26 lines
897 B
Plaintext
26 lines
897 B
Plaintext
$OpenBSD: patch-IlmImf_ImfPxr24Compressor_cpp,v 1.1 2009/07/30 11:56:40 jasper Exp $
|
|
|
|
Security fix for CVE-2009-1720, patch from Debian.
|
|
Fix integer overflows in compressor constructors.
|
|
|
|
--- IlmImf/ImfPxr24Compressor.cpp.orig Thu Jul 30 13:46:34 2009
|
|
+++ IlmImf/ImfPxr24Compressor.cpp Thu Jul 30 13:47:01 2009
|
|
@@ -73,6 +73,7 @@
|
|
#include <zlib.h>
|
|
#include <assert.h>
|
|
#include <algorithm>
|
|
+#include <climits>
|
|
|
|
using namespace std;
|
|
using namespace Imath;
|
|
@@ -186,6 +187,9 @@ Pxr24Compressor::Pxr24Compressor (const Header &hdr,
|
|
_channels (hdr.channels())
|
|
{
|
|
int maxInBytes = maxScanLineSize * numScanLines;
|
|
+
|
|
+ if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines)
|
|
+ throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
|
|
|
|
_tmpBuffer = new unsigned char [maxInBytes];
|
|
_outBuffer = new char [int (ceil (maxInBytes * 1.01)) + 100];
|