Backport of

From 6bad53af7eebed507564dd5fc90320e4c6a6c0bc Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Mon, 20 Jan 2020 09:07:02 +1300
Subject: [PATCH 01/23] Force tile sizes to be less than INT_MAX bytes, in line
 with the maximum dimensions of data windows

From df987cabc20c90803692022fd232def837cb88cc Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Mon, 20 Jan 2020 10:52:17 +1300
Subject: [PATCH 02/23] validate tiles have valid headers when raw reading
 tiles

From 37750013830def57f19f3c3b7faaa9fc1dae81b3 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Mon, 20 Jan 2020 11:18:55 +1300
Subject: [PATCH 03/23] Sanity check for input buffer overruns in RLE
 uncompress

From 3eda5d70aba127bae9bd6bae9956fcf024b64031 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Mon, 20 Jan 2020 14:46:54 +1300
Subject: [PATCH 04/23] fixes for DWA uncompress: sanity check unknown data
 reading, off-by-one error on max suffix string length

From b9997d0c045fa01af3d2e46e1a74b07cc4519446 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Mon, 20 Jan 2020 15:39:10 +1300
Subject: [PATCH 06/23] prevent int overflow when calculating buffer offsets

From 7a52d40ae23c148f27116cb1f6e897b9143b372c Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 21 Jan 2020 12:04:13 +1300
Subject: [PATCH 07/23] bypass SSE optimization when skipping subsampled
 channels

From 801272c9bf8b84a66c62f1e8a4490ece81da6a56 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 21 Jan 2020 13:33:53 +1300
Subject: [PATCH 08/23] check for bad bit counts in Huff encoded data

From 43cd3ad47d53356da6ae2e983e47c8313aebf72e Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 21 Jan 2020 14:53:23 +1300
Subject: [PATCH 09/23] improve bad count detection in huf decompress

From ea3349896d4a8a3b523e8f3b830334a85240b1e6 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 21 Jan 2020 15:12:58 +1300
Subject: [PATCH 10/23] sanity check data reads from PIZ data

From b1c34c496b62117115b1089b18a44e0031800a09 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Wed, 22 Jan 2020 09:35:46 +1300
Subject: [PATCH 11/23] fix memory leak when reading damaged PIZ files

From e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Wed, 22 Jan 2020 17:31:22 +1300
Subject: [PATCH 12/23] abort when file claims to have excessive scanline data
 requirements

From a6408c90339bdf19f89476578d7f936b741be9b2 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Thu, 23 Jan 2020 09:40:44 +1300
Subject: [PATCH 13/23] avoid creating compression object just to compute
 numLinesInBuffer

From 2ae5f8376b0a6c3e2bb100042f5de79503ba837a Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Thu, 23 Jan 2020 09:52:58 +1300
Subject: [PATCH 14/23] fix check for valid ruleSize

From dea0ef1ee7b2f4d2aa42ffba7b442e5d8051222b Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Thu, 23 Jan 2020 12:30:11 +1300
Subject: [PATCH 15/23] fix memory leak on DeepTiledInput files: compressor for
 sample count table wasn't deleted

From d4fbaad4efe5d0ddf325da44ecbab105ebb2954e Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Thu, 23 Jan 2020 12:33:11 +1300
Subject: [PATCH 16/23] fix memory leak in test suite

From 53a06468ef5a08f4f2beb2d264a20547d7a78753 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Thu, 23 Jan 2020 14:44:48 +1300
Subject: [PATCH 17/23] fixes to memory leak when constructors throw exceptions

From b673e6ad0ec6cef94d86b9586244d26088a3d792 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Fri, 24 Jan 2020 08:42:07 +1300
Subject: [PATCH 18/23] Fix cleanup when DeepScanLineInputFile constructor
 throws

From acad98d6d3e787f36012a3737c23c42c7f43a00f Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Fri, 24 Jan 2020 13:43:47 +1300
Subject: [PATCH 21/23] missing header for ptrdiff_t

