media-libs/freeimage: Add patches for CVE-2015-0852 and CVE-2016-5684

Gentoo-bug: 559006, 596350
* EAPI=6
* Make patches -p1 compliant

Package-Manager: Portage-2.3.3, Repoman-2.3.1

1 files changed, 23 insertions, 0 deletions

diff --git a/media-libs/freeimage/files/freeimage-3.15.4-CVE-2016-5684-1.patch b/media-libs/freeimage/files/freeimage-3.15.4-CVE-2016-5684-1.patch
new file mode 100644
index 000000000000..1e94602e0e5e
--- /dev/null
+++ b/media-libs/freeimage/files/freeimage-3.15.4-CVE-2016-5684-1.patch
@@ -0,0 +1,23 @@
+--- a/Source/FreeImage/PluginXPM.cpp
++++ b/Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@
+ 		}
+ 		free(str);
+ 
++		// check info string
++		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
++			throw "Improperly formed info string";
++		}
++
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
++			if(!str || (strlen(str) < cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars