//========================================================================
#include <config.h>
-#include <limits.h>
#ifdef USE_GCC_PRAGMAS
#pragma implementation
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
+#include <limits.h>
#ifndef WIN32
#include <unistd.h>
#endif
StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
int widthA, int nCompsA, int nBitsA) {
- int totalBits;
-
str = strA;
predictor = predictorA;
width = widthA;
predLine = NULL;
ok = gFalse;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX/nBits ||
- width >= INT_MAX/nComps/nBits) {
- return;
- }
nVals = width * nComps;
- totalBits = nVals * nBits;
- if (totalBits == 0 ||
- (totalBits / nBits) / nComps != width ||
- totalBits + 7 < 0) {
- return;
- }
pixBytes = (nComps * nBits + 7) >> 3;
- rowBytes = ((totalBits + 7) >> 3) + pixBytes;
- if (rowBytes < 0) {
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps > gfxColorMaxComps ||
+ nBits > 16 ||
+ width >= INT_MAX / nComps || // check for overflow in nVals
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
return;
}
predLine = (Guchar *)gmalloc(rowBytes);
endOfLine = endOfLineA;
byteAlign = byteAlignA;
columns = columnsA;
- if (columns < 1 || columns >= (INT_MAX / sizeof(short))) {
- error(getPos(), "Bad number of columns: %d in CCITTFaxStream", columns);
- exit(1);
+ if (columns < 1) {
+ columns = 1;
+ } else if (columns > INT_MAX - 2) {
+ columns = INT_MAX - 2;
}
rows = rowsA;
endOfBlock = endOfBlockA;
black = blackA;
- refLine = (short *)gmallocn(columns + 4, sizeof(short));
- codingLine = (short *)gmallocn(columns + 3, sizeof(short));
+ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
+ // ---> max codingLine size = columns + 1
+ // refLine has one extra guard entry at the end
+ // ---> max refLine size = columns + 2
+ codingLine = (int *)gmallocn(columns + 1, sizeof(int));
+ refLine = (int *)gmallocn(columns + 2, sizeof(int));
eof = gFalse;
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
- codingLine[0] = 0;
- codingLine[1] = refLine[2] = columns;
- a0 = 1;
+ codingLine[0] = columns;
+ a0i = 1;
+ outputBits = 0;
buf = EOF;
}
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
- codingLine[0] = 0;
- codingLine[1] = refLine[2] = columns;
- a0 = 1;
+ codingLine[0] = columns;
+ a0i = 1;
+ outputBits = 0;
buf = EOF;
// skip any initial zero bits and end-of-line marker, and get the 2D
}
}
+inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
+ if (a1 > codingLine[a0i]) {
+ if (a1 > columns) {
+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+ err = gTrue;
+ a1 = columns;
+ }
+ if ((a0i & 1) ^ blackPixels) {
+ ++a0i;
+ }
+ codingLine[a0i] = a1;
+ }
+}
+
+inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
+ if (a1 > codingLine[a0i]) {
+ if (a1 > columns) {
+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+ err = gTrue;
+ a1 = columns;
+ }
+ if ((a0i & 1) ^ blackPixels) {
+ ++a0i;
+ }
+ codingLine[a0i] = a1;
+ } else if (a1 < codingLine[a0i]) {
+ if (a1 < 0) {
+ error(getPos(), "Invalid CCITTFax code");
+ err = gTrue;
+ a1 = 0;
+ }
+ while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
+ --a0i;
+ }
+ codingLine[a0i] = a1;
+ }
+}
+
+
int CCITTFaxStream::lookChar() {
short code1, code2, code3;
- int a0New;
- GBool err, gotEOL;
- int ret;
- int bits, i;
+ int b1i, blackPixels, i, bits;
+ GBool gotEOL;
- // if at eof just return EOF
