|
|
Index: kpdf/xpdf/Catalog.cc
===================================================================
RCS file: /home/kde/kdegraphics/kpdf/xpdf/Catalog.cc,vretrieving revision 1.3.4.1diff -u -5 -d -p -r1.3.4.1 Catalog.cc
--- ./kpdf/xpdf/Catalog.cc 2 Sep 2004 21:30:18 -0000 1.3.4.1
+++ ./kpdf/xpdf/Catalog.cc 12 Oct 2004 21:15:38 -0000
@@ -62,10 +62,19 @@ Catalog::Catalog(XRef *xrefA) {
obj.getTypeName()); goto err3; } pagesSize = numPages0 = (int)obj.getNum(); obj.free();+ // The gcc doesnt optimize this away, so this check is ok,
+ // even if it looks like a pagesSize != pagesSize check
+ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
+ error(-1, "Invalid 'pagesSize'");
+ ok = gFalse;
+ return;
+ }
+
pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); for (i = 0; i < pagesSize; ++i) { pages[i] = NULL; pageRefs[i].num = -1;@@ -189,10 +198,14 @@ int Catalog::readPageTree(Dict *pagesDic
++start; goto err3; } if (start >= pagesSize) { pagesSize += 32;+ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize) {
+ error(-1, "Invalid 'pagesSize' parameter.");
+ goto err3;
+ }
pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); for (j = pagesSize - 32; j < pagesSize; ++j) { pages[j] = NULL; pageRefs[j].num = -1;
|
