Fix integer overflow in gdImageWebpCtx and bump PORTREVISION.

PR: 213023 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
author: Alex Dupre <ale@FreeBSD.org> 2016-09-28 08:20:46 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2016-09-28 08:20:46 +0000
commit: b1e3ed17fd4cbd76dcadad4cd0c8840cb8ee0199 (patch)
tree: eb8939b625e89016d3d0173af15ba70e5b9eec5e /graphics/php56-gd/files/patch-libgd_gd_webp.c
parent: Comment out PATCH_DEPENDS. (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/graphics/php56-gd/files/patch-libgd_gd_webp.c b/graphics/php56-gd/files/patch-libgd_gd_webp.c
new file mode 100644
index 000000000000..b0c1419e022b
--- /dev/null
+++ b/graphics/php56-gd/files/patch-libgd_gd_webp.c
@@ -0,0 +1,18 @@
+--- libgd/gd_webp.c.orig	2016-09-28 10:07:06.092196000 +0200
++++ libgd/gd_webp.c	2016-09-28 10:08:12.429030000 +0200
+@@ -180,6 +180,15 @@ void gdImageWebpCtx (gdImagePtr im, gdIO
+ 	/* Conversion to Y,U,V buffer */
+     yuv_width = (width + 1) >> 1;
+     yuv_height = (height + 1) >> 1;
++
++    if (overflow2(width, height)) {
++        return;
++    }
++    /* simplification possible, because WebP must not be larger than 16384**2 */
++    if (overflow2(width * height, 2 * sizeof(unsigned char))) {
++        return;
++    }
++
+     yuv_nbytes = width * height + 2 * yuv_width * yuv_height;
+ 
+     if ((Y = (unsigned char *)gdCalloc(yuv_nbytes, sizeof(unsigned char))) == NULL) {
author	Alex Dupre <ale@FreeBSD.org>	2016-09-28 08:20:46 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2016-09-28 08:20:46 +0000
commit	b1e3ed17fd4cbd76dcadad4cd0c8840cb8ee0199 (patch)
tree	eb8939b625e89016d3d0173af15ba70e5b9eec5e /graphics/php56-gd/files/patch-libgd_gd_webp.c
parent	Comment out PATCH_DEPENDS. (diff)