if (!strcmp(tok3, "[")) {
i = 0;
while (pst->getToken(tok1, sizeof(tok1), &n1) &&
+@@ -320,7 +327,13 @@
+ if (code >= mapLen) {
+ oldLen = mapLen;
+ mapLen = (code + 256) & ~255;
++ Unicode *oldmap;
+ map = (Unicode *)greallocn(map, mapLen, sizeof(Unicode));
++ if(!map) {
++ /* we sometimes get overflows for files trying to use 0xffffffff as charcode */
++ map = oldmap;
++ return;
++ }
+ for (i = oldLen; i < mapLen; ++i) {
+ map[i] = 0;
+ }
--- xpdf/CoreOutputDev.cc.orig 2010-05-18 11:22:18.000000000 -0700
+++ xpdf/CoreOutputDev.cc 2010-05-18 11:22:18.000000000 -0700
@@ -57,5 +57,5 @@
#endif
#include <string.h>
#include <ctype.h>
+@@ -2456,6 +2460,9 @@
+ // check for an EOB run
+ if (eobRun > 0) {
+ while (i <= scanInfo.lastCoeff) {
++ if(i>=64) {
++ return gFalse;
++ }
+ j = dctZigZag[i++];
+ if (data[j] != 0) {
+ if ((bit = readBit()) == EOF) {
+@@ -2480,6 +2487,9 @@
+ if (c == 0xf0) {
+ k = 0;
+ while (k < 16) {
++ if(i>=64) {
++ return gFalse;
++ }
+ j = dctZigZag[i++];
+ if (data[j] == 0) {
+ ++k;
+@@ -2505,6 +2515,9 @@
+ }
+ eobRun += 1 << j;
+ while (i <= scanInfo.lastCoeff) {
++ if(i>=64) {
++ return gFalse;
++ }
+ j = dctZigZag[i++];
+ if (data[j] != 0) {
+ if ((bit = readBit()) == EOF) {
+@@ -2527,6 +2540,9 @@
+ }
+ k = 0;
+ do {
++ if(i>=64) {
++ return gFalse;
++ }
+ j = dctZigZag[i++];
+ while (data[j] != 0) {
+ if ((bit = readBit()) == EOF) {
+@@ -2535,6 +2551,9 @@
+ if (bit) {
+ data[j] += 1 << scanInfo.al;
+ }
++ if(i>=64) {
++ return gFalse;
++ }
+ j = dctZigZag[i++];
+ }
+ ++k;
--- xpdf/Stream.h.orig 2010-05-18 11:22:18.000000000 -0700
+++ xpdf/Stream.h 2010-05-18 11:22:18.000000000 -0700
@@ -41,7 +41,8 @@