- if (eof && codingLine[a0] >= columns) {
- return EOF;
+ if (buf != EOF) {
+ return buf;
}
// read the next row
- err = gFalse;
- if (codingLine[a0] >= columns) {
+ if (outputBits == 0) {
+
+ // if at eof just return EOF
+ if (eof) {
+ return EOF;
+ }
+
+ err = gFalse;
// 2-D encoding
if (nextLine2D) {
for (i = 0; codingLine[i] < columns; ++i)
refLine[i] = codingLine[i];
- refLine[i] = refLine[i + 1] = columns;
- b1 = 1;
- a0New = codingLine[a0 = 0] = 0;
- do {
+ refLine[i++] = columns;
+ refLine[i] = columns;
+ codingLine[0] = 0;
+ a0i = 0;
+ b1i = 0;
+ blackPixels = 0;
+ // invariant:
+ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
+ // <= columns
+ // exception at left edge:
+ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
+ // exception at right edge:
+ // refLine[b1i] = refLine[b1i+1] = columns is possible
+ while (codingLine[a0i] < columns) {
code1 = getTwoDimCode();
switch (code1) {
case twoDimPass:
- if (refLine[b1] < columns) {
- a0New = refLine[b1 + 1];
- b1 += 2;
+ addPixels(refLine[b1i + 1], blackPixels);
+ if (refLine[b1i + 1] < columns) {
+ b1i += 2;
}
break;
case twoDimHoriz:
- if ((a0 & 1) == 0) {
- code1 = code2 = 0;
+ code1 = code2 = 0;
+ if (blackPixels) {
do {
- code1 += code3 = getWhiteCode();
+ code1 += code3 = getBlackCode();
} while (code3 >= 64);
do {
- code2 += code3 = getBlackCode();
+ code2 += code3 = getWhiteCode();
} while (code3 >= 64);
} else {
- code1 = code2 = 0;
do {
- code1 += code3 = getBlackCode();
+ code1 += code3 = getWhiteCode();
} while (code3 >= 64);
do {
- code2 += code3 = getWhiteCode();
+ code2 += code3 = getBlackCode();
} while (code3 >= 64);
}
- if (code1 > 0 || code2 > 0) {
- codingLine[a0 + 1] = a0New + code1;
- ++a0;
- a0New = codingLine[a0 + 1] = codingLine[a0] + code2;
- ++a0;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ addPixels(codingLine[a0i] + code1, blackPixels);
+ if (codingLine[a0i] < columns) {
+ addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
}
break;
- case twoDimVert0:
- a0New = codingLine[++a0] = refLine[b1];
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertR3:
+ addPixels(refLine[b1i] + 3, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertR1:
- a0New = codingLine[++a0] = refLine[b1] + 1;
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertR2:
+ addPixels(refLine[b1i] + 2, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertL1:
- if (a0 == 0 || refLine[b1] - 1 > a0New) {
- a0New = codingLine[++a0] = refLine[b1] - 1;
- --b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertR1:
+ addPixels(refLine[b1i] + 1, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertR2:
- a0New = codingLine[++a0] = refLine[b1] + 2;
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVert0:
+ addPixels(refLine[b1i], blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertL2:
- if (a0 == 0 || refLine[b1] - 2 > a0New) {
- a0New = codingLine[++a0] = refLine[b1] - 2;
- --b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertL3:
+ addPixelsNeg(refLine[b1i] - 3, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ if (b1i > 0) {
+ --b1i;
+ } else {
+ ++b1i;
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertR3:
- a0New = codingLine[++a0] = refLine[b1] + 3;
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertL2:
+ addPixelsNeg(refLine[b1i] - 2, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ if (b1i > 0) {
