[poppler] poppler/poppler: Gfx.cc, 1.7, 1.8 GfxFont.cc, 1.7, 1.8 JBIG2Stream.cc, 1.4, 1.5 SplashOutputDev.cc, 1.6, 1.7

Sun Feb 5 23:05:45 PST 2006

On Sun, Feb 05, 2006 at 07:46:13AM -0800, Albert Astals Cid wrote:
> 
> Index: Gfx.cc
> ===================================================================
> RCS file: /cvs/poppler/poppler/poppler/Gfx.cc,v
> retrieving revision 1.7
> retrieving revision 1.8
> diff -u -d -r1.7 -r1.8
> --- Gfx.cc	4 Feb 2006 21:10:41 -0000	1.7
> +++ Gfx.cc	5 Feb 2006 15:46:10 -0000	1.8
> @@ -3526,6 +3526,7 @@
>  	break;
>        }
>        dict.dictAdd(key, &obj);
> +      gfree(key);
>      }
>      parser->getObj(&obj);
>    }

It also looks like we leak the input of dictAdd() in Annot.cc around
line 316.

> 
> Index: GfxFont.cc
> ===================================================================
> RCS file: /cvs/poppler/poppler/poppler/GfxFont.cc,v
> retrieving revision 1.7
> retrieving revision 1.8
> diff -u -d -r1.7 -r1.8
> --- GfxFont.cc	2 Feb 2006 22:50:01 -0000	1.7
> +++ GfxFont.cc	5 Feb 2006 15:46:10 -0000	1.8
> @@ -1534,6 +1534,7 @@
>    int cidlen;
>  
>    *mapsizep = 0;
> +  if (!ctu) return NULL;
>  
>    /* we use only unicode cmap */
>    cmap = -1;

Was this causing a crash? Is there a pdf that causes it?

> 
> Index: JBIG2Stream.cc
> ===================================================================
> RCS file: /cvs/poppler/poppler/poppler/JBIG2Stream.cc,v
> retrieving revision 1.4
> retrieving revision 1.5
> diff -u -d -r1.4 -r1.5
> --- JBIG2Stream.cc	11 Jan 2006 16:52:58 -0000	1.4
> +++ JBIG2Stream.cc	5 Feb 2006 15:46:10 -0000	1.5
> @@ -2325,7 +2325,7 @@
>      error(getPos(), "Bad size in JBIG2 halftone segment");
>      return;
>    }
> -  if (w == 0 || h >= INT_MAX / w) {
> +  if (h < 0 || w == 0 || h >= INT_MAX / w) {

h is unsigned. The added comparison doesn't do anything.

-Jeff