Project import/jbig2dec - Diff 1b76bd4d35...4d3c3129c5

... ... --- a/.abf.yml
... ... +++ b/.abf.yml
... ... @@ -1,4 +1,5 @@
1 1
removed_sources:
2 2
  jbig2dec-0.11.tar.gz: 349cd765616db7aac1f4dd1d45957d1da65ea925
3
sources:
4 3
  jbig2dec-0.13.tar.gz: d7b07ef308e95dc44a83f2193ca4f445630e6355
4
sources:
5
  jbig2dec-0.14.tar.gz: c4c834962d1357f9aaacecd7fca8236326e45975
view file @ 1b76bd4d35
... ... --- a/020160518~1369359.patch
... ... +++ /dev/null
... ... @@ -1,22 +0,0 @@
0
Description: Prevent checking too early for buffer overrun
1
 The code has reached near the end of the buffer so you can not just
2
 take the last 4 bytes, in this case you have to read any remaining
3
 bytes and make a return value based on that, in this edge case you have
4
 no bytes to read so the return value is zero.
5
Origin: git://git.ghostscript.com/jbig2dec.git;a=commit;h=1369359
6
Author: Mistry <smistry@trl.co.uk>
7
Bug: http://bugs.ghostscript.com/show_bug.cgi?id=696786
8
Forwarded: yes
9
Last-Update: 2016-08-23
10
11
--- a/jbig2.c
12
+++ b/jbig2.c
13
@@ -387,7 +387,7 @@
14
 
15
     if (offset + 4 < z->size)
16
         result = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3];
17
-    else if (offset >= z->size)
18
+    else if (offset > z->size)
19
         return -1;
20
     else {
21
         int i;
view file @ 1b76bd4d35
... ... --- a/020161212~e698d5c.patch
... ... +++ /dev/null
... ... @@ -1,848 +0,0 @@
0
Description: Squash signed/unsigned warnings in MSVC jbig2 build
1
 Also rename "new" to "new_dict", because "new" is a bad variable name.
2
Origin: git://git.ghostscript.com/jbig2dec.git;a=commit;h=e698d5c
3
Author: Robin Watts <robin.watts@artifex.com>
4
Bug: http://bugs.ghostscript.com/show_bug.cgi?id=697457
5
Bug-Debian: https://bugss.debian.org/850497
6
Forwarded: yes
7
Last-Update: 2017-01-23
8
9
--- a/jbig2.c
10
+++ b/jbig2.c
11
@@ -379,7 +379,7 @@
12
 } Jbig2WordStreamBuf;
13
 
14
 static int
15
-jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word)
16
+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word)
17
 {
18
     Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
19
     const byte *data = z->data;
20
@@ -390,7 +390,7 @@
21
     else if (offset > z->size)
22
         return -1;
23
     else {
24
-        int i;
25
+        size_t i;
26
 
27
         result = 0;
28
         for (i = 0; i < z->size - offset; i++)
29
--- a/jbig2.h
30
+++ b/jbig2.h
31
@@ -56,17 +56,19 @@
32
 */
33
 
34
 struct _Jbig2Image {
35
-    int width, height, stride;
36
+    uint32_t width;
37
+    uint32_t height;
38
+    uint32_t stride;
39
     uint8_t *data;
40
     int refcount;
41
 };
42
 
43
-Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height);
44
+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height);
45
 Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image);
46
 void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image);
47
 void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image);
48
 void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value);
49
-Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height);
50
+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height);
51
 
52
 /* errors are returned from the library via a callback. If no callback
53
    is provided (a NULL argument is passed ot jbig2_ctx_new) a default
54
--- a/jbig2_generic.c
55
+++ b/jbig2_generic.c
56
@@ -718,7 +718,7 @@
57
     byte seg_flags;
58
     int8_t gbat[8];
59
     int offset;
60
-    int gbat_bytes = 0;
61
+    uint32_t gbat_bytes = 0;
62
     Jbig2GenericRegionParams params;
63
     int code = 0;
64
     Jbig2Image *image = NULL;
65
--- a/jbig2_halftone.c
66
+++ b/jbig2_halftone.c
67
@@ -257,8 +257,8 @@
68
 {
69
     uint8_t **GSVALS = NULL;
70
     size_t consumed_bytes = 0;
71
-    int i, j, code, stride;
72
-    int x, y;
73
+    uint32_t i, j, stride, x, y;
74
+    int code;
75
     Jbig2Image **GSPLANES;
76
     Jbig2GenericRegionParams rparams;
77
     Jbig2WordStream *ws = NULL;
78
@@ -276,9 +276,8 @@
79
         if (GSPLANES[i] == NULL) {
80
             jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH);
81
             /* free already allocated */
82
-            for (j = i - 1; j >= 0; --j) {
83
-                jbig2_image_release(ctx, GSPLANES[j]);
84
-            }
85
+            for (j = i; j > 0;)
86
+                jbig2_image_release(ctx, GSPLANES[--j]);
87
             jbig2_free(ctx->allocator, GSPLANES);
88
             return NULL;
89
         }
90
@@ -323,9 +322,10 @@
91
     }
92
 
