diff options
Diffstat (limited to 'media-libs/jbig2dec')
| -rw-r--r-- | media-libs/jbig2dec/Manifest | 13 | ||||
| -rw-r--r-- | media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch | 897 | ||||
| -rw-r--r-- | media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch | 29 | ||||
| -rw-r--r-- | media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch | 31 | ||||
| -rw-r--r-- | media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch | 29 | ||||
| -rw-r--r-- | media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch | 31 | ||||
| -rw-r--r-- | media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild | 52 | ||||
| -rw-r--r-- | media-libs/jbig2dec/jbig2dec-0.14.ebuild | 44 | ||||
| -rw-r--r-- | media-libs/jbig2dec/metadata.xml | 15 |
9 files changed, 1141 insertions, 0 deletions
diff --git a/media-libs/jbig2dec/Manifest b/media-libs/jbig2dec/Manifest new file mode 100644 index 000000000000..44a5c4fda423 --- /dev/null +++ b/media-libs/jbig2dec/Manifest @@ -0,0 +1,13 @@ +AUX jbig2dec-0.13-CVE-2016-9601.patch 33203 SHA256 86613400891f7cd9cff4b5e58170084b739335a6252a695bb43f3bf4302609cb SHA512 cf7098a08d4113d6d22e76dfd0d0f6d49c41fcd4a743bb7825ac8e526ec5ee1d469d336f238118ceeb3bbd360a6a3729d2cf1cbcafb2087d0fdff940f2131875 WHIRLPOOL 74eb7d3a9e7d710369ad4b518b1427f2afd112dbd3dcac03559c7966b446fd749a70e201299728037a9110cbc48bb0cbbb473a7bbe2471c59f6679b1c23ab3e5 +AUX jbig2dec-0.13-CVE-2017-7885.patch 1309 SHA256 85ab33c4d988748f9f4d6ea64a1bfcbd222ff2cc5e2bb351cd044a2e74cd7ebb SHA512 5363c3a56ea961ce5831fd25de8d7d64a1c1465fd8a62a3ae7c6680a37d7805103b07fe015f44221c3e467f1db74d2912a18334bf6c8ad66ff08b229b8093117 WHIRLPOOL d0602edc89011d5a6f0fcb7cbc42c2ed3f030a1431913b351b1bd8e3507de432b87fa156d039a2907cd3929a3838ab42eaeab9d8cd0ef17b64d1b047ca229684 +AUX jbig2dec-0.13-CVE-2017-7975.patch 1117 SHA256 f0b613dcceb906ac7d47dd42ffd233abc1bdde2e4d69a7e41d7106cb6d301915 SHA512 787ebdb6f4af6d70337d74573ef34b45161825033163c040242aa9712bacd564411d0b0dc997a03cc23ddd25053a3bf0a463bd7e36a71ab2578c33a10364dbdc WHIRLPOOL 694b1e37103ad06c8c229e4883fc5eed752d99008fd70cb1e0ad0dcee920c317c087747526075329ce67f08205fdd4ccc9c7c20150660c72bfb7bb3aa1ccf93d +AUX jbig2dec-0.13-CVE-2017-7976.patch 1359 SHA256 e729bfdc2ebe6636eec713809077d559c789e43967c58c3af81e035e4f58b4f2 SHA512 2a6aaab26591a94eb698019f86f40a160986711483511991c0f382155b1ff585bccc91f64200ef0cd526307f96e4c360fb6f82cd329984bd5779dfc98e2fd837 WHIRLPOOL c1eb69ce28542d78cc5c7b4c61c6680fe55f23ab8bc7c87f7202372b1568a0f7459d0cb9b640958ce935434a95d6af15b1b5deff5978d6aa44395f6be3ec36a5 +AUX jbig2dec-0.13-CVE-2017-9216.patch 1443 SHA256 02eeff45d94abec1a00088bd04062746c5a01fc3745dd268af293d2102bc45ec SHA512 4254856b7e4ad997ca0395115220ce4911585396969b298b2059126d5fa916af20641c362403f0cfbffb934b3a95e149ddb4def6ec8f0b24c305a0827b875079 WHIRLPOOL 9e970d9e3de361eedf450c25b600b8a8b6d2db721623ae4653b77492c4a1d48b19d34a285dc8774b127a4e592fe7a63693909fb63e9587c41ab4d5ae1d189113 +DIST jb2streams.zip 1285838 SHA256 3d1e5c79054b59d061cabdb1d7ba2d1b3f84700f5c517ba4306f7047660016f7 SHA512 382890b36345b8aaebb3554e776a53f3276c6d835335ce41f3f41829ff62bba7ae646602544103ba8541a7a824dca92d682b682c254ab2918c7fe45b3e358b45 WHIRLPOOL 0906c736aeeaaecf788d309c450a787f0b780ab932f7a832c47faf4a5b5e15bdd0205b44540cd8cedcdedc9293d48afb6de084a1716bdf5ef4352b90b4998e0f +DIST jbig2dec-0.13.tar.gz 442571 SHA256 5aaca0070992cc2e971e3bb2338ee749495613dcecab4c868fc547b4148f5311 SHA512 ef64a65c54bec65f61602de7130dc9594aae58aaea7958f7cc987f25d0794511e15a423e86501ace4f40c0364796fb97ceab72edb0b69232926767ba16c1b05d WHIRLPOOL bd0cef3440e3db43af04a319eb9c5ae166679bd03eda642d003e0157a1e723864bc3e18c0aed7b8266ff938e50191d8c3bd698e4fddeead61ecca805b73a2a56 +DIST jbig2dec-0.14.tar.gz 463572 SHA256 21b498c3ba566f283d02946f7e78e12abbad89f12fe4958974e50882c185014c SHA512 066bd880ac0665fc1e42b0ae0e481008b125aab6e173b7f82d61a2a30e72c90085cbded9b2a68c6836f92dea3d8d8d5c2228dba76e0d99c79c922197d215705b WHIRLPOOL 6a54138ca8010d0e09ac5dade5cde862179c8fe751098c3d77230fee3bfb5f4cfc5f50357a86d4ed7d09669ac1fc2e0355596ccef71faed2577baadc7c181cb5 +EBUILD jbig2dec-0.13-r4.ebuild 1351 SHA256 91d47794f44aec08c6e7b45e34166f0275475a1d187272e4d3da099ecf97eb9b SHA512 3250378943c9a8dcac41ec3e325dd7c7913c38984c7212b80fcbe49382be9d105268f9962569450252a18514d63eac149f74ae6cb69f3c449616fe234a51335f WHIRLPOOL 7070bc8c0d4b743b3333d29c730b8f57a79309fa4abca12e74ced0707cab5b87e6653877766530adf24a71b7b5bb1fe8e85536c797c03eaaac042578ae2b9e8d +EBUILD jbig2dec-0.14.ebuild 1149 SHA256 1f0e200cd9e3d896b34ea1ac69f31a4bc150c5a5a82f40be339a6287a5b24c10 SHA512 04a834292637546648e94efaddc001512b7a67f5d001d17beb22bda8723f1c72f882261c9cc98dd981e68655c427f802bf9fa96d6e8d6e11f9793d97cd643090 WHIRLPOOL c8b442e9b85ea60e41bcd3a70af0d362e058fc74a765b8f3ca0fcefbb93843619c8807c450c4c3c98a4ef9e296458d6f95af206fc2bf5fd56b964843e87e860a +MISC ChangeLog 3403 SHA256 b8fc5487eae46654f914b5b7b490e573200a1133a5e6a153e66b3e3c3c4ce842 