From 3e0b8dbb0d4ceacb68963764305b809d3a446af6dd6723ef07d47790be4327bf Mon Sep 17 00:00:00 2001
From: c unix <cunix@mail.de>
Date: Fri, 16 Sep 2022 16:11:35 +0000
Subject: [PATCH] Accepting request 1003055 from home:cunix:godot

Heap-buffer-overflow in bundled thirdparty tool tinyexr

OBS-URL: https://build.opensuse.org/request/show/1003055
OBS-URL: https://build.opensuse.org/package/show/games/godot?expand=0&rev=46
---
 godot.changes                     |  5 +++++
 godot.spec                        |  3 +++
 tinyexr_thirdparty_upstream.patch | 25 +++++++++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 tinyexr_thirdparty_upstream.patch

diff --git a/godot.changes b/godot.changes
index 7a71836..c59d5b4 100644
--- a/godot.changes
+++ b/godot.changes
@@ -1,3 +1,8 @@
+Mon Sep 12 12:00:00 UTC 2022 - cunix@mail.de
+
+- Heap-buffer-overflow in bundled thirdparty tool tinyexr
+  * added tinyexr_thirdparty_upstream.patch from upstream tinyexr (boo#1203278)
+
 -------------------------------------------------------------------
 Sat Aug 6 12:00:00 UTC 2022 - cunix@mail.de
 
diff --git a/godot.spec b/godot.spec
index e2865eb..f33a1e5 100644
--- a/godot.spec
+++ b/godot.spec
@@ -36,6 +36,8 @@ Source1:        https://downloads.tuxfamily.org/godotengine/%{version}/%{name}-%
 Patch0:         linker_pie_flag.patch
 # Use system certificates as fallback for certificates
 Patch1:         certs_fallback.patch
+# Heap-buffer-overflow in bundled tinyexr
+Patch2:         tinyexr_thirdparty_upstream.patch
 BuildRequires:  Mesa-devel
 BuildRequires:  desktop-file-utils
 BuildRequires:  fdupes
@@ -243,6 +245,7 @@ Bash command line completion support for %{name}, %{name}-headless,
 %setup -q -n %{name}-%{version}-stable
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 cp thirdparty/README.md thirdparty_README.md
 
diff --git a/tinyexr_thirdparty_upstream.patch b/tinyexr_thirdparty_upstream.patch
new file mode 100644
index 0000000..4b297f5
--- /dev/null
+++ b/tinyexr_thirdparty_upstream.patch
@@ -0,0 +1,25 @@
+From cc1b199dd17b700c3130a53866ea462ab88e7f82 Mon Sep 17 00:00:00 2001
+From: 0xdd96 <1011085630@qq.com>
+Date: Wed, 6 Jul 2022 12:14:50 +0800
+Subject: [PATCH] Add bounds check to address #169
+References:   https://bugzilla.opensuse.org/show_bug.cgi?id=1203278
+              https://github.com/syoyo/tinyexr/issues/169
+              https://github.com/syoyo/tinyexr/pull/170/commits/cc1b199dd17b700c3130a53866ea462ab88e7f82
+Rebased: 20220912 by cunix
+
+diff -r -U 5 a/thirdparty/tinyexr/tinyexr.h b/thirdparty/tinyexr/tinyexr.h
+--- a/thirdparty/tinyexr/tinyexr.h
++++ b/thirdparty/tinyexr/tinyexr.h
+@@ -1454,11 +1454,11 @@
+       in += count;
+     } else {
+       int count = *in++;
+       inLength -= 2;
+ 
+-      if (0 > (maxLength -= count + 1)) return 0;
++      if (0 > (maxLength -= count + 1) || inLength < 0) return 0;
+ 
+       memset(out, *reinterpret_cast<const char *>(in), count + 1);
+       out += count + 1;
+ 
+       in++;