf = 0;
478			do {
479			if (outputBits > bits) {
480			- i = bits;
481			- bits = 0;
482			- if ((a0 & 1) == 0) {
483			- ret \|= 0xff >> (8 - i);
484			+ buf <<= bits;
485			+ if (!(a0i & 1)) {
486			+ buf \|= 0xff >> (8 - bits);
487			}
488			- outputBits -= i;
489			+ outputBits -= bits;
490			+ bits = 0;
491			} else {
492			- i = outputBits;
493			- bits -= outputBits;
494			- if ((a0 & 1) == 0) {
495			- ret \|= (0xff >> (8 - i)) << bits;
496			+ buf <<= outputBits;
497			+ if (!(a0i & 1)) {
498			+ buf \|= 0xff >> (8 - outputBits);
499			}
500			+ bits -= outputBits;
501			outputBits = 0;
502			- ++a0;
503			- if (codingLine[a0] < columns) {
504			- outputBits = codingLine[a0 + 1] - codingLine[a0];
505			+ if (codingLine[a0i] < columns) {
506			+ ++a0i;
507			+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
508			+ } else if (bits > 0) {
509			+ buf <<= bits;
510			+ bits = 0;
511			}
512			}
513			- } while (bits > 0 && codingLine[a0] < columns);
514			+ } while (bits);
515			+ }
516			+ if (black) {
517			+ buf ^= 0xff;
518			}
519			- buf = black ? (ret ^ 0xff) : ret;
520			return buf;
521			}
522
523			@@ -1663,6 +1692,9 @@ short CCITTFaxStream::getWhiteCode() {
524			code = 0; // make gcc happy
525			if (endOfBlock) {
526			code = lookBits(12);
527			+ if (code == EOF) {
528			+ return 1;
529			+ }
530			if ((code >> 5) == 0) {
531			p = &whiteTab1[code];
532			} else {
533			@@ -1675,6 +1707,9 @@ short CCITTFaxStream::getWhiteCode() {
534			} else {
535			for (n = 1; n <= 9; ++n) {
536			code = lookBits(n);
537			+ if (code == EOF) {
538			+ return 1;
539			+ }
540			if (n < 9) {
541			code <<= 9 - n;
542			}
543			@@ -1686,6 +1721,9 @@ short CCITTFaxStream::getWhiteCode() {
544			}
545			for (n = 11; n <= 12; ++n) {
546			code = lookBits(n);
547			+ if (code == EOF) {
548			+ return 1;
549			+ }
550			if (n < 12) {
551			code <<= 12 - n;
552			}
553			@@ -1711,9 +1749,12 @@ short CCITTFaxStream::getBlackCode() {
554			code = 0; // make gcc happy
555			if (endOfBlock) {
556			code = lookBits(13);
557			+ if (code == EOF) {
558			+ return 1;
559			+ }
560			if ((code >> 7) == 0) {
561			p = &blackTab1[code];
562			- } else if ((code >> 9) == 0) {
563			+ } else if ((code >> 9) == 0 && (code >> 7) != 0) {
564			p = &blackTab2[(code >> 1) - 64];
565			} else {
566			p = &blackTab3[code >> 7];
567			@@ -1725,6 +1766,9 @@ short CCITTFaxStream::getBlackCode() {
568			} else {
569			for (n = 2; n <= 6; ++n) {
570			code = lookBits(n);
571			+ if (code == EOF) {
572			+ return 1;
573			+ }
574			if (n < 6) {
575			code <<= 6 - n;
576			}
577			@@ -1736,6 +1780,9 @@ short CCITTFaxStream::getBlackCode() {
578			}
579			for (n = 7; n <= 12; ++n) {
580			code = lookBits(n);
581			+ if (code == EOF) {
582			+ return 1;
583			+ }
584			if (n < 12) {
585			code <<= 12 - n;
586			}
587			@@ -1749,6 +1796,9 @@ short CCITTFaxStream::getBlackCode() {
588			}
589			for (n = 10; n <= 13; ++n) {
590			code = lookBits(n);
591			+ if (code == EOF) {
592			+ return 1;
593			+ }
594			if (n < 13) {
595			code <<= 13 - n;
596			}
597			@@ -1963,6 +2013,12 @@ void DCTStream::reset() {
598			// allocate a buffer for the whole image
599			bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
600			bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
601			+ if (bufWidth <= 0 \|\| bufHeight <= 0 \|\|
602			+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
603			+ error(getPos(), "Invalid image size in DCT stream");
604			+ y = height;
605			+ return;
606			+ }
607			for (i = 0; i < numComps; ++i) {
608			frameBuf[i] = (int )gmallocn(bufWidth bufHeight, sizeof(int));
609			memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
610			@@ -3038,6 +3094,11 @@ GBool DCTStream::readScanInfo() {
611			}
612			scanInfo.firstCoeff = str->getChar();
613			scanInfo.lastCoeff = str->getChar();
614			+ if (scanInfo.firstCoeff < 0 \|\| scanInfo.lastCoeff > 63 \|\|
615			+ scanInfo.firstCoeff > scanInfo.lastCoeff) {
616			+ error(getPos(), "Bad DCT coefficient numbers in scan info block");
617			+ return gFalse;
618			+ }
619			c = str->getChar();
620			scanInfo.ah = (c >> 4) & 0x0f;
621			scanInfo.al = c & 0x0f;
622			--- kpdf/xpdf/xpdf/Stream.h
623			+++ kpdf/xpdf/xpdf/Stream.h
624			@@ -528,13 +528,15 @@ private:
625			int row; // current row
626			int inputBuf; // input buffer
627			int inputBits; // number of bits in input buffer
628			- short *refLine; // reference line changing elements
629			- int b1; // index into refLine
630			- short *codingLine; // coding line changing elements
631			- int a0; // index into codingLine
632			+ int *codingLine; // coding line changing elements
633			+ int *refLine; // reference line changing elements
634			+ int a0i; // index into codingLine
635			+ GBool err; // error on current line
636			int outputBits; // remaining ouput bits
637			int buf; // character buffer
638
639			+ void addPixels(int a1, int black);
640			+ void addPixelsNeg(int a1, int black);
641			short getTwoDimCode();
642			short getWhiteCode();
643			short getBlackCode();