26 lines
839 B
Plaintext
26 lines
839 B
Plaintext
$OpenBSD: patch-IlmImf_ImfRleCompressor_cpp,v 1.1 2009/07/30 11:56:40 jasper Exp $
|
|
|
|
Security fix for CVE-2009-1720, patch from Debian.
|
|
Fix integer overflows in compressor constructors.
|
|
|
|
--- IlmImf/ImfRleCompressor.cpp.orig Thu Jul 30 13:47:11 2009
|
|
+++ IlmImf/ImfRleCompressor.cpp Thu Jul 30 13:47:58 2009
|
|
@@ -41,6 +41,7 @@
|
|
//-----------------------------------------------------------------------------
|
|
|
|
#include <ImfRleCompressor.h>
|
|
+#include <climits>
|
|
#include "Iex.h"
|
|
|
|
namespace Imf {
|
|
@@ -164,6 +165,9 @@ RleCompressor::RleCompressor (const Header &hdr, int m
|
|
_tmpBuffer (0),
|
|
_outBuffer (0)
|
|
{
|
|
+ if ((unsigned) maxScanLineSize > INT_MAX / 3)
|
|
+ throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow");
|
|
+
|
|
_tmpBuffer = new char [maxScanLineSize];
|
|
_outBuffer = new char [maxScanLineSize * 3 / 2];
|
|
}
|