93
     /* C.5 step 2. Set j = GSBPP-2 */
94
-    j = GSBPP - 2;
95
+    j = GSBPP - 1;
96
     /* C.5 step 3. decode loop */
97
-    while (j >= 0) {
98
+    while (j > 0) {
99
+        j--;
100
         /*  C.5 step 3. (a) */
101
         if (GSMMR) {
102
             code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes);
103
@@ -345,7 +345,6 @@
104
             GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i];
105
 
106
         /*  C.5 step 3. (c) */
107
-        --j;
108
     }
109
 
110
     /* allocate GSVALS */
111
@@ -359,9 +358,8 @@
112
         if (GSVALS[i] == NULL) {
113
             jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW);
114
             /* free already allocated */
115
-            for (j = i - 1; j >= 0; --j) {
116
-                jbig2_free(ctx->allocator, GSVALS[j]);
117
-            }
118
+            for (j = i; j > 0;)
119
+                jbig2_free(ctx->allocator, GSVALS[--j]);
120
             jbig2_free(ctx->allocator, GSVALS);
121
             GSVALS = NULL;
122
             goto cleanup;
123
@@ -450,7 +448,7 @@
124
     uint8_t **GI;
125
     Jbig2Image *HSKIP = NULL;
126
     Jbig2PatternDict *HPATS;
127
-    int i;
128
+    uint32_t i;
129
     uint32_t mg, ng;
130
     int32_t x, y;
131
     uint8_t gray_val;
132
@@ -476,7 +474,7 @@
133
 
134
     /* calculate ceil(log2(HNUMPATS)) */
135
     HBPP = 0;
136
-    while (HNUMPATS > (1 << ++HBPP));
137
+    while (HNUMPATS > (1U << ++HBPP));
138
 
139
     /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */
140
     GI = jbig2_decode_gray_scale_image(ctx, segment, data, size,
141
--- a/jbig2_huffman.c
142
+++ b/jbig2_huffman.c
143
@@ -47,16 +47,16 @@
144
        is (offset + 4) * 8. */
145
     uint32_t this_word;
146
     uint32_t next_word;
147
-    int offset_bits;
148
-    int offset;
149
-    int offset_limit;
150
+    uint32_t offset_bits;
151
+    uint32_t offset;
152
+    uint32_t offset_limit;
153
 
154
     Jbig2WordStream *ws;
155
     Jbig2Ctx *ctx;
156
 };
157
 
158
 static uint32_t
159
-huff_get_next_word(Jbig2HuffmanState *hs, int offset)
160
+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset)
161
 {
162
     uint32_t word = 0;
163
     Jbig2WordStream *ws = hs->ws;
164
@@ -213,7 +213,7 @@
165
 /* return the offset of the huffman decode pointer (in bytes)
166
  * from the beginning of the WordStream
167
  */
168
-int
169
+uint32_t
170
 jbig2_huffman_offset(Jbig2HuffmanState *hs)
171
 {
172
     return hs->offset + (hs->offset_bits >> 3);
173
--- a/jbig2_huffman.h
174
+++ b/jbig2_huffman.h
175
@@ -64,7 +64,7 @@
176
 
177
 void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset);
178
 
179
-int jbig2_huffman_offset(Jbig2HuffmanState *hs);
180
+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs);
181
 
182
 int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob);
183
 
184
--- a/jbig2_image.c
185
+++ b/jbig2_image.c
186
@@ -32,10 +32,10 @@
187
 
188
 /* allocate a Jbig2Image structure and its associated bitmap */
189
 Jbig2Image *
190
-jbig2_image_new(Jbig2Ctx *ctx, int width, int height)
191
+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
192
 {
193
     Jbig2Image *image;
194
-    int stride;
195
+    uint32_t stride;
196
     int64_t check;
197
 
