Fix CVE-2016-5684

- Bump PORTREVISION for package change

Obtained from:	https://sourceforge.net/p/freeimage/svn/1735/
		https://sourceforge.net/p/freeimage/svn/1740/
Security:	5b1631dc-eafd-11e6-9ac1-a4badb2f4699
MFH:		2018Q2

2 files changed, 24 insertions, 1 deletions

diff --git a/graphics/freeimage/Makefile b/graphics/freeimage/Makefile
index 0256a7f23672..f0921ee707be 100644
--- a/graphics/freeimage/Makefile
+++ b/graphics/freeimage/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	freeimage
 PORTVERSION=	3.16.0
-PORTREVISION=	3
+PORTREVISION=	4
 # Version 3.17.0 is available, but does not build on i386 (and probably
 # other 32-bit arches) without some not-quite-trivial patching.  If one
 # decides to update the port, please make sure 32-bit builds are tested!
diff --git a/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp b/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
new file mode 100644
index 000000000000..27b5953f1e7b
--- /dev/null
+++ b/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
@@ -0,0 +1,23 @@
+--- Source/FreeImage/PluginXPM.cpp.orig	2013-11-29 19:29:14 UTC
++++ Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 		}
+ 		free(str);
+ 
++		// check info string
++		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
++			throw "Improperly formed info string";
++		}
++
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
++			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars