Inspired by [1], I looked into the other functions in
cairo-image-info.c. This commit fixes the possible out-of-bound reads
that I found just by staring at the code.
_jpx_next_box() would happily read beyond the end of the data via
get_unaligned_be32(). This commit adds checks that at least for bytes of
data are available.
Additionally, I made this function check that its returned pointer is
within bounds, just because I found this easier to reason about.
Also, _jpx_extract_info() did not check that it had enough data to read.
This is fixed by making the function fallible and giving it information
about the end of data.
[1]: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/386
Signed-off-by: Uli Schlachter <psychon@znc.in>
From further testing and investigation it appears that many PDF viewers
already have a workaround to invert Adobe CMYK JPEGs, so our generated
PDFs display incorrectly with those viewers due to double-inversion.
Further investigation will be needed to find a better solution that
doesn't cause regression for some PDF viewers; perhaps PDF viewers that
lack this inversion workaround should be changed to include it. For now
we'll drop the patch to avoid shipping the regression in 1.16.0.
This reverts commit b207a932a2.
Reference: https://bugs.freedesktop.org/show_bug.cgi?id=97612
Fixes: https://gitlab.freedesktop.org/cairo/cairo/issues/156
Adobe PhotoShop generates CMYK JPEG files with inverted CMYK. When a
JPEG file with this format is included in a PDF file, a `/Decode`
array must be included to convert to "normal" CMYK.
These JPEG files can be detected via the presence of the APP14 "Adobe"
marker. However, PDF viewers are not required to detect and handle
this private marker, so it must be detected and handled (by adding a
`/Decode`) by the PDF generator.
Signed-Off-By: Peter TB Brett <peter.brett@livecode.com>
JBIG2 images may have shared global data that is stored in a separate
stream in PDF. The CAIRO_MIME_TYPE_JBIG2 mime type is for the JBIG2
data for each image. All images that use global data must also set
CAIRO_MIME_TYPE_JBIG2_GLOBAL_ID to a unique identifier. One of the
images must also set CAIRO_MIME_TYPE_JBIG2_GLOBAL to the global
data. The global data will be shared by all JBIG2 images with the same
CAIRO_MIME_TYPE_JBIG2_GLOBAL_ID.
Step 1, fix the failings sighted recently by tracking clip-boxes as an
explicit property of the clipping and of composition.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
What we want to use is size_t, but we don't want the implied POSIX
dependency. However, POSIX does say that size_t is an unsigned integer
that is no longer than a long, so it would appear safe to use an
unsigned long as a replacement. Safer at least than unsigned int.
I updated the Free Software Foundation address using the following script.
for i in $(git grep Temple | cut -d: -f1 )
do
sed -e 's/59 Temple Place[, -]* Suite 330, Boston, MA *02111-1307[, ]* USA/51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA/' -i "$i"
done
Fixes http://bugs.freedesktop.org/show_bug.cgi?id=21356