From 0a1aa55ef108169c933ddaa631c1f6cb02b69050 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 28 Jan 2020 18:17:01 +1300
Subject: [PATCH 22/23] minor tweaks and typo fixes

From 89ce46f38c5e658d21df9179c1641c496cab7396 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 28 Jan 2020 18:18:01 +1300
Subject: [PATCH 23/23] force x/y Sampling to 1 for Deep Scanline Images




--- openexr-2.2.1.orig/IlmImf/ImfCompositeDeepScanLine.cpp
+++ openexr-2.2.1/IlmImf/ImfCompositeDeepScanLine.cpp
@@ -179,7 +179,7 @@ CompositeDeepScanLine::Data::handleDeepF
                                                     int start,
                                                     int end)
 {
-    int width=_dataWindow.size().x+1;
+    ptrdiff_t width=_dataWindow.size().x+1;
     size_t pixelcount = width * (end-start+1);
     pointers.resize(_channels.size());
     counts.resize(pixelcount);
--- openexr-2.2.1.orig/IlmImf/ImfDeepScanLineInputFile.cpp
+++ openexr-2.2.1/IlmImf/ImfDeepScanLineInputFile.cpp
@@ -915,8 +915,7 @@ void DeepScanLineInputFile::initialize(c
     }
     catch (...)
     {
-        delete _data;
-        _data=NULL;
+        // Don't delete _data here, leave that to caller
         throw;
     }
 }
@@ -932,8 +931,15 @@ DeepScanLineInputFile::DeepScanLineInput
     _data->memoryMapped = _data->_streamData->is->isMemoryMapped();
     _data->version = part->version;
 
-    initialize(part->header);
-
+    try
+    {
+       initialize(part->header);
+    }
+    catch(...)
+    {
+        delete _data;
+        throw;
+    }
     _data->lineOffsets = part->chunkOffsets;
 
     _data->partNumber = part->partNumber;
@@ -945,7 +951,6 @@ DeepScanLineInputFile::DeepScanLineInput
 :
      _data (new Data (numThreads))
 {
-    _data->_streamData = new InputStreamMutex();
     _data->_deleteStream = true;
     OPENEXR_IMF_INTERNAL_NAMESPACE::IStream* is = 0;
 
@@ -955,12 +960,29 @@ DeepScanLineInputFile::DeepScanLineInput
         readMagicNumberAndVersionField(*is, _data->version);
         //
         // Backward compatibility to read multpart file.
-        //
+        // multiPartInitialize will create _streamData
         if (isMultiPart(_data->version))
         {
             compatibilityInitialize(*is);
             return;
         }
+    }
+    catch (IEX_NAMESPACE::BaseExc &e)
+    {
+        if (is)          delete is;
+        if (_data)       delete _data;
+
+        REPLACE_EXC (e, "Cannot read image file "
+                     "\"" << fileName << "\". " << e.what());
+        throw;
+    }
+
+    // 
+    // not multiPart - allocate stream data and intialise as normal
+    //
+    try
+    { 
+        _data->_streamData = new InputStreamMutex();
         _data->_streamData->is = is;
         _data->memoryMapped = is->isMemoryMapped();
         _data->header.readFrom (*_data->_streamData->is, _data->version);
@@ -976,7 +998,10 @@ DeepScanLineInputFile::DeepScanLineInput
     catch (IEX_NAMESPACE::BaseExc &e)
     {
         if (is)          delete is;
-        if (_data && _data->_streamData) delete _data->_streamData;
+        if (_data && _data->_streamData)
+        {
+            delete _data->_streamData;
+        }
         if (_data)       delete _data;
 
