+ // clean up the Huffman decoder
+@@ -2159,6 +2236,10 @@
+
+ // allocate the bitmap
+ bitmap = new JBIG2Bitmap(0, w, h);
++ if (!bitmap->isOk()) {
++ delete bitmap;
++ return NULL;
++ }
+ if (defPixel) {
+ bitmap->clearToOne();
+ } else {
+@@ -2235,73 +2316,84 @@
+ ri = 0;
+ }
+ if (ri) {
++ GBool decodeSuccess;
+ if (huff) {
+- huffDecoder->decodeInt(&rdw, huffRDWTable);
+- huffDecoder->decodeInt(&rdh, huffRDHTable);
+- huffDecoder->decodeInt(&rdx, huffRDXTable);
+- huffDecoder->decodeInt(&rdy, huffRDYTable);
+- huffDecoder->decodeInt(&bmSize, huffRSizeTable);
++ decodeSuccess = huffDecoder->decodeInt(&rdw, huffRDWTable);
++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&rdh, huffRDHTable);
++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&rdx, huffRDXTable);
++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&rdy, huffRDYTable);
++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&bmSize, huffRSizeTable);
+ huffDecoder->reset();
+ arithDecoder->start();
+ } else {
+- arithDecoder->decodeInt(&rdw, iardwStats);
+- arithDecoder->decodeInt(&rdh, iardhStats);
+- arithDecoder->decodeInt(&rdx, iardxStats);
+- arithDecoder->decodeInt(&rdy, iardyStats);
++ decodeSuccess = arithDecoder->decodeInt(&rdw, iardwStats);
++ decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdh, iardhStats);
++ decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdx, iardxStats);
++ decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdy, iardyStats);
++ }
++
++ if (decodeSuccess && syms[symID])
++ {
++ refDX = ((rdw >= 0) ? rdw : rdw - 1) / 2 + rdx;
++ refDY = ((rdh >= 0) ? rdh : rdh - 1) / 2 + rdy;
++
++ symbolBitmap =
++ readGenericRefinementRegion(rdw + syms[symID]->getWidth(),
++ rdh + syms[symID]->getHeight(),
++ templ, gFalse, syms[symID],
++ refDX, refDY, atx, aty);
+ }
+- refDX = ((rdw >= 0) ? rdw : rdw - 1) / 2 + rdx;
+- refDY = ((rdh >= 0) ? rdh : rdh - 1) / 2 + rdy;
+-
+- symbolBitmap =
+- readGenericRefinementRegion(rdw + syms[symID]->getWidth(),
+- rdh + syms[symID]->getHeight(),
+- templ, gFalse, syms[symID],
+- refDX, refDY, atx, aty);
+ //~ do we need to use the bmSize value here (in Huffman mode)?
+ } else {
+ symbolBitmap = syms[symID];
+ }
+
+- // combine the symbol bitmap into the region bitmap
+- //~ something is wrong here - refCorner shouldn't degenerate into
+- //~ two cases
+- bw = symbolBitmap->getWidth() - 1;
+- bh = symbolBitmap->getHeight() - 1;
+- if (transposed) {
+- switch (refCorner) {
+- case 0: // bottom left
+- bitmap->combine(symbolBitmap, tt, s, combOp);
+- break;
+- case 1: // top left
+- bitmap->combine(symbolBitmap, tt, s, combOp);
+- break;
+- case 2: // bottom right
+- bitmap->combine(symbolBitmap, tt - bw, s, combOp);
+- break;
+- case 3: // top right
+- bitmap->combine(symbolBitmap, tt - bw, s, combOp);
+- break;
++ if (symbolBitmap) {
++ // combine the symbol bitmap into the region bitmap
++ //~ something is wrong here - refCorner shouldn't degenerate into
++ //~ two cases
++ bw = symbolBitmap->getWidth() - 1;
++ bh = symbolBitmap->getHeight() - 1;
++ if (transposed) {
++ switch (refCorner) {
++ case 0: // bottom left
++ bitmap->combine(symbolBitmap, tt, s, combOp);
++ break;
++ case 1: // top left
++ bitmap->combine(symbolBitmap, tt, s, combOp);
++ break;
++ case 2: // bottom right
++ bitmap->combine(symbolBitmap, tt - bw, s, combOp);
++ break;
++ case 3: // top right
++ bitmap->combine(symbolBitmap, tt - bw, s, combOp);
++ break;
++ }
++ s += bh;
++ } else {
++ switch (refCorner) {
++ case 0: // bottom left
++ bitmap->combine(symbolBitmap, s, tt - bh, combOp);
++ break;
++ case 1: // top left
++ bitmap->combine(symbolBitmap, s, tt, combOp);
++ break;
++ case 2: // bottom right
++ bitmap->combine(symbolBitmap, s, tt - bh, combOp);
++ break;
++ case 3: // top right
++ bitmap->combine(symbolBitmap, s, tt, combOp);
++ break;
++ }
++ s += bw;
+ }
+- s += bh;
+- } else {
+- switch (refCorner) {
