commit 04d0e5ca9df648f4ca9221da3555c1310ba689c8
author Albert Astals Cid <aacid@kde.org> Thu Nov 08 23:29:55 2007 +0100
committer Albert Astals Cid <aacid@kde.org> Thu Nov 08 23:29:55 2007 +0100
tree 18139a0ddca75510569b77d1642b3082cf3403fe
parent 1e4a7d6f9e7524fa615da61b616ce67e867a7532

Move another gmallocn to gmallocn_checkoverflow. Fixes crashes on incorrect pdf sent by Red Hat

poppler/Stream.cc

diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index 068c9b4..25535a9 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -1261,14 +1261,18 @@
   // ---> max codingLine size = columns + 1
   // refLine has one extra guard entry at the end
   // ---> max refLine size = columns + 2
-  codingLine = (int *)gmallocn(columns + 1, sizeof(int));
-  refLine = (int *)gmallocn(columns + 2, sizeof(int));
+  codingLine = (int *)gmallocn_checkoverflow(columns + 1, sizeof(int));
+  refLine = (int *)gmallocn_checkoverflow(columns + 2, sizeof(int));
 
-  eof = gFalse;
+  if (codingLine != NULL && refLine != NULL) {
+    eof = gFalse;
+    codingLine[0] = columns;
+  } else {
+    eof = gTrue;
+  }
   row = 0;
   nextLine2D = encoding < 0;
   inputBits = 0;
-  codingLine[0] = columns;
   a0i = 0;
   outputBits = 0;
 
@@ -1285,11 +1289,16 @@
   short code1;
 
   str->reset();
-  eof = gFalse;
+
+  if (codingLine != NULL && refLine != NULL) {
+    eof = gFalse;
+    codingLine[0] = columns;
+  } else {
+    eof = gTrue;
+  }
   row = 0;
   nextLine2D = encoding < 0;
   inputBits = 0;
-  codingLine[0] = columns;
   a0i = 0;
   outputBits = 0;
   buf = EOF;