On Wed, May 27, 2009 at 06:22:49PM +0000, Matthew Szudzik wrote:
> I'm using xpdf-3.02pl2p4 with OpenBSD 4.5 on i386, and xpdf is crashing
> on certain pdf files with complex graphics. For example, the second
> page of
>
>
> http://us.acer.com/acer/wr-resource/3225785014/upload/E0Entity3/5/TravelMate%20family%201-8-08.pdf
>
> causes xpdf to crash, unless the page size is reduced to 50% or smaller.
> Also, the first page of
>
> http://www.shopping.hp.com/shopping/pdf/nm325ua.pdf
>
> causes xpdf to crash if the page size is increased to 200% or greater.
Below is a patch that fixes at least the second one. I took it from
poppler. I'm not sure wether it's the *correct* way to fix it (i'll
also send the diff to Derek to let him decide).
Note that this patch is for -current, but it should apply cleanly
on -4.5, too (except for the pkgname change).
Ciao,
Kili
Repair some out-of-bounds access. From poppler. Fixes at least the
problem with the second pdf file mentioned in
http://marc.info/?l=openbsd-ports&m=124344888113151&w=2
Index: Makefile
===================================================================
RCS file: /cvs/ports/textproc/xpdf/Makefile,v
retrieving revision 1.65
diff -u -p -r1.65 Makefile
--- Makefile 30 May 2009 22:35:56 -0000 1.65
+++ Makefile 14 Jul 2009 13:01:46 -0000
@@ -4,7 +4,7 @@ COMMENT-main= PDF viewer for X11
COMMENT-utils= PDF conversion tools
DISTNAME= xpdf-3.02
-PKGNAME-main= xpdf-3.02.3p0
+PKGNAME-main= xpdf-3.02.3p1
PKGNAME-utils= xpdf-utils-3.02.3
CATEGORIES= textproc x11
Index: patches/patch-splash_SplashXPathScanner_cc
===================================================================
RCS file: patches/patch-splash_SplashXPathScanner_cc
diff -N patches/patch-splash_SplashXPathScanner_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-splash_SplashXPathScanner_cc 14 Jul 2009 13:01:46 -0000
@@ -0,0 +1,31 @@
+$OpenBSD$
+--- splash/SplashXPathScanner.cc.orig Tue Jul 14 14:43:52 2009
++++ splash/SplashXPathScanner.cc Tue Jul 14 14:59:54 2009
+@@ -397,7 +397,7 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBu
+ for (; xx + 7 <= xx0; xx += 8) {
+ *p++ = 0x00;
+ }
+- if (xx <= xx0) {
++ if (xx < xx0) {
+ *p &= 0xff >> (xx0 & 7);
+ }
+ }
+@@ -406,6 +406,9 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBu
+ }
+ }
+ xx0 = (*x1 + 1) * splashAASize;
++ if (xx0 > aaBuf->getWidth()) {
++ xx0 = aaBuf->getWidth();
++ }
+ // set [xx, xx0) to 0
+ if (xx < xx0) {
+ p = aaBuf->getDataPtr() + yy * aaBuf->getRowSize() + (xx >> 3);
+@@ -420,7 +423,7 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBu
+ for (; xx + 7 <= xx0; xx += 8) {
+ *p++ = 0x00;
+ }
+- if (xx <= xx0) {
++ if (xx < xx0) {
+ *p &= 0xff >> (xx0 & 7);
+ }
+ }