         REPLACE_EXC (e, "Cannot read image file "
@@ -986,7 +1011,10 @@ DeepScanLineInputFile::DeepScanLineInput
     catch (...)
     {
         if (is)          delete is;
-        if (_data && _data->_streamData) delete _data->_streamData;
+        if (_data && _data->_streamData)
+        {
+            delete _data->_streamData;
+        }
         if (_data)       delete _data;
 
         throw;
@@ -1010,7 +1038,18 @@ DeepScanLineInputFile::DeepScanLineInput
 
     _data->version =version;
     
-    initialize (header);
+    try
+    {
+        initialize (header);
+    }
+    catch (...)
+    {
+        if (_data && _data->_streamData)
+        {
+            delete _data->_streamData;
+        }
+        if (_data)       delete _data;
+   }
 
     readLineOffsets (*_data->_streamData->is,
                      _data->lineOrder,
@@ -1042,8 +1081,9 @@ DeepScanLineInputFile::~DeepScanLineInpu
         //
 
         if (_data->partNumber == -1 && _data->_streamData)
+        {
             delete _data->_streamData;
-
+        }
         delete _data;
     }
 }
--- openexr-2.2.1.orig/IlmImf/ImfDeepTiledInputFile.cpp
+++ openexr-2.2.1/IlmImf/ImfDeepTiledInputFile.cpp
@@ -283,6 +283,7 @@ DeepTiledInputFile::Data::Data (int numT
     multiPartBackwardSupport(false),
     numThreads(numThreads),
     memoryMapped(false),
+    sampleCountTableComp(NULL),
     _streamData(NULL),
     _deleteStream(false)
 {
@@ -308,6 +309,8 @@ DeepTiledInputFile::Data::~Data ()
 
     for (size_t i = 0; i < slices.size(); i++)
         delete slices[i];
+
+    delete sampleCountTableComp;
 }
 
 
@@ -927,7 +930,15 @@ DeepTiledInputFile::DeepTiledInputFile (
     _data (new Data (part->numThreads))
 {
     _data->_deleteStream=false;
-    multiPartInitialize(part);
+    try
+    {
+       multiPartInitialize(part);
+    }
+    catch(...)
+    {
+        delete _data;
+        throw;
+    }
 }
 
 
--- openexr-2.2.1.orig/IlmImf/ImfDwaCompressor.cpp
+++ openexr-2.2.1/IlmImf/ImfDwaCompressor.cpp
@@ -265,8 +265,9 @@ struct DwaCompressor::Classifier
                                 " (truncated rule).");
             
         {
-            char suffix[Name::SIZE];
-            memset (suffix, 0, Name::SIZE);
+            // maximum length of string plus one byte for terminating NULL
+            char suffix[Name::SIZE+1];
+            memset (suffix, 0, Name::SIZE+1);
             Xdr::read<CharPtrIO> (ptr, std::min(size, Name::SIZE-1), suffix);
             _suffix = std::string(suffix);
         }
@@ -2409,7 +2410,7 @@ DwaCompressor::uncompress
         unsigned short ruleSize = 0;
         Xdr::read<CharPtrIO>(dataPtr, ruleSize);
 
-        if (ruleSize < 0) 
+        if (ruleSize < Xdr::size<unsigned short>() )
             throw Iex::InputExc("Error uncompressing DWA data"
                                 " (corrupt header file).");
 
@@ -2806,6 +2807,14 @@ DwaCompressor::uncompress
                     if (Imath::modp (y, cd->ySampling) != 0)
                         continue;
 
+                    //
+                    // sanity check for buffer data lying within range
+                    //
+                    if (cd->planarUncBufferEnd + dstScanlineSize - _planarUncBuffer[UNKNOWN] > _planarUncBufferSize[UNKNOWN] )
+                    {
+                        throw Iex::InputExc("DWA data corrupt");
+                    }
+
                     memcpy (rowPtrs[chan][row],
                             cd->planarUncBufferEnd,
                             dstScanlineSize);
--- openexr-2.2.1.orig/IlmImf/ImfFastHuf.cpp
+++ openexr-2.2.1/IlmImf/ImfFastHuf.cpp
@@ -256,14 +256,29 @@ FastHufDecoder::FastHufDecoder
         int symbol  = *i >> 6;
 
         if (mapping[codeLen] >= _numSymbols)
+        {
+            delete[] _idToSymbol;
+            _idToSymbol = NULL;
             throw Iex::InputExc ("Huffman decode error "
                                   "(Invalid symbol in header).");
-        
+        }
         _idToSymbol[mapping[codeLen]] = symbol;
         mapping[codeLen]++;
     }
 
