Commit 641a251e authored by Dirk Mueller's avatar Dirk Mueller
Browse files

the "unbreak integer overflow checks". *sigh*, never trust a patch from suse.

svn path=/trunk/kdegraphics/kpdf/; revision=358427
parent f4673658
......@@ -12,6 +12,7 @@
#pragma implementation
#endif
#include <limits.h>
#include <stddef.h>
#include "gmem.h"
#include "Object.h"
......@@ -64,10 +65,9 @@ Catalog::Catalog(XRef *xrefA) {
}
pagesSize = numPages0 = (int)obj.getNum();
obj.free();
// The gcc doesnt optimize this away, so this check is ok,
// even if it looks like a pagesSize != pagesSize check
if (pagesSize*sizeof(Page *)/sizeof(Page *) != (unsigned int)pagesSize ||
pagesSize*sizeof(Ref)/sizeof(Ref) != (unsigned int)pagesSize) {
if ((pagesSize >= INT_MAX / (signed) sizeof(Page *)) ||
(pagesSize >= INT_MAX / (signed) sizeof(Ref)))
{
error(-1, "Invalid 'pagesSize'");
ok = gFalse;
return;
......@@ -200,8 +200,8 @@ int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
}
if (start >= pagesSize) {
pagesSize += 32;
if (pagesSize*sizeof(Page *)/sizeof(Page *) != (unsigned int)pagesSize ||
pagesSize*sizeof(Ref)/sizeof(Ref) != (unsigned int)pagesSize) {
if (pagesSize >= INT_MAX / (signed) sizeof(Page*) ||
pagesSize >= INT_MAX / (signed) sizeof(Ref)) {
error(-1, "Invalid 'pagesSize' parameter.");
goto err3;
}
......
......@@ -12,6 +12,7 @@
#pragma implementation
#endif
#include <limits.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
......@@ -110,7 +111,7 @@ ObjectStream::ObjectStream(XRef *xref, int objStrNumA) {
goto err1;
}
if (nObjects*sizeof(int)/sizeof(int) != (uint)nObjects) {
if (nObjects >= INT_MAX / (signed) sizeof(int)) {
error(-1, "Invalid 'nObjects'");
goto err1;
}
......@@ -393,7 +394,7 @@ GBool XRef::readXRefTable(Parser *parser, Guint *pos) {
if (newSize < 0) {
goto err1;
}
if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != (uint)newSize) {
if (newSize >= INT_MAX / (signed) sizeof(XRefEntry)) {
error(-1, "Invalid 'obj' parameters'");
goto err1;
}
......@@ -503,7 +504,7 @@ GBool XRef::readXRefStream(Stream *xrefStr, Guint *pos) {
goto err1;
}
if (newSize > size) {
if (newSize * sizeof(XRefEntry)/sizeof(XRefEntry) != (uint)newSize) {
if (newSize >= INT_MAX / (signed) sizeof(XRefEntry)) {
error(-1, "Invalid 'size' parameter.");
return gFalse;
}
......@@ -597,7 +598,7 @@ GBool XRef::readXRefStreamSection(Stream *xrefStr, int *w, int first, int n) {
if (newSize < 0) {
return gFalse;
}
if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != (uint)newSize) {
if (newSize >= INT_MAX / (signed) sizeof(XRefEntry)) {
error(-1, "Invalid 'size' inside xref table.");
return gFalse;
}
......@@ -736,7 +737,7 @@ GBool XRef::constructXRef() {
error(-1, "Bad object number");
return gFalse;
}
if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != (uint)newSize) {
if (newSize >= INT_MAX / (signed) sizeof(XRefEntry)) {
error(-1, "Invalid 'obj' parameters.");
return gFalse;
}
......@@ -763,7 +764,7 @@ GBool XRef::constructXRef() {
} else if (!strncmp(p, "endstream", 9)) {
if (streamEndsLen == streamEndsSize) {
streamEndsSize += 64;
if (streamEndsSize*sizeof(int)/sizeof(int) != (uint)streamEndsSize) {
if (streamEndsSize >= INT_MAX / (signed) sizeof(int)) {
error(-1, "Invalid 'endstream' parameter.");
return gFalse;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment