Patch recent xpdf vulnerability

Obtained from:	gentoo
Prodded by:	simon

3 files changed, 28 insertions, 0 deletions

diff --git a/textproc/pdftohtml/Makefile b/textproc/pdftohtml/Makefile
index c451dcafcff..d81af18b8b0 100644
--- a/textproc/pdftohtml/Makefile
+++ b/textproc/pdftohtml/Makefile
@@ -8,6 +8,7 @@
 
 PORTNAME=	pdftohtml
 PORTVERSION=	0.36
+PORTREVISION=	1
 CATEGORIES=	textproc
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/textproc/pdftohtml/files/patch-xpdf-Gfx.cc b/textproc/pdftohtml/files/patch-xpdf-Gfx.cc
new file mode 100644
index 00000000000..3ca8e8a404e
--- /dev/null
+++ b/textproc/pdftohtml/files/patch-xpdf-Gfx.cc
@@ -0,0 +1,13 @@
+--- xpdf/Gfx.cc.orig	Wed Jun 25 00:41:27 2003
++++ xpdf/Gfx.cc	Tue Jan 11 18:21:14 2005
+@@ -2381,7 +2381,9 @@
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++	   i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++	   ++i) {
+ 	maskObj.arrayGet(i, &obj1);
+ 	maskColors[i] = obj1.getInt();
+ 	obj1.free();
diff --git a/textproc/pdftohtml/files/patch-xpdf-GfxState.cc b/textproc/pdftohtml/files/patch-xpdf-GfxState.cc
new file mode 100644
index 00000000000..8f91ca3ab79
--- /dev/null
+++ b/textproc/pdftohtml/files/patch-xpdf-GfxState.cc
@@ -0,0 +1,14 @@
+--- xpdf/GfxState.cc.orig	Wed Jun 25 00:41:27 2003
++++ xpdf/GfxState.cc	Tue Jan 11 18:21:14 2005
+@@ -708,6 +708,11 @@
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++	  nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {