[poppler] poppler/XRef.cc

Krzysztof Kowalczyk kjk at kemper.freedesktop.org
Tue Sep 25 11:14:28 PDT 2007 

 poppler/XRef.cc |   25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

New commits:
diff-tree c36d8afc984795aca0a12a94ec7668092067db82 (from ff25e83abae1ca17e2e7dd6f20946026fca69fff)
Author: Krzysztof Kowalczyk <kkowalczyk at gmail.com>
Date:   Tue Sep 25 00:32:29 2007 -0700

    Revert "replace extremely confusing 'a*(int)sizeof(foo)/sizeof(foo) != a' which, due to type promotions, if a is int, is equivalent to a < 0; fix problems revealed by the change"
    
    This reverts commit 08bf7c1151d594d4c7d253a2c89f4f3a088ad8ec.

diff --git a/poppler/XRef.cc b/poppler/XRef.cc
index 14b3ad5..b84e198 100644
--- a/poppler/XRef.cc
+++ b/poppler/XRef.cc
@@ -12,7 +12,6 @@
 #pragma implementation
 #endif
 
-#include <assert.h>
 #include <stdlib.h>
 #include <stddef.h>
 #include <string.h>
@@ -111,6 +110,11 @@ ObjectStream::ObjectStream(XRef *xref, i
     goto err1;
   }
 
+  if (nObjects*(int)sizeof(int)/sizeof(int) != nObjects) {
+    error(-1, "Invalid 'nObjects'");
+    goto err1;
+  }
+ 
   objs = new Object[nObjects];
   objNums = (int *)gmallocn(nObjects, sizeof(int));
   offsets = (int *)gmallocn(nObjects, sizeof(int));
@@ -396,9 +400,12 @@ GBool XRef::readXRefTable(Parser *parser
 	   first + n > newSize && newSize > 0;
 	   newSize <<= 1) ;
       if (newSize < 0) {
-        error(-1, "Invalid 'obj' parameters'");
 	goto err1;
       }
+      if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+        error(-1, "Invalid 'obj' parameters'");
+        goto err1;
+      }
  
       entries = (XRefEntry *)greallocn(entries, newSize, sizeof(XRefEntry));
       for (i = size; i < newSize; ++i) {
@@ -508,7 +515,10 @@ GBool XRef::readXRefStream(Stream *xrefS
     goto err1;
   }
   if (newSize > size) {
-    assert(newSize >= 0);
+    if (newSize * (int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+      error(-1, "Invalid 'size' parameter.");
+      return gFalse;
+    }
     entries = (XRefEntry *)greallocn(entries, newSize, sizeof(XRefEntry));
     for (i = size; i < newSize; ++i) {
       entries[i].offset = 0xffffffff;
@@ -598,6 +608,9 @@ GBool XRef::readXRefStreamSection(Stream
 	 first + n > newSize && newSize > 0;
 	 newSize <<= 1) ;
     if (newSize < 0) {
+      return gFalse;
+    }
+    if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
       error(-1, "Invalid 'size' inside xref table.");
       return gFalse;
     }
@@ -741,6 +754,10 @@ GBool XRef::constructXRef() {
 		    error(-1, "Bad object number");
 		    return gFalse;
 		  }
+                  if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+                    error(-1, "Invalid 'obj' parameters.");
+                    return gFalse;
+                  }
 		  entries = (XRefEntry *)
 		      greallocn(entries, newSize, sizeof(XRefEntry));
 		  for (i = size; i < newSize; ++i) {
@@ -765,7 +782,7 @@ GBool XRef::constructXRef() {
     } else if (!strncmp(p, "endstream", 9)) {
       if (streamEndsLen == streamEndsSize) {
 	streamEndsSize += 64;
-        if (streamEndsSize < 0) {
+        if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) {
           error(-1, "Invalid 'endstream' parameter.");
           return gFalse;
         }

More information about the poppler mailing list