summaryrefslogtreecommitdiff
path: root/media-libs/jbig2dec
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /media-libs/jbig2dec
reinit the tree, so we can have metadata
Diffstat (limited to 'media-libs/jbig2dec')
-rw-r--r--media-libs/jbig2dec/Manifest13
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch897
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch29
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch31
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch29
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch31
-rw-r--r--media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild52
-rw-r--r--media-libs/jbig2dec/jbig2dec-0.14.ebuild44
-rw-r--r--media-libs/jbig2dec/metadata.xml15
9 files changed, 1141 insertions, 0 deletions
diff --git a/media-libs/jbig2dec/Manifest b/media-libs/jbig2dec/Manifest
new file mode 100644
index 000000000000..44a5c4fda423
--- /dev/null
+++ b/media-libs/jbig2dec/Manifest
@@ -0,0 +1,13 @@
+AUX jbig2dec-0.13-CVE-2016-9601.patch 33203 SHA256 86613400891f7cd9cff4b5e58170084b739335a6252a695bb43f3bf4302609cb SHA512 cf7098a08d4113d6d22e76dfd0d0f6d49c41fcd4a743bb7825ac8e526ec5ee1d469d336f238118ceeb3bbd360a6a3729d2cf1cbcafb2087d0fdff940f2131875 WHIRLPOOL 74eb7d3a9e7d710369ad4b518b1427f2afd112dbd3dcac03559c7966b446fd749a70e201299728037a9110cbc48bb0cbbb473a7bbe2471c59f6679b1c23ab3e5
+AUX jbig2dec-0.13-CVE-2017-7885.patch 1309 SHA256 85ab33c4d988748f9f4d6ea64a1bfcbd222ff2cc5e2bb351cd044a2e74cd7ebb SHA512 5363c3a56ea961ce5831fd25de8d7d64a1c1465fd8a62a3ae7c6680a37d7805103b07fe015f44221c3e467f1db74d2912a18334bf6c8ad66ff08b229b8093117 WHIRLPOOL d0602edc89011d5a6f0fcb7cbc42c2ed3f030a1431913b351b1bd8e3507de432b87fa156d039a2907cd3929a3838ab42eaeab9d8cd0ef17b64d1b047ca229684
+AUX jbig2dec-0.13-CVE-2017-7975.patch 1117 SHA256 f0b613dcceb906ac7d47dd42ffd233abc1bdde2e4d69a7e41d7106cb6d301915 SHA512 787ebdb6f4af6d70337d74573ef34b45161825033163c040242aa9712bacd564411d0b0dc997a03cc23ddd25053a3bf0a463bd7e36a71ab2578c33a10364dbdc WHIRLPOOL 694b1e37103ad06c8c229e4883fc5eed752d99008fd70cb1e0ad0dcee920c317c087747526075329ce67f08205fdd4ccc9c7c20150660c72bfb7bb3aa1ccf93d
+AUX jbig2dec-0.13-CVE-2017-7976.patch 1359 SHA256 e729bfdc2ebe6636eec713809077d559c789e43967c58c3af81e035e4f58b4f2 SHA512 2a6aaab26591a94eb698019f86f40a160986711483511991c0f382155b1ff585bccc91f64200ef0cd526307f96e4c360fb6f82cd329984bd5779dfc98e2fd837 WHIRLPOOL c1eb69ce28542d78cc5c7b4c61c6680fe55f23ab8bc7c87f7202372b1568a0f7459d0cb9b640958ce935434a95d6af15b1b5deff5978d6aa44395f6be3ec36a5
+AUX jbig2dec-0.13-CVE-2017-9216.patch 1443 SHA256 02eeff45d94abec1a00088bd04062746c5a01fc3745dd268af293d2102bc45ec SHA512 4254856b7e4ad997ca0395115220ce4911585396969b298b2059126d5fa916af20641c362403f0cfbffb934b3a95e149ddb4def6ec8f0b24c305a0827b875079 WHIRLPOOL 9e970d9e3de361eedf450c25b600b8a8b6d2db721623ae4653b77492c4a1d48b19d34a285dc8774b127a4e592fe7a63693909fb63e9587c41ab4d5ae1d189113
+DIST jb2streams.zip 1285838 SHA256 3d1e5c79054b59d061cabdb1d7ba2d1b3f84700f5c517ba4306f7047660016f7 SHA512 382890b36345b8aaebb3554e776a53f3276c6d835335ce41f3f41829ff62bba7ae646602544103ba8541a7a824dca92d682b682c254ab2918c7fe45b3e358b45 WHIRLPOOL 0906c736aeeaaecf788d309c450a787f0b780ab932f7a832c47faf4a5b5e15bdd0205b44540cd8cedcdedc9293d48afb6de084a1716bdf5ef4352b90b4998e0f
