!42 [sync] PR-34: fix CVE-2021-3605

From: @openeuler-sync-bot Reviewed-by: @small_leek Signed-off-by: @small_leek
2021-09-06 02:25:08 +00:00 · 2021-09-06 02:25:08 +00:00 · 564f685300
commit 564f685300
parent 06b4485856 bf3abc70d5
2 changed files with 32 additions and 1 deletions
--- a/CVE-2021-3605.patch
+++ b/CVE-2021-3605.patch
@ -0,0 +1,27 @@
+From 2a4f6d9ecd0c9ab2dfaf6bdb99ec962aa1ad09e9 Mon Sep 17 00:00:00 2001
+From: peterhillman <peterh@wetafx.co.nz>
+Date: Fri,4 Jun 2021 11:12:16 +1200
+Subject: [PATCH] detect buffer overflow in RleUncompress(#1036)
+
+---
+ IlmImf/ImfRle.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/IlmImf/ImfRle.cpp b/IlmImf/ImfRle.cpp
+index f6992fa..458f261 100644
+--- a/IlmImf/ImfRle.cpp
+++ b/IlmImf/ImfRle.cpp
+@@ -145,6 +145,10 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
+ 
+ 	    if (0 > (maxLength -= count + 1))
+ 		return 0;
+        //check the input buffer is big enough to contain
+	//byte to be duplicated
+	if (inLength < 0)
+	  return 0;
+ 
+         memset(out, *(char*)in, count+1);
+         out += count+1;
+-- 
+2.27.0
+
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        22
+Release:        23
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@ -27,6 +27,7 @@ Patch0017:      CVE-2021-3598.patch
 Patch0018:      CVE-2020-11758-to-CVE-2020-11765.patch
 Patch0019:      CVE-2020-15305.patch
 Patch0020:      CVE-2020-15306.patch
+Patch0021:      CVE-2021-3605.patch

 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@ -90,6 +91,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc

 %changelog
+* Wed Sat 1 2021 liwu<liwu13@huawei.com> - 2.2.0-23
+- fix CVE-2021-3605
+
 * Mon Jul 12 2021 yaoxin <yaoxin30@huawei.com> - 2.2.0-22
 - fix CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306