File openexr-CVE-2017-9110,9112,9114,9116,12596.patch of Package openexr.12516

Overview Repositories Revisions Requests Users Attributes Meta

File openexr-CVE-2017-9110,9112,9114,9116,12596.patch of Package openexr.12516

diff --git a/OpenEXR/IlmImf/ImfHuf.cpp b/OpenEXR/IlmImf/ImfHuf.cpp
index a375d05d..97909a5b 100644
--- a/OpenEXR/IlmImf/ImfHuf.cpp
+++ b/OpenEXR/IlmImf/ImfHuf.cpp
@@ -822,7 +822,7 @@ hufEncode				// return: output size (in bits)
 }
 
 
-#define getCode(po, rlc, c, lc, in, out, oe)	\
+#define getCode(po, rlc, c, lc, in, out, ob, oe)\
 {						\
     if (po == rlc)				\
     {						\
@@ -835,6 +835,8 @@ hufEncode				// return: output size (in bits)
 						\
 	if (out + cs > oe)			\
 	    tooMuchData();			\
+	else if (out - 1 < ob)			\
+	    notEnoughData();			\
 						\
 	unsigned short s = out[-1];		\
 						\
@@ -895,7 +897,7 @@ hufDecode
 		//
 
 		lc -= pl.len;
-		getCode (pl.lit, rlc, c, lc, in, out, oe);
+		getCode (pl.lit, rlc, c, lc, in, out, outb, oe);
 	    }
 	    else
 	    {
@@ -925,7 +927,7 @@ hufDecode
 			    //
 
 			    lc -= l;
-			    getCode (pl.p[j], rlc, c, lc, in, out, oe);
+			    getCode (pl.p[j], rlc, c, lc, in, out, outb, oe);
 			    break;
 			}
 		    }
@@ -952,7 +954,7 @@ hufDecode
 	if (pl.len)
 	{
 	    lc -= pl.len;
-	    getCode (pl.lit, rlc, c, lc, in, out, oe);
+	    getCode (pl.lit, rlc, c, lc, in, out, outb, oe);
 	}
 	else
 	{
diff --git a/OpenEXR/IlmImf/ImfPizCompressor.cpp b/OpenEXR/IlmImf/ImfPizCompressor.cpp
index 46c6fbac..8b3ee38c 100644
--- a/OpenEXR/IlmImf/ImfPizCompressor.cpp
+++ b/OpenEXR/IlmImf/ImfPizCompressor.cpp
@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr,
     int length;
     Xdr::read <CharPtrIO> (inPtr, length);
 
+    if (length > inSize)
+    {
+	throw InputExc ("Error in header for PIZ-compressed data "
+			"(invalid array length).");
+    }
+
     hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer);
 
     //

Places

File openexr-CVE-2017-9110,9112,9114,9116,12596.patch of Package openexr.12516

Places