SHA512 48a1d3568177adfb8261aca29e4494e2793d8b083b7cd8ce3339fbb79b1584b23239cd220c0f6e1d1f4adb78c93d4942ec27d6e642959c1c7f9cce58368cce26 WHIRLPOOL c2878d1e4f628601a71eb970e7b57ef4f10179769cf4e353be90182be1147f983710a2ae227122989124d3969825193679349003f5a3a3db6c624b7aa86b0113 +MISC ChangeLog-2015 4299 SHA256 42675a8f1211e6d9b75b7e4a59edcb104ca4cc2caebf3bf43087472c503bd187 SHA512 3f4f6df007119f4c0c310d1e10379f3c2b74361d3bb2f03405268382fdcf742fc77a059a142873af65007cf9987bb39ee28100b23521697b35e6b4bbf14d2eaa WHIRLPOOL f3577528f71c6d15b8a0de6f64ab93a68d40f4ecb827ee55dbf251b6d4eb822692afdc9a5af17bee88fb0a2dbdd2c7ee32ddae1a07116de422b3acab31d99219 +MISC metadata.xml 473 SHA256 d616f81856f9556e373458839f199b13b3411fe484533fd5c25b1bb52c53323c SHA512 501077ac27f5c6f8a616fa32cec23d28cb16dc0e0c19ce933cbc067494117c9c55fc3e00dfc21270892d57478a9e268f99215c8d074d6cc4114916f55a571a6f WHIRLPOOL 50a370a64ad3695fdcecef961bb9b7966cd903003a940b866d4ec7c856fcef354ee1ba93befe388680f8014041bef591aaabd2e3d061eaa09a0cbaaeff072820 diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch new file mode 100644 index 000000000000..4ce96ae5d3c0 --- /dev/null +++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2016-9601.patch @@ -0,0 +1,897 @@ +From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001 +From: Robin Watts <robin.watts@artifex.com> +Date: Mon, 12 Dec 2016 17:47:17 +0000 +Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build. + +Also rename "new" to "new_dict", because "new" is a bad +variable name. +--- + jbig2.c | 4 +-- + jbig2.h | 8 +++--- + jbig2_generic.c | 2 +- + jbig2_halftone.c | 24 ++++++++---------- + jbig2_huffman.c | 10 ++++---- + jbig2_huffman.h | 2 +- + jbig2_image.c | 32 +++++++++++------------ + jbig2_mmr.c | 66 +++++++++++++++++++++++++----------------------- + jbig2_page.c | 6 ++--- + jbig2_priv.h | 4 +-- + jbig2_segment.c | 10 ++++---- + jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++-------------------------- + jbig2_symbol_dict.h | 6 ++--- + jbig2_text.c | 16 ++++++------ + jbig2_text.h | 2 +- + 15 files changed, 134 insertions(+), 131 deletions(-) + +diff --git a/jbig2.c b/jbig2.c +index f729e29..e51380f 100644 +--- a/jbig2.c ++++ b/jbig2.c +@@ -379,7 +379,7 @@ typedef struct { + } Jbig2WordStreamBuf; + + static int +-jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word) ++jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word) + { + Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self; + const byte *data = z->data; +@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t + else if (offset > z->size) + return -1; + else { +- int i; ++ size_t i; + + result = 0; + for (i = 0; i < z->size - offset; i++) +diff --git a/jbig2.h b/jbig2.h +index d5aa52f..624e0ed 100644 +--- a/jbig2.h ++++ b/jbig2.h +@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary; + */ + + struct _Jbig2Image { +- int width, height, stride; ++ uint32_t width; ++ uint32_t height; ++ uint32_t stride; + uint8_t *data; + int refcount; + }; + +-Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height); ++Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height); + Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image); + void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image); + void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image); + void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value); +-Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height); ++Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height); + + /* errors are returned from the library via a callback. If no callback + is provided (a NULL argument is passed ot jbig2_ctx_new) a default +diff --git a/jbig2_generic.c b/jbig2_generic.c +index 02fdbfb..9656198 100644 +--- a/jbig2_generic.c ++++ b/jbig2_generic.c +@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte + byte seg_flags; + int8_t gbat[8]; + int offset; +- int gbat_bytes = 0; ++ uint32_t gbat_bytes = 0; + Jbig2GenericRegionParams params; + int code = 0; + Jbig2Image *image = NULL; +diff --git a/jbig2_halftone.c b/jbig2_halftone.c +index aeab576..acfbc56 100644 +--- a/jbig2_halftone.c ++++ b/jbig2_halftone.c +@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, + { + uint8_t **GSVALS = NULL; + size_t consumed_bytes = 0; +- int i, j, code, stride; +- int x, y; ++ uint32_t i, j, stride, x, y; ++ int code; + Jbig2Image **GSPLANES; + Jbig2GenericRegionParams rparams; + Jbig2WordStream *ws = NULL; +@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, + if (GSPLANES[i] == NULL) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH); + /* free already allocated */ +- for (j = i - 1; j >= 0; --j) { +- jbig2_image_release(ctx, GSPLANES[j]); +- } ++ for (j = i; j > 0;) ++ jbig2_image_release(ctx, GSPLANES[--j]); + jbig2_free(ctx->allocator, GSPLANES); + return NULL; + } +@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, + } + + /* C.5 step 2. Set j = GSBPP-2 */ +- j = GSBPP - 2; ++ j = GSBPP - 1; + /* C.5 step 3. decode loop */ +- while (j >= 0) { ++ while (j > 0) { ++ j--; + /* C.5 step 3. (a) */ + if (GSMMR) { + code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes); +@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, + GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i]; + + /* C.5 step 3. (c) */ +- --j; + } + + /* allocate GSVALS */ +@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, + if (GSVALS[i] == NULL) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW); + /* free already allocated */ +- for (j = i - 1; j >= 0; --j) { +- jbig2_free(ctx->allocator, GSVALS[j]); +- } ++ for (j = i; j > 0;) ++ jbig2_free(ctx->allocator, GSVALS[--j]); + jbig2_free(ctx->allocator, GSVALS); + GSVALS = NULL; + goto cleanup; +@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, + uint8_t **GI; + Jbig2Image *HSKIP = NULL; + Jbig2PatternDict *HPATS; +- int i; ++ uint32_t i; + uint32_t mg, ng; + int32_t x, y; + uint8_t gray_val; +@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, + + /* calculate ceil(log2(HNUMPATS)) */ + HBPP = 0; +- while (HNUMPATS > (1 << ++HBPP)); ++ while (HNUMPATS > (1U << ++HBPP)); + + /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */ + GI = jbig2_decode_gray_scale_image(ctx, segment, data, size, +diff --git a/jbig2_huffman.c b/jbig2_huffman.c +index 4521b48..f77981b 100644 +--- a/jbig2_huffman.c ++++ b/jbig2_huffman.c +@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState { + is (offset + 4) * 8. */ + uint32_t this_word; + uint32_t next_word; +- int offset_bits; +- int offset; +- int offset_limit; ++ uint32_t offset_bits; ++ uint32_t offset; ++ uint32_t offset_limit; + + Jbig2WordStream *ws; + Jbig2Ctx *ctx; + }; + + static uint32_t +-huff_get_next_word(Jbig2HuffmanState *hs, int offset) ++huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset) + { + uint32_t word = 0; + Jbig2WordStream *ws = hs->ws; +@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset) + /* return the offset of the huffman decode pointer (in bytes) + * from the beginning of the WordStream + */ +-int ++uint32_t + jbig2_huffman_offset(Jbig2HuffmanState *hs) + { + return hs->offset + (hs->offset_bits >> 3); +diff --git a/jbig2_huffman.h b/jbig2_huffman.h +index 5d1e6e0..cfda9e0 100644 +--- a/jbig2_huffman.h ++++ b/jbig2_huffman.h +@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs); + + void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset); + +-int jbig2_huffman_offset(Jbig2HuffmanState *hs); ++uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs); + + int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob); + +diff --git a/jbig2_image.c b/jbig2_image.c +index 1ae614e..94e5a4c 100644 +--- a/jbig2_image.c ++++ b/jbig2_image.c +@@ -32,10 +32,10 @@ + + /* allocate a Jbig2Image structure and its associated bitmap */ + Jbig2Image * +-jbig2_image_new(Jbig2Ctx *ctx, int width, int height) ++jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height) + { + Jbig2Image *image; +- int stride; ++ uint32_t stride; + int64_t check; + + image = jbig2_new(ctx, Jbig2Image, 1); +@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image) + + /* resize a Jbig2Image */ + Jbig2Image * +-jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height) ++jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height) + { + if (width == image->width) { + /* check for integer multiplication overflow */ +@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height) + static int + jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) + { +- int i, j; +- int sw = src->width; +- int sh = src->height; +- int sx = 0; +- int sy = 0; ++ uint32_t i, j; ++ uint32_t sw = src->width; ++ uint32_t sh = src->height; ++ uint32_t sx = 0; ++ uint32_t sy = 0; + + /* clip to the dst image boundaries */ + if (x < 0) { +@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x + int + jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) + { +- int i, j; +- int w, h; +- int leftbyte, rightbyte; +- int shift; ++ uint32_t i, j; ++ uint32_t w, h; ++ uint32_t leftbyte, rightbyte; ++ uint32_t shift; + uint8_t *s, *ss; + uint8_t *d, *dd; + uint8_t mask, rightmask; +@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + h += y; + y = 0; + } +- w = (x + w < dst->width) ? w : dst->width - x; +- h = (y + h < dst->height) ? h : dst->height - y; ++ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0); ++ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0); + #ifdef JBIG2_DEBUG + jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y); + #endif +@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + } + #endif + +- leftbyte = x >> 3; +- rightbyte = (x + w - 1) >> 3; ++ leftbyte = (uint32_t)x >> 3; ++ rightbyte = ((uint32_t)x + w - 1) >> 3; + shift = x & 7; + + /* general OR case */ +diff --git a/jbig2_mmr.c b/jbig2_mmr.c +index d4cd3a2..390e27c 100644 +--- a/jbig2_mmr.c ++++ b/jbig2_mmr.c +@@ -38,19 +38,21 @@ + #include "jbig2_mmr.h" + + typedef struct { +- int