-    buildTables(base, offset);
+    //
+    // exceptions can be thrown whilst building tables. Delete
+    // _idToSynmbol before re-throwing to prevent memory leak
+    //
+    try
+    {
+      buildTables(base, offset);
+    }catch(...)
+    {
+            delete[] _idToSymbol;
+            _idToSymbol = NULL;
+            throw;
+    }
 }
 
 
--- openexr-2.2.1.orig/IlmImf/ImfHeader.cpp
+++ openexr-2.2.1/IlmImf/ImfHeader.cpp
@@ -914,7 +914,7 @@ Header::sanityCheck (bool isTiled, bool
 
 	const TileDescription &tileDesc = tileDescription();
 
-	if (tileDesc.xSize <= 0 || tileDesc.ySize <= 0)
+	if (tileDesc.xSize <= 0 || tileDesc.ySize <= 0 || tileDesc.xSize > INT_MAX || tileDesc.ySize > INT_MAX )
 	    throw IEX_NAMESPACE::ArgExc ("Invalid tile size in image header.");
 
 	if (maxTileWidth > 0 &&
--- openexr-2.2.1.orig/IlmImf/ImfHuf.cpp
+++ openexr-2.2.1/IlmImf/ImfHuf.cpp
@@ -1052,7 +1052,10 @@ hufUncompress (const char compressed[],
 	       unsigned short raw[],
 	       int nRaw)
 {
-    if (nCompressed == 0)
+    //
+    // nead at least 20 bytes for header
+    //
+    if (nCompressed < 20 )
     {
 	if (nRaw != 0)
 	    notEnoughData();
@@ -1070,6 +1073,12 @@ hufUncompress (const char compressed[],
 
     const char *ptr = compressed + 20;
 
+    if ( ptr + (nBits+7 )/8 > compressed+nCompressed)
+    {
+        notEnoughData();
+        return;
+    }
+
     // 
     // Fast decoder needs at least 2x64-bits of compressed data, and
     // needs to be run-able on this platform. Otherwise, fall back
--- openexr-2.2.1.orig/IlmImf/ImfMisc.cpp
+++ openexr-2.2.1/IlmImf/ImfMisc.cpp
@@ -114,9 +114,9 @@ bytesPerLineTable (const Header &header,
 	 c != channels.end();
 	 ++c)
     {
-	int nBytes = pixelTypeSize (c.channel().type) *
-		     (dataWindow.max.x - dataWindow.min.x + 1) /
-		     c.channel().xSampling;
+	size_t nBytes = size_t(pixelTypeSize (c.channel().type)) *
+		     size_t(dataWindow.max.x - dataWindow.min.x + 1) /
+		     size_t(c.channel().xSampling);
 
 	for (int y = dataWindow.min.y, i = 0; y <= dataWindow.max.y; ++y, ++i)
 	    if (modp (y, c.channel().ySampling) == 0)
@@ -262,6 +262,7 @@ defaultFormat (Compressor * compressor)
 }
 
 
+//obsolete
 int
 numLinesInBuffer (Compressor * compressor)
 {
@@ -1838,6 +1839,39 @@ usesLongNames (const Header &header)
     return false;
 }
 
