diff options
Diffstat (limited to 'source/l/openexr/openexr.CVE-2017-9110-to-9116.patch')
| -rw-r--r-- | source/l/openexr/openexr.CVE-2017-9110-to-9116.patch | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch b/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch deleted file mode 100644 index 98c03a997..000000000 --- a/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch +++ /dev/null @@ -1,82 +0,0 @@ ---- a/IlmImf/ImfDwaCompressor.cpp -+++ b/IlmImf/ImfDwaCompressor.cpp -@@ -2377,7 +2377,12 @@ DwaCompressor::uncompress - - const char *dataPtr = inPtr + NUM_SIZES_SINGLE * sizeof(Int64); - -- if (inSize < headerSize + compressedSize) -+ /* Both the sum and individual sizes are checked in case of overflow. */ -+ if (inSize < (headerSize + compressedSize) || -+ inSize < unknownCompressedSize || -+ inSize < acCompressedSize || -+ inSize < dcCompressedSize || -+ inSize < rleCompressedSize) - { - throw Iex::InputExc("Error uncompressing DWA data" - "(truncated file)."); -diff --git a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp -index a375d05..97909a5 100644 ---- a/IlmImf/ImfHuf.cpp -+++ b/IlmImf/ImfHuf.cpp -@@ -822,7 +822,7 @@ hufEncode // return: output size (in bits) - } - - --#define getCode(po, rlc, c, lc, in, out, oe) \ -+#define getCode(po, rlc, c, lc, in, out, ob, oe)\ - { \ - if (po == rlc) \ - { \ -@@ -835,6 +835,8 @@ hufEncode // return: output size (in bits) - \ - if (out + cs > oe) \ - tooMuchData(); \ -+ else if (out - 1 < ob) \ -+ notEnoughData(); \ - \ - unsigned short s = out[-1]; \ - \ -@@ -895,7 +897,7 @@ hufDecode - // - - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -@@ -925,7 +927,7 @@ hufDecode - // - - lc -= l; -- getCode (pl.p[j], rlc, c, lc, in, out, oe); -+ getCode (pl.p[j], rlc, c, lc, in, out, outb, oe); - break; - } - } -@@ -952,7 +954,7 @@ hufDecode - if (pl.len) - { - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -diff --git a/IlmImf/ImfPizCompressor.cpp b/IlmImf/ImfPizCompressor.cpp -index 46c6fba..8b3ee38 100644 ---- a/IlmImf/ImfPizCompressor.cpp -+++ b/IlmImf/ImfPizCompressor.cpp -@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr, - int length; - Xdr::read <CharPtrIO> (inPtr, length); - -+ if (length > inSize) -+ { -+ throw InputExc ("Error in header for PIZ-compressed data " -+ "(invalid array length)."); -+ } -+ - hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer); - - // |