$OpenBSD: patch-xpdf_Catalog_cc,v 1.3 2007/03/30 04:09:42 ckuethe Exp $
--- xpdf/Catalog.cc.orig	Tue Feb 27 22:05:52 2007
+++ xpdf/Catalog.cc	Fri Mar 30 00:31:19 2007
@@ -65,6 +65,15 @@ Catalog::Catalog(XRef *xrefA) {
   }
   pagesSize = numPages0 = (int)obj.getNum();
   obj.free();
+  // The gcc doesnt optimize this away, so this check is ok,
+  // even if it looks like a pagesSize != pagesSize check
+  if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+      pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
+    error(-1, "Invalid 'pagesSize'");
+    ok = gFalse;
+    return;
+  }
+
   pages = (Page **)gmallocn(pagesSize, sizeof(Page *));
   pageRefs = (Ref *)gmallocn(pagesSize, sizeof(Ref));
   for (i = 0; i < pagesSize; ++i) {
@@ -217,6 +226,11 @@ int Catalog::readPageTree(Dict *pagesDict, PageAttrs *
       }
       if (start >= pagesSize) {
 	pagesSize += 32;
+         if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+                pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
+           error(-1, "Invalid 'pagesSize' parameter.");
+           goto err3;
+         }
 	pages = (Page **)greallocn(pages, pagesSize, sizeof(Page *));
 	pageRefs = (Ref *)greallocn(pageRefs, pagesSize, sizeof(Ref));
 	for (j = pagesSize - 32; j < pagesSize; ++j) {