Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
openexr.21777
openexr-CVE-2021-3933.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openexr-CVE-2021-3933.patch of Package openexr.21777
Index: openexr-2.1.0/IlmImf/ImfMisc.cpp =================================================================== --- openexr-2.1.0.orig/IlmImf/ImfMisc.cpp 2021-11-09 13:01:07.186097839 +0100 +++ openexr-2.1.0/IlmImf/ImfMisc.cpp 2021-11-09 13:04:36.927419105 +0100 @@ -54,6 +54,8 @@ #include <ImfTileDescription.h> #include "ImfNamespace.h" +#include <inttypes.h> + OPENEXR_IMF_INTERNAL_NAMESPACE_SOURCE_ENTER using IMATH_NAMESPACE::Box2i; @@ -167,16 +169,28 @@ bytesPerDeepLineTable (const Header &hea c != channels.end(); ++c) { + const uint64_t pixelSize = pixelTypeSize (c.channel().type); + for (int y = minY; y <= maxY; ++y) if (modp (y, c.channel().ySampling) == 0) { - int nBytes = 0; + uint64_t nBytes = 0; for (int x = dataWindow.min.x; x <= dataWindow.max.x; x++) { if (modp (x, c.channel().xSampling) == 0) - nBytes += pixelTypeSize (c.channel().type) * - sampleCount(base, xStride, yStride, x, y); + nBytes += pixelSize * + static_cast<uint64_t>(sampleCount(base, xStride, yStride, x, y)); + } + + // + // architectures where size_t is smaller than 64 bits may overflow + // (scanlines with more than 2^32 bytes are not currently supported so this should not occur with valid files) + // + if( static_cast<uint64_t>(bytesPerLine[y - dataWindow.min.y]) + nBytes > SIZE_MAX) + { + throw IEX_NAMESPACE::IoExc("Scanline size too large"); } + bytesPerLine[y - dataWindow.min.y] += nBytes; } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