198
     image = jbig2_new(ctx, Jbig2Image, 1);
199
@@ -99,7 +99,7 @@
200
 
201
 /* resize a Jbig2Image */
202
 Jbig2Image *
203
-jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
204
+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height)
205
 {
206
     if (width == image->width) {
207
         /* check for integer multiplication overflow */
208
@@ -133,11 +133,11 @@
209
 static int
210
 jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
211
 {
212
-    int i, j;
213
-    int sw = src->width;
214
-    int sh = src->height;
215
-    int sx = 0;
216
-    int sy = 0;
217
+    uint32_t i, j;
218
+    uint32_t sw = src->width;
219
+    uint32_t sh = src->height;
220
+    uint32_t sx = 0;
221
+    uint32_t sy = 0;
222
 
223
     /* clip to the dst image boundaries */
224
     if (x < 0) {
225
@@ -200,10 +200,10 @@
226
 int
227
 jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
228
 {
229
-    int i, j;
230
-    int w, h;
231
-    int leftbyte, rightbyte;
232
-    int shift;
233
+    uint32_t i, j;
234
+    uint32_t w, h;
235
+    uint32_t leftbyte, rightbyte;
236
+    uint32_t shift;
237
     uint8_t *s, *ss;
238
     uint8_t *d, *dd;
239
     uint8_t mask, rightmask;
240
@@ -226,8 +226,8 @@
241
         h += y;
242
         y = 0;
243
     }
244
-    w = (x + w < dst->width) ? w : dst->width - x;
245
-    h = (y + h < dst->height) ? h : dst->height - y;
246
+    w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);
247
+    h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0);
248
 #ifdef JBIG2_DEBUG
249
     jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y);
250
 #endif
251
@@ -249,8 +249,8 @@
252
     }
253
 #endif
254
 
255
-    leftbyte = x >> 3;
256
-    rightbyte = (x + w - 1) >> 3;
257
+    leftbyte = (uint32_t)x >> 3;
258
+    rightbyte = ((uint32_t)x + w - 1) >> 3;
259
     shift = x & 7;
260
 
261
     /* general OR case */
262
--- a/jbig2_mmr.c
263
+++ b/jbig2_mmr.c
264
@@ -38,19 +38,21 @@
265
 #include "jbig2_mmr.h"
266
 
267
 typedef struct {
268
-    int width;
269
-    int height;
270
+    uint32_t width;
271
+    uint32_t height;
272
     const byte *data;
273
     size_t size;
274
-    int data_index;
275
-    int bit_index;
276
+    uint32_t data_index;
277
+    uint32_t bit_index;
278
     uint32_t word;
279
 } Jbig2MmrCtx;
280
 
281
+#define MINUS1 ((uint32_t)-1)
282
+
283
 static void
284
 jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size)
285
 {
286
-    int i;
287
+    size_t i;
288
     uint32_t word = 0;
289
 
290
     mmr->width = width;
291
@@ -732,14 +734,14 @@
292
 #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
293
 
294
 static int
295
-jbig2_find_changing_element(const byte *line, int x, int w)
296
+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
297
 {
298
     int a, b;
299
 
300
     if (line == 0)
301
-        return w;
302
+        return (int)w;
303
 
304
-    if (x == -1) {
305
+    if (x == MINUS1) {
306
         a = 0;
307
         x = 0;
308
     } else {
309
@@ -758,7 +760,7 @@
310
 }
311
 
312
 static int
313
-jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color)
314
+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
315
 {
316
     if (line == 0)
317
         return w;
318
@@ -772,9 +774,9 @@
319
 static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
320
 
321
 static void
322
-jbig2_set_bits(byte *line, int x0, int x1)
323
+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1)
324
 {
325
-    int a0, a1, b0, b1, a;
326
+    uint32_t a0, a1, b0, b1, a;
327
 
328
     a0 = x0 >> 3;
329
     a1 = x1 >> 3;
330
@@ -831,8 +833,8 @@
331
 static int
332
 jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
333
 {
334
-    int a0 = -1;
335
-    int a1, a2, b1, b2;
336
+    uint32_t a0 = MINUS1;
337
+    uint32_t a1, a2, b1, b2;
338
     int c = 0;                  /* 0 is white, black is 1 */
339
 
340
     while (1) {
341
@@ -840,7 +842,7 @@
342
 
343
         /* printf ("%08x\n", word); */
344
 
345
-        if (a0 >= mmr->width)
346
+        if (a0 != MINUS1 && a0 >= mmr->width)
347
             break;
348
 
349
         if ((word >> (32 - 3)) == 1) {
350
@@ -848,7 +850,7 @@
351
 
352
             jbig2_decode_mmr_consume(mmr, 3);
353
 
354
-            if (a0 == -1)
355
+            if (a0 == MINUS1)
356
                 a0 = 0;
357
 