+namespace
+{
+// for a given compression type, return the number of scanlines
+// compressed into a single chunk
+// TODO add to API and move to ImfCompressor.cpp
+int
+numLinesInBuffer(Compression comp)
+{
+    switch(comp)
+    {
+        case NO_COMPRESSION :
+        case RLE_COMPRESSION:
+        case ZIPS_COMPRESSION:
+            return 1;
+        case ZIP_COMPRESSION:
+            return 16;
+        case PIZ_COMPRESSION:
+            return 32;
+        case PXR24_COMPRESSION:
+            return 16;
+        case B44_COMPRESSION:
+        case B44A_COMPRESSION:
+        case DWAA_COMPRESSION:
+            return 32;
+        case DWAB_COMPRESSION:
+            return 256;
+
+        default:
+	        throw IEX_NAMESPACE::ArgExc ("Unknown compression type");
+    }
+}
+}
+
 int
 getScanlineChunkOffsetTableSize(const Header& header)
 {
@@ -1847,17 +1881,11 @@ getScanlineChunkOffsetTableSize(const He
     size_t maxBytesPerLine = bytesPerLineTable (header,
                                                 bytesPerLine);
 
-    Compressor* compressor = newCompressor(header.compression(),
-                                           maxBytesPerLine,
-                                           header);
-
-    int linesInBuffer = numLinesInBuffer (compressor);
+    int linesInBuffer = numLinesInBuffer ( header.compression() );
 
     int lineOffsetSize = (dataWindow.max.y - dataWindow.min.y +
                           linesInBuffer) / linesInBuffer;
 
-    delete compressor;
-
     return lineOffsetSize;
 }
 
--- openexr-2.2.1.orig/IlmImf/ImfPizCompressor.cpp
+++ openexr-2.2.1/IlmImf/ImfPizCompressor.cpp
@@ -491,7 +491,9 @@ PizCompressor::uncompress (const char *i
     // This is the cunompress function which is used by both the tiled and
     // scanline decompression routines.
     //
-    
+   
+    const char* inputEnd=inPtr+inSize;
+
     //
     // Special case - empty input buffer
     //
@@ -502,6 +504,7 @@ PizCompressor::uncompress (const char *i
 	return 0;
     }
 
+
     //
     // Determine the layout of the compressed pixel data
     //
@@ -548,6 +551,12 @@ PizCompressor::uncompress (const char *i
     AutoArray <unsigned char, BITMAP_SIZE> bitmap;
     memset (bitmap, 0, sizeof (unsigned char) * BITMAP_SIZE);
 
+
+    if(inPtr + sizeof(unsigned short)*2 > inputEnd)
+    {
+   	   throw InputExc ("PIZ compressed data too short");
+    }
+
     Xdr::read <CharPtrIO> (inPtr, minNonZero);
     Xdr::read <CharPtrIO> (inPtr, maxNonZero);
 
@@ -559,8 +568,14 @@ PizCompressor::uncompress (const char *i
 
     if (minNonZero <= maxNonZero)
     {
-	Xdr::read <CharPtrIO> (inPtr, (char *) &bitmap[0] + minNonZero,
-			       maxNonZero - minNonZero + 1);
+        size_t bytesToRead = maxNonZero - minNonZero + 1;
+	    if(inPtr + bytesToRead > inputEnd)
+        {
+   	      throw InputExc ("PIZ compressed data too short");
+        }
+
+Xdr::read <CharPtrIO> (inPtr, (char *) &bitmap[0] + minNonZero,
+			       bytesToRead);
     }
 
     AutoArray <unsigned short, USHORT_RANGE> lut;
@@ -569,6 +584,11 @@ PizCompressor::uncompress (const char *i
     //
     // Huffman decoding
     //
+   if(inPtr + sizeof(int)> inputEnd)
+   {
+       throw InputExc ("PIZ compressed data too short");
+   }
+
 
     int length;
     Xdr::read <CharPtrIO> (inPtr, length);
--- openexr-2.2.1.orig/IlmImf/ImfRle.cpp
+++ openexr-2.2.1/IlmImf/ImfRle.cpp
@@ -129,6 +129,11 @@ rleUncompress (int inLength, int maxLeng
 	    if (0 > (maxLength -= count))
 		return 0;
 
