debian/0000775000000000000000000000000013107567500007174 5ustar debian/control0000664000000000000000000000357112055657036010612 0ustar Source: jbig2dec Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Jonas Smedegaard Build-Depends: cdbs (>= 0.4.70~), devscripts, libtool, automake1.11, autoconf, debhelper, dh-buildinfo, d-shlibs (>= 0.45~), libpng-dev, python Standards-Version: 3.9.2 Vcs-Git: git://git.debian.org/git/collab-maint/jbig2dec.git Vcs-Browser: http://git.debian.org/?p=collab-maint/jbig2dec.git;a=summary Homepage: http://jbig2dec.sourceforge.net/ Package: libjbig2dec0-dev Section: libdevel Depends: libjbig2dec0 (= ${binary:Version}), ${devlibs:Depends}, ${misc:Depends} Provides: libjbig2dec-dev Conflicts: libjbig2dec-dev Architecture: any Description: JBIG2 decoder library - development files jbig2dec is a decoder library and example utility implementing the JBIG2 bi-level image compression spec. Also known as ITU T.88 and ISO IEC 14492, and included by reference in Adobe's PDF version 1.4 and later. . This package contains the development headers and static library. Package: libjbig2dec0 Section: libs Depends: ${shlibs:Depends}, ${misc:Depends} Architecture: any Description: JBIG2 decoder library - shared libraries jbig2dec is a decoder library and example utility implementing the JBIG2 bi-level image compression spec. Also known as ITU T.88 and ISO IEC 14492, and included by reference in Adobe's PDF version 1.4 and later. . This package contains the shared library libjbig2dec. Package: jbig2dec Section: graphics Depends: ${shlibs:Depends}, ${misc:Depends} Architecture: any Description: JBIG2 decoder library - tools jbig2dec is a decoder library and example utility implementing the JBIG2 bi-level image compression spec. Also known as ITU T.88 and ISO IEC 14492, and included by reference in Adobe's PDF version 1.4 and later. . This package contains the command-line utility jbig2dec. debian/control.in0000664000000000000000000000336612055657036011221 0ustar Source: jbig2dec Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Jonas Smedegaard Build-Depends: @cdbs@ Standards-Version: 3.9.2 Vcs-Git: git://git.debian.org/git/collab-maint/jbig2dec.git Vcs-Browser: http://git.debian.org/?p=collab-maint/jbig2dec.git;a=summary Homepage: http://jbig2dec.sourceforge.net/ Package: libjbig2dec0-dev Section: libdevel Depends: libjbig2dec0 (= ${binary:Version}), ${devlibs:Depends}, ${misc:Depends} Provides: libjbig2dec-dev Conflicts: libjbig2dec-dev Architecture: any Description: JBIG2 decoder library - development files jbig2dec is a decoder library and example utility implementing the JBIG2 bi-level image compression spec. Also known as ITU T.88 and ISO IEC 14492, and included by reference in Adobe's PDF version 1.4 and later. . This package contains the development headers and static library. Package: libjbig2dec0 Section: libs Depends: ${shlibs:Depends}, ${misc:Depends} Architecture: any Description: JBIG2 decoder library - shared libraries jbig2dec is a decoder library and example utility implementing the JBIG2 bi-level image compression spec. Also known as ITU T.88 and ISO IEC 14492, and included by reference in Adobe's PDF version 1.4 and later. . This package contains the shared library libjbig2dec. Package: jbig2dec Section: graphics Depends: ${shlibs:Depends}, ${misc:Depends} Architecture: any Description: JBIG2 decoder library - tools jbig2dec is a decoder library and example utility implementing the JBIG2 bi-level image compression spec. Also known as ITU T.88 and ISO IEC 14492, and included by reference in Adobe's PDF version 1.4 and later. . This package contains the command-line utility jbig2dec. debian/README.source0000664000000000000000000000361312055657036011363 0ustar Building this package for Debian -------------------------------- This source package need no special handling for normal package builds. Developing this package for Debian ---------------------------------- The source of this package is developed using git and the helper tool git-buildpackage, with all official releases tagged and signed and binary diffs of tarballs stored using pristine-tar. This is documented below /usr/share/doc/git-buildpackage/manual-html/ . A custom build target shows current upstream and packaging versions: debian/rules print-version Current upstream tarball can be prepared using this other build target: debian/rules get-orig-source To switch to newer upstream source, first add a dummy changelog entry and comment out DEB_UPSTREAM_TARBALL_MD5 before getting the source: dch -v ${new_upstream_version}-1 "Dummy changelog entry" sed -i -e 's/^\(DEB_UPSTREAM_TARBALL_MD5\b\)/#\1/' debian/rules debian/rules get-orig-source Store new md5sum to help ensure identical source is received later. Setting DEB_MAINTAINER_MODE=1 enables additional build routines helpful during development of the package, but unfit for normal builds. This typically includes the CDBS feature of auto-updating debian/control with CDBS-related build-dependencies, which is forbidden by Debian Policy as build environment must not change during automated builds. Maintaining packaging build routines ------------------------------------ This source package wraps debhelper commands and other tedious parts of the build routines using the CDBS framework. Please refer to the actual makefile snippets included from debian/rules for details on their purpose and ways to override defaults. Additionally, makefile snippets included from below /usr/share/cdbs may also be documented in /usr/share/doc/cdbs/cdbs-doc.pdf.gz . -- Jonas Smedegaard Thu, 26 Feb 2009 21:28:29 +0100 debian/changelog0000664000000000000000000000770413107567500011056 0ustar jbig2dec (0.11+20120125-1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: integer overflow in jbig2_image_new - debian/patches/CVE-2016-9601-pre*.patch: backport misc fixes. - debian/patches/CVE-2016-9601-1.patch: fix signed/unsigned warnings in jbig2.c, jbig2.h, jbig2_generic.c, jbig2_halftone.c, jbig2_huffman.c, jbig2_huffman.h, jbig2_image.c, jbig2_mmr.c, jbig2_page.c, jbig2_priv.h, jbig2_segment.c, jbig2_symbol_dict.c, jbig2_symbol_dict.h, jbig2_text.c, jbig2_text.h. - debian/patches/CVE-2016-9601-2.patch: fix warnings in jbig2_image.c, jbig2_mmr.c, jbig2_symbol_dict.c. - CVE-2016-9601 * SECURITY UPDATE: integer overflow in big2_decode_symbol_dict - debian/patches/CVE-2017-7885.patch: add extra check to jbig2_symbol_dict.c. - CVE-2017-7885 * SECURITY UPDATE: integer overflow in jbig2_build_huffman_table - debian/patches/CVE-2017-7975.patch: use uint32_t in jbig2_huffman.c. - CVE-2017-7975 * SECURITY UPDATE: integer overflow in jbig2_image_compose - debian/patches/CVE-2017-7976.patch: add bounds check to jbig2_image.c. - CVE-2017-7976 -- Marc Deslauriers Fri, 19 May 2017 09:11:39 -0400 jbig2dec (0.11+20120125-1ubuntu1) raring; urgency=low * Merge from Debian unstable. Remaining changes: - debian/libjbig2dec0.symbols: Added symbols file, generated and updated by "dpkg-gensymbols -plibjbig2dec0 -Pdebian/libjbig2dec0/". * Update symbols file based on dpkg-gensymbols diff in pbuilder. * Update to Ubuntu maintainer. -- Logan Rosen Thu, 15 Nov 2012 00:32:40 -0500 jbig2dec (0.11+20120125-1) unstable; urgency=low * New snapshot of upstream git. * Autogenerate autotools. * Add patches cherry-picked from Ghostscript: 1002: Prevent composition if src outside clip region. 1003: Implement generic refinement region when TPGRON is TRUE. * Add patch 1004 to add config_types.h.in (not create in autogen.sh). * Fix strip editing noise from copyright file. * Fix watch file to cover current release: Ignore compression suffix. * Bump debhelper compat level to 7. * Bump standards-version to 3.9.2. * Simplify *.install file, thanks to debhelper compat level 7. * Ease building with git-buildpackage: Git-ignore .pc dir. * Update copyright file: + Reformat using rev. 174 of draft DEP-5 syntax. + Fix declare exceptions as such. + Fix include Expat~X license verbatim (adding "Some files differ..." to License field violates need for "verbatim copy"). + Separate comments from License field in GNU License sections, shorten comments and quote license in them. + Rename licenses to better match recent DEP5 draft (e.g. avoid "other" prefix). + Rewrap License sections at 72 chars. + Fix reference GNU licenses versioned. + Document in Comment field of AFPL License section the lack of actual licensing text: license unused by Debian. + Extend copyright years. * Update package relations: + Relax build-depend unversioned on debhelper and devscripts (needed versions satisfied even in oldstable). + Build-depend on libtool, automake1.11 and autoconf. + Tighten build-dependency on d-shlibs. * Stop installing -la file. Closes bug#621683. Thanks to Neil Williams. -- Jonas Smedegaard Fri, 10 Feb 2012 17:44:51 +0100 jbig2dec (0.11-1ubuntu2) quantal; urgency=low * Rebuild for new armel compiler default of ARMv5t. -- Colin Watson Thu, 04 Oct 2012 09:17:57 +0100 jbig2dec (0.11-1ubuntu1) natty; urgency=low * debian/libjbig2dec0.symbols: Added symbols file, generated and updated by "dpkg-gensymbols -plibjbig2dec0 -Pdebian/libjbig2dec0/". -- Till Kamppeter Mon, 10 Jan 2011 19:01:36 +0100 jbig2dec (0.11-1) unstable; urgency=low * Initial release. Closes: bug#539965. -- Jonas Smedegaard Wed, 21 Apr 2010 21:06:47 +0200 debian/source.lintian-overrides0000664000000000000000000000026712055657036014066 0ustar # overridden at build time, thanks to CDBS jbig2dec source: ancient-autotools-helper-file config.guess 2003-10-03 jbig2dec source: ancient-autotools-helper-file config.sub 2003-08-18 debian/source/0000775000000000000000000000000012055661152010473 5ustar debian/source/format0000664000000000000000000000001412055657036011707 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212055657036010377 0ustar 7 debian/patches/0000775000000000000000000000000013107575412010624 5ustar debian/patches/CVE-2016-9601-1.patch0000664000000000000000000007326713107575412013422 0ustar Backport of: From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Mon, 12 Dec 2016 17:47:17 +0000 Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build. Also rename "new" to "new_dict", because "new" is a bad variable name. --- jbig2.c | 4 +-- jbig2.h | 8 +++--- jbig2_generic.c | 2 +- jbig2_halftone.c | 24 ++++++++---------- jbig2_huffman.c | 10 ++++---- jbig2_huffman.h | 2 +- jbig2_image.c | 32 +++++++++++------------ jbig2_mmr.c | 66 +++++++++++++++++++++++++----------------------- jbig2_page.c | 6 ++--- jbig2_priv.h | 4 +-- jbig2_segment.c | 10 ++++---- jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++-------------------------- jbig2_symbol_dict.h | 6 ++--- jbig2_text.c | 16 ++++++------ jbig2_text.h | 2 +- 15 files changed, 134 insertions(+), 131 deletions(-) Index: jbig2dec-0.11+20120125/jbig2.