358
             if (c == 0) {
359
@@ -860,7 +862,7 @@
360
                     a1 = mmr->width;
361
                 if (a2 > mmr->width)
362
                     a2 = mmr->width;
363
-                if (a2 < a1 || a1 < 0)
364
+                if (a1 == MINUS1 || a2 < a1)
365
                     return -1;
366
                 jbig2_set_bits(dst, a1, a2);
367
                 a0 = a2;
368
@@ -874,7 +876,7 @@
369
                     a1 = mmr->width;
370
                 if (a2 > mmr->width)
371
                     a2 = mmr->width;
372
-                if (a1 < a0 || a0 < 0)
373
+                if (a0 == MINUS1 || a1 < a0)
374
                     return -1;
375
                 jbig2_set_bits(dst, a0, a1);
376
                 a0 = a2;
377
@@ -888,7 +890,7 @@
378
             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
379
             b2 = jbig2_find_changing_element(ref, b1, mmr->width);
380
             if (c) {
381
-                if (b2 < a0 || a0 < 0)
382
+                if (a0 == MINUS1 || b2 < a0)
383
                     return -1;
384
                 jbig2_set_bits(dst, a0, b2);
385
             }
386
@@ -900,7 +902,7 @@
387
             jbig2_decode_mmr_consume(mmr, 1);
388
             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
389
             if (c) {
390
-                if (b1 < a0 || a0 < 0)
391
+                if (a0 == MINUS1 || b1 < a0)
392
                     return -1;
393
                 jbig2_set_bits(dst, a0, b1);
394
             }
395
@@ -915,7 +917,7 @@
396
             if (b1 + 1 > mmr->width)
397
                 break;
398
             if (c) {
399
-                if (b1 + 1 < a0 || a0 < 0)
400
+                if (a0 == MINUS1 || b1 + 1 < a0)
401
                     return -1;
402
                 jbig2_set_bits(dst, a0, b1 + 1);
403
             }
404
@@ -930,7 +932,7 @@
405
             if (b1 + 2 > mmr->width)
406
                 break;
407
             if (c) {
408
-                if (b1 + 2 < a0 || a0 < 0)
409
+                if (a0 == MINUS1 || b1 + 2 < a0)
410
                     return -1;
411
                 jbig2_set_bits(dst, a0, b1 + 2);
412
             }
413
@@ -942,10 +944,10 @@
414
             /* printf ("VR(3)\n"); */
415
             jbig2_decode_mmr_consume(mmr, 7);
416
             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
417
-            if (b1 + 3 > mmr->width)
418
+            if (b1 + 3 > (int)mmr->width)
419
                 break;
420
             if (c) {
421
-                if (b1 + 3 < a0 || a0 < 0)
422
+                if (a0 == MINUS1 || b1 + 3 < a0)
423
                     return -1;
424
                 jbig2_set_bits(dst, a0, b1 + 3);
425
             }
426
@@ -957,10 +959,10 @@
427
             /* printf ("VL(1)\n"); */
428
             jbig2_decode_mmr_consume(mmr, 3);
429
             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
430
-            if (b1 - 1 < 0)
431
+            if (b1 < 1)
432
                 break;
433
             if (c) {
434
-                if (b1 - 1 < a0 || a0 < 0)
435
+                if (a0 == MINUS1 || b1 - 1 < a0)
436
                     return -1;
437
                 jbig2_set_bits(dst, a0, b1 - 1);
438
             }
439
@@ -972,7 +974,7 @@
440
             /* printf ("VL(2)\n"); */
441
             jbig2_decode_mmr_consume(mmr, 6);
442
             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
443
-            if (b1 - 2 < 0)
444
+            if (b1 < 2)
445
                 break;
446
             if (c) {
447
                 if (b1 - 2 < a0 || a0 < 0)
448
@@ -987,10 +989,10 @@
449
             /* printf ("VL(3)\n"); */
450
             jbig2_decode_mmr_consume(mmr, 7);
451
             b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
452
-            if (b1 - 3 < 0)
453
+            if (b1 < 3)
454
                 break;
455
             if (c) {
456
-                if (b1 - 3 < a0 || a0 < 0)
457
+                if (a0 == MINUS1 || b1 - 3 < a0)
458
                     return -1;
459
                 jbig2_set_bits(dst, a0, b1 - 3);
460
             }
461
@@ -1009,10 +1011,10 @@
462
 jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image)
463
 {
464
     Jbig2MmrCtx mmr;
465
-    const int rowstride = image->stride;
466
+    const uint32_t rowstride = image->stride;
467
     byte *dst = image->data;
468
     byte *ref = NULL;
469
-    int y;
470
+    uint32_t y;
471
     int code = 0;
472
 