+- case 0: // bottom left
+- bitmap->combine(symbolBitmap, s, tt - bh, combOp);
+- break;
+- case 1: // top left
+- bitmap->combine(symbolBitmap, s, tt, combOp);
+- break;
+- case 2: // bottom right
+- bitmap->combine(symbolBitmap, s, tt - bh, combOp);
+- break;
+- case 3: // top right
+- bitmap->combine(symbolBitmap, s, tt, combOp);
+- break;
++ if (ri) {
++ delete symbolBitmap;
+ }
+- s += bw;
+- }
+- if (ri) {
+- delete symbolBitmap;
++ } else {
++ // NULL symbolBitmap only happens on error
++ delete bitmap;
++ return NULL;
+ }
+ }
+
+@@ -2431,11 +2523,12 @@
+ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
+ return;
+ }
+- if (!(seg = findSegment(refSegs[0])) ||
+- seg->getType() != jbig2SegPatternDict) {
++ seg = findSegment(refSegs[0]);
++ if (seg == NULL || seg->getType() != jbig2SegPatternDict) {
+ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
+ return;
+ }
++
+ patternDict = (JBIG2PatternDict *)seg;
+ bpp = 0;
+ i = 1;
+@@ -2591,6 +2684,8 @@
+ // read the bitmap
+ bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse,
+ NULL, atx, aty, mmr ? length - 18 : 0);
++ if (!bitmap)
++ return;
+
+ // combine the region bitmap into the page bitmap
+ if (imm) {
+@@ -2616,7 +2711,7 @@
+ int *codingLine, int *a0i, int w) {
+ if (a1 > codingLine[*a0i]) {
+ if (a1 > w) {
+- error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
++ error(getPos(), "JBIG2 MMR row is wrong length (%d)", a1);
+ a1 = w;
+ }
+ if ((*a0i & 1) ^ blackPixels) {
+@@ -2630,7 +2725,7 @@
+ int *codingLine, int *a0i, int w) {
+ if (a1 > codingLine[*a0i]) {
+ if (a1 > w) {
+- error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1);
++ error(getPos(), "JBIG2 MMR row is wrong length (%d)", a1);
+ a1 = w;
+ }
+ if ((*a0i & 1) ^ blackPixels) {
+@@ -2657,13 +2752,17 @@
+ JBIG2Bitmap *bitmap;
+ GBool ltp;
+ Guint ltpCX, cx, cx0, cx1, cx2;
+- JBIG2BitmapPtr cxPtr0, cxPtr1;
+- JBIG2BitmapPtr atPtr0, atPtr1, atPtr2, atPtr3;
++ JBIG2BitmapPtr cxPtr0 = {0}, cxPtr1 = {0};
++ JBIG2BitmapPtr atPtr0 = {0}, atPtr1 = {0}, atPtr2 = {0}, atPtr3 = {0};
+ int *refLine, *codingLine;
+ int code1, code2, code3;
+ int x, y, a0i, b1i, blackPixels, pix, i;
+
+ bitmap = new JBIG2Bitmap(0, w, h);
++ if (!bitmap->isOk()) {
++ delete bitmap;
++ return NULL;
++ }
+ bitmap->clearToZero();
+
+ //----- MMR decode
+@@ -2682,7 +2781,7 @@
+ // ---> max refLine size = w + 2
+ codingLine = (int *)gmallocn(w + 1, sizeof(int));
+ refLine = (int *)gmallocn(w + 2, sizeof(int));
+- codingLine[0] = w;
++ for (i = 0; i < w + 1; ++i) codingLine[i] = w;
+
+ for (y = 0; y < h; ++y) {
+
+@@ -3093,8 +3192,8 @@
+ return;
+ }
+ if (nRefSegs == 1) {
+- if (!(seg = findSegment(refSegs[0])) ||
+- seg->getType() != jbig2SegBitmap) {
++ seg = findSegment(refSegs[0]);
++ if (seg == NULL || seg->getType() != jbig2SegBitmap) {
+ error(getPos(), "Bad bitmap reference in JBIG2 generic refinement segment");
+ return;
+ }
+@@ -3143,11 +3242,24 @@
+ JBIG2Bitmap *bitmap;
+ GBool ltp;
+ Guint ltpCX, cx, cx0, cx2, cx3, cx4, tpgrCX0, tpgrCX1, tpgrCX2;
+- JBIG2BitmapPtr cxPtr0, cxPtr1, cxPtr2, cxPtr3, cxPtr4, cxPtr5, cxPtr6;
+- JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2;
++ JBIG2BitmapPtr cxPtr0 = {0};
++ JBIG2BitmapPtr cxPtr1 = {0};
++ JBIG2BitmapPtr cxPtr2 = {0};
++ JBIG2BitmapPtr cxPtr3 = {0};
++ JBIG2BitmapPtr cxPtr4 = {0};
++ JBIG2BitmapPtr cxPtr5 = {0};
++ JBIG2BitmapPtr cxPtr6 = {0};
++ JBIG2BitmapPtr tpgrCXPtr0 = {0};
++ JBIG2BitmapPtr tpgrCXPtr1 = {0};
++ JBIG2BitmapPtr tpgrCXPtr2 = {0};
+ int x, y, pix;
+
+ bitmap = new JBIG2Bitmap(0, w, h);
++ if (!bitmap->isOk())
++ {
++ delete bitmap;
++ return NULL;
++ }
+ bitmap->clearToZero();
+
+ // set up the typical row context
+@@ -3332,6 +3444,12 @@
+ }
+ pageBitmap = new JBIG2Bitmap(0, pageW, curPageH);
+
++ if (!pageBitmap->isOk()) {
++ delete pageBitmap;
++ pageBitmap = NULL;
++ return;
++ }
++
+ // default pixel value
+ if (pageDefPixel) {
+ pageBitmap->clearToOne();