From e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Wed, 22 Jan 2020 17:31:22 +1300
Subject: [PATCH 12/23] abort when file claims to have excessive scanline data
requirements
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
---
OpenEXR/IlmImf/ImfMisc.cpp | 6 +++---
OpenEXR/IlmImf/ImfScanLineInputFile.cpp | 8 ++++++++
2 files changed, 11 insertions(+), 3 deletions(-)
--- a/IlmImf/ImfMisc.cpp
+++ b/IlmImf/ImfMisc.cpp
@@ -114,9 +114,9 @@ bytesPerLineTable (const Header &header,
c != channels.end();
++c)
{
- int nBytes = pixelTypeSize (c.channel().type) *
- (dataWindow.max.x - dataWindow.min.x + 1) /
- c.channel().xSampling;
+ size_t nBytes = size_t(pixelTypeSize (c.channel().type)) *
+ size_t(dataWindow.max.x - dataWindow.min.x + 1) /
+ size_t(c.channel().xSampling);
for (int y = dataWindow.min.y, i = 0; y <= dataWindow.max.y; ++y, ++i)
if (modp (y, c.channel().ySampling) == 0)
--- a/IlmImf/ImfScanLineInputFile.cpp
+++ b/IlmImf/ImfScanLineInputFile.cpp
@@ -1113,6 +1113,12 @@ void ScanLineInputFile::initialize(const
size_t maxBytesPerLine = bytesPerLineTable (_data->header,
_data->bytesPerLine);
+
+ if(maxBytesPerLine > INT_MAX)
+ {
+ throw IEX_NAMESPACE::InputExc("maximum bytes per scanline exceeds maximum permissible size");
+ }
+
for (size_t i = 0; i < _data->lineBuffers.size(); i++)
{
@@ -1147,6 +1153,8 @@ void ScanLineInputFile::initialize(const
}
catch (...)
{
+ if (_data->partNumber == -1)
+ delete _streamData;
delete _data;
_data=NULL;
throw;
distrib
>
Mageia
>
7
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
b8c1dd862ca2170e26347bacec7062ab
>
files
>
11