473
     jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size);
474
@@ -1047,10 +1049,10 @@
475
 jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes)
476
 {
477
     Jbig2MmrCtx mmr;
478
-    const int rowstride = image->stride;
479
+    const uint32_t rowstride = image->stride;
480
     byte *dst = image->data;
481
     byte *ref = NULL;
482
-    int y;
483
+    uint32_t y;
484
     int code = 0;
485
     const uint32_t EOFB = 0x001001;
486
 
487
--- a/jbig2_page.c
488
+++ b/jbig2_page.c
489
@@ -155,9 +155,9 @@
490
 jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data)
491
 {
492
     Jbig2Page page = ctx->pages[ctx->current_page];
493
-    int end_row;
494
+    uint32_t end_row;
495
 
496
-    end_row = jbig2_get_int32(segment_data);
497
+    end_row = jbig2_get_uint32(segment_data);
498
     if (end_row < page.end_row) {
499
         jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
500
                     "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row);
501
@@ -248,7 +248,7 @@
502
 
503
     /* grow the page to accomodate a new stripe if necessary */
504
     if (page->striped) {
505
-        int new_height = y + image->height + page->end_row;
506
+        uint32_t new_height = y + image->height + page->end_row;
507
 
508
         if (page->image->height < new_height) {
509
             jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height);
510
--- a/jbig2_priv.h
511
+++ b/jbig2_priv.h
512
@@ -132,7 +132,7 @@
513
     uint32_t x_resolution, y_resolution;        /* in pixels per meter */
514
     uint16_t stripe_size;
515
     bool striped;
516
-    int end_row;
517
+    uint32_t end_row;
518
     uint8_t flags;
519
     Jbig2Image *image;
520
 };
521
@@ -182,7 +182,7 @@
522
 typedef struct _Jbig2WordStream Jbig2WordStream;
523
 
524
 struct _Jbig2WordStream {
525
-    int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word);
526
+    int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word);
527
 };
528
 
529
 Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size);
530
--- a/jbig2_segment.c
531
+++ b/jbig2_segment.c
532
@@ -39,10 +39,10 @@
533
     uint8_t rtscarf;
534
     uint32_t rtscarf_long;
535
     uint32_t *referred_to_segments;
536
-    int referred_to_segment_count;
537
-    int referred_to_segment_size;
538
-    int pa_size;
539
-    int offset;
540
+    uint32_t referred_to_segment_count;
541
+    uint32_t referred_to_segment_size;
542
+    uint32_t pa_size;
543
+    uint32_t offset;
544
 
545
     /* minimum possible size of a jbig2 segment header */
546
     if (buf_size < 11)
547
@@ -83,7 +83,7 @@
548
 
549
     /* 7.2.5 */
550
     if (referred_to_segment_count) {
551
-        int i;
552
+        uint32_t i;
553
 
554
         referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size);
555
         if (referred_to_segments == NULL) {
556
--- a/jbig2_symbol_dict.c
557
+++ b/jbig2_symbol_dict.c
558
@@ -88,40 +88,40 @@
559
 
560
 /* return a new empty symbol dict */
561
 Jbig2SymbolDict *
562
-jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols)
563
+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
564
 {
565
-    Jbig2SymbolDict *new = NULL;
566
+    Jbig2SymbolDict *new_dict = NULL;
567
 
568
     if (n_symbols < 0) {
569
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
570
         return NULL;
571
     }
572
 
573
-    new = jbig2_new(ctx, Jbig2SymbolDict, 1);
574
-    if (new != NULL) {
575
-        new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
576
-        new->n_symbols = n_symbols;
577
+    new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
578
+    if (new_dict != NULL) {
579
+        new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
580
+        new_dict->n_symbols = n_symbols;
581
     } else {
582
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict");
583
         return NULL;
584
     }
585
 
586
-    if (new->glyphs != NULL) {
587
-        memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
588
+    if (new_dict->glyphs != NULL) {
589
+        memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
590
     } else {
591
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict");
592
-        jbig2_free(ctx->allocator, new);
593
+        jbig2_free(ctx->allocator, new_dict);
594
         return NULL;
595
     }
596
 
597
-    return new;
598
+    return new_dict;
599
 }
600
 
601
 /* release the memory associated with a symbol dict */
602
 void
603
 jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict)
604
 {
605
-    int i;
606
+    uint32_t i;
607
 