+DIST jbig2dec-0.13.tar.gz 442571 SHA256 5aaca0070992cc2e971e3bb2338ee749495613dcecab4c868fc547b4148f5311 SHA512 ef64a65c54bec65f61602de7130dc9594aae58aaea7958f7cc987f25d0794511e15a423e86501ace4f40c0364796fb97ceab72edb0b69232926767ba16c1b05d WHIRLPOOL bd0cef3440e3db43af04a319eb9c5ae166679bd03eda642d003e0157a1e723864bc3e18c0aed7b8266ff938e50191d8c3bd698e4fddeead61ecca805b73a2a56
+DIST jbig2dec-0.14.tar.gz 463572 SHA256 21b498c3ba566f283d02946f7e78e12abbad89f12fe4958974e50882c185014c SHA512 066bd880ac0665fc1e42b0ae0e481008b125aab6e173b7f82d61a2a30e72c90085cbded9b2a68c6836f92dea3d8d8d5c2228dba76e0d99c79c922197d215705b WHIRLPOOL 6a54138ca8010d0e09ac5dade5cde862179c8fe751098c3d77230fee3bfb5f4cfc5f50357a86d4ed7d09669ac1fc2e0355596ccef71faed2577baadc7c181cb5
+EBUILD jbig2dec-0.13-r4.ebuild 1351 SHA256 91d47794f44aec08c6e7b45e34166f0275475a1d187272e4d3da099ecf97eb9b SHA512 3250378943c9a8dcac41ec3e325dd7c7913c38984c7212b80fcbe49382be9d105268f9962569450252a18514d63eac149f74ae6cb69f3c449616fe234a51335f WHIRLPOOL 7070bc8c0d4b743b3333d29c730b8f57a79309fa4abca12e74ced0707cab5b87e6653877766530adf24a71b7b5bb1fe8e85536c797c03eaaac042578ae2b9e8d
+EBUILD jbig2dec-0.14.ebuild 1149 SHA256 1f0e200cd9e3d896b34ea1ac69f31a4bc150c5a5a82f40be339a6287a5b24c10 SHA512 04a834292637546648e94efaddc001512b7a67f5d001d17beb22bda8723f1c72f882261c9cc98dd981e68655c427f802bf9fa96d6e8d6e11f9793d97cd643090 WHIRLPOOL c8b442e9b85ea60e41bcd3a70af0d362e058fc74a765b8f3ca0fcefbb93843619c8807c450c4c3c98a4ef9e296458d6f95af206fc2bf5fd56b964843e87e860a
+MISC ChangeLog 3403 SHA256 b8fc5487eae46654f914b5b7b490e573200a1133a5e6a153e66b3e3c3c4ce842 SHA512 48a1d3568177adfb8261aca29e4494e2793d8b083b7cd8ce3339fbb79b1584b23239cd220c0f6e1d1f4adb78c93d4942ec27d6e642959c1c7f9cce58368cce26 WHIRLPOOL c2878d1e4f628601a71eb970e7b57ef4f10179769cf4e353be90182be1147f983710a2ae227122989124d3969825193679349003f5a3a3db6c624b7aa86b0113
+MISC ChangeLog-2015 4299 SHA256 42675a8f1211e6d9b75b7e4a59edcb104ca4cc2caebf3bf43087472c503bd187 SHA512 3f4f6df007119f4c0c310d1e10379f3c2b74361d3bb2f03405268382fdcf742fc77a059a142873af65007cf9987bb39ee28100b23521697b35e6b4bbf14d2eaa WHIRLPOOL f3577528f71c6d15b8a0de6f64ab93a68d40f4ecb827ee55dbf251b6d4eb822692afdc9a5af17bee88fb0a2dbdd2c7ee32ddae1a07116de422b3acab31d99219
+MISC metadata.xml 473 SHA256 d616f81856f9556e373458839f199b13b3411fe484533fd5c25b1bb52c53323c SHA512 501077ac27f5c6f8a616fa32cec23d28cb16dc0e0c19ce933cbc067494117c9c55fc3e00dfc21270892d57478a9e268f99215c8d074d6cc4114916f55a571a6f WHIRLPOOL 50a370a64ad3695fdcecef961bb9b7966cd903003a940b866d4ec7c856fcef354ee1ba93befe388680f8014041bef591aaabd2e3d061eaa09a0cbaaeff072820
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch
new file mode 100644
index 000000000000..4ce96ae5d3c0
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch
@@ -0,0 +1,897 @@
+From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001
+From: Robin Watts <robin.watts@artifex.com>
+Date: Mon, 12 Dec 2016 17:47:17 +0000
+Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build.
+
+Also rename "new" to "new_dict", because "new" is a bad
+variable name.
