1 --- IlmImf/ImfPxr24Compressor.cpp 2006-08-08 17:22:39.000000000 -0700 |
|
2 +++ IlmImf/ImfPxr24Compressor.cpp 2011-02-15 10:02:21.249206726 -0800 |
|
3 @@ -73,6 +73,7 @@ |
|
4 #include <zlib.h> |
|
5 #include <assert.h> |
|
6 #include <algorithm> |
|
7 +#include <climits> |
|
8 |
|
9 using namespace std; |
|
10 using namespace Imath; |
|
11 @@ -187,6 +188,9 @@ |
|
12 { |
|
13 int maxInBytes = maxScanLineSize * numScanLines; |
|
14 |
|
15 + if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX) / static_cast<unsigned int>(numScanLines)) |
|
16 + throw Iex::InputExc ("Error: maxScanLineSize * numScanLines overflow!"); |
|
17 + |
|
18 _tmpBuffer = new unsigned char [maxInBytes]; |
|
19 _outBuffer = new char [int (ceil (maxInBytes * 1.01)) + 100]; |
|
20 |
|
21 --- IlmImf/ImfRleCompressor.cpp 2006-10-13 20:06:39.000000000 -0700 |
|
22 +++ IlmImf/ImfRleCompressor.cpp 2011-02-15 10:04:37.515213450 -0800 |
|
23 @@ -42,6 +42,7 @@ |
|
24 |
|
25 #include <ImfRleCompressor.h> |
|
26 #include "Iex.h" |
|
27 +#include <climits> |
|
28 |
|
29 namespace Imf { |
|
30 namespace { |
|
31 @@ -164,6 +165,9 @@ |
|
32 _tmpBuffer (0), |
|
33 _outBuffer (0) |
|
34 { |
|
35 + if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX / 3)) |
|
36 + throw Iex::InputExc ("Error: maxScanLineSize * 3 overflow!"); |
|
37 + |
|
38 _tmpBuffer = new char [maxScanLineSize]; |
|
39 _outBuffer = new char [maxScanLineSize * 3 / 2]; |
|
40 } |
|
41 --- IlmImf/ImfZipCompressor.cpp 2006-10-13 20:07:17.000000000 -0700 |
|
42 +++ IlmImf/ImfZipCompressor.cpp 2011-02-15 10:06:55.097529328 -0800 |
|
43 @@ -43,6 +43,7 @@ |
|
44 #include <ImfZipCompressor.h> |
|
45 #include "Iex.h" |
|
46 #include <zlib.h> |
|
47 +#include <climits> |
|
48 |
|
49 namespace Imf { |
|
50 |
|
51 @@ -58,6 +59,9 @@ |
|
52 _tmpBuffer (0), |
|
53 _outBuffer (0) |
|
54 { |
|
55 + if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX) / static_cast<unsigned int>(numScanLines)) |
|
56 + throw Iex::InputExc ("Error: maxScanLineSize * numScanLines overflow!"); |
|
57 + |
|
58 _tmpBuffer = |
|
59 new char [maxScanLineSize * numScanLines]; |
|
60 |
|
61 --- IlmImf/ImfPreviewImage.cpp 2006-06-05 22:58:16.000000000 -0700 |
|
62 +++ IlmImf/ImfPreviewImage.cpp 2011-02-15 10:10:00.946063574 -0800 |
|
63 @@ -41,6 +41,7 @@ |
|
64 |
|
65 #include <ImfPreviewImage.h> |
|
66 #include "Iex.h" |
|
67 +#include <climits> |
|
68 |
|
69 namespace Imf { |
|
70 |
|
71 @@ -51,6 +52,10 @@ |
|
72 { |
|
73 _width = width; |
|
74 _height = height; |
|
75 + |
|
76 + if ((_height && (_width > (UINT_MAX / _height))) || ((_width * _height) > (UINT_MAX / sizeof(PreviewRgba)))) |
|
77 + throw Iex::ArgExc ("Error: Invalid height and/or width!"); |
|
78 + |
|
79 _pixels = new PreviewRgba [_width * _height]; |
|
80 |
|
81 if (pixels) |
|
82 --- IlmImf/ImfPizCompressor.cpp 2007-09-20 21:17:46.000000000 -0700 |
|
83 +++ IlmImf/ImfPizCompressor.cpp 2011-02-15 10:10:24.179648473 -0800 |
|
84 @@ -53,6 +53,7 @@ |
|
85 #include <ImfAutoArray.h> |
|
86 #include <string.h> |
|
87 #include <assert.h> |
|
88 +#include <climits> |
|
89 |
|
90 namespace Imf { |
|
91 |
|
92 @@ -181,6 +182,9 @@ |
|
93 _channels (hdr.channels()), |
|
94 _channelData (0) |
|
95 { |
|
96 + if (static_cast<unsigned int>(maxScanLineSize) > static_cast<unsigned int>(INT_MAX - 65536 - 8192) / static_cast<unsigned int>(numScanLines)) |
|
97 + throw InputExc ("Error: maxScanLineSize * numScanLines overflow!"); |
|
98 + |
|
99 _tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2]; |
|
100 _outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192]; |
|
101 |
|