OpenEXR/CVE-2021-3475.patch

From 2a18ed424a854598c2a20b5dd7e782b436a1e753 Mon Sep 17 00:00:00 2001
From: Cary Phillips <cary@ilm.com>
Date: Sun, 30 Aug 2020 16:15:10 -0700
Subject: [PATCH] Avoid overflow in calculateNumTiles when size=MAX_INT
(#825)

* Avoid overflow in calculateNumTiles when size=MAX_INT

Signed-off-by: Cary Phillips <cary@ilm.com>

* Compute level size with 64 bits to avoid overflow

Signed-off-by: Cary Phillips <cary@ilm.com>
---
 IlmImf/ImfTiledMisc.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/IlmImf/ImfTiledMisc.cpp
b/IlmImf/ImfTiledMisc.cpp
index c9e8731f1..b8e195fd8 100644
--- a/IlmImf/ImfTiledMisc.cpp
+++ b/IlmImf/ImfTiledMisc.cpp
@@ -301,10 +301,8 @@ calculateNumTiles (int *numTiles,
 {
     for (int i = 0; i < numLevels; i++)
     {
-        int l = levelSize (min, max, i, rmode);
-        if (l > std::numeric_limits<int>::max() - size + 1)
-            throw IEX_NAMESPACE::ArgExc ("Invalid size.");
-
+        // use 64 bits to avoid int overflow if size is large.
+        Int64 l = levelSize (min, max, i, rmode);
         numTiles[i] = (l + size - 1) / size;
     }
 }