3e0b8dbb0d
Heap-buffer-overflow in bundled thirdparty tool tinyexr OBS-URL: https://build.opensuse.org/request/show/1003055 OBS-URL: https://build.opensuse.org/package/show/games/godot?expand=0&rev=46
26 lines
931 B
Diff
26 lines
931 B
Diff
From cc1b199dd17b700c3130a53866ea462ab88e7f82 Mon Sep 17 00:00:00 2001
|
|
From: 0xdd96 <1011085630@qq.com>
|
|
Date: Wed, 6 Jul 2022 12:14:50 +0800
|
|
Subject: [PATCH] Add bounds check to address #169
|
|
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1203278
|
|
https://github.com/syoyo/tinyexr/issues/169
|
|
https://github.com/syoyo/tinyexr/pull/170/commits/cc1b199dd17b700c3130a53866ea462ab88e7f82
|
|
Rebased: 20220912 by cunix
|
|
|
|
diff -r -U 5 a/thirdparty/tinyexr/tinyexr.h b/thirdparty/tinyexr/tinyexr.h
|
|
--- a/thirdparty/tinyexr/tinyexr.h
|
|
+++ b/thirdparty/tinyexr/tinyexr.h
|
|
@@ -1454,11 +1454,11 @@
|
|
in += count;
|
|
} else {
|
|
int count = *in++;
|
|
inLength -= 2;
|
|
|
|
- if (0 > (maxLength -= count + 1)) return 0;
|
|
+ if (0 > (maxLength -= count + 1) || inLength < 0) return 0;
|
|
|
|
memset(out, *reinterpret_cast<const char *>(in), count + 1);
|
|
out += count + 1;
|
|
|
|
in++;
|