28 lines
765 B
Diff
28 lines
765 B
Diff
From 2a4f6d9ecd0c9ab2dfaf6bdb99ec962aa1ad09e9 Mon Sep 17 00:00:00 2001
|
|
From: peterhillman <peterh@wetafx.co.nz>
|
|
Date: Fri,4 Jun 2021 11:12:16 +1200
|
|
Subject: [PATCH] detect buffer overflow in RleUncompress(#1036)
|
|
|
|
---
|
|
IlmImf/ImfRle.cpp | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/IlmImf/ImfRle.cpp b/IlmImf/ImfRle.cpp
|
|
index f6992fa..458f261 100644
|
|
--- a/IlmImf/ImfRle.cpp
|
|
+++ b/IlmImf/ImfRle.cpp
|
|
@@ -145,6 +145,10 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
|
|
|
|
if (0 > (maxLength -= count + 1))
|
|
return 0;
|
|
+ //check the input buffer is big enough to contain
|
|
+ //byte to be duplicated
|
|
+ if (inLength < 0)
|
|
+ return 0;
|
|
|
|
memset(out, *(char*)in, count+1);
|
|
out += count+1;
|
|
--
|
|
2.27.0
|
|
|