width; +- int height; ++ uint32_t width; ++ uint32_t height; + const byte *data; + size_t size; +- int data_index; +- int bit_index; ++ uint32_t data_index; ++ uint32_t bit_index; + uint32_t word; + } Jbig2MmrCtx; + ++#define MINUS1 ((uint32_t)-1) ++ + static void + jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size) + { +- int i; ++ size_t i; + uint32_t word = 0; + + mmr->width = width; +@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = { + #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 ) + + static int +-jbig2_find_changing_element(const byte *line, int x, int w) ++jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w) + { + int a, b; + + if (line == 0) +- return w; ++ return (int)w; + +- if (x == -1) { ++ if (x == MINUS1) { + a = 0; + x = 0; + } else { +@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w) + } + + static int +-jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color) ++jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color) + { + if (line == 0) + return w; +@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 }; + static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE }; + + static void +-jbig2_set_bits(byte *line, int x0, int x1) ++jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1) + { +- int a0, a1, b0, b1, a; ++ uint32_t a0, a1, b0, b1, a; + + a0 = x0 >> 3; + a1 = x1 >> 3; +@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_ + static int + jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + { +- int a0 = -1; +- int a1, a2, b1, b2; ++ uint32_t a0 = MINUS1; ++ uint32_t a1, a2, b1, b2; + int c = 0; /* 0 is white, black is 1 */ + + while (1) { +@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + + /* printf ("%08x\n", word); */ + +- if (a0 >= mmr->width) ++ if (a0 != MINUS1 && a0 >= mmr->width) + break; + + if ((word >> (32 - 3)) == 1) { +@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + + jbig2_decode_mmr_consume(mmr, 3); + +- if (a0 == -1) ++ if (a0 == MINUS1) + a0 = 0; + + if (c == 0) { +@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + a1 = mmr->width; + if (a2 > mmr->width) + a2 = mmr->width; +- if (a2 < a1 || a1 < 0) ++ if (a1 == MINUS1 || a2 < a1) + return -1; + jbig2_set_bits(dst, a1, a2); + a0 = a2; +@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + a1 = mmr->width; + if (a2 > mmr->width) + a2 = mmr->width; +- if (a1 < a0 || a0 < 0) ++ if (a0 == MINUS1 || a1 < a0) + return -1; + jbig2_set_bits(dst, a0, a1); + a0 = a2; +@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); + b2 = jbig2_find_changing_element(ref, b1, mmr->width); + if (c) { +- if (b2 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b2 < a0) + return -1; + jbig2_set_bits(dst, a0, b2); + } +@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + jbig2_decode_mmr_consume(mmr, 1); + b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); + if (c) { +- if (b1 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 < a0) + return -1; + jbig2_set_bits(dst, a0, b1); + } +@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + if (b1 + 1 > mmr->width) + break; + if (c) { +- if (b1 + 1 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 + 1 < a0) + return -1; + jbig2_set_bits(dst, a0, b1 + 1); + } +@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + if (b1 + 2 > mmr->width) + break; + if (c) { +- if (b1 + 2 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 + 2 < a0) + return -1; + jbig2_set_bits(dst, a0, b1 + 2); + } +@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + /* printf ("VR(3)\n"); */ + jbig2_decode_mmr_consume(mmr, 7); + b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); +- if (b1 + 3 > mmr->width) ++ if (b1 + 3 > (int)mmr->width) + break; + if (c) { +- if (b1 + 3 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 + 3 < a0) + return -1; + jbig2_set_bits(dst, a0, b1 + 3); + } +@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + /* printf ("VL(1)\n"); */ + jbig2_decode_mmr_consume(mmr, 3); + b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); +- if (b1 - 1 < 0) ++ if (b1 < 1) + break; + if (c) { +- if (b1 - 1 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 - 1 < a0) + return -1; + jbig2_set_bits(dst, a0, b1 - 1); + } +@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + /* printf ("VL(2)\n"); */ + jbig2_decode_mmr_consume(mmr, 6); + b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); +- if (b1 - 2 < 0) ++ if (b1 < 2) + break; + if (c) { + if (b1 - 2 < a0 || a0 < 0) +@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + /* printf ("VL(3)\n"); */ + jbig2_decode_mmr_consume(mmr, 7); + b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); +- if (b1 - 3 < 0) ++ if (b1 < 3) + break; + if (c) { +- if (b1 - 3 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 - 3 < a0) + return -1; + jbig2_set_bits(dst, a0, b1 - 3); + } +@@ -1009,10 +1011,10 @@ int + jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image) + { + Jbig2MmrCtx mmr; +- const