svn commit: r467404 - in head/graphics/freeimage: . files

Sunpoet Po-Chuan Hsieh sunpoet at FreeBSD.org
Sun Apr 15 19:12:20 UTC 2018 

Author: sunpoet
Date: Sun Apr 15 19:12:19 2018
New Revision: 467404
URL: https://svnweb.freebsd.org/changeset/ports/467404

Log:
  Fix CVE-2016-5684
  
  - Bump PORTREVISION for package change
  
  Obtained from:	https://sourceforge.net/p/freeimage/svn/1735/
  		https://sourceforge.net/p/freeimage/svn/1740/
  Security:	5b1631dc-eafd-11e6-9ac1-a4badb2f4699
  MFH:		2018Q2

Added:
  head/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp   (contents, props changed)
Modified:
  head/graphics/freeimage/Makefile

Modified: head/graphics/freeimage/Makefile
==============================================================================
--- head/graphics/freeimage/Makefile	Sun Apr 15 17:56:25 2018	(r467403)
+++ head/graphics/freeimage/Makefile	Sun Apr 15 19:12:19 2018	(r467404)
@@ -3,7 +3,7 @@
 
 PORTNAME=	freeimage
 PORTVERSION=	3.16.0
-PORTREVISION=	3
+PORTREVISION=	4
 # Version 3.17.0 is available, but does not build on i386 (and probably
 # other 32-bit arches) without some not-quite-trivial patching.  If one
 # decides to update the port, please make sure 32-bit builds are tested!

Added: head/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp	Sun Apr 15 19:12:19 2018	(r467404)
@@ -0,0 +1,23 @@
+--- Source/FreeImage/PluginXPM.cpp.orig	2013-11-29 19:29:14 UTC
++++ Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 		}
+ 		free(str);
+ 
++		// check info string
++		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
++			throw "Improperly formed info string";
++		}
++
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
++			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars

More information about the svn-ports-head mailing list