blob: aa79feb8716ef5fdc8f994fa81188608869ba6ad (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Index: kpdf/xpdf/Catalog.cc
===================================================================
RCS file: /home/kde/kdegraphics/kpdf/xpdf/Catalog.cc,v
retrieving revision 1.3.4.1
diff -u -5 -d -p -r1.3.4.1 Catalog.cc
--- kpdf/xpdf/Catalog.cc 2 Sep 2004 21:30:18 -0000 1.3.4.1
+++ kpdf/xpdf/Catalog.cc 12 Oct 2004 21:15:38 -0000
@@ -62,10 +62,19 @@ Catalog::Catalog(XRef *xrefA) {
obj.getTypeName());
goto err3;
}
pagesSize = numPages0 = (int)obj.getNum();
obj.free();
+ // The gcc doesnt optimize this away, so this check is ok,
+ // even if it looks like a pagesSize != pagesSize check
+ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
+ error(-1, "Invalid 'pagesSize'");
+ ok = gFalse;
+ return;
+ }
+
pages = (Page **)gmalloc(pagesSize * sizeof(Page *));
pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref));
for (i = 0; i < pagesSize; ++i) {
pages[i] = NULL;
pageRefs[i].num = -1;
@@ -189,10 +198,14 @@ int Catalog::readPageTree(Dict *pagesDic
++start;
goto err3;
}
if (start >= pagesSize) {
pagesSize += 32;
+ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize) {
+ error(-1, "Invalid 'pagesSize' parameter.");
+ goto err3;
+ }
pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *));
pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref));
for (j = pagesSize - 32; j < pagesSize; ++j) {
pages[j] = NULL;
pageRefs[j].num = -1;
|