+ --b1i;
+ } else {
+ ++b1i;
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertL3:
- if (a0 == 0 || refLine[b1] - 3 > a0New) {
- a0New = codingLine[++a0] = refLine[b1] - 3;
- --b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertL1:
+ addPixelsNeg(refLine[b1i] - 1, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ if (b1i > 0) {
+ --b1i;
+ } else {
+ ++b1i;
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
case EOF:
+ addPixels(columns, 0);
eof = gTrue;
- codingLine[a0 = 0] = columns;
- return EOF;
+ break;
default:
error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
+ addPixels(columns, 0);
err = gTrue;
break;
}
- } while (codingLine[a0] < columns);
+ }
// 1-D encoding
} else {
- codingLine[a0 = 0] = 0;
- while (1) {
+ codingLine[0] = 0;
+ a0i = 0;
+ blackPixels = 0;
+ while (codingLine[a0i] < columns) {
code1 = 0;
- do {
- code1 += code3 = getWhiteCode();
- } while (code3 >= 64);
- codingLine[a0+1] = codingLine[a0] + code1;
- ++a0;
- if (codingLine[a0] >= columns)
- break;
- code2 = 0;
- do {
- code2 += code3 = getBlackCode();
- } while (code3 >= 64);
- codingLine[a0+1] = codingLine[a0] + code2;
- ++a0;
- if (codingLine[a0] >= columns)
- break;
- }
- }
-
- if (codingLine[a0] != columns) {
- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
- // force the row to be the correct length
- while (codingLine[a0] > columns) {
- --a0;
+ if (blackPixels) {
+ do {
+ code1 += code3 = getBlackCode();
+ } while (code3 >= 64);
+ } else {
+ do {
+ code1 += code3 = getWhiteCode();
+ } while (code3 >= 64);
+ }
+ addPixels(codingLine[a0i] + code1, blackPixels);
+ blackPixels ^= 1;
}
- codingLine[++a0] = columns;
- err = gTrue;
}
// byte-align the row
// this if we know the stream contains end-of-line markers because
// the "just plow on" technique tends to work better otherwise
} else if (err && endOfLine) {
- do {
+ while (1) {
+ code1 = lookBits(13);
if (code1 == EOF) {
eof = gTrue;
return EOF;
}
+ if ((code1 >> 1) == 0x001) {
+ break;
+ }
eatBits(1);
- code1 = lookBits(13);
- } while ((code1 >> 1) != 0x001);
+ }
eatBits(12);
if (encoding > 0) {
eatBits(1);
}
}
- a0 = 0;
- outputBits = codingLine[1] - codingLine[0];
- if (outputBits == 0) {
- a0 = 1;
- outputBits = codingLine[2] - codingLine[1];
+ // set up for output
+ if (codingLine[0] > 0) {
+ outputBits = codingLine[a0i = 0];
+ } else {
+ outputBits = codingLine[a0i = 1];
}
++row;
// get a byte
if (outputBits >= 8) {
- ret = ((a0 & 1) == 0) ? 0xff : 0x00;
- if ((outputBits -= 8) == 0) {
- ++a0;
- if (codingLine[a0] < columns) {
- outputBits = codingLine[a0 + 1] - codingLine[a0];
- }
+ buf = (a0i & 1) ? 0x00 : 0xff;
+ outputBits -= 8;
+ if (outputBits == 0 && codingLine[a0i] < columns) {
+ ++a0i;
+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
}
} else {
bits = 8;
- ret = 0;
+ buf = 0;
do {
if (outputBits > bits) {
- i = bits;
- bits = 0;
- if ((a0 & 1) == 0) {
- ret |= 0xff >> (8 - i);
+ buf <<= bits;
+ if (!(a0i & 1)) {
+ buf |= 0xff >> (8 - bits);
}
- outputBits -= i;
+ outputBits -= bits;
+ bits = 0;
} else {
- i = outputBits;
- bits -= outputBits;
- if ((a0 & 1) == 0) {
- ret |= (0xff >> (8 - i)) << bits;
+ buf <<= outputBits;
+ if (!(a0i & 1)) {
+ buf |= 0xff >> (8 - outputBits);
}
+ bits -= outputBits;
outputBits = 0;
- ++a0;
- if (codingLine[a0] < columns) {
- outputBits = codingLine[a0 + 1] - codingLine[a0];
