Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openexr/patches/003-openexr-1.6.1-CVE-2009-1720.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Mon, 11 Mar 2013 10:38:09 -0700
branchs11-update
changeset 2520 ceec631e74d1
parent 147 5af6875cbf70
permissions -rw-r--r--
Close of build 10.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
147
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     1
 
--- IlmImf/ImfPxr24Compressor.cpp	2006-08-08 17:22:39.000000000 -0700
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     2
 
+++ IlmImf/ImfPxr24Compressor.cpp	2011-02-15 10:02:21.249206726 -0800
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     3
 
@@ -73,6 +73,7 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     4
 
 #include <zlib.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     5
 
 #include <assert.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     6
 
 #include <algorithm>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     7
 
+#include <climits>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     8
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     9
 
 using namespace std;
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    10
 
 using namespace Imath;
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    11
 
@@ -187,6 +188,9 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    12
 
 {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    13
 
     int maxInBytes = maxScanLineSize * numScanLines;
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    14
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    15
 
+    if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX) / static_cast<unsigned int>(numScanLines))
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    16
 
+	throw Iex::InputExc ("Error: maxScanLineSize * numScanLines overflow!");
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    17
 
+
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    18
 
     _tmpBuffer = new unsigned char [maxInBytes];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    19
 
     _outBuffer = new char [int (ceil (maxInBytes * 1.01)) + 100];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    20
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    21
 
--- IlmImf/ImfRleCompressor.cpp	2006-10-13 20:06:39.000000000 -0700
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    22
 
+++ IlmImf/ImfRleCompressor.cpp	2011-02-15 10:04:37.515213450 -0800
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    23
 
@@ -42,6 +42,7 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    24
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    25
 
 #include <ImfRleCompressor.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    26
 
 #include "Iex.h"
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    27
 
+#include <climits>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    28
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    29
 
 namespace Imf {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    30
 
 namespace {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    31
 
@@ -164,6 +165,9 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    32
 
     _tmpBuffer (0),
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    33
 
     _outBuffer (0)
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    34
 
 {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    35
 
+    if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX / 3))
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    36
 
+	throw Iex::InputExc ("Error: maxScanLineSize * 3 overflow!");
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    37
 
+
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    38
 
     _tmpBuffer = new char [maxScanLineSize];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    39
 
     _outBuffer = new char [maxScanLineSize * 3 / 2];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    40
 
 }
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    41
 
--- IlmImf/ImfZipCompressor.cpp	2006-10-13 20:07:17.000000000 -0700
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    42
 
+++ IlmImf/ImfZipCompressor.cpp	2011-02-15 10:06:55.097529328 -0800
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    43
 
@@ -43,6 +43,7 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    44
 
 #include <ImfZipCompressor.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    45
 
 #include "Iex.h"
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    46
 
 #include <zlib.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    47
 
+#include <climits>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    48
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    49
 
 namespace Imf {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    50
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    51
 
@@ -58,6 +59,9 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    52
 
     _tmpBuffer (0),
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    53
 
     _outBuffer (0)
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    54
 
 {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    55
 
+    if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX) / static_cast<unsigned int>(numScanLines))
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    56
 
+	throw Iex::InputExc ("Error: maxScanLineSize * numScanLines overflow!");
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    57
 
+
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    58
 
     _tmpBuffer =
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    59
 
 	new char [maxScanLineSize * numScanLines];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    60
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    61
 
--- IlmImf/ImfPreviewImage.cpp	2006-06-05 22:58:16.000000000 -0700
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    62
 
+++ IlmImf/ImfPreviewImage.cpp	2011-02-15 10:10:00.946063574 -0800
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    63
 
@@ -41,6 +41,7 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    64
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    65
 
 #include <ImfPreviewImage.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    66
 
 #include "Iex.h"
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    67
 
+#include <climits>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    68
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    69
 
 namespace Imf {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    70
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    71
 
@@ -51,6 +52,10 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    72
 
 {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    73
 
     _width = width;
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    74
 
     _height = height;
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    75
 
+
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    76
 
+    if ((_height && (_width > (UINT_MAX / _height))) || ((_width * _height) > (UINT_MAX / sizeof(PreviewRgba))))
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    77
 
+	throw Iex::ArgExc ("Error: Invalid height and/or width!");
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    78
 
+
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    79
 
     _pixels = new PreviewRgba [_width * _height];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    80
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    81
 
     if (pixels)
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    82
 
--- IlmImf/ImfPizCompressor.cpp	2007-09-20 21:17:46.000000000 -0700
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    83
 
+++ IlmImf/ImfPizCompressor.cpp	2011-02-15 10:10:24.179648473 -0800
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    84
 
@@ -53,6 +53,7 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    85
 
 #include <ImfAutoArray.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    86
 
 #include <string.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    87
 
 #include <assert.h>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    88
 
+#include <climits>
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    89
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    90
 
 namespace Imf {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    91
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    92
 
@@ -181,6 +182,9 @@
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    93
 
     _channels (hdr.channels()),
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    94
 
     _channelData (0)
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    95
 
 {
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    96
 
+    if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX - 65536 - 8192) / static_cast<unsigned int>(numScanLines))
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    97
 
+	throw InputExc ("Error: maxScanLineSize * numScanLines overflow!");
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    98
 
+
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    99
 
     _tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
   100
 
     _outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192];
5af6875cbf70 7008450 CVE-2009-1720 CVE-2009-1721 upgrade openexr
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
   101
upstream/oracle/userland-gate