+        // check the input buffer is big enough to contain
+        // 'count' bytes of remaining data
+        if (inLength < 0)
+          return 0;
+
         memcpy(out, in, count);
         out += count;
         in  += count;
--- openexr-2.2.1.orig/IlmImf/ImfScanLineInputFile.cpp
+++ openexr-2.2.1/IlmImf/ImfScanLineInputFile.cpp
@@ -1114,6 +1114,12 @@ void ScanLineInputFile::initialize(const
 
         size_t maxBytesPerLine = bytesPerLineTable (_data->header,
                                                     _data->bytesPerLine);
+        
+        if(maxBytesPerLine > INT_MAX)
+        {
+            throw IEX_NAMESPACE::InputExc("maximum bytes per scanline exceeds maximum permissible size");
+        }
+
 
         for (size_t i = 0; i < _data->lineBuffers.size(); i++)
         {
@@ -1148,6 +1154,8 @@ void ScanLineInputFile::initialize(const
     }
     catch (...)
     {
+        if (_data->partNumber == -1)
+           delete _streamData;
         delete _data;
         _data=NULL;
         throw;
@@ -1420,6 +1428,14 @@ ScanLineInputFile::setFrameBuffer (const
                       offset+=2;
                       break;
               }
+
+              //
+              // optimization mode cannot currently skip subsampled channels
+              //
+              if (i.channel().xSampling!=1 || i.channel().ySampling!=1)
+              {
+                  optimizationPossible = false;
+              }
               ++i;
 	}
 
--- openexr-2.2.1.orig/IlmImf/ImfTiledInputFile.cpp
+++ openexr-2.2.1/IlmImf/ImfTiledInputFile.cpp
@@ -736,7 +736,10 @@ TiledInputFile::TiledInputFile (const ch
 
             delete _data->_streamData;
         }
-
+        if (_data)
+        {
+            delete _data;
+        }
         if (is != 0)
             delete is;
 
@@ -759,6 +762,10 @@ TiledInputFile::TiledInputFile (const ch
 
         if (is != 0)
             delete is;
+        if (_data)
+        {
+            delete _data;
+        }
         throw;
     }
 }
@@ -846,7 +853,15 @@ TiledInputFile::TiledInputFile (InputPar
 {
     _data = new Data (part->numThreads);
     _data->_deleteStream=false;
-    multiPartInitialize(part);
+    try
+    {
+      multiPartInitialize(part);
+    }
+    catch(...)
+    {
+        if (_data) delete _data;
+        throw;
+    }
 }
 
 
@@ -1307,6 +1322,11 @@ TiledInputFile::rawTileData (int &dx, in
         readNextTileData (_data->_streamData, _data, dx, dy, lx, ly,
 			  tileBuffer->buffer,
                           pixelDataSize);
+
+        if ( !isValidLevel(lx,ly) || !isValidTile (dx, dy, lx, ly) )
+            throw IEX_NAMESPACE::ArgExc ("File contains an invalid tile");
+
+
         if(isMultiPart(version()))
         {
             if (old_dx!=dx || old_dy !=dy || old_lx!=lx || old_ly!=ly)
--- openexr-2.2.1.orig/IlmImfTest/testMultiPartApi.cpp
+++ openexr-2.2.1/IlmImfTest/testMultiPartApi.cpp
@@ -450,6 +450,21 @@ generateRandomFile (int partCount, const
         }
     }
 
+    for (size_t i = 0 ; i < parts.size() ; ++i )
+    {
+        int partType = partTypes[i];
+
+        if (partType == 0)
+        {
+            delete (OutputPart*) parts[i];
+        }
+        else
+        {
+            delete (TiledOutputPart*) parts[i];
+        }
+
+    }
+
     delete[] tiledHalfData;
     delete[] tiledUintData;
     delete[] tiledFloatData;