fix CVE-2021-3605

(cherry picked from commit b2ba4965470e89ef55de9a769ece18161f7c6edd)

CVE-2021-3605.patch

@@ -0,0 +1,27 @@
+From 2a4f6d9ecd0c9ab2dfaf6bdb99ec962aa1ad09e9 Mon Sep 17 00:00:00 2001
+From: peterhillman <peterh@wetafx.co.nz>
+Date: Fri,4 Jun 2021 11:12:16 +1200
+Subject: [PATCH] detect buffer overflow in RleUncompress(#1036)
+
+---
+ IlmImf/ImfRle.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/IlmImf/ImfRle.cpp b/IlmImf/ImfRle.cpp
+index f6992fa..458f261 100644
+--- a/IlmImf/ImfRle.cpp
++++ b/IlmImf/ImfRle.cpp
+@@ -145,6 +145,10 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
+ 
+ 	    if (0 > (maxLength -= count + 1))
+ 		return 0;
++        //check the input buffer is big enough to contain
++	//byte to be duplicated
++	if (inLength < 0)
++	  return 0;
+ 
+         memset(out, *(char*)in, count+1);
+         out += count+1;
+-- 
+2.27.0
+

OpenEXR.spec

@@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        22
+Release:        23
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@@ -27,6 +27,7 @@ Patch0017:      CVE-2021-3598.patch
 Patch0018:      CVE-2020-11758-to-CVE-2020-11765.patch
 Patch0019:      CVE-2020-15305.patch
 Patch0020:      CVE-2020-15306.patch
+Patch0021:      CVE-2021-3605.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -90,6 +91,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Wed Sat 1 2021 liwu<liwu13@huawei.com> - 2.2.0-23
+- fix CVE-2021-3605
+
 * Mon Jul 12 2021 yaoxin <yaoxin30@huawei.com> - 2.2.0-22
 - fix CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306