File openexr-CVE-2021-3933.patch of Package openexr.22327

Index: openexr-2.1.0/IlmImf/ImfMisc.cpp
===================================================================
--- openexr-2.1.0.orig/IlmImf/ImfMisc.cpp	2021-11-09 13:01:07.186097839 +0100
+++ openexr-2.1.0/IlmImf/ImfMisc.cpp	2021-11-09 13:04:36.927419105 +0100
@@ -54,6 +54,8 @@
 #include <ImfTileDescription.h>
 #include "ImfNamespace.h"
 
+#include <inttypes.h>
+
 OPENEXR_IMF_INTERNAL_NAMESPACE_SOURCE_ENTER
 
 using IMATH_NAMESPACE::Box2i;
@@ -167,16 +169,28 @@ bytesPerDeepLineTable (const Header &hea
          c != channels.end();
          ++c)
     {
+        const uint64_t pixelSize = pixelTypeSize (c.channel().type);
+
         for (int y = minY; y <= maxY; ++y)
             if (modp (y, c.channel().ySampling) == 0)
             {
-                int nBytes = 0;
+                uint64_t nBytes = 0;
                 for (int x = dataWindow.min.x; x <= dataWindow.max.x; x++)
                 {
                     if (modp (x, c.channel().xSampling) == 0)
-                        nBytes += pixelTypeSize (c.channel().type) *
-                                  sampleCount(base, xStride, yStride, x, y);
+                        nBytes += pixelSize *
+                                  static_cast<uint64_t>(sampleCount(base, xStride, yStride, x, y));
+                }
+
+                //
+                // architectures where size_t is smaller than 64 bits may overflow
+                // (scanlines with more than 2^32 bytes are not currently supported so this should not occur with valid files)
+                //
+                if( static_cast<uint64_t>(bytesPerLine[y - dataWindow.min.y]) + nBytes > SIZE_MAX)
+                {
+                    throw IEX_NAMESPACE::IoExc("Scanline size too large");
                 }
+
                 bytesPerLine[y - dataWindow.min.y] += nBytes;
             }
     }