From 6e994ab4affe1a5b79ffa1894dc155f7ed39bdbf Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Wed, 7 Aug 2024 12:07:17 +0000 Subject: automatic import of OpenEXR --- CVE-2024-31047.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 CVE-2024-31047.patch (limited to 'CVE-2024-31047.patch') diff --git a/CVE-2024-31047.patch b/CVE-2024-31047.patch new file mode 100644 index 0000000..66b040e --- /dev/null +++ b/CVE-2024-31047.patch @@ -0,0 +1,42 @@ +From 7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 Mon Sep 17 00:00:00 2001 +From: xiaoxiaoafeifei +Date: Wed, 20 Mar 2024 00:09:05 +0800 +Subject: [PATCH] prevent integer overflows in file exrmultipart.cpp (#1681) + +Signed-off-by: ZhaiLiangliang + +Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 + +--- + src/bin/exrmultipart/exrmultipart.cpp | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/bin/exrmultipart/exrmultipart.cpp b/src/bin/exrmultipart/exrmultipart.cpp +index 931cebc..1c624b8 100644 +--- a/src/bin/exrmultipart/exrmultipart.cpp ++++ b/src/bin/exrmultipart/exrmultipart.cpp +@@ -326,12 +326,17 @@ convert(vector in, + } + + Box2i dataWindow = infile.header(0).dataWindow(); +- int pixel_count = (dataWindow.size().y+1)*(dataWindow.size().x+1); +- int pixel_width = dataWindow.size().x+1; +- ++ // ++ // use int64_t for dimensions, since possible overflow int storage ++ // ++ int64_t pixel_count = (static_cast(dataWindow.size ().y) + 1) * (static_cast(dataWindow.size ().x) + 1); ++ int64_t pixel_width = static_cast(dataWindow.size ().x) + 1; + ++ // + // offset in pixels between base of array and 0,0 +- int pixel_base = dataWindow.min.y*pixel_width+dataWindow.min.x; ++ // use int64_t for dimensions, since dataWindow.min.y * pixel_width could overflow int storage ++ // ++ int64_t pixel_base = static_cast(dataWindow.min.y) * pixel_width + static_cast(dataWindow.min.x); + + vector< vector > channelstore(channel_count); + +-- +2.43.0 + -- cgit v1.2.3