forked from pool/openexr
Petr Gajdos
18c257fab0
- added patches CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115] + openexr-CVE-2017-9111,9113,9115.patch OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=20
29 lines
1.4 KiB
Diff
29 lines
1.4 KiB
Diff
Index: openexr-2.3.0/exrmakepreview/makePreview.cpp
|
|
===================================================================
|
|
--- openexr-2.3.0.orig/exrmakepreview/makePreview.cpp 2018-08-10 03:35:00.000000000 +0200
|
|
+++ openexr-2.3.0/exrmakepreview/makePreview.cpp 2019-06-14 19:18:36.159142127 +0200
|
|
@@ -110,6 +110,9 @@ generatePreview (const char inFileName[]
|
|
int h = dw.max.y - dw.min.y + 1;
|
|
|
|
Array2D <Rgba> pixels (h, w);
|
|
+ if (INT_MAX / abs(w) < abs(dw.min.y) ||
|
|
+ INT_MAX - abs(dw.min.x) < abs(dw.min.y * w))
|
|
+ throw IEX_NAMESPACE::ArgExc ("Invalid data window in image header.");
|
|
in.setFrameBuffer (&pixels[0][0] - dw.min.y * w - dw.min.x, 1, w);
|
|
in.readPixels (dw.min.y, dw.max.y);
|
|
|
|
Index: openexr-2.3.0/exrmaketiled/Image.h
|
|
===================================================================
|
|
--- openexr-2.3.0.orig/exrmaketiled/Image.h 2018-08-10 03:35:00.000000000 +0200
|
|
+++ openexr-2.3.0/exrmaketiled/Image.h 2019-06-14 19:19:02.451287048 +0200
|
|
@@ -192,6 +192,9 @@ TypedImageChannel<T>::slice () const
|
|
const IMATH_NAMESPACE::Box2i &dw = image().dataWindow();
|
|
int w = dw.max.x - dw.min.x + 1;
|
|
|
|
+ if (INT_MAX / abs(w) < abs(dw.min.y) ||
|
|
+ INT_MAX - abs(dw.min.x) < abs(dw.min.y * w))
|
|
+ throw IEX_NAMESPACE::ArgExc ("Invalid data window in image header.");
|
|
return OPENEXR_IMF_INTERNAL_NAMESPACE::Slice (pixelType(),
|
|
(char *) (&_pixels[0][0] - dw.min.y * w - dw.min.x),
|
|
sizeof (T),
|