608
     if (dict == NULL)
609
         return;
610
@@ -142,12 +142,12 @@
611
 }
612
 
613
 /* count the number of dictionary segments referred to by the given segment */
614
-int
615
+uint32_t
616
 jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
617
 {
618
     int index;
619
     Jbig2Segment *rsegment;
620
-    int n_dicts = 0;
621
+    uint32_t n_dicts = 0;
622
 
623
     for (index = 0; index < segment->referred_to_segment_count; index++) {
624
         rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]);
625
@@ -166,8 +166,8 @@
626
     int index;
627
     Jbig2Segment *rsegment;
628
     Jbig2SymbolDict **dicts;
629
-    int n_dicts = jbig2_sd_count_referred(ctx, segment);
630
-    int dindex = 0;
631
+    uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
632
+    uint32_t dindex = 0;
633
 
634
     dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts);
635
     if (dicts == NULL) {
636
@@ -195,10 +195,10 @@
637
 /* generate a new symbol dictionary by concatenating a list of
638
    existing dictionaries */
639
 Jbig2SymbolDict *
640
-jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
641
+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts)
642
 {
643
-    int i, j, k, symbols;
644
-    Jbig2SymbolDict *new = NULL;
645
+    uint32_t i, j, k, symbols;
646
+    Jbig2SymbolDict *new_dict = NULL;
647
 
648
     /* count the imported symbols and allocate a new array */
649
     symbols = 0;
650
@@ -206,17 +206,17 @@
651
         symbols += dicts[i]->n_symbols;
652
 
653
     /* fill a new array with cloned glyph pointers */
654
-    new = jbig2_sd_new(ctx, symbols);
655
-    if (new != NULL) {
656
+    new_dict = jbig2_sd_new(ctx, symbols);
657
+    if (new_dict != NULL) {
658
         k = 0;
659
         for (i = 0; i < n_dicts; i++)
660
             for (j = 0; j < dicts[i]->n_symbols; j++)
661
-                new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
662
+                new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
663
     } else {
664
         jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary");
665
     }
666
 
667
-    return new;
668
+    return new_dict;
669
 }
670
 
671
 /* Decoding routines */
672
@@ -431,7 +431,7 @@
673
 
674
                     if (REFAGGNINST > 1) {
675
                         Jbig2Image *image;
676
-                        int i;
677
+                        uint32_t i;
678
 
679
                         if (tparams == NULL) {
680
                             /* First time through, we need to initialise the */
681
@@ -512,7 +512,7 @@
682
                         uint32_t ID;
683
                         int32_t RDX, RDY;
684
                         int BMSIZE = 0;
685
-                        int ninsyms = params->SDNUMINSYMS;
686
+                        uint32_t ninsyms = params->SDNUMINSYMS;
687
                         int code1 = 0;
688
                         int code2 = 0;
689
                         int code3 = 0;
690
@@ -609,8 +609,9 @@
691
         if (params->SDHUFF && !params->SDREFAGG) {
692
             /* 6.5.9 */
693
             Jbig2Image *image;
694
-            int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
695
-            int j, x;
696
+            uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
697
+            uint32_t j;
698
+            int x;
699
 
700
             if (code || (BMSIZE < 0)) {
701
                 jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
702
@@ -700,22 +701,22 @@
703
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary");
704
         goto cleanup4;
705
     } else {
706
-        int i = 0;
707
-        int j = 0;
708
-        int k;
709
+        uint32_t i = 0;
710
+        uint32_t j = 0;
711
+        uint32_t k;
712
         int exflag = 0;
713
-        int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
714
-        int32_t exrunlength;
715
+        uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
716
+        uint32_t exrunlength;
717
         int zerolength = 0;
718
 
719
         while (i < limit) {
720
             if (params->SDHUFF)
721
                 exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code);
722
             else
723
-                code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
724
+                code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
725
             /* prevent infinite loop */
726
             zerolength = exrunlength > 0 ? 0 : zerolength + 1;
727
-            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) {
728
+            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
729
                 if (code)
730
                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
731
                 else if (exrunlength <= 0)
732
@@ -797,8 +798,8 @@
733
 {
734
     Jbig2SymbolDictParams params;
735
     uint16_t flags;
736
-    int sdat_bytes;
737
-    int offset;
738
+    uint32_t sdat_bytes;
739
+    uint32_t offset;
740
     Jbig2ArithCx *GB_stats = NULL;
741
     Jbig2ArithCx *GR_stats = NULL;
742
     int table_index = 0;
743
@@ -951,7 +952,7 @@
744
 
