openbsd-ports/graphics/openexr/patches/patch-IlmImf_ImfRleCompressor_cpp

$OpenBSD: patch-IlmImf_ImfRleCompressor_cpp,v 1.1 2009/07/30 11:56:40 jasper Exp $

Security fix for CVE-2009-1720, patch from Debian.
Fix integer overflows in compressor constructors.

--- IlmImf/ImfRleCompressor.cpp.orig	Thu Jul 30 13:47:11 2009
+++ IlmImf/ImfRleCompressor.cpp	Thu Jul 30 13:47:58 2009
@@ -41,6 +41,7 @@
 //-----------------------------------------------------------------------------
 
 #include <ImfRleCompressor.h>
+#include <climits>
 #include "Iex.h"
 
 namespace Imf {
@@ -164,6 +165,9 @@ RleCompressor::RleCompressor (const Header &hdr, int m
     _tmpBuffer (0),
     _outBuffer (0)
 {
+    if ((unsigned) maxScanLineSize > INT_MAX / 3)
+	 throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow");
+
     _tmpBuffer = new char [maxScanLineSize];
     _outBuffer = new char [maxScanLineSize * 3 / 2];
 }
- SECURITY FIX for CVE-2009-1720 and CVE-2009-1721 (OpenEXR Multiple Vulnerabilities) patches taken from debian 2009-07-30 07:56:39 -04:00			$OpenBSD: patch-IlmImf_ImfRleCompressor_cpp,v 1.1 2009/07/30 11:56:40 jasper Exp $

			`Security fix for CVE-2009-1720, patch from Debian.`
			`Fix integer overflows in compressor constructors.`

			`--- IlmImf/ImfRleCompressor.cpp.orig Thu Jul 30 13:47:11 2009`
			`+++ IlmImf/ImfRleCompressor.cpp Thu Jul 30 13:47:58 2009`
			`@@ -41,6 +41,7 @@`
			`//-----------------------------------------------------------------------------`

			`#include <ImfRleCompressor.h>`
			`+#include <climits>`
			`#include "Iex.h"`

			`namespace Imf {`
			`@@ -164,6 +165,9 @@ RleCompressor::RleCompressor (const Header &hdr, int m`
			`_tmpBuffer (0),`
			`_outBuffer (0)`
			`{`
			`+ if ((unsigned) maxScanLineSize > INT_MAX / 3)`
			`+ throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow");`
			`+`
			`_tmpBuffer = new char [maxScanLineSize];`
			`_outBuffer = new char [maxScanLineSize * 3 / 2];`
			`}`