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2.c 2017-05-19 10:01:21.755610523 -0400 @@ -427,7 +427,7 @@ typedef struct { } Jbig2WordStreamBuf; static uint32_t -jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset) +jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset) { Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *)self; const byte *data = z->data; @@ -440,7 +440,7 @@ jbig2_word_stream_buf_get_next_word(Jbig return 0; else { - int i; + size_t i; result = 0; for (i = 0; i < z->size - offset; i++) Index: jbig2dec-0.11+20120125/jbig2.h =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2.h 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2.h 2017-05-19 10:01:21.755610523 -0400 @@ -51,18 +51,20 @@ typedef struct _Jbig2SymbolDictionary Jb */ struct _Jbig2Image { - int width, height, stride; + uint32_t width; + uint32_t height; + uint32_t stride; uint8_t *data; int refcount; }; -Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, int width, int height); +Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height); Jbig2Image* jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image); void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image); void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image); void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value); Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, - int width, int height); + uint32_t width, uint32_t height); /* errors are returned from the library via a callback. If no callback is provided (a NULL argument is passed ot jbig2_ctx_new) a default Index: jbig2dec-0.11+20120125/jbig2_generic.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_generic.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_generic.c 2017-05-19 10:01:21.755610523 -0400 @@ -767,7 +767,7 @@ jbig2_immediate_generic_region(Jbig2Ctx byte seg_flags; int8_t gbat[8]; int offset; - int gbat_bytes = 0; + uint32_t gbat_bytes = 0; Jbig2GenericRegionParams params; int code = 0; Jbig2Image *image = NULL; Index: jbig2dec-0.11+20120125/jbig2_halftone.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_halftone.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_halftone.c 2017-05-19 10:01:49.911966455 -0400 @@ -279,8 +279,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx * { uint8_t **GSVALS = NULL; size_t consumed_bytes = 0; - int i, j, code, stride; - int x, y; + uint32_t i, j, stride, x, y; + int code; Jbig2Image **GSPLANES; Jbig2GenericRegionParams rparams; Jbig2WordStream *ws = NULL; @@ -300,9 +300,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx * jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH); /* free already allocated */ - for (j = i-1; j >= 0; --j) { - jbig2_image_release(ctx, GSPLANES[j]); - } + for (j = i; j > 0;) + jbig2_image_release(ctx, GSPLANES[--j]); jbig2_free(ctx->allocator, GSPLANES); return NULL; } @@ -354,9 +353,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx * } /* C.5 step 2. Set j = GSBPP-2 */ - j = GSBPP - 2; + j = GSBPP - 1; /* C.5 step 3. decode loop */ - while(j >= 0) { + while(j > 0) { + j--; /* C.5 step 3. (a) */ if (GSMMR) { code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, @@ -380,7 +380,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx * GSPLANES[j]->data[i] ^= GSPLANES[j+1]->data[i]; /* C.5 step 3. (c) */ - --j; } /* allocate GSVALS */ @@ -396,9 +395,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx * jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW); /* free already allocated */ - for (j = i-1; j >= 0; --j) { - jbig2_free(ctx->allocator, GSVALS[j]); - } + for (j = i; j > 0;) + jbig2_free(ctx->allocator, GSVALS[--j]); jbig2_free(ctx->allocator, GSVALS); GSVALS = NULL; goto cleanup; @@ -490,7 +488,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *c uint8_t **GI; Jbig2Image *HSKIP = NULL; Jbig2PatternDict * HPATS; - int i; + uint32_t i; uint32_t mg, ng; int32_t x, y; uint8_t gray_val; @@ -518,7 +516,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *c /* calculate ceil(log2(HNUMPATS)) */ HBPP = 0; - while(HNUMPATS > (1 << ++HBPP)); + while(HNUMPATS > (1U << ++HBPP)); /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */ GI = jbig2_decode_gray_scale_image(ctx, segment, data, size, Index: jbig2dec-0.11+20120125/jbig2_huffman.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_huffman.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_huffman.c 2017-05-19 10:01:21.755610523 -0400 @@ -45,8 +45,8 @@ struct _Jbig2HuffmanState { is (offset + 4) * 8. */ uint32_t this_word; uint32_t next_word; - int offset_bits; - int offset; + uint32_t offset_bits; + uint32_t offset; Jbig2WordStream *ws; }; @@ -197,7 +197,7 @@ void jbig2_huffman_advance(Jbig2HuffmanS /* return the offset of the huffman decode pointer (in bytes) * from the beginning of the WordStream */ -int +uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs) { return hs->offset + (hs->offset_bits >> 3); Index: jbig2dec-0.11+20120125/jbig2_huffman.h =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_huffman.h 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_huffman.h 2017-05-19 10:01:21.755610523 -0400 @@ -63,7 +63,7 @@ jbig2_huffman_skip(Jbig2HuffmanState *hs void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset); -int +uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs); int32_t Index: jbig2dec-0.11+20120125/jbig2_image.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_image.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_image.c 2017-05-19 10:01:21.755610523 -0400 @@ -28,10 +28,10 @@ /* allocate a Jbig2Image structure and its associated bitmap */ -Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, int width, int height) +Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height) { Jbig2Image *image; - int stride; + uint32_t stride; image = jbig2_new(ctx, Jbig2Image, 1); if (image == NULL) { @@ -84,7 +84,7 @@ void jbig2_image_free(Jbig2Ctx *ctx, Jbi /* resize a Jbig2Image */ Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, - int width, int height) + uint32_t width, uint32_t height) { if (width == image->width) { /* use the same stride, just change the length */ @@ -115,11 +115,11 @@ int jbig2_image_compose_unopt(Jbig2Ctx * Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) { - int i, j; - int sw = src->width; - int sh = src->height; - int sx = 0; - int sy = 0; + uint32_t i, j; + uint32_t sw = src->width; + uint32_t sh = src->height; + uint32_t sx = 0; + uint32_t sy = 0; /* clip to the dst image boundaries */ if (x < 0) { sx += -x; sw -= -x; x = 0; } @@ -181,10 +181,10 @@ int jbig2_image_compose_unopt(Jbig2Ctx * int jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) { - int i, j; - int w, h; - int leftbyte, rightbyte; - int shift; + uint32_t i, j; + uint32_t w, h; + uint32_t leftbyte, rightbyte; + uint32_t shift; uint8_t *s, *ss; uint8_t *d, *dd; uint8_t mask, rightmask; @@ -201,8 +201,8 @@ int jbig2_image_compose(Jbig2Ctx *ctx, J if (x < 0) { w += x; x = 0; } if (y < 0) { h += y; y = 0; } - w = (x + w < dst->width) ? w : dst->width - x; - h = (y + h < dst->height) ? h : dst->height - y; + w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0); + h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0); #ifdef JBIG2_DEBUG jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", @@ -228,8 +228,8 @@ int jbig2_image_compose(Jbig2Ctx *ctx, J } #endif - leftbyte = x >> 3; - rightbyte = (x + w - 1) >> 3; + leftbyte = (uint32_t)x >> 3; + rightbyte = ((uint32_t)x + w - 1) >> 3; shift = x & 7; /* general OR case */ Index: jbig2dec-0.11+20120125/jbig2_mmr.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_mmr.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_mmr.c 2017-05-19 10:01:21.755610523 -0400 @@ -37,20 +37,21 @@ #include "jbig2_mmr.h" typedef struct { - int width; - int height; + uint32_t width; + uint32_t height; const byte *data; size_t size; - int data_index; - int bit_index; + uint32_t data_index; + uint32_t bit_index; uint32_t word; } Jbig2MmrCtx; +#define MINUS1 ((uint32_t)-1) static void jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size) { - int i; + size_t i; uint32_t word = 0; mmr->width = width; @@ -732,14 +733,14 @@ const mmr_table_node jbig2_mmr_black_dec #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 ) static int -jbig2_find_changing_element(const byte *line, int x, int w) +jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w) { int a, b; if (line == 0) - return w; + return (int)w; - if (x == -1) { + if (x == MINUS1) { a = 0; x = 0; } @@ -759,7 +760,7 @@ jbig2_find_changing_element(const byte * } static int -jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color) +jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color) { if (line == 0) return w; @@ -773,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE }; static void -jbig2_set_bits(byte *line, int x0, int x1) +jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1) { - int a0, a1, b0, b1, a; + uint32_t a0, a1, b0, b1, a; a0 = x0 >> 3; a1 = x1 >> 3; @@ -832,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, c static int jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) { - int a0 = -1; - int a1, a2, b1, b2; + uint32_t a0 = MINUS1; + uint32_t a1, a2, b1, b2; int c = 0; /* 0 is white, black is 1 */ while (1) @@ -841,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, uint32_t word = mmr->word; /* printf ("%08x\n", word); */ - if (a0 >= mmr->width) + if (a0 != MINUS1 && a0 >= mmr->width) break; if ((word >> (32 - 3)) == 1) @@ -850,7 +851,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 3); - if (a0 == -1) + if (a0 == MINUS1) a0 = 0; if (c == 0) { @@ -860,7 +861,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, a2 = a1 + black_run; if (a1 > mmr->width) a1 = mmr->width; if (a2 > mmr->width) a2 = mmr->width; - if (a2 < a1 || a1 < 0) return -1; + if (a1 == MINUS1 || a2 < a1) return -1; jbig2_set_bits(dst, a1, a2); a0 = a2; /* printf ("H %d %d\n", white_run, black_run); */ @@ -873,7 +874,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, a2 = a1 + white_run; if (a1 > mmr->width) a1 = mmr->width; if (a2 > mmr->width) a2 = mmr->width; - if (a1 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || a1 < a0) return -1; jbig2_set_bits(dst, a0, a1); a0 = a2; /* printf ("H %d %d\n", black_run, white_run); */ @@ -888,7 +889,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, b2 = jbig2_find_changing_element(ref, b1, mmr->width); if (c) { - if (b2 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b2 < a0) return -1; jbig2_set_bits(dst, a0, b2); } a0 = b2; @@ -901,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (c) { - if (b1 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 < a0) return -1; jbig2_set_bits(dst, a0, b1); } a0 = b1; @@ -916,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 + 1 > mmr->width) break; if (c) { - if (b1 + 1 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 + 1 < a0) return -1; jbig2_set_bits(dst, a0, b1 + 1); } a0 = b1 + 1; @@ -931,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 + 2 > mmr->width) break; if (c) { - if (b1 + 2 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 + 2 < a0) return -1; jbig2_set_bits(dst, a0, b1 + 2); } a0 = b1 + 2; @@ -943,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, /* printf ("VR(3)\n"); */ jbig2_decode_mmr_consume(mmr, 7); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (b1 + 3 > mmr->width) break; + if (b1 + 3 > (int)mmr->width) break; if (c) { - if (b1 + 3 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 + 3 < a0) return -1; jbig2_set_bits(dst, a0, b1 + 3); } a0 = b1 + 3; @@ -958,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, /* printf ("VL(1)\n"); */ jbig2_decode_mmr_consume(mmr, 3); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (b1 - 1 < 0) break; + if (b1 < 1) break; if (c) { - if (b1 - 1 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 - 1 < a0) return -1; jbig2_set_bits(dst, a0, b1 - 1); } a0 = b1 - 1; @@ -973,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, /* printf ("VL(2)\n"); */ jbig2_decode_mmr_consume(mmr, 6); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (b1 - 2 < 0) break; + if (b1 < 2) break; if (c) { if (b1 - 2 < a0 || a0 < 0) return -1; @@ -988,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, /* printf ("VL(3)\n"); */ jbig2_decode_mmr_consume(mmr, 7); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (b1 - 3 < 0) break; + if (b1 < 3) break; if (c) { - if (b1 - 3 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 - 3 < a0) return -1; jbig2_set_bits(dst, a0, b1 - 3); } a0 = b1 - 3; @@ -1013,10 +1014,10 @@ jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Image *image) { Jbig2MmrCtx mmr; - const int rowstride = image->stride; + const uint32_t rowstride = image->stride; byte *dst = image->data; byte *ref = NULL; - int y; + uint32_t y; int code = 0; jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size); @@ -1053,10 +1054,10 @@ jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, Jbig2Image *image, size_t* consumed_bytes) { Jbig2MmrCtx mmr; - const int rowstride = image->stride; + const uint32_t rowstride = image->stride; byte *dst = image->data; byte *ref = NULL; - int y; + uint32_t y; int code = 0; const uint32_t EOFB = 0x001001; Index: jbig2dec-0.11+20120125/jbig2_page.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_page.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_page.c 2017-05-19 10:01:21.755610523 -0400 @@ -166,9 +166,9 @@ int jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data) { Jbig2Page page = ctx->pages[ctx->current_page]; - int end_row; + uint32_t end_row; - end_row = jbig2_get_int32(segment_data); + end_row = jbig2_get_uint32(segment_data); if (end_row < page.end_row) { jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "end of stripe segment with non-positive end row advance" @@ -261,7 +261,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbi { /* grow the page to accomodate a new stripe if necessary */ if (page->striped) { - int new_height = y + image->height + page->end_row; + uint32_t new_height = y + image->height + page->end_row; if (page->image->height < new_height) { jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " Index: jbig2dec-0.11+20120125/jbig2_priv.h =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_priv.h 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_priv.h 2017-05-19 10:01:21.755610523 -0400 @@ -124,7 +124,7 @@ struct _Jbig2Page { y_resolution; /* in pixels per meter */ uint16_t stripe_size; bool striped; - int end_row; + uint32_t end_row; uint8_t flags; Jbig2Image *image; }; @@ -179,7 +179,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, typedef struct _Jbig2WordStream Jbig2WordStream; struct _Jbig2WordStream { - uint32_t (*get_next_word) (Jbig2WordStream *self, int offset); + uint32_t (*get_next_word) (Jbig2WordStream *self, size_t offset); }; Jbig2WordStream * Index: jbig2dec-0.11+20120125/jbig2_segment.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_segment.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_segment.c 2017-05-19 10:01:21.755610523 -0400 @@ -34,10 +34,10 @@ jbig2_parse_segment_header (Jbig2Ctx *ct uint8_t rtscarf; uint32_t rtscarf_long; uint32_t *referred_to_segments; - int referred_to_segment_count; - int referred_to_segment_size; - int pa_size; - int offset; + uint32_t referred_to_segment_count; + uint32_t referred_to_segment_size; + uint32_t pa_size; + uint32_t offset; /* minimum possible size of a jbig2 segment header */ if (buf_size < 11) @@ -87,7 +87,7 @@ jbig2_parse_segment_header (Jbig2Ctx *ct /* 7.2.5 */ if (referred_to_segment_count) { - int i; + uint32_t i; referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size); Index: jbig2dec-0.11+20120125/jbig2_symbol_dict.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_symbol_dict.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_symbol_dict.c 2017-05-19 10:02:45.464669049 -0400 @@ -87,37 +87,37 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jb /* return a new empty symbol dict */ Jbig2SymbolDict * -jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols) +jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols) { - Jbig2SymbolDict *new = NULL; + Jbig2SymbolDict *new_dict = NULL; - new = jbig2_new(ctx, Jbig2SymbolDict, 1); - if (new != NULL) { - new->glyphs = jbig2_new(ctx, Jbig2Image*, n_symbols); - new->n_symbols = n_symbols; + new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1); + if (new_dict != NULL) { + new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); + new_dict->n_symbols = n_symbols; } else { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict"); return NULL; } - if (new->glyphs != NULL) { - memset(new->glyphs, 0, n_symbols*sizeof(Jbig2Image*)); + if (new_dict->glyphs != NULL) { + memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image*)); } else { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict"); - jbig2_free(ctx->allocator, new); + jbig2_free(ctx->allocator, new_dict); return NULL; } - return new; + return new_dict; } /* release the memory associated with a symbol dict */ void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict) { - int i; + uint32_t i; if (dict == NULL) return; for (i = 0; i < dict->n_symbols; i++) @@ -135,12 +135,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, un } /* count the number of dictionary segments referred to by the given segment */ -int +uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) { int index; Jbig2Segment *rsegment; - int n_dicts = 0; + uint32_t n_dicts = 0; for (index = 0; index < segment->referred_to_segment_count; index++) { rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]); @@ -157,8 +157,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jb int index; Jbig2Segment *rsegment; Jbig2SymbolDict **dicts; - int n_dicts = jbig2_sd_count_referred(ctx, segment); - int dindex = 0; + uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); + uint32_t dindex = 0; dicts = jbig2_new(ctx, Jbig2SymbolDict*, n_dicts); if (dicts == NULL) @@ -189,10 +189,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jb /* generate a new symbol dictionary by concatenating a list of existing dictionaries */ Jbig2SymbolDict * -jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) +jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts) { - int i,j,k, symbols; - Jbig2SymbolDict *new = NULL; + uint32_t i,j,k, symbols; + Jbig2SymbolDict *new_dict = NULL; /* count the imported symbols and allocate a new array */ symbols = 0; @@ -200,18 +200,18 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, symbols += dicts[i]->n_symbols; /* fill a new array with cloned glyph pointers */ - new = jbig2_sd_new(ctx, symbols); - if (new != NULL) { + new_dict = jbig2_sd_new(ctx, symbols); + if (new_dict != NULL) { k = 0; for (i = 0; i < n_dicts; i++) for (j = 0; j < dicts[i]->n_symbols; j++) - new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); + new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); } else { jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary"); } - return new; + return new_dict; } @@ -446,7 +446,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, if (REFAGGNINST > 1) { Jbig2Image *image; - int i; + uint32_t i; if (tparams == NULL) { @@ -541,7 +541,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, uint32_t ID; int32_t RDX, RDY; int BMSIZE = 0; - int ninsyms = params->SDINSYMS->n_symbols; + uint32_t ninsyms = params->SDINSYMS->n_symbols; int code1 = 0; int code2 = 0; int code3 = 0; @@ -647,8 +647,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, if (params->SDHUFF && !params->SDREFAGG) { /* 6.5.9 */ Jbig2Image *image; - int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); - int j, x; + uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); + uint32_t j; + int x; if (code || (BMSIZE < 0)) { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, @@ -749,10 +750,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, } else { - int i = 0; - int j = 0; - int k, m, exflag = 0; - int32_t exrunlength; + uint32_t i = 0; + uint32_t j = 0; + uint32_t k, m; + int exflag = 0; + uint32_t exrunlength; if (params->SDINSYMS != NULL) m = params->SDINSYMS->n_symbols; @@ -763,8 +765,8 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, /* FIXME: implement reading from huff table B.1 */ exrunlength = exflag ? params->SDNUMEXSYMS : 0; else - code = jbig2_arith_int_decode(IAEX, as, &exrunlength); - if (exflag && exrunlength > params->SDNUMEXSYMS - j) { + code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength); + if (exflag && (exrunlength + j > params->SDNUMEXSYMS)) { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "runlength too large in export symbol table (%d > %d - %d)\n", exrunlength, params->SDNUMEXSYMS, j); @@ -848,8 +850,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, J { Jbig2SymbolDictParams params; uint16_t flags; - int sdat_bytes; - int offset; + uint32_t sdat_bytes; + uint32_t offset; Jbig2ArithCx *GB_stats = NULL; Jbig2ArithCx *GR_stats = NULL; int table_index = 0; @@ -1018,7 +1020,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, J /* 7.4.2.2 (2) */ { - int n_dicts = jbig2_sd_count_referred(ctx, segment); + uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); Jbig2SymbolDict **dicts = NULL; if (n_dicts > 0) { Index: jbig2dec-0.11+20120125/jbig2_symbol_dict.h =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_symbol_dict.h 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_symbol_dict.h 2017-05-19 10:01:21.759610574 -0400 @@ -32,7 +32,7 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, un /* return a new empty symbol dict */ Jbig2SymbolDict * -jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols); +jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols); /* release the memory associated with a symbol dict */ void @@ -41,12 +41,12 @@ jbig2_sd_release(Jbig2Ctx *ctx, Jbig2Sym /* generate a new symbol dictionary by concatenating a list of existing dictionaries */ Jbig2SymbolDict * -jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, +jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts); /* count the number of dictionary segments referred to by the given segment */ -int +uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); /* return an array of pointers to symbol dictionaries referred Index: jbig2dec-0.11+20120125/jbig2_text.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_text.c 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_text.c 2017-05-19 10:01:21.759610574 -0400 @@ -52,7 +52,7 @@ int jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2TextRegionParams *params, - const Jbig2SymbolDict * const *dicts, const int n_dicts, + const Jbig2SymbolDict * const *dicts, const uint32_t n_dicts, Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws) @@ -452,19 +452,19 @@ cleanup2: int jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data) { - int offset = 0; + uint32_t offset = 0; Jbig2RegionSegmentInfo region_info; Jbig2TextRegionParams params; Jbig2Image *image = NULL; Jbig2SymbolDict **dicts = NULL; - int n_dicts = 0; + uint32_t n_dicts = 0; uint16_t flags = 0; uint16_t huffman_flags = 0; Jbig2ArithCx *GR_stats = NULL; int code = 0; Jbig2WordStream *ws = NULL; Jbig2ArithState *as = NULL; - int table_index = 0; + uint32_t table_index = 0; const Jbig2HuffmanParams *huffman_params = NULL; /* 7.4.1 */ @@ -811,7 +811,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Se "unable to retrive symbol dictionaries! previous parsing error?"); goto cleanup1; } else { - int index; + uint32_t index; if (dicts[0] == NULL) { code =jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!"); @@ -854,8 +854,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Se goto cleanup2; } if (!params.SBHUFF) { - int SBSYMCODELEN, index; - int SBNUMSYMS = 0; + uint32_t SBSYMCODELEN, index; + uint32_t SBNUMSYMS = 0; for (index = 0; index < n_dicts; index++) { SBNUMSYMS += dicts[index]->n_symbols; } @@ -874,7 +874,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Se } /* Table 31 */ - for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++); + for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++); params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN); params.IARI = jbig2_arith_int_ctx_new(ctx); params.IARDW = jbig2_arith_int_ctx_new(ctx); Index: jbig2dec-0.11+20120125/jbig2_text.h =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_text.h 2017-05-19 10:01:21.759610574 -0400 +++ jbig2dec-0.11+20120125/jbig2_text.h 2017-05-19 10:01:21.759610574 -0400 @@ -66,7 +66,7 @@ typedef struct { int jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2TextRegionParams *params, - const Jbig2SymbolDict * const *dicts, const int n_dicts, + const Jbig2SymbolDict * const *dicts, const uint32_t n_dicts, Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, debian/patches/CVE-2016-9601-pre4.patch0000664000000000000000000000663213107567525014132 0ustar Backport of: From 3f370a0ffaa5dd8b903b0ee36294529fbf0cbd1f Mon Sep 17 00:00:00 2001 From: zeniko Date: Tue, 11 Jun 2013 22:49:05 +0200 Subject: [PATCH] Bug 694125: prevent heap underflow jbig2_decode_mmr_line checks the arguments to jbig2_set_bits since the fixes to issue 693050, however these checks still allow for the starting index to be negative which results in a write underflow; fixes 2860.pdf.asan.9.2069 --- jbig2_mmr.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) Index: jbig2dec-0.11+20120125/jbig2_mmr.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_mmr.c 2017-05-19 08:41:51.475437859 -0400 +++ jbig2dec-0.11+20120125/jbig2_mmr.c 2017-05-19 08:41:51.471437811 -0400 @@ -860,7 +860,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, a2 = a1 + black_run; if (a1 > mmr->width) a1 = mmr->width; if (a2 > mmr->width) a2 = mmr->width; - if (a2 < a1) return -1; + if (a2 < a1 || a1 < 0) return -1; jbig2_set_bits(dst, a1, a2); a0 = a2; /* printf ("H %d %d\n", white_run, black_run); */ @@ -873,7 +873,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, a2 = a1 + white_run; if (a1 > mmr->width) a1 = mmr->width; if (a2 > mmr->width) a2 = mmr->width; - if (a1 < a0) return -1; + if (a1 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, a1); a0 = a2; /* printf ("H %d %d\n", black_run, white_run); */ @@ -888,7 +888,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, b2 = jbig2_find_changing_element(ref, b1, mmr->width); if (c) { - if (b2 < a0) return -1; + if (b2 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b2); } a0 = b2; @@ -901,7 +901,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (c) { - if (b1 < a0) return -1; + if (b1 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1); } a0 = b1; @@ -916,7 +916,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 + 1 > mmr->width) break; if (c) { - if (b1 + 1 < a0) return -1; + if (b1 + 1 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1 + 1); } a0 = b1 + 1; @@ -931,7 +931,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 + 2 > mmr->width) break; if (c) { - if (b1 + 2 < a0) return -1; + if (b1 + 2 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1 + 2); } a0 = b1 + 2; @@ -946,7 +946,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 + 3 > mmr->width) break; if (c) { - if (b1 + 3 < a0) return -1; + if (b1 + 3 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1 + 3); } a0 = b1 + 3; @@ -961,7 +961,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 - 1 < 0) break; if (c) { - if (b1 - 1 < a0) return -1; + if (b1 - 1 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1 - 1); } a0 = b1 - 1; @@ -976,7 +976,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 - 2 < 0) break; if (c) { - if (b1 - 2 < a0) return -1; + if (b1 - 2 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1 - 2); } a0 = b1 - 2; @@ -991,7 +991,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 - 3 < 0) break; if (c) { - if (b1 - 3 < a0) return -1; + if (b1 - 3 < a0 || a0 < 0) return -1; jbig2_set_bits(dst, a0, b1 - 3); } a0 = b1 - 3; debian/patches/CVE-2016-9601-pre2.patch0000664000000000000000000001317113107567512014120 0ustar Backport of: From 8033c8336691c0b833cde32d47f4bbf8d7f4d4f2 Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Fri, 22 Jun 2012 22:25:44 +0100 Subject: [PATCH] Bug 693050 : Fix memory leak in 146f folder --- jbig2_mmr.c | 68 ++++++++++++++++++++++++++++++++++++++++------------- jbig2_symbol_dict.c | 1 + 2 files changed, 53 insertions(+), 16 deletions(-) Index: jbig2dec-0.11+20120125/jbig2_mmr.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_mmr.c 2017-05-19 08:41:39.799299383 -0400 +++ jbig2dec-0.11+20120125/jbig2_mmr.c 2017-05-19 08:41:39.791299288 -0400 @@ -829,14 +829,12 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, c return result; } -static void +static int jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) { - int a0, a1, a2, b1, b2; - int c; - - a0 = -1; - c = 0; /* 0 is white, black is 1 */ + int a0 = -1; + int a1, a2, b1, b2; + int c = 0; /* 0 is white, black is 1 */ while (1) { @@ -862,6 +860,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, a2 = a1 + black_run; if (a1 > mmr->width) a1 = mmr->width; if (a2 > mmr->width) a2 = mmr->width; + if (a2 < a1) return -1; jbig2_set_bits(dst, a1, a2); a0 = a2; /* printf ("H %d %d\n", white_run, black_run); */ @@ -874,6 +873,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, a2 = a1 + white_run; if (a1 > mmr->width) a1 = mmr->width; if (a2 > mmr->width) a2 = mmr->width; + if (a1 < a0) return -1; jbig2_set_bits(dst, a0, a1); a0 = a2; /* printf ("H %d %d\n", black_run, white_run); */ @@ -886,7 +886,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 4); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); b2 = jbig2_find_changing_element(ref, b1, mmr->width); - if (c) jbig2_set_bits(dst, a0, b2); + if (c) + { + if (b2 < a0) return -1; + jbig2_set_bits(dst, a0, b2); + } a0 = b2; } @@ -895,7 +899,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, /* printf ("V(0)\n"); */ jbig2_decode_mmr_consume(mmr, 1); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (c) jbig2_set_bits(dst, a0, b1); + if (c) + { + if (b1 < a0) return -1; + jbig2_set_bits(dst, a0, b1); + } a0 = b1; c = !c; } @@ -906,7 +914,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 3); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (b1 + 1 > mmr->width) break; - if (c) jbig2_set_bits(dst, a0, b1 + 1); + if (c) + { + if (b1 + 1 < a0) return -1; + jbig2_set_bits(dst, a0, b1 + 1); + } a0 = b1 + 1; c = !c; } @@ -917,7 +929,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 6); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (b1 + 2 > mmr->width) break; - if (c) jbig2_set_bits(dst, a0, b1 + 2); + if (c) + { + if (b1 + 2 < a0) return -1; + jbig2_set_bits(dst, a0, b1 + 2); + } a0 = b1 + 2; c = !c; } @@ -928,7 +944,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 7); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (b1 + 3 > mmr->width) break; - if (c) jbig2_set_bits(dst, a0, b1 + 3); + if (c) + { + if (b1 + 3 < a0) return -1; + jbig2_set_bits(dst, a0, b1 + 3); + } a0 = b1 + 3; c = !c; } @@ -939,7 +959,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 3); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (b1 - 1 < 0) break; - if (c) jbig2_set_bits(dst, a0, b1 - 1); + if (c) + { + if (b1 - 1 < a0) return -1; + jbig2_set_bits(dst, a0, b1 - 1); + } a0 = b1 - 1; c = !c; } @@ -950,7 +974,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 6); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (b1 - 2 < 0) break; - if (c) jbig2_set_bits(dst, a0, b1 - 2); + if (c) + { + if (b1 - 2 < a0) return -1; + jbig2_set_bits(dst, a0, b1 - 2); + } a0 = b1 - 2; c = !c; } @@ -961,7 +989,11 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, jbig2_decode_mmr_consume(mmr, 7); b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); if (b1 - 3 < 0) break; - if (c) jbig2_set_bits(dst, a0, b1 - 3); + if (c) + { + if (b1 - 3 < a0) return -1; + jbig2_set_bits(dst, a0, b1 - 3); + } a0 = b1 - 3; c = !c; } @@ -969,6 +1001,8 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, else break; } + + return 0; } int @@ -983,17 +1017,19 @@ jbig2_decode_generic_mmr(Jbig2Ctx *ctx, byte *dst = image->data; byte *ref = NULL; int y; + int code = 0; jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size); for (y = 0; y < image->height; y++) { memset(dst, 0, rowstride); - jbig2_decode_mmr_line(&mmr, ref, dst); + code = jbig2_decode_mmr_line(&mmr, ref, dst); + if (code < 0) return code; ref = dst; dst += rowstride; } - return 0; + return code; } /** Index: jbig2dec-0.11+20120125/jbig2_symbol_dict.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_symbol_dict.c 2017-05-19 08:41:39.799299383 -0400 +++ jbig2dec-0.11+20120125/jbig2_symbol_dict.c 2017-05-19 08:41:39.791299288 -0400 @@ -690,6 +690,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, if (code) { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding MMR bitmap image!"); + jbig2_image_release(ctx, image); goto cleanup4; } } debian/patches/1001_ignore_python_test.patch0000664000000000000000000000033012055657036016231 0ustar --- a/test_jbig2dec.py +++ b/test_jbig2dec.py @@ -184,4 +184,4 @@ # run the defined tests if we're called as a script if __name__ == "__main__": result = suite.run() - sys.exit(not result) + sys.exit(0) debian/patches/CVE-2016-9601-pre7.patch0000664000000000000000000000352713107567542014134 0ustar Backport of: From 3e6c1b0670740be3b138228dcc134bf5e6c1eceb Mon Sep 17 00:00:00 2001 From: Alex Cherepanov Date: Mon, 28 Jan 2013 17:32:15 -0500 Subject: [PATCH] Bug 693284: Prevent read access violation. Check whether there's enough data. --- jbig2_symbol_dict.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) Index: jbig2dec-0.11+20120125/jbig2_symbol_dict.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_symbol_dict.c 2017-05-19 09:11:22.142830629 -0400 +++ jbig2dec-0.11+20120125/jbig2_symbol_dict.c 2017-05-19 09:11:22.142830629 -0400 @@ -673,6 +673,13 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, ((image->width & 7) ? 1 : 0); byte *dst = image->data; + /* SumatraPDF: prevent read access violation */ + if (size - jbig2_huffman_offset(hs) < image->height * stride) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride, size - jbig2_huffman_offset(hs)); + jbig2_image_release(ctx, image); + goto cleanup4; + } + BMSIZE = image->height * stride; jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "reading %dx%d uncompressed bitmap" @@ -687,6 +694,13 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, } else { Jbig2GenericRegionParams rparams; + /* SumatraPDF: prevent read access violation */ + if (size - jbig2_huffman_offset(hs) < BMSIZE) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", BMSIZE, size - jbig2_huffman_offset(hs)); + jbig2_image_release(ctx, image); + goto cleanup4; + } + jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "reading %dx%d collective bitmap for %d symbols (%d bytes)", image->width, image->height, NSYMSDECODED - HCFIRSTSYM, BMSIZE); debian/patches/CVE-2016-9601-pre5.patch0000664000000000000000000000537213107567531014130 0ustar Backport of: From d379be4ca803bf0bdd43d00b89da320c29d393c4 Mon Sep 17 00:00:00 2001 From: zeniko Date: Fri, 5 Jul 2013 13:11:58 +0200 Subject: [PATCH] Bug 694111: prevent heap overflow jbig2_image_compose fails to ensure that the destination rectangle lies entirely within the destination buffer (in the case of the file 3324.pdf.asan.50.2585, this happens due to a huge value for y). Adding a new check which makes sure that... @ y * dst->stride + leftbyte doesn't overflow @ x and leftbyte don't overflow to the next line @ h * dst->stride doesn't overflow @ all values read are within the destination buffer The file 3324.pdf.asan.50.2585 also demonstrates a memory leak where the glyph isn't properly released if jbig2_image_compose fails. --- jbig2_image.c | 8 +++++--- jbig2_text.c | 10 ++++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) Index: jbig2dec-0.11+20120125/jbig2_image.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_image.c 2017-05-19 08:56:09.770023425 -0400 +++ jbig2dec-0.11+20120125/jbig2_image.c 2017-05-19 08:56:37.654377388 -0400 @@ -235,6 +235,11 @@ int jbig2_image_compose(Jbig2Ctx *ctx, J /* general OR case */ s = ss; d = dd = dst->data + y*dst->stride + leftbyte; + if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || + d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { + return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, + "preventing heap overflow in jbig2_image_compose"); + } if (leftbyte == rightbyte) { mask = 0x100 - (0x100 >> w); for (j = 0; j < h; j++) { Index: jbig2dec-0.11+20120125/jbig2_text.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_text.c 2017-05-19 08:56:09.770023425 -0400 +++ jbig2dec-0.11+20120125/jbig2_text.c 2017-05-19 09:00:57.761716448 -0400 @@ -358,8 +358,12 @@ cleanup1: rparams.DY = (RDH >> 1) + RDY; rparams.TPGRON = 0; memcpy(rparams.grat, params->sbrat, 4); - jbig2_decode_refinement_region(ctx, segment, + code = jbig2_decode_refinement_region(ctx, segment, &rparams, as, refimage, GR_stats); + if (code < 0) { + jbig2_image_release(ctx, refimage); + goto cleanup2; + } IB = refimage; jbig2_image_release(ctx, IBO); @@ -405,7 +409,11 @@ cleanup1: ID, IB->width, IB->height, x, y, NINSTANCES + 1, params->SBNUMINSTANCES); #endif - jbig2_image_compose(ctx, image, IB, x, y, params->SBCOMBOP); + code = jbig2_image_compose(ctx, image, IB, x, y, params->SBCOMBOP); + if (code < 0) { + jbig2_image_release(ctx, IB); + goto cleanup2; + } /* (3c.x) */ if ((!params->TRANSPOSED) && (params->REFCORNER < 2)) { debian/patches/series0000664000000000000000000000065313107567345012053 0ustar 1001_ignore_python_test.patch 1002_gs-git~8b15057.patch 1003_gs-git~082c31b.patch 1004_extract_infile_from_autogen-sh.patch CVE-2016-9601-pre1.patch CVE-2016-9601-pre2.patch CVE-2016-9601-pre3.patch CVE-2016-9601-pre4.patch CVE-2016-9601-pre5.patch CVE-2016-9601-pre6.patch CVE-2016-9601-pre7.patch CVE-2016-9601-pre.patch CVE-2016-9601-1.patch CVE-2016-9601-2.patch CVE-2017-7885.patch CVE-2017-7975.patch CVE-2017-7976.patch debian/patches/CVE-2016-9601-pre6.patch0000664000000000000000000000356713107567535014141 0ustar Backport of: From 35d45096bf79e58948d41c6c54095b71ea906a26 Mon Sep 17 00:00:00 2001 From: Alex Cherepanov Date: Mon, 28 Jan 2013 16:34:20 -0500 Subject: [PATCH] Bug 693284: Detect missing glyphs and fail. --- jbig2_symbol_dict.c | 7 +++++++ jbig2_text.c | 6 ++++++ 2 files changed, 13 insertions(+) Index: jbig2dec-0.11+20120125/jbig2_symbol_dict.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_symbol_dict.c 2017-05-19 09:08:06.136040788 -0400 +++ jbig2dec-0.11+20120125/jbig2_symbol_dict.c 2017-05-19 09:08:06.132040730 -0400 @@ -588,6 +588,13 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, rparams.reference = (ID < ninsyms) ? params->SDINSYMS->glyphs[ID] : SDNEWSYMS->glyphs[ID-ninsyms]; + /* SumatraPDF: fail on missing glyphs */ + if (rparams.reference == NULL) { + code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, + "missing glyph %d/%d!", ID, ninsyms); + jbig2_image_release(ctx, image); + goto cleanup4; + } rparams.DX = RDX; rparams.DY = RDY; rparams.TPGRON = 0; Index: jbig2dec-0.11+20120125/jbig2_text.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_text.c 2017-05-19 09:08:06.136040788 -0400 +++ jbig2dec-0.11+20120125/jbig2_text.c 2017-05-19 09:08:06.132040730 -0400 @@ -292,6 +292,12 @@ cleanup1: while (id >= dicts[index]->n_symbols) id -= dicts[index++]->n_symbols; IB = jbig2_image_clone(ctx, dicts[index]->glyphs[id]); + /* SumatraPDF: fail on missing glyphs */ + if (!IB) { + code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, + "missing glyph %d/%d!", index, id); + goto cleanup2; + } } if (params->SBREFINE) { if (params->SBHUFF) { debian/patches/CVE-2017-7975.patch0000664000000000000000000000217713107567325013275 0ustar Backport of: From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Wed, 26 Apr 2017 22:12:14 +0100 Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow. While building a Huffman table, the start and end points were susceptible to integer overflow. Thank you to Jiaqi for finding this issue and suggesting a patch. --- jbig2dec/jbig2_huffman.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: jbig2dec-0.11+20120125/jbig2_huffman.