+---
+ jbig2.c | 4 +--
+ jbig2.h | 8 +++---
+ jbig2_generic.c | 2 +-
+ jbig2_halftone.c | 24 ++++++++----------
+ jbig2_huffman.c | 10 ++++----
+ jbig2_huffman.h | 2 +-
+ jbig2_image.c | 32 +++++++++++------------
+ jbig2_mmr.c | 66 +++++++++++++++++++++++++-----------------------
+ jbig2_page.c | 6 ++---
+ jbig2_priv.h | 4 +--
+ jbig2_segment.c | 10 ++++----
+ jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++--------------------------
+ jbig2_symbol_dict.h | 6 ++---
+ jbig2_text.c | 16 ++++++------
+ jbig2_text.h | 2 +-
+ 15 files changed, 134 insertions(+), 131 deletions(-)
+
+diff --git a/jbig2.c b/jbig2.c
+index f729e29..e51380f 100644
+--- a/jbig2.c
++++ b/jbig2.c
+@@ -379,7 +379,7 @@ typedef struct {
+ } Jbig2WordStreamBuf;
+
+ static int
+-jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word)
++jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word)
+ {
+ Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
+ const byte *data = z->data;
+@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t
+ else if (offset > z->size)
+ return -1;
+ else {
+- int i;
++ size_t i;
+
+ result = 0;
+ for (i = 0; i < z->size - offset; i++)
+diff --git a/jbig2.h b/jbig2.h
+index d5aa52f..624e0ed 100644
+--- a/jbig2.h
++++ b/jbig2.h
+@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary;
+ */
+
+ struct _Jbig2Image {
+- int width, height, stride;
++ uint32_t width;
++ uint32_t height;
++ uint32_t stride;
+ uint8_t *data;
+ int refcount;
+ };
+
+-Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height);
++Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height);
+ Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image);
+ void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image);
+ void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image);
+ void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value);
+-Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height);
++Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height);
+
+ /* errors are returned from the library via a callback. If no callback
+ is provided (a NULL argument is passed ot jbig2_ctx_new) a default
+diff --git a/jbig2_generic.c b/jbig2_generic.c
+index 02fdbfb..9656198 100644
+--- a/jbig2_generic.c
++++ b/jbig2_generic.c
+@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte
+ byte seg_flags;
+ int8_t gbat[8];
+ int offset;
+- int gbat_bytes = 0;
++ uint32_t gbat_bytes = 0;
+ Jbig2GenericRegionParams params;
+ int code = 0;
+ Jbig2Image *image = NULL;
+diff --git a/jbig2_halftone.c b/jbig2_halftone.c
+index aeab576..acfbc56 100644
+--- a/jbig2_halftone.c
++++ b/jbig2_halftone.c
+@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ {
+ uint8_t **GSVALS = NULL;
+ size_t consumed_bytes = 0;
+- int i, j, code, stride;
+- int x, y;
++ uint32_t i, j, stride, x, y;
++ int code;
+ Jbig2Image **GSPLANES;
+ Jbig2GenericRegionParams rparams;
+ Jbig2WordStream *ws = NULL;
+@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ if (GSPLANES[i] == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH);
+ /* free already allocated */
+- for (j = i - 1; j >= 0; --j) {
+- jbig2_image_release(ctx, GSPLANES[j]);
+- }
++ for (j = i; j > 0;)
++ jbig2_image_release(ctx, GSPLANES[--j]);
+ jbig2_free(ctx->allocator, GSPLANES);
+ return NULL;
+ }
+@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ }
+
+ /* C.5 step 2. Set j = GSBPP-2 */
+- j = GSBPP - 2;
++ j = GSBPP - 1;
+ /* C.5 step 3. decode loop */
+- while (j >= 0) {
++ while (j > 0) {
++ j--;
+ /* C.5 step 3. (a) */
+ if (GSMMR) {
+ code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes);
+@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i];
+
+ /* C.5 step 3. (c) */
+- --j;
+ }
+
+ /* allocate GSVALS */
+@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ if (GSVALS[i] == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW);
+ /* free already allocated */
+- for (j = i - 1; j >= 0; --j) {
+- jbig2_free(ctx->allocator, GSVALS[j]);
+- }
++ for (j = i; j > 0;)
++ jbig2_free(ctx->allocator, GSVALS[--j]);
+ jbig2_free(ctx->allocator, GSVALS);
+ GSVALS = NULL;
+ goto cleanup;
+@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ uint8_t **GI;
+ Jbig2Image *HSKIP = NULL;
+ Jbig2PatternDict *HPATS;
+- int i;
++ uint32_t i;
+ uint32_t mg, ng;
+ int32_t x, y;
+ uint8_t gray_val;
+@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
+
+ /* calculate ceil(log2(HNUMPATS)) */
+ HBPP = 0;
+- while (HNUMPATS > (1 << ++HBPP));
++ while (HNUMPATS > (1U << ++HBPP));
+
+ /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */
+ GI = jbig2_decode_gray_scale_image(ctx, segment, data, size,
+diff --git a/jbig2_huffman.c b/jbig2_huffman.c
+index 4521b48..f77981b 100644
+--- a/jbig2_huffman.c
++++ b/jbig2_huffman.c
+@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState {
+ is (offset + 4) * 8. */
+ uint32_t this_word;
+ uint32_t next_word;
+- int offset_bits;
+- int offset;
+- int offset_limit;
++ uint32_t offset_bits;
++ uint32_t offset;
++ uint32_t offset_limit;
+
+ Jbig2WordStream *ws;
+ Jbig2Ctx *ctx;
+ };
+
+ static uint32_t
+-huff_get_next_word(Jbig2HuffmanState *hs, int offset)
++huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset)
+ {
+ uint32_t word = 0;
+ Jbig2WordStream *ws = hs->ws;
+@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset)
