Overview

File openexr-CVE-2021-45942.patch of Package openexr.30992

Index: openexr-2.2.1/IlmImf/ImfDeepScanLineInputFile.cpp
===================================================================
--- openexr-2.2.1.orig/IlmImf/ImfDeepScanLineInputFile.cpp	2022-01-05 13:14:35.607056747 +0100
+++ openexr-2.2.1/IlmImf/ImfDeepScanLineInputFile.cpp	2022-01-05 13:18:51.144539502 +0100
@@ -1869,13 +1869,18 @@ readSampleCountForLineBlock(InputStreamM
     // @TODO refactor the compressor code to ensure full 64-bit support.
     //
 
-    int compressorMaxDataSize = std::numeric_limits<int>::max();
-    if (sampleCountTableDataSize > Int64(compressorMaxDataSize))
+    uint64_t compressorMaxDataSize = static_cast<uint64_t>(std::numeric_limits<int>::max());
+    if (packedDataSize         > compressorMaxDataSize ||
+        unpackedDataSize > compressorMaxDataSize ||
+        sampleCountTableDataSize        > compressorMaxDataSize)
     {
         THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not "
               << "support the allocation of data with size  > "
               << compressorMaxDataSize
-              << " file table size    :" << sampleCountTableDataSize << ".\n");
+              << " file table size    :" << sampleCountTableDataSize
+              << " file unpacked size :" << unpackedDataSize
+              << " file packed size   :" << packedDataSize
+              << ".\n");
     }
     streamData->is->read(data->sampleCountTableBuffer, sampleCountTableDataSize);
openSUSE Build Service is sponsored by
Places