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_huffman.c 2017-05-19 09:10:43.218280214 -0400 +++ jbig2dec-0.11+20120125/jbig2_huffman.c 2017-05-19 09:10:43.218280214 -0400 @@ -404,8 +404,8 @@ jbig2_build_huffman_table (Jbig2Ctx *ctx if (PREFLEN == CURLEN) { int RANGELEN = lines[CURTEMP].RANGELEN; - int start_j = CURCODE << shift; - int end_j = (CURCODE + 1) << shift; + uint32_t start_j = CURCODE << shift; + uint32_t end_j = (CURCODE + 1) << shift; byte eflags = 0; if (end_j > max_j) { debian/patches/1004_extract_infile_from_autogen-sh.patch0000664000000000000000000000240212055657036020470 0ustar Description: Extract header infile oddly embedded in autogen script. Author: Jonas Smedegaard Forwarded: no Last-Update: 2012-02-10 --- a/autogen.sh +++ b/autogen.sh @@ -110,9 +110,6 @@ echo " autoheader" autoheader - -echo " creating config_types.h.in" -cat >config_types.h.in < +# else + typedef unsigned @JBIG2_INT32_T@ uint32_t; + typedef unsigned @JBIG2_INT16_T@ uint16_t; + typedef unsigned @JBIG2_INT8_T@ uint8_t; + typedef signed @JBIG2_INT32_T@ int32_t; + typedef signed @JBIG2_INT16_T@ int16_t; + typedef signed @JBIG2_INT8_T@ int8_t; +# endif /* JBIG2_REPLACE_STDINT */ +#endif /* HAVE_STDINT_H */ debian/patches/1003_gs-git~082c31b.patch0000664000000000000000000001240612055657036014612 0ustar Description: Implement generic refinement region when TPGRON is TRUE This patch from Gorac implements the generic refinement region decoding procedure for when TPGRON is TRUE. Origin: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=082c31 Author: Shailesh Mistry Bug: http://bugs.ghostscript.com/show_bug.cgi?id=690974 Forwarded: no Last-Update: 2012-02-10 --- a/jbig2_refinement.c +++ b/jbig2_refinement.c @@ -235,6 +235,116 @@ } +typedef uint32_t (*ContextBuilder)(const Jbig2RefinementRegionParams *, +Jbig2Image *, int, int); + +static int implicit_value( const Jbig2RefinementRegionParams *params, Jbig2Image +*image, int x, int y ) +{ + Jbig2Image *ref = params->reference; + int i = x - params->DX; + int j = y - params->DY; + int m = jbig2_image_get_pixel(ref, i, j); + return ( + (jbig2_image_get_pixel(ref, i - 1, j - 1) == m) && + (jbig2_image_get_pixel(ref, i , j - 1) == m) && + (jbig2_image_get_pixel(ref, i + 1, j - 1) == m) && + (jbig2_image_get_pixel(ref, i - 1, j ) == m) && + (jbig2_image_get_pixel(ref, i + 1, j ) == m) && + (jbig2_image_get_pixel(ref, i - 1, j + 1) == m) && + (jbig2_image_get_pixel(ref, i , j + 1) == m) && + (jbig2_image_get_pixel(ref, i + 1, j + 1) == m) + )? m : -1; +} + +static uint32_t mkctx0( const Jbig2RefinementRegionParams *params, Jbig2Image +*image, int x, int y ) +{ + const int dx = params->DX; + const int dy = params->DY; + Jbig2Image *ref = params->reference; + uint32_t CONTEXT; + CONTEXT = jbig2_image_get_pixel(image, x - 1, y + 0); + CONTEXT |= jbig2_image_get_pixel(image, x + 1, y - 1) << 1; + CONTEXT |= jbig2_image_get_pixel(image, x + 0, y - 1) << 2; + CONTEXT |= jbig2_image_get_pixel(image, x + params->grat[0], y + +params->grat[1]) << 3; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 1, y - dy + 1) << 4; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 0, y - dy + 1) << 5; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx - 1, y - dy + 1) << 6; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 1, y - dy + 0) << 7; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 0, y - dy + 0) << 8; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx - 1, y - dy + 0) << 9; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 1, y - dy - 1) << 10; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 0, y - dy - 1) << 11; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + params->grat[2], y - dy + +params->grat[3]) << 12; + return CONTEXT; +} + +static uint32_t mkctx1( const Jbig2RefinementRegionParams *params, Jbig2Image +*image, int x, int y ) +{ + const int dx = params->DX; + const int dy = params->DY; + Jbig2Image *ref = params->reference; + uint32_t CONTEXT; + CONTEXT = jbig2_image_get_pixel(image, x - 1, y + 0); + CONTEXT |= jbig2_image_get_pixel(image, x + 1, y - 1) << 1; + CONTEXT |= jbig2_image_get_pixel(image, x + 0, y - 1) << 2; + CONTEXT |= jbig2_image_get_pixel(image, x - 1, y - 1) << 3; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 1, y - dy + 1) << 4; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 0, y - dy + 1) << 5; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 1, y - dy + 0) << 6; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 0, y - dy + 0) << 7; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx - 1, y - dy + 0) << 8; + CONTEXT |= jbig2_image_get_pixel(ref, x - dx + 0, y - dy - 1) << 9; + return CONTEXT; +} + +static int jbig2_decode_refinement_TPGRON(const Jbig2RefinementRegionParams +*params, Jbig2ArithState *as, Jbig2Image *image, Jbig2ArithCx *GR_stats) +{ + const int GRW = image->width; + const int GRH = image->height; + int x, y, iv, bit, LTP = 0; + uint32_t start_context = (params->GRTEMPLATE? 0x40 : 0x100); + ContextBuilder mkctx = (params->GRTEMPLATE? mkctx1 : mkctx0); + + for (y = 0; y < GRH; y++) + { + bit = jbig2_arith_decode(as, &GR_stats[start_context]); + if (bit < 0) return -1; + LTP = LTP ^ bit; + if (!LTP) + { + for (x = 0; x < GRW; x++) + { + bit = jbig2_arith_decode(as, &GR_stats[mkctx(params, image, x, y)]); + if (bit < 0) return -1; + jbig2_image_set_pixel(image, x, y, bit); + } + } + else + { + for (x = 0; x < GRW; x++) + { + iv = implicit_value(params, image, x, y); + if (iv < 0) + { + bit = jbig2_arith_decode(as, &GR_stats[mkctx(params, image, x, y)]); + if (bit < 0) return -1; + jbig2_image_set_pixel(image, x, y, bit); + } + else jbig2_image_set_pixel(image, x, y, iv); + } + } + } + + return 0; +} + + /** * jbig2_decode_refinement_region: Decode a generic refinement region. * @ctx: The context for allocation and error reporting. @@ -267,9 +377,10 @@ params->DX, params->DY, params->GRTEMPLATE, params->TPGRON, params->grat[0], params->grat[1], params->grat[2], params->grat[3]); } + if (params->TPGRON) - return jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, - "decode_refinement_region: typical prediction coding NYI"); + return jbig2_decode_refinement_TPGRON(params, as, image, GR_stats); + if (params->GRTEMPLATE) return jbig2_decode_refinement_template1_unopt(ctx, segment, params, as, image, GR_stats); debian/patches/CVE-2016-9601-pre1.patch0000664000000000000000000000122513107567504014115 0ustar Backport of: From 76c000e507efff47e6f625bddef0a93323a7cc9d Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Wed, 20 Jun 2012 18:18:02 +0100 Subject: [PATCH] Bug 690723 : Prevent over writing unallocated memory when parsing an image --- jbig2_mmr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jbig2_mmr.c b/jbig2_mmr.c index 6bab96a..b4a8a33 100644 --- a/jbig2_mmr.c +++ b/jbig2_mmr.c @@ -790,7 +790,7 @@ jbig2_set_bits(byte *line, int x0, int x1) line[a0] |= lm[b0]; for (a = a0 + 1; a < a1; a++) line[a] = 0xFF; - line[a1] |= rm[b1]; + if (b1) line[a1] |= rm[b1]; } } -- 2.9.1 debian/patches/CVE-2017-7976.patch0000664000000000000000000000257113107567333013273 0ustar Backport of: From ed6c5133a1004ce8d38f1b44de85a7186feda95e Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Wed, 10 May 2017 17:50:39 +0100 Subject: [PATCH] Bug 697683: Bounds check before reading from image source data. Add extra check to prevent reading off the end of the image source data buffer. Thank you to Dai Ge for finding this issue and suggesting a patch. --- jbig2dec/jbig2_image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: jbig2dec-0.11+20120125/jbig2_image.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_image.c 2017-05-19 09:10:49.054362783 -0400 +++ jbig2dec-0.11+20120125/jbig2_image.c 2017-05-19 09:10:49.050362726 -0400 @@ -235,7 +235,8 @@ int jbig2_image_compose(Jbig2Ctx *ctx, J /* general OR case */ s = ss; d = dd = dst->data + y*dst->stride + leftbyte; - if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { + if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride || + s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) { return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); } debian/patches/CVE-2017-7885.patch0000664000000000000000000000250313107567313013263 0ustar Backport of: From b184e783702246e154294326d03d9abda669fcfa Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Wed, 3 May 2017 22:06:01 +0100 Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability. Add extra check for the offset being greater than the size of the image and hence reading off the end of the buffer. Thank you to Dai Ge for finding this issue and suggesting a patch. --- jbig2dec/jbig2_symbol_dict.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: jbig2dec-0.11+20120125/jbig2_symbol_dict.