packages/OpenEXR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-31047

Browse Source
This commit is contained in:
wk333 2024-04-17 10:44:21 +08:00
parent 2634238303
commit fcd4f61e7b
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CVE-2024-31047.patch Normal file
View File

@ -0,0 +1,42 @@
From 7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <zhailiangliang@loongson.cn>
Date: Wed, 20 Mar 2024 00:09:05 +0800
Subject: [PATCH] prevent integer overflows in file exrmultipart.cpp (#1681)
Signed-off-by: ZhaiLiangliang <zhailiangliang@loongson.cn>
Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
---
exrmultipart/exrmultipart.cpp | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/exrmultipart/exrmultipart.cpp b/exrmultipart/exrmultipart.cpp
index 931cebc..1c624b8 100644
--- a/exrmultipart/exrmultipart.cpp
+++ b/exrmultipart/exrmultipart.cpp
@@ -326,12 +326,17 @@ convert(vector <const char*> in,
}
Box2i dataWindow = infile.header(0).dataWindow();
- int pixel_count = (dataWindow.size().y+1)*(dataWindow.size().x+1);
- int pixel_width = dataWindow.size().x+1;
-
+ //
+ // use int64_t for dimensions, since possible overflow int storage
+ //
+ int64_t pixel_count = (static_cast<int64_t>(dataWindow.size ().y) + 1) * (static_cast<int64_t>(dataWindow.size ().x) + 1);
+ int64_t pixel_width = static_cast<int64_t>(dataWindow.size ().x) + 1;
+ //
// offset in pixels between base of array and 0,0
- int pixel_base = dataWindow.min.y*pixel_width+dataWindow.min.x;
+ // use int64_t for dimensions, since dataWindow.min.y * pixel_width could overflow int storage
+ //
+ int64_t pixel_base = static_cast<int64_t>(dataWindow.min.y) * pixel_width + static_cast<int64_t>(dataWindow.min.x);
vector< vector<char> > channelstore(channel_count);
--
2.43.0

6
OpenEXR.spec
View File

@ -1,7 +1,7 @@
Name: OpenEXR Name: OpenEXR
Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications
Version: 2.2.0 Version: 2.2.0
Release: 28 Release: 29
License: BSD License: BSD
URL: http://www.openexr.com/ URL: http://www.openexr.com/
Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@ -39,6 +39,7 @@ Patch0025: CVE-2021-20302.patch
Patch0026: CVE-2021-3933.patch Patch0026: CVE-2021-3933.patch
Patch0027: CVE-2021-20304.patch Patch0027: CVE-2021-20304.patch
Patch0028: CVE-2021-20298.patch Patch0028: CVE-2021-20298.patch
Patch0029: CVE-2024-31047.patch
BuildConflicts: %{name}-devel < 2.2.0 BuildConflicts: %{name}-devel < 2.2.0
BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@ -102,6 +103,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
%{_libdir}/pkgconfig/OpenEXR.pc %{_libdir}/pkgconfig/OpenEXR.pc
%changelog %changelog
* Wed Apr 17 2024 wangkai <13474090681@163.com> - 2.2.0-29
- Fix CVE-2024-31047
* Thu Aug 25 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-28 * Thu Aug 25 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-28
- Fix CVE-2021-20298 - Fix CVE-2021-20298