forked from pool/openexr
Petr Gajdos
4a1b52b0c1
- added patches fix CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute + openexr-CVE-2021-45942.patch OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=79
33 lines
1.6 KiB
Diff
33 lines
1.6 KiB
Diff
diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
|
|
index 0acbed04b..364a1f04b 100644
|
|
--- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
|
|
+++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
|
|
@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData,
|
|
// @TODO refactor the compressor code to ensure full 64-bit support.
|
|
//
|
|
|
|
- int compressorMaxDataSize = std::numeric_limits<int>::max();
|
|
- if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize))
|
|
+ uint64_t compressorMaxDataSize = static_cast<uint64_t>(std::numeric_limits<int>::max());
|
|
+ if (packedDataSize > compressorMaxDataSize ||
|
|
+ unpackedDataSize > compressorMaxDataSize ||
|
|
+ sampleCountTableDataSize > compressorMaxDataSize)
|
|
{
|
|
- THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not "
|
|
- << "support the allocation of data with size > "
|
|
- << compressorMaxDataSize
|
|
- << " file table size :" << sampleCountTableDataSize << ".\n");
|
|
+ THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not"
|
|
+ << "support the allocation of data with size > "
|
|
+ << compressorMaxDataSize
|
|
+ << " file table size :" << sampleCountTableDataSize
|
|
+ << " file unpacked size :" << unpackedDataSize
|
|
+ << " file packed size :" << packedDataSize << ".\n");
|
|
}
|
|
+
|
|
+
|
|
streamData->is->read(data->sampleCountTableBuffer, static_cast<int>(sampleCountTableDataSize));
|
|
|
|
const char* readPtr;
|
|
|