shithub: jbig2

Download patch

ref: 1fd3f35b2f031f1cad486daeff3f625588745e33
parent: bcc1da0257a3f721a4ca95421a996969b8bfb2f6
author: giles <giles@ded80894-8fb9-0310-811b-c03f3676ab4d>
date: Wed Oct 1 10:21:19 EDT 2003 

Correct an allocation size bug that caused memory access errors when the 
initial buffer handed to jbig_data_in() didn't match the internal 4k 
size. Thanks to Tor for reporting the bug.


git-svn-id: http://svn.ghostscript.com/jbig2dec/trunk@276 ded80894-8fb9-0310-811b-c03f3676ab4d


--- a/jbig2.c
+++ b/jbig2.c
@@ -1,7 +1,7 @@
 /*
     jbig2dec
     
-    Copyright (c) 2002 artofcode LLC.
+    Copyright (c) 2002-2003 artofcode LLC.
     
     This software is provided AS-IS with no warranty,
     either express or implied.
@@ -16,7 +16,7 @@
     Artifex Software, Inc.,  101 Lucas Valley Road #110, 
     San Rafael, CA  94903, U.S.A., +1(415)492-9861.
         
-    $Id: jbig2.c,v 1.18 2003/02/03 20:04:11 giles Exp $
+    $Id$
 */
 
 #ifdef HAVE_CONFIG_H
@@ -202,7 +202,7 @@
       do
 	buf_size <<= 1;
       while (buf_size < size);
-      ctx->buf = (byte *)jbig2_alloc (ctx->allocator, size);
+      ctx->buf = (byte *)jbig2_alloc(ctx->allocator, buf_size);
       ctx->buf_size = buf_size;
       ctx->buf_rd_ix = 0;
       ctx->buf_wr_ix = 0;
@@ -212,7 +212,7 @@
       if (ctx->buf_rd_ix <= (ctx->buf_size >> 1) &&
 	  ctx->buf_wr_ix - ctx->buf_rd_ix + size <= ctx->buf_size)
         {
-	  memcpy (ctx->buf, ctx->buf + ctx->buf_rd_ix,
+	  memmove(ctx->buf, ctx->buf + ctx->buf_rd_ix,
 		  ctx->buf_wr_ix - ctx->buf_rd_ix);
 	}
       else
@@ -223,10 +223,10 @@
 	  do
 	    buf_size <<= 1;
 	  while (buf_size < ctx->buf_wr_ix - ctx->buf_rd_ix + size);
-	  buf = (byte *)jbig2_alloc (ctx->allocator, buf_size);
-	  memcpy (buf, ctx->buf + ctx->buf_rd_ix,
+	  buf = (byte *)jbig2_alloc(ctx->allocator, buf_size);
+	  memcpy(buf, ctx->buf + ctx->buf_rd_ix,
 		  ctx->buf_wr_ix - ctx->buf_rd_ix);
-	  jbig2_free (ctx->allocator, ctx->buf);
+	  jbig2_free(ctx->allocator, ctx->buf);
 	  ctx->buf = buf;
 	  ctx->buf_size = buf_size;
 	}
@@ -233,7 +233,7 @@
       ctx->buf_wr_ix -= ctx->buf_rd_ix;
       ctx->buf_rd_ix = 0;
     }
-  memcpy (ctx->buf + ctx->buf_wr_ix, data, size);
+  memcpy(ctx->buf + ctx->buf_wr_ix, data, size);
   ctx->buf_wr_ix += size;
 
   /* data has now been added to buffer */
--- a/jbig2dec.c
+++ b/jbig2dec.c
@@ -1,7 +1,7 @@
 /*
     jbig2dec
     
-    Copyright (C) 2001-2002 artofcode LLC.
+    Copyright (C) 2001-2003 artofcode LLC.
     
     This software is distributed under license and may not
     be copied, modified or distributed except as expressly
@@ -13,7 +13,7 @@
     Artifex Software, Inc.,  101 Lucas Valley Road #110,
     San Rafael, CA  94903, U.S.A., +1(415)492-9861.
 
-    $Id: jbig2dec.c,v 1.41 2002/08/15 14:54:45 giles Exp $
+    $Id$
 */
 
 #ifdef HAVE_CONFIG_H