[poppler] 3 commits - poppler/poppler-config.h.cmake splash/SplashXPathScanner.cc splash/SplashXPathScanner.h

[Albert Astals Cid]

 poppler/poppler-config.h.cmake |    7 +++++--
 splash/SplashXPathScanner.cc   |   25 +++++++++++++++++--------
 splash/SplashXPathScanner.h    |    2 +-
 3 files changed, 23 insertions(+), 11 deletions(-)

New commits:
commit 2c0cb689910e8579bf428b3999bcac0cb27b0e51
Merge: 0b639cd 1161e72
Author: Albert Astals Cid <aacid at kde.org>
Date:   Sat Jul 12 17:21:07 2014 +0200

    Merge remote-tracking branch 'origin/poppler-0.26'

commit 1161e728de9ca7c9a5fb0e24c4a5e4a79c65a849
Author: Thomas Freitag <Thomas.Freitag at alfa.de>
Date:   Sat Jul 12 17:04:42 2014 +0200

    Error out instead of exiting if allInter grows too much
    
    Bug #78714

diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc
index 52ac1c2..5ca1811 100644
--- a/splash/SplashXPathScanner.cc
+++ b/splash/SplashXPathScanner.cc
@@ -272,8 +272,9 @@ void SplashXPathScanner::computeIntersections() {
     if (seg->flags & splashXPathHoriz) {
       y = splashFloor(seg->y0);
       if (y >= yMin && y <= yMax) {
-	addIntersection(segYMin, segYMax, seg->flags,
-			y, splashFloor(seg->x0), splashFloor(seg->x1));
+	if (!addIntersection(segYMin, segYMax, seg->flags,
+			y, splashFloor(seg->x0), splashFloor(seg->x1)))
+          break;
       }
     } else if (seg->flags & splashXPathVert) {
       y0 = splashFloor(segYMin);
@@ -286,7 +287,8 @@ void SplashXPathScanner::computeIntersections() {
       }
       x = splashFloor(seg->x0);
       for (y = y0; y <= y1; ++y) {
-	addIntersection(segYMin, segYMax, seg->flags, y, x, x);
+	if (!addIntersection(segYMin, segYMax, seg->flags, y, x, x))
+          break;
       }
     } else {
       if (seg->x0 < seg->x1) {
@@ -321,8 +323,9 @@ void SplashXPathScanner::computeIntersections() {
 	} else if (xx1 > segXMax) {
 	  xx1 = segXMax;
 	}
-	addIntersection(segYMin, segYMax, seg->flags, y,
-			splashFloor(xx0), splashFloor(xx1));
+	if (!addIntersection(segYMin, segYMax, seg->flags, y,
+			splashFloor(xx0), splashFloor(xx1)))
+          break;
       }
     }
   }
@@ -340,12 +343,17 @@ void SplashXPathScanner::computeIntersections() {
   inter[yMax - yMin + 1] = i;
 }
 
-void SplashXPathScanner::addIntersection(double segYMin, double segYMax,
+GBool SplashXPathScanner::addIntersection(double segYMin, double segYMax,
 					 Guint segFlags,
 					 int y, int x0, int x1) {
   if (allInterLen == allInterSize) {
-    allInterSize *= 2;
-    allInter = (SplashIntersect *)greallocn(allInter, allInterSize,
+    unsigned int newInterSize = ((unsigned int) allInterSize * 2 > INT_MAX / sizeof(SplashIntersect)) ? allInterSize + 32768 : allInterSize * 2;
+    if (newInterSize >= INT_MAX / sizeof(SplashIntersect)) {
+      error(errInternal, -1, "Bogus memory allocation size in SplashXPathScanner::addIntersection {0:d}", newInterSize);
+      return gFalse;
+    }
+    allInterSize = newInterSize;
+    allInter = (SplashIntersect *)greallocn(allInter, newInterSize,
 					    sizeof(SplashIntersect));
   }
   allInter[allInterLen].y = y;
@@ -365,6 +373,7 @@ void SplashXPathScanner::addIntersection(double segYMin, double segYMax,
     allInter[allInterLen].count = 0;
   }
   ++allInterLen;
+  return gTrue;
 }
 
 void SplashXPathScanner::renderAALine(SplashBitmap *aaBuf,
diff --git a/splash/SplashXPathScanner.h b/splash/SplashXPathScanner.h
index b59e306..53bd22d 100644
--- a/splash/SplashXPathScanner.h
+++ b/splash/SplashXPathScanner.h
@@ -85,7 +85,7 @@ public:
 private:
 
   void computeIntersections();
-  void addIntersection(double segYMin, double segYMax,
+  GBool addIntersection(double segYMin, double segYMax,
 		       Guint segFlags,
 		       int y, int x0, int x1);
 
commit e82a24a585d251f767725f61700dc1f8fe169a52
Author: Pino Toscano <pino at kde.org>
Date:   Sat Jul 12 08:35:45 2014 +0200

    cmake: sync poppler-config.h.cmake with poppler-config.h.in

diff --git a/poppler/poppler-config.h.cmake b/poppler/poppler-config.h.cmake
index b04f2bf..d7918bc 100644
--- a/poppler/poppler-config.h.cmake
+++ b/poppler/poppler-config.h.cmake
@@ -14,6 +14,7 @@
 // under GPL version 2 or later
 //
 // Copyright (C) 2014 Bogdan Cristea <cristeab at gmail.com>
+// Copyright (C) 2014 Hib Eris <hib at hiberis.nl>
 //
 // To see a description of the changes please see the Changelog file that
 // came with your tarball or type make ChangeLog if you are building from git
@@ -23,12 +24,14 @@
 #ifndef POPPLER_CONFIG_H
 #define POPPLER_CONFIG_H
 
+#include <stdio.h>
+
 // We duplicate some of the config.h #define's here since they are
 // used in some of the header files we install.  The #ifndef/#endif
 // around #undef look odd, but it's to silence warnings about
 // redefining those symbols.
 
-/* Defines the poppler version */
+/* Defines the poppler version. */
 #ifndef POPPLER_VERSION
 #define POPPLER_VERSION "${POPPLER_VERSION}"
 #endif
@@ -174,7 +177,7 @@ char * strtok_r (char *s, const char *delim, char **save_ptr);
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
 #ifdef __MINGW_PRINTF_FORMAT
 #define GCC_PRINTF_FORMAT(fmt_index, va_index) \
-       __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index)))
+	__attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index)))
 #else
 #define GCC_PRINTF_FORMAT(fmt_index, va_index) \
 	__attribute__((__format__(__printf__, fmt_index, va_index)))