$OpenBSD: patch-pdftops_Stream_cxx,v 1.3 2007/08/03 20:51:42 kili Exp $

Fix for CVE-2007-3387.

--- pdftops/Stream.cxx.orig	Mon Feb 13 04:08:11 2006
+++ pdftops/Stream.cxx	Fri Aug  3 21:53:53 2007
@@ -411,15 +411,13 @@ StreamPredictor::StreamPredictor(Stream *strA, int pre
   ok = gFalse;
 
   nVals = width * nComps;
-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-      nComps >= INT_MAX / nBits ||
-      width >= INT_MAX / nComps / nBits ||
-      nVals * nBits + 7 < 0) {
-    return;
-  }
   pixBytes = (nComps * nBits + 7) >> 3;
   rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-  if (rowBytes <= 0) {
+  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+      nComps > gfxColorMaxComps ||
+      nBits > 16 ||
+      width >= INT_MAX / nComps ||      // check for overflow in nVals
+      nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
     return;
   }
   predLine = (Guchar *)gmalloc(rowBytes);
