Fix CVE-2016-5684

- Bump PORTREVISION for package change Obtained from: https://sourceforge.net/p/freeimage/svn/1735/ https://sourceforge.net/p/freeimage/svn/1740/ Security: 5b1631dc-eafd-11e6-9ac1-a4badb2f4699 MFH: 2018Q2
svn path=/head/; revision=467404
2018-04-15 19:12:19 +00:00 · 2018-04-15 19:12:19 +00:00 · 51ebd65b05 · 2021-03-31 03:12:20 +00:00
commit 51ebd65b05
parent 7b922e726b
2 changed files with 24 additions and 1 deletions
--- a/graphics/freeimage/Makefile
+++ b/graphics/freeimage/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	freeimage
 PORTVERSION=	3.16.0
-PORTREVISION=	3
+PORTREVISION=	4
 # Version 3.17.0 is available, but does not build on i386 (and probably
 # other 32-bit arches) without some not-quite-trivial patching.  If one
 # decides to update the port, please make sure 32-bit builds are tested!
--- a/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
+++ b/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
@ -0,0 +1,23 @@
+--- Source/FreeImage/PluginXPM.cpp.orig	2013-11-29 19:29:14 UTC
+++ Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 		}
+ 		free(str);
+ 
+		// check info string
+		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
+			throw "Improperly formed info string";
+		}
+
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
+			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars