File OpenEXR-1.6.1-CVE-2009-1720-1.diff of Package OpenEXR

Fix integer overflow in Imf::PreviewImage::PreviewImage, CVE-2009-1720 [1/2].
--- a/IlmImf/ImfPreviewImage.cpp
+++ b/IlmImf/ImfPreviewImage.cpp
@@ -40,6 +40,7 @@
 //-----------------------------------------------------------------------------
 
 #include <ImfPreviewImage.h>
+#include <climits>
 #include "Iex.h"
 
 namespace Imf {
@@ -51,6 +52,10 @@ PreviewImage::PreviewImage (unsigned int
 {
     _width = width;
     _height = height;
+
+    if ((_height && (_width > UINT_MAX / _height)) || (_width * _height > UINT_MAX / sizeof(PreviewRgba)))
+        throw Iex::ArgExc ("Invalid height and width.");
+
     _pixels = new PreviewRgba [_width * _height];
 
     if (pixels)

Places

File OpenEXR-1.6.1-CVE-2009-1720-1.diff of Package OpenEXR

Places