+ /* return the offset of the huffman decode pointer (in bytes)
+ * from the beginning of the WordStream
+ */
+-int
++uint32_t
+ jbig2_huffman_offset(Jbig2HuffmanState *hs)
+ {
+ return hs->offset + (hs->offset_bits >> 3);
+diff --git a/jbig2_huffman.h b/jbig2_huffman.h
+index 5d1e6e0..cfda9e0 100644
+--- a/jbig2_huffman.h
++++ b/jbig2_huffman.h
+@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs);
+
+ void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset);
+
+-int jbig2_huffman_offset(Jbig2HuffmanState *hs);
++uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs);
+
+ int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob);
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 1ae614e..94e5a4c 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -32,10 +32,10 @@
+
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+-jbig2_image_new(Jbig2Ctx *ctx, int width, int height)
++jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
+ {
+ Jbig2Image *image;
+- int stride;
++ uint32_t stride;
+ int64_t check;
+
+ image = jbig2_new(ctx, Jbig2Image, 1);
+@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image)
+
+ /* resize a Jbig2Image */
+ Jbig2Image *
+-jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
++jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height)
+ {
+ if (width == image->width) {
+ /* check for integer multiplication overflow */
+@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
+ static int
+ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
+ {
+- int i, j;
+- int sw = src->width;
+- int sh = src->height;
+- int sx = 0;
+- int sy = 0;
++ uint32_t i, j;
++ uint32_t sw = src->width;
++ uint32_t sh = src->height;
++ uint32_t sx = 0;
++ uint32_t sy = 0;
+
+ /* clip to the dst image boundaries */
+ if (x < 0) {
+@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x
+ int
+ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
+ {
+- int i, j;
+- int w, h;
+- int leftbyte, rightbyte;
+- int shift;
++ uint32_t i, j;
++ uint32_t w, h;
++ uint32_t leftbyte, rightbyte;
++ uint32_t shift;
+ uint8_t *s, *ss;
+ uint8_t *d, *dd;
+ uint8_t mask, rightmask;
+@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+ h += y;
+ y = 0;
+ }
+- w = (x + w < dst->width) ? w : dst->width - x;
+- h = (y + h < dst->height) ? h : dst->height - y;
++ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);
++ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0);
+ #ifdef JBIG2_DEBUG
+ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y);
+ #endif
+@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+ }
+ #endif
+
+- leftbyte = x >> 3;
+- rightbyte = (x + w - 1) >> 3;
++ leftbyte = (uint32_t)x >> 3;
++ rightbyte = ((uint32_t)x + w - 1) >> 3;
+ shift = x & 7;
+
+ /* general OR case */
+diff --git a/jbig2_mmr.c b/jbig2_mmr.c
+index d4cd3a2..390e27c 100644
+--- a/jbig2_mmr.c
++++ b/jbig2_mmr.c
+@@ -38,19 +38,21 @@
+ #include "jbig2_mmr.h"
+
+ typedef struct {
+- int width;
+- int height;
++ uint32_t width;
++ uint32_t height;
+ const byte *data;
+ size_t size;
+- int data_index;
+- int bit_index;
++ uint32_t data_index;
++ uint32_t bit_index;
+ uint32_t word;
+ } Jbig2MmrCtx;
+
++#define MINUS1 ((uint32_t)-1)
++
+ static void
+ jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size)
+ {
+- int i;
++ size_t i;
+ uint32_t word = 0;
+
+ mmr->width = width;
+@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = {
+ #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
+
+ static int
+-jbig2_find_changing_element(const byte *line, int x, int w)
++jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
+ {
+ int a, b;
+
+ if (line == 0)
+- return w;
++ return (int)w;
+
+- if (x == -1) {
++ if (x == MINUS1) {
+ a = 0;
+ x = 0;
+ } else {
+@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w)
+ }
+
+ static int
+-jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color)
++jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
+ {
+ if (line == 0)
+ return w;
+@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 };
+ static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ static void
+-jbig2_set_bits(byte *line, int x0, int x1)
++jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1)
+ {
+- int a0, a1, b0, b1, a;
++ uint32_t a0, a1, b0, b1, a;
+
+ a0 = x0 >> 3;
+ a1 = x1 >> 3;
+@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_
+ static int
+ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ {
+- int a0 = -1;
+- int a1, a2, b1, b2;
++ uint32_t a0 = MINUS1;
++ uint32_t a1, a2, b1, b2;
+ int c = 0; /* 0 is white, black is 1 */
+
+ while (1) {
+@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+
+ /* printf ("%08x\n", word); */
+
+- if (a0 >= mmr->width)
++ if (a0 != MINUS1 && a0 >= mmr->width)
+ break;
+
+ if ((word >> (32 - 3)) == 1) {
+@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+
+ jbig2_decode_mmr_consume(mmr, 3);
+
+- if (a0 == -1)
++ if (a0 == MINUS1)
+ a0 = 0;
+
+ if (c == 0) {
+@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ a1 = mmr->width;
+ if (a2 > mmr->width)
+ a2 = mmr->width;
+- if (a2 < a1 || a1 < 0)
++ if (a1 == MINUS1 || a2 < a1)
+ return -1;
+ jbig2_set_bits(dst, a1, a2);
+ a0 = a2;
+@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ a1 = mmr->width;
+ if (a2 > mmr->width)
+ a2 = mmr->width;
+- if (a1 < a0 || a0 < 0)
++ if (a0 == MINUS1 || a1 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, a1);