int rowstride = image->stride; ++ const uint32_t rowstride = image->stride; + byte *dst = image->data; + byte *ref = NULL; +- int y; ++ uint32_t y; + int code = 0; + + jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size); +@@ -1047,10 +1049,10 @@ int + jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes) + { + Jbig2MmrCtx mmr; +- const int rowstride = image->stride; ++ const uint32_t rowstride = image->stride; + byte *dst = image->data; + byte *ref = NULL; +- int y; ++ uint32_t y; + int code = 0; + const uint32_t EOFB = 0x001001; + +diff --git a/jbig2_page.c b/jbig2_page.c +index 110ff7c..1ed1c8a 100644 +--- a/jbig2_page.c ++++ b/jbig2_page.c +@@ -155,9 +155,9 @@ int + jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data) + { + Jbig2Page page = ctx->pages[ctx->current_page]; +- int end_row; ++ uint32_t end_row; + +- end_row = jbig2_get_int32(segment_data); ++ end_row = jbig2_get_uint32(segment_data); + if (end_row < page.end_row) { + jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, + "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row); +@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x, + + /* grow the page to accomodate a new stripe if necessary */ + if (page->striped) { +- int new_height = y + image->height + page->end_row; ++ uint32_t new_height = y + image->height + page->end_row; + + if (page->image->height < new_height) { + jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height); +diff --git a/jbig2_priv.h b/jbig2_priv.h +index 42ba496..3d44b42 100644 +--- a/jbig2_priv.h ++++ b/jbig2_priv.h +@@ -132,7 +132,7 @@ struct _Jbig2Page { + uint32_t x_resolution, y_resolution; /* in pixels per meter */ + uint16_t stripe_size; + bool striped; +- int end_row; ++ uint32_t end_row; + uint8_t flags; + Jbig2Image *image; + }; +@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm + typedef struct _Jbig2WordStream Jbig2WordStream; + + struct _Jbig2WordStream { +- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word); ++ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word); + }; + + Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size); +diff --git a/jbig2_segment.c b/jbig2_segment.c +index 2e0db67..5b63706 100644 +--- a/jbig2_segment.c ++++ b/jbig2_segment.c +@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t + uint8_t rtscarf; + uint32_t rtscarf_long; + uint32_t *referred_to_segments; +- int referred_to_segment_count; +- int referred_to_segment_size; +- int pa_size; +- int offset; ++ uint32_t referred_to_segment_count; ++ uint32_t referred_to_segment_size; ++ uint32_t pa_size; ++ uint32_t offset; + + /* minimum possible size of a jbig2 segment header */ + if (buf_size < 11) +@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t + + /* 7.2.5 */ + if (referred_to_segment_count) { +- int i; ++ uint32_t i; + + referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size); + if (referred_to_segments == NULL) { +diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c +index 2c71a4c..11a2252 100644 +--- a/jbig2_symbol_dict.c ++++ b/jbig2_symbol_dict.c +@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment) + + /* return a new empty symbol dict */ + Jbig2SymbolDict * +-jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols) ++jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols) + { +- Jbig2SymbolDict *new = NULL; ++ Jbig2SymbolDict *new_dict = NULL; + + if (n_symbols < 0) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols); + return NULL; + } + +- new = jbig2_new(ctx, Jbig2SymbolDict, 1); +- if (new != NULL) { +- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); +- new->n_symbols = n_symbols; ++ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1); ++ if (new_dict != NULL) { ++ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); ++ new_dict->n_symbols = n_symbols; + } else { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict"); + return NULL; + } + +- if (new->glyphs != NULL) { +- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *)); ++ if (new_dict->glyphs != NULL) { ++ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *)); + } else { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict"); +- jbig2_free(ctx->allocator, new); ++ jbig2_free(ctx->allocator, new_dict); + return NULL; + } + +- return new; ++ return new_dict; + } + + /* release the memory associated with a symbol dict */ + void + jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict) + { +- int i; ++ uint32_t i; + + if (dict == NULL) + return; +@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id) + } + + /* count the number of dictionary segments referred to by the given segment */ +-int ++uint32_t + jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) + { + int index; + Jbig2Segment *rsegment; +- int n_dicts = 0; ++ uint32_t n_dicts = 0; + + for (index = 0; index < segment->referred_to_segment_count; index++) { + rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]); +@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) + int