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_symbol_dict.c 2017-05-19 09:10:30.858105290 -0400 +++ jbig2dec-0.11+20120125/jbig2_symbol_dict.c 2017-05-19 09:10:30.854105233 -0400 @@ -675,7 +675,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, byte *dst = image->data; /* SumatraPDF: prevent read access violation */ - if (size - jbig2_huffman_offset(hs) < image->height * stride) { + if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride, size - jbig2_huffman_offset(hs)); jbig2_image_release(ctx, image); goto cleanup4; debian/patches/CVE-2016-9601-pre3.patch0000664000000000000000000001205013107567520014113 0ustar Backport of: From 50d99ce72e1722427415ac745445dc1ca7e67c83 Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Mon, 2 Jul 2012 21:53:20 +0100 Subject: [PATCH] Bug 693050 : Fix error handling in 0717 folder --- jbig2_halftone.c | 40 +++++++++++++++++++++++++++++++--------- jbig2_mmr.c | 6 ++++-- 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/jbig2_halftone.c b/jbig2_halftone.c index 81fa908..038c037 100644 --- a/jbig2_halftone.c +++ b/jbig2_halftone.c @@ -277,7 +277,7 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, Jbig2Image *GSKIP, int GSTEMPLATE, Jbig2ArithCx *GB_stats) { - uint8_t **GSVALS; + uint8_t **GSVALS = NULL; size_t consumed_bytes = 0; int i, j, code, stride; int x, y; @@ -289,7 +289,7 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, /* allocate GSPLANES */ GSPLANES = jbig2_new(ctx, Jbig2Image*, GSBPP); if (GSPLANES == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %d bytes for GSPLANES", GSBPP); return NULL; } @@ -297,7 +297,7 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, for (i = 0; i < GSBPP; ++i) { GSPLANES[i] = jbig2_image_new(ctx, GSW, GSH); if (GSPLANES[i] == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH); /* free already allocated */ for (j = i-1; j >= 0; --j) { @@ -328,15 +328,29 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, GSPLANES[GSBPP-1], &consumed_bytes); } else { ws = jbig2_word_stream_buf_new(ctx, data, size); + if (ws == NULL) + { + code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, + "failed to allocate ws in jbig2_decode_gray_scale_image"); + goto cleanup; + } + as = jbig2_arith_new(ctx, ws); + if (as == NULL) + { + code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, + "failed to allocate as in jbig2_decode_gray_scale_image"); + goto cleanup; + } code = jbig2_decode_generic_region(ctx, segment, &rparams, as, GSPLANES[GSBPP-1], GB_stats); } if (code != 0) { - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding GSPLANES for halftone image"); + goto cleanup; } /* C.5 step 2. Set j = GSBPP-2 */ @@ -353,8 +367,9 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, GSPLANES[j], GB_stats); } if (code != 0) { - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding GSPLANES for halftone image"); + goto cleanup; } /* C.5 step 3. (b): @@ -371,16 +386,22 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, /* allocate GSVALS */ GSVALS = jbig2_new(ctx, uint8_t* , GSW); if (GSVALS == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSW); - return NULL; + goto cleanup; } for (i=0; inumber, "failed to allocate GSVALS: %d bytes", GSH * GSW); - return NULL; + /* free already allocated */ + for (j = i-1; j >= 0; --j) { + jbig2_free(ctx->allocator, GSVALS[j]); + } + jbig2_free(ctx->allocator, GSVALS); + GSVALS = NULL; + goto cleanup; } } @@ -394,6 +415,7 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment* segment, } } +cleanup: /* free memory */ if (!GSMMR) { jbig2_free(ctx->allocator, as); diff --git a/jbig2_mmr.c b/jbig2_mmr.c index 9dde239..219fac6 100644 --- a/jbig2_mmr.c +++ b/jbig2_mmr.c @@ -1057,13 +1057,15 @@ jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, byte *dst = image->data; byte *ref = NULL; int y; + int code = 0; const uint32_t EOFB = 0x001001; jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size); for (y = 0; y < image->height; y++) { memset(dst, 0, rowstride); - jbig2_decode_mmr_line(&mmr, ref, dst); + code = jbig2_decode_mmr_line(&mmr, ref, dst); + if (code < 0) return code; ref = dst; dst += rowstride; } @@ -1075,5 +1077,5 @@ jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, *consumed_bytes += mmr.data_index + (mmr.bit_index >> 3) + (mmr.bit_index > 0 ? 1 : 0); - return 0; + return code; } -- 2.9.1 debian/patches/CVE-2016-9601-2.patch0000664000000000000000000000333413107566560013413 0ustar Backport of: From 9d2c4f3bdb0bd003deae788e7187c0f86e624544 Mon Sep 17 00:00:00 2001 From: Tor Andersson Date: Wed, 14 Dec 2016 15:56:31 +0100 Subject: [PATCH] Fix warnings: remove unsigned < 0 tests that are always false. --- jbig2_image.c | 2 +- jbig2_mmr.c | 2 +- jbig2_symbol_dict.c | 9 ++------- 3 files changed, 4 insertions(+), 9 deletions(-) Index: jbig2dec-0.11+20120125/jbig2_image.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_image.c 2017-05-19 09:01:31.574226432 -0400 +++ jbig2dec-0.11+20120125/jbig2_image.c 2017-05-19 09:01:31.574226432 -0400 @@ -235,8 +235,7 @@ int jbig2_image_compose(Jbig2Ctx *ctx, J /* general OR case */ s = ss; d = dd = dst->data + y*dst->stride + leftbyte; - if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || - d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { + if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); } Index: jbig2dec-0.11+20120125/jbig2_mmr.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2_mmr.c 2017-05-19 09:01:31.574226432 -0400 +++ jbig2dec-0.11+20120125/jbig2_mmr.c 2017-05-19 09:01:31.574226432 -0400 @@ -977,7 +977,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, if (b1 < 2) break; if (c) { - if (b1 - 2 < a0 || a0 < 0) return -1; + if (a0 == MINUS1 || b1 - 2 < a0) return -1; jbig2_set_bits(dst, a0, b1 - 2); } a0 = b1 - 2; debian/patches/1002_gs-git~8b15057.patch0000664000000000000000000000206112055657036014536 0ustar Description: Prevent composition if src outside clip region This patch prevents the image compositing occurring if the src is outside of the clip region. Origin: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b1505 Author: Shailesh Mistry Bug: http://bugs.ghostscript.com/show_bug.cgi?id=690870 Forwarded: no Last-Update: 2012-02-10 --- a/jbig2_image.c +++ b/jbig2_image.c @@ -198,7 +198,7 @@ w = src->width; h = src->height; ss = src->data; - /* FIXME: this isn't sufficient for the < 0 cases */ + if (x < 0) { w += x; x = 0; } if (y < 0) { h += y; y = 0; } w = (x + w < dst->width) ? w : dst->width - x; @@ -209,6 +209,15 @@ w, h, x, y); #endif + /* check for zero clipping region */ + if ((w <= 0) || (h <= 0)) + { +#ifdef JBIG2_DEBUG + jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "zero clipping region"); +#endif + return 0; + } + #if 0 /* special case complete/strip replacement */ /* disabled because it's only safe to do when the destination debian/patches/CVE-2016-9601-pre.patch0000664000000000000000000000211713107567554014042 0ustar Backport of: From 1369359f21a1c8a055cc745f920b17fbc3f30efd Mon Sep 17 00:00:00 2001 From: Mistry Date: Wed, 18 May 2016 21:36:43 +0100 Subject: [PATCH] Bug 696786 : Prevent checking too early for buffer overrun The code has reached near the end of the buffer so you can not just take the last 4 bytes, in this case you have to read any remaining bytes and make a return value based on that, in this edge case you have no bytes to read so the return value is zero. --- jbig2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: jbig2dec-0.11+20120125/jbig2.c =================================================================== --- jbig2dec-0.11+20120125.orig/jbig2.c 2017-05-19 08:42:02.623570252 -0400 +++ jbig2dec-0.11+20120125/jbig2.c 2017-05-19 08:42:17.827751092 -0400 @@ -436,7 +436,7 @@ jbig2_word_stream_buf_get_next_word(Jbig if (offset + 4 < z->size) result = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3]; - else if (offset >= z->size) + else if (offset > z->size) return 0; else { debian/copyright0000664000000000000000000001616312055657036011143 0ustar Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?rev=174 Upstream-Name: jbig2dec Upstream-Contact: http://www.ghostscript.com/mailman/listinfo/jbig2-dev/ irc://irc.freenode.net/#ghostscript Source: http://ghostscript.com/~giles/jbig2/jbig2dec/ http://git.ghostscript.com/?p=jbig2dec;a=summary Copyright: 2001-2009,2012, Artifex Software, Inc. License: GPL-2+ or AFPL-9 Files: compile config.guess config.sub depcomp missing Copyright: 1996-2003, Free Software Foundation, Inc. License: GPL-2+ with Autoconf exception As a special exception to the GNU General Public License, if you distribute this file as part of a program that contains a configuration script generated by Autoconf, you may include it under the same distribution terms that you use for the rest of that program. Files: getopt* Copyright: 1987-2001, Free Software Foundation, Inc. License: LGPL-2.1+ Files: snprintf.c Copyright: 1997, Theo de Raadt License: BSD-2-clause Files: configure Copyright: 1992-2008, Free Software Foundation, Inc. License: GAP~configure Files: aclocal.m4 Copyright: 1996-2008, Free Software Foundation, Inc License: GAP Files: ltmain.sh Copyright: 1996-2001, 2003-2008, Free Software Foundation, Inc License: GPL-2+ with Libtool exception As a special exception to the GNU General Public License, if you distribute this file as part of a program or library that is built using GNU Libtool, you may include this file under the same distribution terms that you use for the rest of that program. Files: install-sh Copyright: 1994, X Consortium License: Expat~X with X exception Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. Files: sha1.h Copyright: None (public domain) License: PD this file is in the public domain Files: sha1.c Copyright: None (public domain) License: PD 100% Public Domain Files: Makefile.in Copyright: 1994-2008, Free Software Foundation, Inc. License: GAP~Makefile.in Files: debian/* Copyright: 2009-2010, Jonas Smedegaard License: GPL-2+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Comment: Some files differ from above by replacing "this program" with more specific terms, but otherwise identical licensing and disclaimer. . On Debian systems the 'GNU General Public License' version 2 is located in '/usr/share/common-licenses/GPL-2'. . You should have received a copy of the 'GNU General Public License' along with this program. If not, see . License: LGPL-2.1+ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. Comment: Some files differ from above by replacing "this library" with more specific terms, but otherwise identical licensing and disclaimer. . On Debian systems the 'GNU Lesser General Public License' version 2.1 is located in '/usr/share/common-licenses/LGPL-2.1'. . You should have received a copy of the 'GNU Lesser General Public License' along with this program. If not, see . License: AFPL-9 In addition, specific permission is given to link jbig2dec to or compile jbig2dec into AFPL Ghostscript and to distribute same under the Aladdin Free Public License (AFPL) version 9. Comment: The actual 'Aladdin Free Public License' is missing from upstream source and not attempted located elsewhere, as the licensing terms used for Debian is the GPL. License: GAP This file is free software; the Free Software Foundation gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. License: GAP~configure This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. License: GAP~Makefile.in This Makefile.in is free software; the Free Software Foundation gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. License: BSD-2-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: Expat~X Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. debian/watch0000664000000000000000000000022012055657036010224 0ustar # Run the "uscan" command to check for upstream updates and more. version=3 http://ghostscript.com/~giles/jbig2/jbig2dec/jbig2dec-(.