+ a0 = a2;
+@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
+ b2 = jbig2_find_changing_element(ref, b1, mmr->width);
+ if (c) {
+- if (b2 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b2 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b2);
+ }
+@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ jbig2_decode_mmr_consume(mmr, 1);
+ b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
+ if (c) {
+- if (b1 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b1 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b1);
+ }
+@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ if (b1 + 1 > mmr->width)
+ break;
+ if (c) {
+- if (b1 + 1 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b1 + 1 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b1 + 1);
+ }
+@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ if (b1 + 2 > mmr->width)
+ break;
+ if (c) {
+- if (b1 + 2 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b1 + 2 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b1 + 2);
+ }
+@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ /* printf ("VR(3)\n"); */
+ jbig2_decode_mmr_consume(mmr, 7);
+ b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
+- if (b1 + 3 > mmr->width)
++ if (b1 + 3 > (int)mmr->width)
+ break;
+ if (c) {
+- if (b1 + 3 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b1 + 3 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b1 + 3);
+ }
+@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ /* printf ("VL(1)\n"); */
+ jbig2_decode_mmr_consume(mmr, 3);
+ b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
+- if (b1 - 1 < 0)
++ if (b1 < 1)
+ break;
+ if (c) {
+- if (b1 - 1 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b1 - 1 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b1 - 1);
+ }
+@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ /* printf ("VL(2)\n"); */
+ jbig2_decode_mmr_consume(mmr, 6);
+ b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
+- if (b1 - 2 < 0)
++ if (b1 < 2)
+ break;
+ if (c) {
+ if (b1 - 2 < a0 || a0 < 0)
+@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+ /* printf ("VL(3)\n"); */
+ jbig2_decode_mmr_consume(mmr, 7);
+ b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
+- if (b1 - 3 < 0)
++ if (b1 < 3)
+ break;
+ if (c) {
+- if (b1 - 3 < a0 || a0 < 0)
++ if (a0 == MINUS1 || b1 - 3 < a0)
+ return -1;
+ jbig2_set_bits(dst, a0, b1 - 3);
+ }
+@@ -1009,10 +1011,10 @@ int
+ jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image)
+ {
+ Jbig2MmrCtx mmr;
+- const int rowstride = image->stride;
++ const uint32_t rowstride = image->stride;
+ byte *dst = image->data;
+ byte *ref = NULL;
+- int y;
++ uint32_t y;
+ int code = 0;
+
+ jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size);
+@@ -1047,10 +1049,10 @@ int
+ jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes)
+ {
+ Jbig2MmrCtx mmr;
+- const int rowstride = image->stride;
++ const uint32_t rowstride = image->stride;
+ byte *dst = image->data;
+ byte *ref = NULL;
+- int y;
++ uint32_t y;
+ int code = 0;
+ const uint32_t EOFB = 0x001001;
+
+diff --git a/jbig2_page.c b/jbig2_page.c
+index 110ff7c..1ed1c8a 100644
+--- a/jbig2_page.c
++++ b/jbig2_page.c
+@@ -155,9 +155,9 @@ int
+ jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data)
+ {
+ Jbig2Page page = ctx->pages[ctx->current_page];
+- int end_row;
++ uint32_t end_row;
+
+- end_row = jbig2_get_int32(segment_data);
++ end_row = jbig2_get_uint32(segment_data);
+ if (end_row < page.end_row) {
+ jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
+ "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row);
+@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x,
+
+ /* grow the page to accomodate a new stripe if necessary */
+ if (page->striped) {
+- int new_height = y + image->height + page->end_row;
++ uint32_t new_height = y + image->height + page->end_row;
+
+ if (page->image->height < new_height) {
+ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height);
+diff --git a/jbig2_priv.h b/jbig2_priv.h
+index 42ba496..3d44b42 100644
+--- a/jbig2_priv.h
++++ b/jbig2_priv.h
+@@ -132,7 +132,7 @@ struct _Jbig2Page {
+ uint32_t x_resolution, y_resolution; /* in pixels per meter */
+ uint16_t stripe_size;
+ bool striped;
+- int end_row;
++ uint32_t end_row;
+ uint8_t flags;
+ Jbig2Image *image;
+ };
+@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm
+ typedef struct _Jbig2WordStream Jbig2WordStream;
+
+ struct _Jbig2WordStream {
+- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word);
++ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word);
+ };
+
+ Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size);
+diff --git a/jbig2_segment.c b/jbig2_segment.c
+index 2e0db67..5b63706 100644
+--- a/jbig2_segment.c
++++ b/jbig2_segment.c
+@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
+ uint8_t rtscarf;
+ uint32_t rtscarf_long;
+ uint32_t *referred_to_segments;
+- int referred_to_segment_count;
+- int referred_to_segment_size;
+- int pa_size;
+- int offset;
++ uint32_t referred_to_segment_count;
++ uint32_t referred_to_segment_size;
++ uint32_t pa_size;
++ uint32_t offset;
+
+ /* minimum possible size of a jbig2 segment header */
+ if (buf_size < 11)
+@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
+
+ /* 7.2.5 */
+ if (referred_to_segment_count) {
+- int i;