index; + Jbig2Segment *rsegment; + Jbig2SymbolDict **dicts; +- int n_dicts = jbig2_sd_count_referred(ctx, segment); +- int dindex = 0; ++ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); ++ uint32_t dindex = 0; + + dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts); + if (dicts == NULL) { +@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) + /* generate a new symbol dictionary by concatenating a list of + existing dictionaries */ + Jbig2SymbolDict * +-jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) ++jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts) + { +- int i, j, k, symbols; +- Jbig2SymbolDict *new = NULL; ++ uint32_t i, j, k, symbols; ++ Jbig2SymbolDict *new_dict = NULL; + + /* count the imported symbols and allocate a new array */ + symbols = 0; +@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) + symbols += dicts[i]->n_symbols; + + /* fill a new array with cloned glyph pointers */ +- new = jbig2_sd_new(ctx, symbols); +- if (new != NULL) { ++ new_dict = jbig2_sd_new(ctx, symbols); ++ if (new_dict != NULL) { + k = 0; + for (i = 0; i < n_dicts; i++) + for (j = 0; j < dicts[i]->n_symbols; j++) +- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); ++ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); + } else { + jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary"); + } + +- return new; ++ return new_dict; + } + + /* Decoding routines */ +@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + + if (REFAGGNINST > 1) { + Jbig2Image *image; +- int i; ++ uint32_t i; + + if (tparams == NULL) { + /* First time through, we need to initialise the */ +@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + uint32_t ID; + int32_t RDX, RDY; + int BMSIZE = 0; +- int ninsyms = params->SDNUMINSYMS; ++ uint32_t ninsyms = params->SDNUMINSYMS; + int code1 = 0; + int code2 = 0; + int code3 = 0; +@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + if (params->SDHUFF && !params->SDREFAGG) { + /* 6.5.9 */ + Jbig2Image *image; +- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); +- int j, x; ++ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); ++ uint32_t j; ++ int x; + + if (code || (BMSIZE < 0)) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!"); +@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary"); + goto cleanup4; + } else { +- int i = 0; +- int j = 0; +- int k; ++ uint32_t i = 0; ++ uint32_t j = 0; ++ uint32_t k; + int exflag = 0; +- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS; +- int32_t exrunlength; ++ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS; ++ uint32_t exrunlength; + int zerolength = 0; + + while (i < limit) { + if (params->SDHUFF) + exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code); + else +- code = jbig2_arith_int_decode(IAEX, as, &exrunlength); ++ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength); + /* prevent infinite loop */ + zerolength = exrunlength > 0 ? 0 : zerolength + 1; +- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) { ++ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { + if (code) + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols"); + else if (exrunlength <= 0) +@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen + { + Jbig2SymbolDictParams params; + uint16_t flags; +- int sdat_bytes; +- int offset; ++ uint32_t sdat_bytes; ++ uint32_t offset; + Jbig2ArithCx *GB_stats = NULL; + Jbig2ArithCx *GR_stats = NULL; + int table_index = 0; +@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen + + /* 7.4.2.2 (2) */ + { +- int n_dicts = jbig2_sd_count_referred(ctx, segment); ++ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); + Jbig2SymbolDict **dicts = NULL; + + if (n_dicts > 0) { +diff --git a/jbig2_symbol_dict.h b/jbig2_symbol_dict.h +index d56d62d..30211d4 100644 +--- a/jbig2_symbol_dict.h ++++ b/jbig2_symbol_dict.h +@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se + Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id); + + /* return a new empty symbol dict */ +-Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols); ++Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols); + + /* release the memory associated with a symbol dict */ + void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict); + + /* generate a new symbol dictionary by concatenating a list of + existing dictionaries */ +-Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts); ++Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts); + + /* count the number of dictionary segments referred + to by the given segment */ +-int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); ++uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); + + /* return an array of pointers to symbol dictionaries referred + to by a segment */ +diff --git a/jbig2_text.c b/jbig2_text.c +index 5c99640..e77460f 100644 +--- a/jbig2_text.c ++++ b/jbig2_text.c +@@ -55,7 +55,7 @@ + int + jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, + const Jbig2TextRegionParams *params, +- const Jbig2SymbolDict *const *dicts, const int n_dicts, ++ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts, + Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws) + { + /* relevent bits of 6.4.4 */ +@@ -476,19 +476,19 @@ cleanup2: + int + jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data) + { +- int offset = 0; ++ uint32_t offset = 0; + Jbig2RegionSegmentInfo region_info; + Jbig2TextRegionParams params; + Jbig2Image *image = NULL; + Jbig2SymbolDict **dicts = NULL; +- int n_dicts = 0; ++ uint32_t n_dicts = 0; + uint16_t flags = 0; + uint16_t huffman_flags = 0; + Jbig2ArithCx *GR_stats = NULL; + int code = 0; + Jbig2WordStream *ws = NULL; + Jbig2ArithState *as = NULL; +- int table_index = 0; ++ uint32_t table_index = 0; + const Jbig2HuffmanParams *huffman_params = NULL; + + /* 7.4.1 */ +@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data + code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?"); + goto cleanup1; + } else { +- int index; ++ uint32_t index; + + if (dicts[0] == NULL) { + code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!"); +@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data + } + + if (!params.SBHUFF) { +- int SBSYMCODELEN, index; +- int SBNUMSYMS = 0; ++ uint32_t SBSYMCODELEN, index; ++ uint32_t SBNUMSYMS = 0; + + for (index = 0; index < n_dicts; index++) { + SBNUMSYMS += dicts[index]->n_symbols; +@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data + } + + /* Table 31 */ +- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) { ++ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) { + } + params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN); + params.IARI = jbig2_arith_int_ctx_new(ctx); +diff --git a/jbig2_text.h b/jbig2_text.h +index aec2732..51d242e 100644 +--- a/jbig2_text.h ++++ b/jbig2_text.h +@@ -70,5 +70,5 @@ typedef struct { + int + jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, + const Jbig2TextRegionParams *params, +- const Jbig2SymbolDict *const *dicts, const int n_dicts, ++ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts, + Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws); +-- +2.11.1 + diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch new file mode 100644 index 000000000000..e8ffccd45344 --- /dev/null +++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7885.patch @@ -0,0 +1,29 @@ +From b184e783702246e154294326d03d9abda669fcfa Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 3 May 2017 22:06:01 +0100 +Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability. + +Add extra check for the offset being greater than the size +of the image and hence reading off the end of the buffer. + +Thank you to Dai Ge for finding this issue and suggesting a patch. +--- + jbig2dec/jbig2_symbol_dict.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c +index 4acaba9d0..36225cb1f 100644 +--- a/jbig2_symbol_dict.c ++++ b/jbig2_symbol_dict.c +@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + byte *dst = image->data; + + /* SumatraPDF: prevent read access violation */ +- if (size - jbig2_huffman_offset(hs) < image->height * stride) { ++ if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride, + size - jbig2_huffman_offset(hs)); + jbig2_image_release(ctx, image); +-- +2.13.1 + diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch new file mode 100644 index 000000000000..d5e62762b9a5 --- /dev/null +++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7975.patch @@ -0,0 +1,31 @@ +From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 26 Apr 2017 22:12:14 +0100 +Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow. + +While building a Huffman table, the start and end points were susceptible +to integer overflow. + +Thank you to Jiaqi for finding this issue and suggesting a patch. +--- + jbig2dec/jbig2_huffman.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c +index 511e46170..b4189a12c 100644 +--- a/jbig2_huffman.c ++++ b/jbig2_huffman.c +@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params) + + if (PREFLEN == CURLEN) { + int RANGELEN = lines[CURTEMP].RANGELEN; +- int start_j = CURCODE << shift; +- int end_j = (CURCODE + 1) << shift; ++ uint32_t start_j = CURCODE << shift; ++ uint32_t end_j = (CURCODE + 1) << shift; + byte eflags = 0; + + if (end_j > max_j) { +-- +2.13.1 + diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch new file mode 100644 index 000000000000..c6dbd182c616 --- /dev/null +++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-7976.patch @@ -0,0 +1,29 @@ +From ed6c5133a1004ce8d38f1b44de85a7186feda95e Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 10 May 2017 17:50:39 +0100 +Subject: [PATCH] Bug 697683: Bounds check before reading from image source + data. + +Add extra check to prevent reading off the end of the image source +data buffer. + +Thank you to Dai Ge for finding this issue and suggesting a patch. +--- + jbig2dec/jbig2_image.