From 2a4f6d9ecd0c9ab2dfaf6bdb99ec962aa1ad09e9 Mon Sep 17 00:00:00 2001
From: peterhillman <peterh@wetafx.co.nz>
Date: Fri,4 Jun 2021 11:12:16 +1200
Subject: [PATCH] detect buffer overflow in RleUncompress(#1036)

---
 IlmImf/ImfRle.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/IlmImf/ImfRle.cpp b/IlmImf/ImfRle.cpp
index f6992fa..458f261 100644
--- a/IlmImf/ImfRle.cpp
+++ b/IlmImf/ImfRle.cpp
@@ -145,6 +145,10 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
 
 	    if (0 > (maxLength -= count + 1))
 		return 0;
+        //check the input buffer is big enough to contain
+	//byte to be duplicated
+	if (inLength < 0)
+	  return 0;
 
         memset(out, *(char*)in, count+1);
         out += count+1;
-- 
2.27.0