Projects
Mega:24.03:SP1:Everything
OpenEXR
_service:tar_scm:CVE-2024-31047.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2024-31047.patch of Package OpenEXR
From 7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 Mon Sep 17 00:00:00 2001 From: xiaoxiaoafeifei <zhailiangliang@loongson.cn> Date: Wed, 20 Mar 2024 00:09:05 +0800 Subject: [PATCH] prevent integer overflows in file exrmultipart.cpp (#1681) Signed-off-by: ZhaiLiangliang <zhailiangliang@loongson.cn> Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 --- src/bin/exrmultipart/exrmultipart.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/bin/exrmultipart/exrmultipart.cpp b/src/bin/exrmultipart/exrmultipart.cpp index 931cebc..1c624b8 100644 --- a/src/bin/exrmultipart/exrmultipart.cpp +++ b/src/bin/exrmultipart/exrmultipart.cpp @@ -326,12 +326,17 @@ convert(vector <const char*> in, } Box2i dataWindow = infile.header(0).dataWindow(); - int pixel_count = (dataWindow.size().y+1)*(dataWindow.size().x+1); - int pixel_width = dataWindow.size().x+1; - + // + // use int64_t for dimensions, since possible overflow int storage + // + int64_t pixel_count = (static_cast<int64_t>(dataWindow.size ().y) + 1) * (static_cast<int64_t>(dataWindow.size ().x) + 1); + int64_t pixel_width = static_cast<int64_t>(dataWindow.size ().x) + 1; + // // offset in pixels between base of array and 0,0 - int pixel_base = dataWindow.min.y*pixel_width+dataWindow.min.x; + // use int64_t for dimensions, since dataWindow.min.y * pixel_width could overflow int storage + // + int64_t pixel_base = static_cast<int64_t>(dataWindow.min.y) * pixel_width + static_cast<int64_t>(dataWindow.min.x); vector< vector<char> > channelstore(channel_count); -- 2.43.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2