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Backported dilfridge@g.o + +diff -ruN jbig2dec-0.13.orig/jbig2_image.c jbig2dec-0.13/jbig2_image.c +--- jbig2dec-0.13.orig/jbig2_image.c 2017-06-10 01:41:16.207939489 +0200 ++++ jbig2dec-0.13/jbig2_image.c 2017-06-10 01:46:28.009952461 +0200 +@@ -256,7 +256,8 @@ + /* general OR case */ + s = ss; + d = dd = dst->data + y * dst->stride + leftbyte; +- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { ++ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride || ++ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) { + return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); + } + if (leftbyte == rightbyte) { diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch new file mode 100644 index 000000000000..789ed6c96568 --- /dev/null +++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch @@ -0,0 +1,31 @@ +From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 24 May 2017 19:29:57 +0100 +Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored. + +The return code from jbig2_decode_text_region was being ignored so the +code continued to try and parse the invalid file using incomplete/empty +structures. +--- + jbig2dec/jbig2_symbol_dict.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c +index 3cc1731..672425d 100644 +--- a/jbig2_symbol_dict.c ++++ b/jbig2_symbol_dict.c +@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + } + + /* multiple symbols are handled as a text region */ +- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts, ++ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts, + n_refagg_dicts, image, data, size, GR_stats, as, ws); ++ if (code < 0) ++ goto cleanup4; + + SDNEWSYMS->glyphs[NSYMSDECODED] = image; + refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]); +-- +2.9.1 + diff --git a/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild b/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild new file mode 100644 index 000000000000..38e94e73b33f --- /dev/null +++ b/media-libs/jbig2dec/jbig2dec-0.13-r4.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DESCRIPTION="A decoder implementation of the JBIG2 image compression format" +HOMEPAGE="http://ghostscript.com/jbig2dec.html" +SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz + test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )" + +LICENSE="AGPL-3" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x86-solaris" +IUSE="png static-libs test" + +RDEPEND="png? ( media-libs/libpng:0= )" +DEPEND="${RDEPEND} + test? ( app-arch/unzip )" + +RESTRICT="test" +# bug 324275 + +DOCS="CHANGES README" + +PATCHES=( + "${FILESDIR}/${P}-CVE-2016-9601.patch" + "${FILESDIR}/${P}-CVE-2017-9216.patch" + "${FILESDIR}/${P}-CVE-2017-7885.patch" + "${FILESDIR}/${P}-CVE-2017-7975.patch" + "${FILESDIR}/${P}-CVE-2017-7976.patch" +) + +src_prepare() { + default + + if use test; then + mkdir "${WORKDIR}/ubc" || die + mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" || die + mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" || die + fi +} + +src_configure() { + econf \ + $(use_enable static-libs static) \ + $(use_with png libpng) +} + +src_install() { + default + find "${ED}" -name '*.la' -exec rm {} + || die +} diff --git a/media-libs/jbig2dec/jbig2dec-0.14.ebuild b/media-libs/jbig2dec/jbig2dec-0.14.ebuild new file mode 100644 index 000000000000..ce8602ec84b5 --- /dev/null +++ b/media-libs/jbig2dec/jbig2dec-0.14.ebuild @@ -0,0 +1,44 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DESCRIPTION="A decoder implementation of the JBIG2 image compression format" +HOMEPAGE="http://ghostscript.com/jbig2dec.html" +SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz + test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )" + +LICENSE="AGPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x86-solaris" +IUSE="png static-libs test" + +RDEPEND="png? ( media-libs/libpng:0= )" +DEPEND="${RDEPEND} + test? ( app-arch/unzip )" + +RESTRICT="test" +# bug 324275 + +DOCS=( CHANGES README ) + +src_prepare() { + default + + if use test; then + mkdir "${WORKDIR}/ubc" || die + mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" || die + mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" || die + fi +} + +src_configure() { + econf \ + $(use_enable static-libs static) \ + $(use_with png libpng) +} + +src_install() { + default + find "${ED}" -name '*.la' -exec rm {} + || die +} diff --git a/media-libs/jbig2dec/metadata.xml b/media-libs/jbig2dec/metadata.xml new file mode 100644 index 000000000000..f38100eccb08 --- /dev/null +++ b/media-libs/jbig2dec/metadata.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>graphics@gentoo.org</email> + <name>Gentoo Graphics Project</name> + </maintainer> + <maintainer type="project"> + <email>printing@gentoo.org</email> + <name>Gentoo Printing Project</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">jbig2dec</remote-id> + </upstream> +</pkgmetadata> |