/[pkgs]/devel/OpenEXR/openexr-1.6.1-CVE-2009-1720-1.patch
ViewVC logotype

Contents of /devel/OpenEXR/openexr-1.6.1-CVE-2009-1720-1.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download) (as text)
Wed Jul 29 18:31:47 2009 UTC (3 months, 3 weeks ago) by rdieter
Branch: MAIN
CVS Tags: F-12-split, OpenEXR-1_6_1-8_fc12, HEAD
File MIME type: text/x-patch 
* Wed Jul 29 2009 Rex Dieter <rdieter@fedoraproject.org> 1.6.1-8
- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)
- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)
1 diff -up openexr-1.6.1/IlmImf/ImfPreviewImage.cpp.CVE-2009-1720-1 openexr-1.6.1/IlmImf/ImfPreviewImage.cpp
2 --- openexr-1.6.1/IlmImf/ImfPreviewImage.cpp.CVE-2009-1720-1 2006-06-06 00:58:16.000000000 -0500
3 +++ openexr-1.6.1/IlmImf/ImfPreviewImage.cpp 2009-07-29 13:27:39.087038617 -0500
4 @@ -41,6 +41,7 @@
5
6 #include <ImfPreviewImage.h>
7 #include "Iex.h"
8 +#include <limits.h>
9
10 namespace Imf {
11
12 @@ -51,6 +52,9 @@ PreviewImage::PreviewImage (unsigned int
13 {
14 _width = width;
15 _height = height;
16 + if (_height && _width > UINT_MAX / _height || _width * _height > UINT_MAX / sizeof(PreviewRgba)) {
17 + throw Iex::ArgExc ("Invalid height and width.");
18 + }
19 _pixels = new PreviewRgba [_width * _height];
20
21 if (pixels)
22 diff -up openexr-1.6.1/IlmImf/ImfPreviewImage.h.CVE-2009-1720-1 openexr-1.6.1/IlmImf/ImfPreviewImage.h
admin@fedoraproject.org
 ViewVC Help
Powered by ViewVC 1.1.2