diff options
Diffstat (limited to 'media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch')
| -rw-r--r-- | media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch b/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch deleted file mode 100644 index 0a37ee9c2d99..000000000000 --- a/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch +++ /dev/null @@ -1,98 +0,0 @@ -From c2b32f21cbe2db7c7ef485d62ffe9bec8eaa5165 Mon Sep 17 00:00:00 2001 -From: Shawn Walker-Salas <shawn.walker@oracle.com> -Date: Tue, 30 May 2017 19:07:52 -0700 -Subject: [PATCH] CVE-2017-{9110,9111,9112,9113,9114,9115,9116} fixes - ---- - OpenEXR/IlmImf/ImfDwaCompressor.cpp | 7 ++++++- - OpenEXR/IlmImf/ImfHuf.cpp | 10 ++++++---- - OpenEXR/IlmImf/ImfPizCompressor.cpp | 6 ++++++ - 3 files changed, 18 insertions(+), 5 deletions(-) - -diff --git a/IlmImf/ImfDwaCompressor.cpp b/IlmImf/ImfDwaCompressor.cpp -index 1c1bd45..2ef8878 100644 ---- a/IlmImf/ImfDwaCompressor.cpp -+++ b/IlmImf/ImfDwaCompressor.cpp -@@ -2377,7 +2377,12 @@ DwaCompressor::uncompress - - const char *dataPtr = inPtr + NUM_SIZES_SINGLE * sizeof(Int64); - -- if (inSize < headerSize + compressedSize) -+ /* Both the sum and individual sizes are checked in case of overflow. */ -+ if (inSize < (headerSize + compressedSize) || -+ inSize < unknownCompressedSize || -+ inSize < acCompressedSize || -+ inSize < dcCompressedSize || -+ inSize < rleCompressedSize) - { - throw Iex::InputExc("Error uncompressing DWA data" - "(truncated file)."); -diff --git a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp -index a375d05..97909a5 100644 ---- a/IlmImf/ImfHuf.cpp -+++ b/IlmImf/ImfHuf.cpp -@@ -822,7 +822,7 @@ hufEncode // return: output size (in bits) - } - - --#define getCode(po, rlc, c, lc, in, out, oe) \ -+#define getCode(po, rlc, c, lc, in, out, ob, oe)\ - { \ - if (po == rlc) \ - { \ -@@ -835,6 +835,8 @@ hufEncode // return: output size (in bits) - \ - if (out + cs > oe) \ - tooMuchData(); \ -+ else if (out - 1 < ob) \ -+ notEnoughData(); \ - \ - unsigned short s = out[-1]; \ - \ -@@ -895,7 +897,7 @@ hufDecode - // - - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -@@ -925,7 +927,7 @@ hufDecode - // - - lc -= l; -- getCode (pl.p[j], rlc, c, lc, in, out, oe); -+ getCode (pl.p[j], rlc, c, lc, in, out, outb, oe); - break; - } - } -@@ -952,7 +954,7 @@ hufDecode - if (pl.len) - { - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -diff --git a/IlmImf/ImfPizCompressor.cpp b/IlmImf/ImfPizCompressor.cpp -index 46c6fba..8b3ee38 100644 ---- a/IlmImf/ImfPizCompressor.cpp -+++ b/IlmImf/ImfPizCompressor.cpp -@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr, - int length; - Xdr::read <CharPtrIO> (inPtr, length); - -+ if (length > inSize) -+ { -+ throw InputExc ("Error in header for PIZ-compressed data " -+ "(invalid array length)."); -+ } -+ - hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer); - - // --- -2.14.1 - |