$OpenBSD: patch-pdftops_XRef_cxx,v 1.2 2005/01/22 17:12:43 mbalmer Exp $
--- pdftops/XRef.cxx.orig	Wed Oct 13 22:55:53 2004
+++ pdftops/XRef.cxx	Sat Jan 22 17:42:31 2005
@@ -16,6 +16,7 @@
 #include <stddef.h>
 #include <string.h>
 #include <ctype.h>
+#include <sys/limits.h>
 #include "gmem.h"
 #include "Object.h"
 #include "Stream.h"
@@ -76,7 +77,7 @@ XRef::XRef(BaseStream *strA, GString *ow
 
   // trailer is ok - read the xref table
   } else {
-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
+    if ((unsigned) size >= INT_MAX / sizeof(XRefEntry)) {
       error(-1, "Invalid 'size' inside xref table.");
       ok = gFalse;
       errCode = errDamaged;
@@ -291,7 +292,7 @@ GBool XRef::readXRef(Guint *pos) {
     // table size
     if (first + n > size) {
       newSize = first + n;
-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+      if ((unsigned) newSize >= INT_MAX / sizeof(XRefEntry)) {
         error(-1, "Invalid 'newSize'");
         goto err2;
       }
@@ -445,7 +446,7 @@ GBool XRef::constructXRef() {
 	    if (!strncmp(p, "obj", 3)) {
 	      if (num >= size) {
 		newSize = (num + 1 + 255) & ~255;
-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+	        if ((unsigned ) newSize >= INT_MAX / sizeof(XRefEntry)) {
 	          error(-1, "Invalid 'obj' parameters.");
 	          return gFalse;
 	        }
@@ -470,7 +471,7 @@ GBool XRef::constructXRef() {
     } else if (!strncmp(p, "endstream", 9)) {
       if (streamEndsLen == streamEndsSize) {
 	streamEndsSize += 64;
-        if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) {
+        if ((unsigned) streamEndsSize >= INT_MAX / sizeof(int)) {
           error(-1, "Invalid 'endstream' parameter.");
           return gFalse;
         }
@@ -526,6 +527,9 @@ GBool XRef::checkEncrypted(GString *owne
 	  keyLength = lengthObj.getInt() / 8;
 	} else {
 	  keyLength = 5;
+	}
+	if (keyLength > 16) {
+	  keyLength = 16;
 	}
 	permFlags = permissions.getInt();
 	if (encVersion >= 1 && encVersion <= 2 &&