745
     /* 7.4.2.2 (2) */
746
     {
747
-        int n_dicts = jbig2_sd_count_referred(ctx, segment);
748
+        uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
749
         Jbig2SymbolDict **dicts = NULL;
750
 
751
         if (n_dicts > 0) {
752
--- a/jbig2_symbol_dict.h
753
+++ b/jbig2_symbol_dict.h
754
@@ -32,18 +32,18 @@
755
 Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id);
756
 
757
 /* return a new empty symbol dict */
758
-Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols);
759
+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols);
760
 
761
 /* release the memory associated with a symbol dict */
762
 void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict);
763
 
764
 /* generate a new symbol dictionary by concatenating a list of
765
    existing dictionaries */
766
-Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts);
767
+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts);
768
 
769
 /* count the number of dictionary segments referred
770
    to by the given segment */
771
-int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
772
+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
773
 
774
 /* return an array of pointers to symbol dictionaries referred
775
    to by a segment */
776
--- a/jbig2_text.c
777
+++ b/jbig2_text.c
778
@@ -55,7 +55,7 @@
779
 int
780
 jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
781
                          const Jbig2TextRegionParams *params,
782
-                         const Jbig2SymbolDict *const *dicts, const int n_dicts,
783
+                         const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
784
                          Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws)
785
 {
786
     /* relevent bits of 6.4.4 */
787
@@ -476,19 +476,19 @@
788
 int
789
 jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data)
790
 {
791
-    int offset = 0;
792
+    uint32_t offset = 0;
793
     Jbig2RegionSegmentInfo region_info;
794
     Jbig2TextRegionParams params;
795
     Jbig2Image *image = NULL;
796
     Jbig2SymbolDict **dicts = NULL;
797
-    int n_dicts = 0;
798
+    uint32_t n_dicts = 0;
799
     uint16_t flags = 0;
800
     uint16_t huffman_flags = 0;
801
     Jbig2ArithCx *GR_stats = NULL;
802
     int code = 0;
803
     Jbig2WordStream *ws = NULL;
804
     Jbig2ArithState *as = NULL;
805
-    int table_index = 0;
806
+    uint32_t table_index = 0;
807
     const Jbig2HuffmanParams *huffman_params = NULL;
808
 
809
     /* 7.4.1 */
810
@@ -779,7 +779,7 @@
811
         code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?");
812
         goto cleanup1;
813
     } else {
814
-        int index;
815
+        uint32_t index;
816
 
817
         if (dicts[0] == NULL) {
818
             code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!");
819
@@ -823,8 +823,8 @@
820
     }
821
 
822
     if (!params.SBHUFF) {
823
-        int SBSYMCODELEN, index;
824
-        int SBNUMSYMS = 0;
825
+        uint32_t SBSYMCODELEN, index;
826
+        uint32_t SBNUMSYMS = 0;
827
 
828
         for (index = 0; index < n_dicts; index++) {
829
             SBNUMSYMS += dicts[index]->n_symbols;
830
@@ -840,7 +840,7 @@
831
         }
832
 
833
         /* Table 31 */
834
-        for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
835
+        for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
836
         }
837
         params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
838
         params.IARI = jbig2_arith_int_ctx_new(ctx);
839
--- a/jbig2_text.h
840
+++ b/jbig2_text.h
841
@@ -70,5 +70,5 @@
842
 int
843
 jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
844
                          const Jbig2TextRegionParams *params,
845
-                         const Jbig2SymbolDict *const *dicts, const int n_dicts,
846
+                         const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
847
                          Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws);
view file @ 1b76bd4d35
... ... --- a/020161214~9d2c4f3.patch
... ... +++ /dev/null
... ... @@ -1,60 +0,0 @@
0
Description: Fix warnings: remove unsigned < 0 tests that are always false
1
Origin: git://git.ghostscript.com/jbig2dec.git;a=commit;h=9d2c4f3
2
Author: Tor Andersson <tor.andersson@artifex.com>
3
Forwarded: yes
4
Last-Update: 2017-01-23
5
6
--- a/jbig2_image.c
7
+++ b/jbig2_image.c
8
@@ -256,7 +256,7 @@
9
     /* general OR case */
10
     s = ss;
11
     d = dd = dst->data + y * dst->stride + leftbyte;
12
-    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
13
+    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
14
         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
15
     }
16
     if (leftbyte == rightbyte) {
17
--- a/jbig2_mmr.c
18
+++ b/jbig2_mmr.c
19
@@ -977,7 +977,7 @@
20
             if (b1 < 2)
21
                 break;
22
             if (c) {
23
-                if (b1 - 2 < a0 || a0 < 0)
24
+                if (a0 == MINUS1 || b1 - 2 < a0)
25
                     return -1;
26
                 jbig2_set_bits(dst, a0, b1 - 2);
27
             }
28
--- a/jbig2_symbol_dict.c
29
+++ b/jbig2_symbol_dict.c
30
@@ -92,11 +92,6 @@
31
 {
32
     Jbig2SymbolDict *new_dict = NULL;
33
 