++ uint32_t i;
+
+ referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size);
+ if (referred_to_segments == NULL) {
+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
+index 2c71a4c..11a2252 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment)
+
+ /* return a new empty symbol dict */
+ Jbig2SymbolDict *
+-jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols)
++jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
+ {
+- Jbig2SymbolDict *new = NULL;
++ Jbig2SymbolDict *new_dict = NULL;
+
+ if (n_symbols < 0) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
+ return NULL;
+ }
+
+- new = jbig2_new(ctx, Jbig2SymbolDict, 1);
+- if (new != NULL) {
+- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
+- new->n_symbols = n_symbols;
++ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
++ if (new_dict != NULL) {
++ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
++ new_dict->n_symbols = n_symbols;
+ } else {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict");
+ return NULL;
+ }
+
+- if (new->glyphs != NULL) {
+- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
++ if (new_dict->glyphs != NULL) {
++ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
+ } else {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict");
+- jbig2_free(ctx->allocator, new);
++ jbig2_free(ctx->allocator, new_dict);
+ return NULL;
+ }
+
+- return new;
++ return new_dict;
+ }
+
+ /* release the memory associated with a symbol dict */
+ void
+ jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict)
+ {
+- int i;
++ uint32_t i;
+
+ if (dict == NULL)
+ return;
+@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id)
+ }
+
+ /* count the number of dictionary segments referred to by the given segment */
+-int
++uint32_t
+ jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
+ {
+ int index;
+ Jbig2Segment *rsegment;
+- int n_dicts = 0;
++ uint32_t n_dicts = 0;
+
+ for (index = 0; index < segment->referred_to_segment_count; index++) {
+ rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]);
+@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
+ int index;
+ Jbig2Segment *rsegment;
+ Jbig2SymbolDict **dicts;
+- int n_dicts = jbig2_sd_count_referred(ctx, segment);
+- int dindex = 0;
++ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
++ uint32_t dindex = 0;
+
+ dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts);
+ if (dicts == NULL) {
+@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
+ /* generate a new symbol dictionary by concatenating a list of
+ existing dictionaries */
+ Jbig2SymbolDict *
+-jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
++jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts)
+ {
+- int i, j, k, symbols;
+- Jbig2SymbolDict *new = NULL;
++ uint32_t i, j, k, symbols;
++ Jbig2SymbolDict *new_dict = NULL;
+
+ /* count the imported symbols and allocate a new array */
+ symbols = 0;
+@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
+ symbols += dicts[i]->n_symbols;
+
+ /* fill a new array with cloned glyph pointers */
+- new = jbig2_sd_new(ctx, symbols);
+- if (new != NULL) {
++ new_dict = jbig2_sd_new(ctx, symbols);
++ if (new_dict != NULL) {
+ k = 0;
+ for (i = 0; i < n_dicts; i++)
+ for (j = 0; j < dicts[i]->n_symbols; j++)
+- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
++ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
+ } else {
+ jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary");
+ }
+
+- return new;
++ return new_dict;
+ }
+
+ /* Decoding routines */
+@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+
+ if (REFAGGNINST > 1) {
+ Jbig2Image *image;
+- int i;
++ uint32_t i;
+
+ if (tparams == NULL) {
+ /* First time through, we need to initialise the */
+@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ uint32_t ID;
+ int32_t RDX, RDY;
+ int BMSIZE = 0;
+- int ninsyms = params->SDNUMINSYMS;
++ uint32_t ninsyms = params->SDNUMINSYMS;
+ int code1 = 0;
+ int code2 = 0;
+ int code3 = 0;
+@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ if (params->SDHUFF && !params->SDREFAGG) {
+ /* 6.5.9 */
+ Jbig2Image *image;
+- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
+- int j, x;
++ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
++ uint32_t j;
++ int x;
+
+ if (code || (BMSIZE < 0)) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
+@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary");
+ goto cleanup4;
+ } else {
+- int i = 0;
+- int j = 0;
+- int k;
++ uint32_t i = 0;
++ uint32_t j = 0;
++ uint32_t k;
+ int exflag = 0;
+- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
+- int32_t exrunlength;
++ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
++ uint32_t exrunlength;
+ int zerolength = 0;
+
+ while (i < limit) {
+ if (params->SDHUFF)
+ exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code);
+ else
+- code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
++ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
+ /* prevent infinite loop */
+ zerolength = exrunlength > 0 ? 0 : zerolength + 1;
+- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) {
++ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
+ if (code)
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
+ else if (exrunlength <= 0)
+@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
+ {
+ Jbig2SymbolDictParams params;