*)\.tar\..* debian/jbig2dec.install0000664000000000000000000000001212055657036012233 0ustar usr/bin/* debian/gbp.conf0000664000000000000000000000014612055657036010621 0ustar # Configuration file for git-buildpackage and friends [DEFAULT] pristine-tar = True sign-tags = True debian/libjbig2dec0.symbols0000664000000000000000000001002312055660130013014 0ustar libjbig2dec.so.0 libjbig2dec0 #MINVER# jbig2_alloc@Base 0.11 jbig2_arith_Qe@Base 0.11 jbig2_arith_decode@Base 0.11 jbig2_arith_iaid_ctx_free@Base 0.11 jbig2_arith_iaid_ctx_new@Base 0.11 jbig2_arith_iaid_decode@Base 0.11 jbig2_arith_int_ctx_free@Base 0.11 jbig2_arith_int_ctx_new@Base 0.11 jbig2_arith_int_decode@Base 0.11 jbig2_arith_new@Base 0.11 jbig2_build_huffman_table@Base 0.11 jbig2_comment_ascii@Base 0.11 jbig2_comment_unicode@Base 0.11 jbig2_complete_page@Base 0.11 jbig2_ctx_free@Base 0.11 jbig2_ctx_new@Base 0.11 jbig2_data_in@Base 0.11 jbig2_decode_generic_mmr@Base 0.11 jbig2_decode_generic_region@Base 0.11 jbig2_decode_gray_scale_image@Base 0.11+20120125 jbig2_decode_halftone_mmr@Base 0.11+20120125 jbig2_decode_halftone_region@Base 0.11 jbig2_decode_ht_region_get_hpats@Base 0.11+20120125 jbig2_decode_refinement_region@Base 0.11 jbig2_decode_text_region@Base 0.11 jbig2_end_of_page@Base 0.11 jbig2_end_of_stripe@Base 0.11 jbig2_error@Base 0.11 jbig2_find_segment@Base 0.11 jbig2_find_table@Base 0.11+20120125 jbig2_free@Base 0.11 jbig2_free_segment@Base 0.11 jbig2_generic_stats_size@Base 0.11 jbig2_get_int16@Base 0.11 jbig2_get_int32@Base 0.11 jbig2_get_region_segment_info@Base 0.11 jbig2_get_uint16@Base 0.11+20120125 jbig2_get_uint32@Base 0.11+20120125 jbig2_global_ctx_free@Base 0.11 jbig2_halftone_region@Base 0.11 jbig2_hd_new@Base 0.11 jbig2_hd_release@Base 0.11 jbig2_huffman_advance@Base 0.11 jbig2_huffman_free@Base 0.11 jbig2_huffman_get@Base 0.11 jbig2_huffman_get_bits@Base 0.11 jbig2_huffman_lines_A@Base 0.11 jbig2_huffman_lines_B@Base 0.11 jbig2_huffman_lines_C@Base 0.11 jbig2_huffman_lines_D@Base 0.11 jbig2_huffman_lines_E@Base 0.11 jbig2_huffman_lines_F@Base 0.11 jbig2_huffman_lines_G@Base 0.11 jbig2_huffman_lines_H@Base 0.11 jbig2_huffman_lines_I@Base 0.11 jbig2_huffman_lines_J@Base 0.11 jbig2_huffman_lines_K@Base 0.11 jbig2_huffman_lines_L@Base 0.11 jbig2_huffman_lines_M@Base 0.11 jbig2_huffman_lines_N@Base 0.11 jbig2_huffman_lines_O@Base 0.11 jbig2_huffman_new@Base 0.11 jbig2_huffman_offset@Base 0.11 jbig2_huffman_params_A@Base 0.11 jbig2_huffman_params_B@Base 0.11 jbig2_huffman_params_C@Base 0.11 jbig2_huffman_params_D@Base 0.11 jbig2_huffman_params_E@Base 0.11 jbig2_huffman_params_F@Base 0.11 jbig2_huffman_params_G@Base 0.11 jbig2_huffman_params_H@Base 0.11 jbig2_huffman_params_I@Base 0.11 jbig2_huffman_params_J@Base 0.11 jbig2_huffman_params_K@Base 0.11 jbig2_huffman_params_L@Base 0.11 jbig2_huffman_params_M@Base 0.11 jbig2_huffman_params_N@Base 0.11 jbig2_huffman_params_O@Base 0.11 jbig2_huffman_skip@Base 0.11 jbig2_image_clear@Base 0.11 jbig2_image_clone@Base 0.11 jbig2_image_compose@Base 0.11 jbig2_image_compose_unopt@Base 0.11 jbig2_image_free@Base 0.11 jbig2_image_get_pixel@Base 0.11 jbig2_image_new@Base 0.11 jbig2_image_read_pbm@Base 0.11 jbig2_image_read_pbm_file@Base 0.11 jbig2_image_release@Base 0.11 jbig2_image_resize@Base 0.11 jbig2_image_set_pixel@Base 0.11 jbig2_image_write_pbm@Base 0.11 jbig2_image_write_pbm_file@Base 0.11 jbig2_immediate_generic_region@Base 0.11 jbig2_make_global_ctx@Base 0.11 jbig2_metadata_add@Base 0.11 jbig2_metadata_free@Base 0.11 jbig2_metadata_new@Base 0.11 jbig2_mmr_black_decode@Base 0.11 jbig2_mmr_white_decode@Base 0.11 jbig2_page_add_result@Base 0.11 jbig2_page_info@Base 0.11 jbig2_page_out@Base 0.11 jbig2_parse_extension_segment@Base 0.11 jbig2_parse_segment@Base 0.11 jbig2_parse_segment_header@Base 0.11 jbig2_pattern_dictionary@Base 0.11 jbig2_realloc@Base 0.11 jbig2_refinement_region@Base 0.11 jbig2_region_find_referred@Base 0.11 jbig2_release_huffman_table@Base 0.11 jbig2_release_page@Base 0.11 jbig2_sd_cat@Base 0.11 jbig2_sd_count_referred@Base 0.11 jbig2_sd_glyph@Base 0.11 jbig2_sd_list_referred@Base 0.11 jbig2_sd_new@Base 0.11 jbig2_sd_release@Base 0.11 jbig2_symbol_dictionary@Base 0.11 jbig2_table@Base 0.11+20120125 jbig2_table_free@Base 0.11+20120125 jbig2_text_region@Base 0.11 jbig2_word_stream_buf_free@Base 0.11 jbig2_word_stream_buf_new@Base 0.11 debian/copyright_hints0000664000000000000000000000662512055657036012352 0ustar Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?rev=174 Upstream-Name: FIXME Upstream-Contact: FIXME Source: FIXME Disclaimer: Autogenerated by CDBS Files: config_win32.h jbig2.c jbig2.h jbig2_arith.c jbig2_arith.h jbig2_arith_iaid.c jbig2_arith_iaid.h jbig2_arith_int.c jbig2_arith_int.h jbig2_generic.c jbig2_generic.h jbig2_halftone.c jbig2_halftone.h jbig2_huffman.c jbig2_huffman.h jbig2_hufftab.h jbig2_image.c jbig2_image.h jbig2_image_pbm.c jbig2_image_png.c jbig2_metadata.c jbig2_metadata.h jbig2_mmr.h jbig2_page.c jbig2_priv.h jbig2_refinement.c jbig2_segment.c jbig2_symbol_dict.c jbig2_symbol_dict.h jbig2_text.c jbig2_text.h jbig2dec.c memcmp.c os_types.h pbm2png.c Copyright: 2001, Artifex Software, Inc 2001-2002, Artifex Software, Inc 2001-2005, Artifex Software, Inc 2001-2009, Artifex Software, Inc 2002, Artifex Software, Inc 2002-2003, Artifex Software, Inc 2002-2004, Artifex Software, Inc 2002-2005, Artifex Software, Inc 2002-2008, Artifex Software, Inc 2003, Artifex Software, Inc 2004, Artifex Software, Inc 2005, Artifex Software, Inc 2009, Artifex Software, Inc 2012, Artifex Software, Inc License: UNKNOWN FIXME Files: CHANGES Jamfile Makefile.am Makefile.unix README SConstruct annex-h.jbig2 autogen.sh config_types.h.in configure.ac debian/README.source debian/compat debian/control debian/control.in debian/gbp.conf debian/jbig2dec.install debian/patches/1001_ignore_python_test.patch debian/patches/1002_gs-git~8b15057.patch debian/patches/1003_gs-git~082c31b.patch debian/patches/1004_extract_infile_from_autogen-sh.patch debian/patches/series debian/source.lintian-overrides debian/source/format debian/watch jbig2dec.1 msvc.mak sha1.c test_jbig2dec.py Copyright: *No copyright* License: UNKNOWN FIXME Files: getopt.c getopt1.c Copyright: 1987,88,89,90,91,92,93,94,95,96,98,99,2000-2001 1987,88,89,90,91,92,93,94,96,97,98 License: LGPL-2.1+ FIXME Files: snprintf.c Copyright: 1997, Theo de Raadt License: BSD (2 clause) FIXME Files: debian/rules Copyright: 2009-2010, Jonas Smedegaard License: GPL-2+ FIXME Files: COPYING Copyright: 2007, Free Software Foundation, Inc. HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS are not disclaimer" for the program, if necessary holder as a result of your choosing to follow a holder explicitly and holder is holder is reinstated (a) holder notifies you of the holder who authorizes use under this holder, and you cure the violation prior to 30 days after holders of if you do law law, except executing it on a on the Program, and are irrevocable provided the stated on the software, and (2) offer you this License permission permission, other than the making of an treaty adopted on 20 December 1996, or License: GPL-3+ FIXME Files: getopt.h Copyright: 1989-1994, 1996-1999, 2001 Free Software Foundation, Inc License: LGPL-2.1+ FIXME Files: sha1.h Copyright: *No copyright* License: Public domain FIXME Files: jbig2_mmr.c Copyright: 2001-2002, Artifex Software, Inc jbig2_set_bits(dst, a0, b1 + 1); jbig2_set_bits(dst, a0, b1 + 2); jbig2_set_bits(dst, a0, b1 + 3); jbig2_set_bits(dst, a0, b1 - 1); jbig2_set_bits(dst, a0, b1 - 2); jbig2_set_bits(dst, a0, b1 - 3); jbig2_set_bits(dst, a0, b1); jbig2_set_bits(dst, a0, b2); License: UNKNOWN FIXME Files: LICENSE Copyright: headers License: UNKNOWN FIXME debian/rules0000775000000000000000000000550512055657036010266 0ustar #!/usr/bin/make -f # -*- mode: makefile; coding: utf-8 -*- # Copyright © 2009-2010 Jonas Smedegaard # Description: Main Debian packaging script for jbig2dec # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2, or (at # your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . DEB_AUTO_UPDATE_LIBTOOL = pre DEB_AUTO_UPDATE_ACLOCAL = 1.11 DEB_AUTO_UPDATE_AUTOCONF = 2.68 DEB_AUTO_UPDATE_AUTOHEADER = 2.68 DEB_AUTO_UPDATE_AUTOMAKE = 1.11 include /usr/share/cdbs/1/rules/upstream-tarball.mk include /usr/share/cdbs/1/rules/utils.mk include /usr/share/cdbs/1/class/autotools.mk include /usr/share/cdbs/1/rules/debhelper.mk libname = lib$(DEB_UPSTREAM_PACKAGE) soname = 0 pkgname = $(libname)$(soname) DEB_UPSTREAM_URL = http://ghostscript.com/~giles/jbig2/$(DEB_UPSTREAM_PACKAGE)/ DEB_UPSTREAM_TARBALL_MD5 = 1f61e144852c86563fee6e5ddced63f1 # bootstrap autotools files (CDBS normally only updates them) DEB_MAKE_CLEAN_TARGET = distclean DEB_AUTOMAKE_ARGS = --add-missing --copy clean:: rm -f Makefile.in aclocal.m4 compile config.guess config.h.in config.sub configure depcomp install-sh ltmain.sh missing DEB_MAKE_CHECK_TARGET = check DEB_INSTALL_MANPAGES_jbig2dec = debian/tmp/usr/share/man/man1/* DEB_SHLIBDEPS_LIBRARY_$(pkgname) = $(libname) DEB_DH_MAKESHLIBS_ARGS = -Pdebian/$(cdbs_curpkg) # put aside upstream-shipped temp files during build but after copyright-check upstreamtmpfiles = config_types.h pre-build:: debian/stamp-upstreamtmpstuff debian/stamp-upstreamtmpstuff: debian/stamp-copyright-check for file in $(upstreamtmpfiles); do \ [ ! -e $$file ] || [ -e $$file.upstream ] || mv $$file $$file.upstream; \ done touch $@ clean:: for file in $(upstreamtmpfiles); do \ [ ! -e $$file.upstream ] || mv -f $$file.upstream $$file; \ done rm -f debian/stamp-upstreamtmpstuff # Let d-shlibs resolve dependencies for and install library files CDBS_BUILD_DEPENDS += , d-shlibs (>= 0.45~) binary-post-install/$(pkgname):: debian/stamp-local-shlibs-$(libname) debian/stamp-local-shlibs-$(libname): binary-install/$(pkgname) d-shlibmove --commit \ --exclude-la \ --movedev "debian/tmp/usr/include/*" usr/include/ \ debian/tmp/usr/lib/$(libname).so touch $@ clean:: rm -f debian/stamp-local-shlibs-$(libname) # Needed by by upstream build routines CDBS_BUILD_DEPENDS += , libpng-dev # Needed by upstream tests CDBS_BUILD_DEPENDS += , python