Overview

File openexr-CVE-2021-3475.patch of Package openexr

Index: openexr-2.2.1/IlmImf/ImfTiledInputFile.cpp
===================================================================
--- openexr-2.2.1.orig/IlmImf/ImfTiledInputFile.cpp	2021-03-31 16:46:33.459586875 +0200
+++ openexr-2.2.1/IlmImf/ImfTiledInputFile.cpp	2021-03-31 16:46:33.471586946 +0200
@@ -976,6 +976,16 @@ TiledInputFile::initialize ()
     _data->tileBufferSize = _data->maxBytesPerTileLine * _data->tileDesc.ySize;
 
     //
+    // OpenEXR has a limit of INT_MAX compressed bytes per tile
+    // disallow uncompressed tile sizes above INT_MAX too to guarantee file is written
+    //
+    if( _data->tileBufferSize > INT_MAX )
+    {
+        throw IEX_NAMESPACE::ArgExc ("Tile size too large for OpenEXR format");
+    }
+
+
+    //
     // Create all the TileBuffers and allocate their internal buffers
     //
 
Index: openexr-2.2.1/IlmImf/ImfTiledMisc.cpp
===================================================================
--- openexr-2.2.1.orig/IlmImf/ImfTiledMisc.cpp	2021-03-31 16:46:33.471586946 +0200
+++ openexr-2.2.1/IlmImf/ImfTiledMisc.cpp	2021-03-31 16:49:37.220675276 +0200
@@ -301,7 +301,9 @@ calculateNumTiles (int *numTiles,
 {
     for (int i = 0; i < numLevels; i++)
     {
-	numTiles[i] = (levelSize (min, max, i, rmode) + size - 1) / size;
+	// use 64 bits to avoid int overflow if size is large.
+	Int64 l = levelSize (min, max, i, rmode);
+	numTiles[i] = (l + size - 1) / size;
     }
 }
 
Index: openexr-2.2.1/IlmImf/ImfTiledOutputFile.cpp
===================================================================
--- openexr-2.2.1.orig/IlmImf/ImfTiledOutputFile.cpp	2017-11-18 00:00:24.000000000 +0100
+++ openexr-2.2.1/IlmImf/ImfTiledOutputFile.cpp	2021-03-31 16:46:33.471586946 +0200
@@ -1022,6 +1022,17 @@ TiledOutputFile::initialize (const Heade
 
     _data->tileBufferSize = _data->maxBytesPerTileLine * _data->tileDesc.ySize;
      
+        //
+    // OpenEXR has a limit of INT_MAX compressed bytes per tile
+    // disallow uncompressed tile sizes above INT_MAX too to guarantee file is written
+    //
+    if( _data->tileBufferSize > INT_MAX )
+    {
+        throw IEX_NAMESPACE::ArgExc ("Tile size too large for OpenEXR format");
+    }
+
+
+
     //
     // Create all the TileBuffers and allocate their internal buffers
     //
openSUSE Build Service is sponsored by
Places