+ if (codingLine[a0i] < columns) {
+ ++a0i;
+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
+ } else if (bits > 0) {
+ buf <<= bits;
+ bits = 0;
}
}
- } while (bits > 0 && codingLine[a0] < columns);
+ } while (bits);
+ }
+ if (black) {
+ buf ^= 0xff;
}
- buf = black ? (ret ^ 0xff) : ret;
return buf;
}
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(12);
+ if (code == EOF) {
+ return 1;
+ }
if ((code >> 5) == 0) {
p = &whiteTab1[code];
} else {
} else {
for (n = 1; n <= 9; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 9) {
code <<= 9 - n;
}
}
for (n = 11; n <= 12; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 12) {
code <<= 12 - n;
}
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(13);
+ if (code == EOF) {
+ return 1;
+ }
if ((code >> 7) == 0) {
p = &blackTab1[code];
- } else if ((code >> 9) == 0) {
+ } else if ((code >> 9) == 0 && (code >> 7) != 0) {
p = &blackTab2[(code >> 1) - 64];
} else {
p = &blackTab3[code >> 7];
} else {
for (n = 2; n <= 6; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 6) {
code <<= 6 - n;
}
}
for (n = 7; n <= 12; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 12) {
code <<= 12 - n;
}
}
for (n = 10; n <= 13; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 13) {
code <<= 13 - n;
}
// allocate a buffer for the whole image
bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
+ if (bufWidth <= 0 || bufHeight <= 0 ||
+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
+ error(getPos(), "Invalid image size in DCT stream");
+ y = height;
+ return;
+ }
for (i = 0; i < numComps; ++i) {
frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
width = read16();
numComps = str->getChar();
if (numComps <= 0 || numComps > 4) {
+ error(getPos(), "Bad number of components in DCT stream");
numComps = 0;
- error(getPos(), "Bad number of components in DCT stream", prec);
return gFalse;
}
if (prec != 8) {
height = read16();
width = read16();
numComps = str->getChar();
+ if (numComps <= 0 || numComps > 4) {
+ error(getPos(), "Bad number of components in DCT stream");
+ numComps = 0;
+ return gFalse;
+ }
if (prec != 8) {
error(getPos(), "Bad DCT precision %d", prec);
return gFalse;
length = read16() - 2;
scanInfo.numComps = str->getChar();
+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
+ error(getPos(), "Bad number of components in DCT stream");
+ scanInfo.numComps = 0;
+ return gFalse;
+ }
--length;
if (length != 2 * scanInfo.numComps + 3) {
error(getPos(), "Bad DCT scan info block");
}
scanInfo.firstCoeff = str->getChar();
scanInfo.lastCoeff = str->getChar();
+ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
+ scanInfo.firstCoeff > scanInfo.lastCoeff) {
+ error(getPos(), "Bad DCT coefficient numbers in scan info block");
+ return gFalse;
+ }
c = str->getChar();
scanInfo.ah = (c >> 4) & 0x0f;
scanInfo.al = c & 0x0f;
while (length > 0) {
index = str->getChar();
--length;
- if ((index & 0x0f) >= 4 || (index & ~0x1f)) {
+ if ((index & 0x0f) >= 4) {
error(getPos(), "Bad DCT Huffman table");
return gFalse;
}
numACHuffTables = index+1;
tbl = &acHuffTables[index];
} else {
+ index &= 0x0f;
if (index >= numDCHuffTables)
numDCHuffTables = index+1;
tbl = &dcHuffTables[index];
} while (c != 0xff && c != EOF);
do {
c = str->getChar();
- if (c == EOF) return EOF;
} while (c == 0xff);
} while (c == 0x00);
return c;
projects / thirdparty / cups.git / blobdiff