Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-15-SP2:GA
openexr
openexr-CVE-2021-3476.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openexr-CVE-2021-3476.patch of Package openexr
diff --git a/IlmImf/ImfB44Compressor.cpp b/IlmImf/ImfB44Compressor.cpp index 3b18ba855..5e2ab9ea5 100644 --- a/IlmImf/ImfB44Compressor.cpp +++ b/IlmImf/ImfB44Compressor.cpp @@ -381,26 +381,26 @@ unpack14 (const unsigned char b[14], unsigned short s[16]) s[ 0] = (b[0] << 8) | b[1]; unsigned short shift = (b[ 2] >> 2); - unsigned short bias = (0x20 << shift); + unsigned short bias = (0x20u << shift); - s[ 4] = s[ 0] + ((((b[ 2] << 4) | (b[ 3] >> 4)) & 0x3f) << shift) - bias; - s[ 8] = s[ 4] + ((((b[ 3] << 2) | (b[ 4] >> 6)) & 0x3f) << shift) - bias; - s[12] = s[ 8] + ((b[ 4] & 0x3f) << shift) - bias; + s[ 4] = s[ 0] + ((((b[ 2] << 4) | (b[ 3] >> 4)) & 0x3fu) << shift) - bias; + s[ 8] = s[ 4] + ((((b[ 3] << 2) | (b[ 4] >> 6)) & 0x3fu) << shift) - bias; + s[12] = s[ 8] + ((b[ 4] & 0x3fu) << shift) - bias; - s[ 1] = s[ 0] + ((b[ 5] >> 2) << shift) - bias; - s[ 5] = s[ 4] + ((((b[ 5] << 4) | (b[ 6] >> 4)) & 0x3f) << shift) - bias; - s[ 9] = s[ 8] + ((((b[ 6] << 2) | (b[ 7] >> 6)) & 0x3f) << shift) - bias; - s[13] = s[12] + ((b[ 7] & 0x3f) << shift) - bias; + s[ 1] = s[ 0] + ((unsigned int) (b[ 5] >> 2) << shift) - bias; + s[ 5] = s[ 4] + ((((b[ 5] << 4) | (b[ 6] >> 4)) & 0x3fu) << shift) - bias; + s[ 9] = s[ 8] + ((((b[ 6] << 2) | (b[ 7] >> 6)) & 0x3fu) << shift) - bias; + s[13] = s[12] + ((b[ 7] & 0x3fu) << shift) - bias; - s[ 2] = s[ 1] + ((b[ 8] >> 2) << shift) - bias; - s[ 6] = s[ 5] + ((((b[ 8] << 4) | (b[ 9] >> 4)) & 0x3f) << shift) - bias; - s[10] = s[ 9] + ((((b[ 9] << 2) | (b[10] >> 6)) & 0x3f) << shift) - bias; - s[14] = s[13] + ((b[10] & 0x3f) << shift) - bias; + s[ 2] = s[ 1] + ((unsigned int)(b[ 8] >> 2) << shift) - bias; + s[ 6] = s[ 5] + ((((b[ 8] << 4) | (b[ 9] >> 4)) & 0x3fu) << shift) - bias; + s[10] = s[ 9] + ((((b[ 9] << 2) | (b[10] >> 6)) & 0x3fu) << shift) - bias; + s[14] = s[13] + ((b[10] & 0x3fu) << shift) - bias; - s[ 3] = s[ 2] + ((b[11] >> 2) << shift) - bias; - s[ 7] = s[ 6] + ((((b[11] << 4) | (b[12] >> 4)) & 0x3f) << shift) - bias; - s[11] = s[10] + ((((b[12] << 2) | (b[13] >> 6)) & 0x3f) << shift) - bias; - s[15] = s[14] + ((b[13] & 0x3f) << shift) - bias; + s[ 3] = s[ 2] + ((unsigned int)(b[11] >> 2) << shift) - bias; + s[ 7] = s[ 6] + ((((b[11] << 4) | (b[12] >> 4)) & 0x3fu) << shift) - bias; + s[11] = s[10] + ((((b[12] << 2) | (b[13] >> 6)) & 0x3fu) << shift) - bias; + s[15] = s[14] + ((b[13] & 0x3fu) << shift) - bias; for (int i = 0; i < 16; ++i) { @@ -951,7 +951,10 @@ B44Compressor::uncompress (const char *inPtr, if (inSize < 3) notEnoughData(); - if (((const unsigned char *)inPtr)[2] == 0xfc) + // + // If shift exponent is 63, call unpack14 (ignoring unused bits) + // + if (((const unsigned char *)inPtr)[2] >= (13<<2) ) { unpack3 ((const unsigned char *)inPtr, s); inPtr += 3; diff --git a/IlmImf/ImfDwaCompressor.cpp b/IlmImf/ImfDwaCompressor.cpp index da2d95068..d8c66dd27 100644 --- a/IlmImf/ImfDwaCompressor.cpp +++ b/IlmImf/ImfDwaCompressor.cpp @@ -2681,6 +2681,10 @@ DwaCompressor::uncompress int gChan = _cscSets[csc].idx[1]; int bChan = _cscSets[csc].idx[2]; + if (_channelData[rChan].compression != LOSSY_DCT || _channelData[gChan].compression != LOSSY_DCT || _channelData[bChan].compression != LOSSY_DCT) + { + throw IEX_NAMESPACE::BaseExc("Bad DWA compression type detected"); + } LossyDctDecoderCsc decoder (rowPtrs[rChan],
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