34
-    if (n_symbols < 0) {
35
-        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
36
-        return NULL;
37
-    }
38
-
39
     new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
40
     if (new_dict != NULL) {
41
         new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
42
@@ -613,7 +608,7 @@
43
             uint32_t j;
44
             int x;
45
 
46
-            if (code || (BMSIZE < 0)) {
47
+            if (code) {
48
                 jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
49
                 goto cleanup4;
50
             }
51
@@ -716,7 +711,7 @@
52
                 code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
53
             /* prevent infinite loop */
54
             zerolength = exrunlength > 0 ? 0 : zerolength + 1;
55
-            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
56
+            if (code || (exrunlength > limit - i) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
57
                 if (code)
58
                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
59
                 else if (exrunlength <= 0)
view file @ 1b76bd4d35
... ... --- a/jbig2dec-0.10-jbig2dec-nullderef.diff
... ... +++ /dev/null
... ... @@ -1,43 +0,0 @@
0
--- jbig2_symbol_dict.c	2009-07-16 06:44:49.000000000 +0200
1
+++ jbig2_symbol_dict.c.oden	2011-01-02 17:36:54.918410199 +0100
2
@@ -367,6 +367,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
3
 		  memcpy(region_params.gbat, params->sdat, sdat_bytes);
4
 
5
 		  image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
6
+		  if (image == NULL) {
7
+		      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
8
+				  "failed to allocate image storage");
9
+		      return NULL;
10
+		  }
11
 
12
 		  code = jbig2_decode_generic_region(ctx, segment, &region_params,
13
 						     as, image, GB_stats);
14
@@ -517,6 +522,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
15
 			ID, RDX, RDY);
16
 
17
 		      image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
18
+		      if (image == NULL) {
19
+			  jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
20
+				      "failed to allocate image storage");
21
+			  return NULL;
22
+		      }
23
 
24
 		      /* Table 18 */
25
 		      rparams.GRTEMPLATE = params->SDRTEMPLATE;
26
@@ -635,6 +645,16 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
27
 	for (j = HCFIRSTSYM; j < NSYMSDECODED; j++) {
28
 	  Jbig2Image *glyph;
29
 	  glyph = jbig2_image_new(ctx, SDNEWSYMWIDTHS[j], HCHEIGHT);
30
+	  if (glyph == NULL) {
31
+	      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
32
+			  "error allocating image storage for glyph");
33
+	      while (--j >= HCFIRSTSYM) {
34
+		  jbig2_image_release(ctx, SDNEWSYMS->glyphs[j]);
35
+		  SDNEWSYMS->glyphs[j] = NULL;
36
+	      }
37
+	      jbig2_image_release(ctx, image);
38
+	      return NULL;
39
+	  }
40
 	  jbig2_image_compose(ctx, glyph, image,
41
 		-x, 0, JBIG2_COMPOSE_REPLACE);
42
 	  x += SDNEWSYMWIDTHS[j];
... ... --- a/jbig2dec.spec
... ... +++ b/jbig2dec.spec
... ... @@ -4,16 +4,13 @@
4 4
5 5
Summary:	A decoder implementation of the JBIG2 image compression format
6 6
Name:		jbig2dec
7
Version:	0.13
7
Version:	0.14
8 8
Release:	1
9 9
License:	GPLv2+
10 10
Group:		Graphics
11 11
Url:		http://jbig2dec.sourceforge.net/
12 12
Source0:	http://ghostscript.com/~giles/jbig2/jbig2dec/%{name}-%{version}.tar.gz
13 13
Patch2:		jbig2dec-0.11-automake-1.13.patch
14
Patch3:		020160518~1369359.patch
15
Patch4:		020161212~e698d5c.patch
16
Patch5:		020161214~9d2c4f3.patch
17 14
Patch6:		1001_ignore_python_test.patch
18 15
Patch8:		2001_disable_memento.patch
19 16
BuildRequires:	autoconf