File OpenEXR-1.6.1-CVE-2009-1721.diff of Package OpenEXR - openSUSE Build Service

File OpenEXR-1.6.1-CVE-2009-1721.diff of Package OpenEXR

Fix freeing uninitialized pointers in Imf::hufUncompress, CVE-2009-1721.
--- a/IlmImf/ImfAutoArray.h
+++ b/IlmImf/ImfAutoArray.h
@@ -57,7 +57,7 @@ namespace Imf {
     {
       public:
 
-	 AutoArray (): _data (new T [size]) {}
+	 AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));}
 	~AutoArray () {delete [] _data;}
 
 	operator T * ()			{return _data;}

openSUSE Build Service is sponsored by