graphics/sdl2_image: backport XCF vulnerability fix

Obtained from:	upstream (SDL_image-2.0.2)
Security:	CVE-2017-2887

2 files changed, 28 insertions, 1 deletions

diff --git a/graphics/sdl2_image/Makefile b/graphics/sdl2_image/Makefile
index 1695271dc166..fa31891986b2 100644
--- a/graphics/sdl2_image/Makefile
+++ b/graphics/sdl2_image/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	sdl2_image
 PORTVERSION=	2.0.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 DISTNAME=	SDL2_image-${PORTVERSION}
diff --git a/graphics/sdl2_image/files/patch-IMG__xcf.c b/graphics/sdl2_image/files/patch-IMG__xcf.c
new file mode 100644
index 000000000000..7264efbc214f
--- /dev/null
+++ b/graphics/sdl2_image/files/patch-IMG__xcf.c
@@ -0,0 +1,27 @@
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+https://hg.libsdl.org/SDL_image/rev/318484db0705
+
+--- IMG_xcf.c.orig	2016-01-03 05:52:28 UTC
++++ IMG_xcf.c
+@@ -251,6 +251,7 @@ static Uint32 Swap32 (Uint32 v) {
+ }
+ 
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++  Uint32 len;
+   prop->id = SDL_ReadBE32 (src);
+   prop->length = SDL_ReadBE32 (src);
+ 
+@@ -274,7 +275,12 @@ static void xcf_read_property (SDL_RWops * src, xcf_pr
+     break;
+   case PROP_COMPRESSION:
+   case PROP_COLOR:
+-    SDL_RWread (src, &prop->data, prop->length, 1);
++    if (prop->length > sizeof(prop->data)) {
++        len = sizeof(prop->data);
++    } else {
++        len = prop->length;
++    }
++    SDL_RWread(src, &prop->data, len, 1);
+     break;
+   case PROP_VISIBLE:
+     prop->data.visible = SDL_ReadBE32 (src);