1 Star 0 Fork 30

openeuler_bot/OpenEXR

forked from src-openEuler/OpenEXR 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
CVE-2024-31047.patch 1.71 KB
一键复制 编辑 原始数据 按行查看 历史
wk333 提交于 2024-04-17 10:13 . Fix CVE-2024-31047
From 7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <[email protected]>
Date: Wed, 20 Mar 2024 00:09:05 +0800
Subject: [PATCH] prevent integer overflows in file exrmultipart.cpp (#1681)
Signed-off-by: ZhaiLiangliang <[email protected]>
Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
---
src/bin/exrmultipart/exrmultipart.cpp | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/bin/exrmultipart/exrmultipart.cpp b/src/bin/exrmultipart/exrmultipart.cpp
index 931cebc..1c624b8 100644
--- a/src/bin/exrmultipart/exrmultipart.cpp
+++ b/src/bin/exrmultipart/exrmultipart.cpp
@@ -326,12 +326,17 @@ convert(vector <const char*> in,
}
Box2i dataWindow = infile.header(0).dataWindow();
- int pixel_count = (dataWindow.size().y+1)*(dataWindow.size().x+1);
- int pixel_width = dataWindow.size().x+1;
-
+ //
+ // use int64_t for dimensions, since possible overflow int storage
+ //
+ int64_t pixel_count = (static_cast<int64_t>(dataWindow.size ().y) + 1) * (static_cast<int64_t>(dataWindow.size ().x) + 1);
+ int64_t pixel_width = static_cast<int64_t>(dataWindow.size ().x) + 1;
+ //
// offset in pixels between base of array and 0,0
- int pixel_base = dataWindow.min.y*pixel_width+dataWindow.min.x;
+ // use int64_t for dimensions, since dataWindow.min.y * pixel_width could overflow int storage
+ //
+ int64_t pixel_base = static_cast<int64_t>(dataWindow.min.y) * pixel_width + static_cast<int64_t>(dataWindow.min.x);
vector< vector<char> > channelstore(channel_count);
--
2.43.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/openeulerbot/OpenEXR.git
[email protected]:openeulerbot/OpenEXR.git
openeulerbot
OpenEXR
OpenEXR
master

搜索帮助