Fix buffer overflow vulnerability in xpdf code.

Security:	http://www.kde.org/info/security/advisory-20070730-1.txt
Security:	CVE-2007-3387

6 files changed, 63 insertions, 3 deletions

diff --git a/editors/calligra/Makefile b/editors/calligra/Makefile
index f63da77025cc..ec599242a4d1 100644
--- a/editors/calligra/Makefile
+++ b/editors/calligra/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	koffice
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	editors kde
 MASTER_SITES=	${MASTER_SITE_KDE}
diff --git a/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff b/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff
new file mode 100644
index 000000000000..ded0e07205a7
--- /dev/null
+++ b/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff
@@ -0,0 +1,20 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc
+@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream 
+   predLine = NULL;
+   ok = gFalse;
+ 
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits)
+-    return;
+-
+   nVals = width * nComps;
+-  if (nVals * nBits + 7 <= 0)
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++     nComps >= 4 || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits)
+     return;
+ 
+   pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/editors/koffice-kde3/Makefile b/editors/koffice-kde3/Makefile
index f63da77025cc..ec599242a4d1 100644
--- a/editors/koffice-kde3/Makefile
+++ b/editors/koffice-kde3/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	koffice
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	editors kde
 MASTER_SITES=	${MASTER_SITE_KDE}
diff --git a/editors/koffice-kde3/files/patch-koffice-xpdf-CVE-2007-3387.diff b/editors/koffice-kde3/files/patch-koffice-xpdf-CVE-2007-3387.diff
new file mode 100644
index 000000000000..ded0e07205a7
--- /dev/null
+++ b/editors/koffice-kde3/files/patch-koffice-xpdf-CVE-2007-3387.diff
@@ -0,0 +1,20 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc
+@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream 
+   predLine = NULL;
+   ok = gFalse;
+ 
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits)
+-    return;
+-
+   nVals = width * nComps;
+-  if (nVals * nBits + 7 <= 0)
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++     nComps >= 4 || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits)
+     return;
+ 
+   pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/editors/koffice-kde4/Makefile b/editors/koffice-kde4/Makefile
index f63da77025cc..ec599242a4d1 100644
--- a/editors/koffice-kde4/Makefile
+++ b/editors/koffice-kde4/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	koffice
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	editors kde
 MASTER_SITES=	${MASTER_SITE_KDE}
diff --git a/editors/koffice-kde4/files/patch-koffice-xpdf-CVE-2007-3387.diff b/editors/koffice-kde4/files/patch-koffice-xpdf-CVE-2007-3387.diff
new file mode 100644
index 000000000000..ded0e07205a7
--- /dev/null
+++ b/editors/koffice-kde4/files/patch-koffice-xpdf-CVE-2007-3387.diff
@@ -0,0 +1,20 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc
+@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream 
+   predLine = NULL;
+   ok = gFalse;
+ 
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits)
+-    return;
+-
+   nVals = width * nComps;
+-  if (nVals * nBits + 7 <= 0)
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++     nComps >= 4 || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits)
+     return;
+ 
+   pixBytes = (nComps * nBits + 7) >> 3;