openexr/openexr-CVE-2021-45942.patch
Petr Gajdos 4a1b52b0c1 - security update
- added patches
  fix CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
  + openexr-CVE-2021-45942.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=79
2022-01-05 12:55:43 +00:00

33 lines
1.6 KiB
Diff

diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
index 0acbed04b..364a1f04b 100644
--- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
+++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData,
// @TODO refactor the compressor code to ensure full 64-bit support.
//
- int compressorMaxDataSize = std::numeric_limits<int>::max();
- if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize))
+ uint64_t compressorMaxDataSize = static_cast<uint64_t>(std::numeric_limits<int>::max());
+ if (packedDataSize > compressorMaxDataSize ||
+ unpackedDataSize > compressorMaxDataSize ||
+ sampleCountTableDataSize > compressorMaxDataSize)
{
- THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not "
- << "support the allocation of data with size > "
- << compressorMaxDataSize
- << " file table size :" << sampleCountTableDataSize << ".\n");
+ THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not"
+ << "support the allocation of data with size > "
+ << compressorMaxDataSize
+ << " file table size :" << sampleCountTableDataSize
+ << " file unpacked size :" << unpackedDataSize
+ << " file packed size :" << packedDataSize << ".\n");
}
+
+
streamData->is->read(data->sampleCountTableBuffer, static_cast<int>(sampleCountTableDataSize));
const char* readPtr;