+ uint16_t flags;
+- int sdat_bytes;
+- int offset;
++ uint32_t sdat_bytes;
++ uint32_t offset;
+ Jbig2ArithCx *GB_stats = NULL;
+ Jbig2ArithCx *GR_stats = NULL;
+ int table_index = 0;
+@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
+
+ /* 7.4.2.2 (2) */
+ {
+- int n_dicts = jbig2_sd_count_referred(ctx, segment);
++ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
+ Jbig2SymbolDict **dicts = NULL;
+
+ if (n_dicts > 0) {
+diff --git a/jbig2_symbol_dict.h b/jbig2_symbol_dict.h
+index d56d62d..30211d4 100644
+--- a/jbig2_symbol_dict.h
++++ b/jbig2_symbol_dict.h
+@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se
+ Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id);
+
+ /* return a new empty symbol dict */
+-Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols);
++Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols);
+
+ /* release the memory associated with a symbol dict */
+ void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict);
+
+ /* generate a new symbol dictionary by concatenating a list of
+ existing dictionaries */
+-Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts);
++Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts);
+
+ /* count the number of dictionary segments referred
+ to by the given segment */
+-int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
++uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
+
+ /* return an array of pointers to symbol dictionaries referred
+ to by a segment */
+diff --git a/jbig2_text.c b/jbig2_text.c
+index 5c99640..e77460f 100644
+--- a/jbig2_text.c
++++ b/jbig2_text.c
+@@ -55,7 +55,7 @@
+ int
+ jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ const Jbig2TextRegionParams *params,
+- const Jbig2SymbolDict *const *dicts, const int n_dicts,
++ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
+ Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws)
+ {
+ /* relevent bits of 6.4.4 */
+@@ -476,19 +476,19 @@ cleanup2:
+ int
+ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data)
+ {
+- int offset = 0;
++ uint32_t offset = 0;
+ Jbig2RegionSegmentInfo region_info;
+ Jbig2TextRegionParams params;
+ Jbig2Image *image = NULL;
+ Jbig2SymbolDict **dicts = NULL;
+- int n_dicts = 0;
++ uint32_t n_dicts = 0;
+ uint16_t flags = 0;
+ uint16_t huffman_flags = 0;
+ Jbig2ArithCx *GR_stats = NULL;
+ int code = 0;
+ Jbig2WordStream *ws = NULL;
+ Jbig2ArithState *as = NULL;
+- int table_index = 0;
++ uint32_t table_index = 0;
+ const Jbig2HuffmanParams *huffman_params = NULL;
+
+ /* 7.4.1 */
+@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
+ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?");
+ goto cleanup1;
+ } else {
+- int index;
++ uint32_t index;
+
+ if (dicts[0] == NULL) {
+ code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!");
+@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
+ }
+
+ if (!params.SBHUFF) {
+- int SBSYMCODELEN, index;
+- int SBNUMSYMS = 0;
++ uint32_t SBSYMCODELEN, index;
++ uint32_t SBNUMSYMS = 0;
+
+ for (index = 0; index < n_dicts; index++) {
+ SBNUMSYMS += dicts[index]->n_symbols;
+@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
+ }
+
+ /* Table 31 */
+- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
++ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
+ }
+ params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
+ params.IARI = jbig2_arith_int_ctx_new(ctx);
+diff --git a/jbig2_text.h b/jbig2_text.h
+index aec2732..51d242e 100644
+--- a/jbig2_text.h
++++ b/jbig2_text.h
+@@ -70,5 +70,5 @@ typedef struct {
+ int
+ jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
+ const Jbig2TextRegionParams *params,
+- const Jbig2SymbolDict *const *dicts, const int n_dicts,
++ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
+ Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws);
+--
+2.11.1
+
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch
new file mode 100644
index 000000000000..e8ffccd45344
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch
@@ -0,0 +1,29 @@
+From b184e783702246e154294326d03d9abda669fcfa Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 3 May 2017 22:06:01 +0100
+Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability.
+
+Add extra check for the offset being greater than the size
+of the image and hence reading off the end of the buffer.
+
+Thank you to Dai Ge for finding this issue and suggesting a patch.
+---
+ jbig2dec/jbig2_symbol_dict.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
+index 4acaba9d0..36225cb1f 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ byte *dst = image->data;
+
+ /* SumatraPDF: prevent read access violation */
+- if (size - jbig2_huffman_offset(hs) < image->height * stride) {
++ if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
+ size - jbig2_huffman_offset(hs));
+ jbig2_image_release(ctx, image);
+--
+2.13.1
+
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch
new file mode 100644
index 000000000000..d5e62762b9a5
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch
@@ -0,0 +1,31 @@
+From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 26 Apr 2017 22:12:14 +0100
+Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
+
+While building a Huffman table, the start and end points were susceptible
+to integer overflow.
+
+Thank you to Jiaqi for finding this issue and suggesting a patch.
+---
+ jbig2dec/jbig2_huffman.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c
+index 511e46170..b4189a12c 100644
+--- a/jbig2_huffman.c
++++ b/jbig2_huffman.c
+@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
+
+ if (PREFLEN == CURLEN) {
+ int RANGELEN = lines[CURTEMP].RANGELEN;
+- int start_j = CURCODE << shift;
+- int end_j = (CURCODE + 1) << shift;
++ uint32_t start_j = CURCODE << shift;
++ uint32_t end_j = (CURCODE + 1) << shift;
+ byte eflags = 0;
+
+ if (end_j > max_j) {
+--
+2.13.1
+
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch
new file mode 100644
index 000000000000..c6dbd182c616
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch
@@ -0,0 +1,29 @@
+From ed6c5133a1004ce8d38f1b44de85a7186feda95e Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 10 May 2017 17:50:39 +0100
+Subject: [PATCH] Bug 697683: Bounds check before reading from image source
+ data.
+
+Add extra check to prevent reading off the end of the image source
+data buffer.
+
+Thank you to Dai Ge for finding this issue and suggesting a patch.
+---
+ jbig2dec/jbig2_image.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Backported dilfridge@g.o
+
+diff -ruN jbig2dec-0.13.orig/jbig2_image.c jbig2dec-0.13/jbig2_image.c
+--- jbig2dec-0.13.orig/jbig2_image.c 2017-06-10 01:41:16.207939489 +0200
++++ jbig2dec-0.13/jbig2_image.c 2017-06-10 01:46:28.009952461 +0200
+@@ -256,7 +256,8 @@
+ /* general OR case */
+ s = ss;
+ d = dd = dst->data + y * dst->stride + leftbyte;
+- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
++ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
++ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
+ }
+ if (leftbyte == rightbyte) {
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch
new file mode 100644
index 000000000000..789ed6c96568
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch
@@ -0,0 +1,31 @@
+From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 24 May 2017 19:29:57 +0100
+Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
+
+The return code from jbig2_decode_text_region was being ignored so the
+code continued to try and parse the invalid file using incomplete/empty
+structures.
+---
+ jbig2dec/jbig2_symbol_dict.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
+index 3cc1731..672425d 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ }
+
+ /* multiple symbols are handled as a text region */
+- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
++ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
+ n_refagg_dicts, image, data, size, GR_stats, as, ws);
++ if (code < 0)
++ goto cleanup4;
+
+ SDNEWSYMS->glyphs[NSYMSDECODED] = image;
+ refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
+--
+2.9.1
+
diff --git a/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild b/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild
new file mode 100644
index 000000000000..38e94e73b33f
--- /dev/null
+++ b/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DESCRIPTION="A decoder implementation of the JBIG2 image compression format"
+HOMEPAGE="http://ghostscript.com/jbig2dec.html"
+SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz
+ test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )"
+
+LICENSE="AGPL-3"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x86-solaris"
+IUSE="png static-libs test"
+
+RDEPEND="png? ( media-libs/libpng:0= )"
+DEPEND="${RDEPEND}
+ test? ( app-arch/unzip )"
+
+RESTRICT="test"
+# bug 324275
+
+DOCS="CHANGES README"
+
+PATCHES=(
+ "${FILESDIR}/${P}-CVE-2016-9601.patch"
+ "${FILESDIR}/${P}-CVE-2017-9216.patch"
+ "${FILESDIR}/${P}-CVE-2017-7885.patch"
+ "${FILESDIR}/${P}-CVE-2017-7975.patch"
+ "${FILESDIR}/${P}-CVE-2017-7976.patch"
+)
+
+src_prepare() {
+ default
+
+ if use test; then
+ mkdir "${WORKDIR}/ubc" || die
+ mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" || die
+ mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" || die
+ fi
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ $(use_with png libpng)
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -exec rm {} + || die
+}
diff --git a/media-libs/jbig2dec/jbig2dec-0.14.ebuild b/media-libs/jbig2dec/jbig2dec-0.14.ebuild
new file mode 100644
index 000000000000..ce8602ec84b5
--- /dev/null
+++ b/media-libs/jbig2dec/jbig2dec-0.14.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DESCRIPTION="A decoder implementation of the JBIG2 image compression format"
+HOMEPAGE="http://ghostscript.com/jbig2dec.html"
+SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz
+ test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )"
+
+LICENSE="AGPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x86-solaris"
+IUSE="png static-libs test"
+
+RDEPEND="png? ( media-libs/libpng:0= )"
+DEPEND="${RDEPEND}
+ test? ( app-arch/unzip )"
+
+RESTRICT="test"
+# bug 324275
+
+DOCS=( CHANGES README )
+
+src_prepare() {
+ default
+
+ if use test; then
+ mkdir "${WORKDIR}/ubc" || die
+ mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" || die
+ mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" || die
+ fi
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ $(use_with png libpng)
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -exec rm {} + || die
+}
diff --git a/media-libs/jbig2dec/metadata.xml b/media-libs/jbig2dec/metadata.xml
new file mode 100644
index 000000000000..f38100eccb08
--- /dev/null
+++ b/media-libs/jbig2dec/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>graphics@gentoo.org</email>
+ <name>Gentoo Graphics Project</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>printing@gentoo.org</email>
+ <name>Gentoo Printing Project</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">jbig2dec</remote-id>
+ </upstream>
+</pkgmetadata>