Commit 4b4c2fd7 authored by Leo's avatar Leo

community/openexr: fix multiple CVEs

CVE-2020-15304
CVE-2020-15305
CVE-2020-15306

See: #11729
parent 69e1d57f
......@@ -2,7 +2,7 @@
# Maintainer: Mark Riedesel <mark+alpine@klowner.com>
pkgname=openexr
pkgver=2.4.1
pkgrel=2
pkgrel=3
pkgdesc="A high dynamic-range image file format library"
url="https://www.openexr.com/"
arch="all"
......@@ -10,7 +10,17 @@ license="BSD-3-Clause"
makedepends="zlib-dev cmake"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="$pkgname-$pkgver.tar.gz::https://github.com/AcademySoftwareFoundation/openexr/archive/v$pkgver.tar.gz
fix-pkgconfig-prefix.patch"
fix-pkgconfig-prefix.patch
CVE-2020-15304.patch
CVE-2020-15305.patch
CVE-2020-15306.patch
"
# secfixes:
# 2.4.1-r3:
# - CVE-2020-15304
# - CVE-2020-15305
# - CVE-2020-15306
build() {
cmake -B build \
......@@ -34,4 +44,7 @@ tools() {
}
sha512sums="23c0c07fafa42f832e67cbfeeeb12b6b9e373dd0a5b858f463bf5c4d0661c58fad662cef64ef6a3053f0db2f69aee46816568b814872d617284664d1effbbbab openexr-2.4.1.tar.gz
08a7da593186974583390ab6459d317cb3a2b4ca35e25af1530cc55d16d8c06b07c8388b06134d2035898b6091f601c6e0e0a494a4b0423ba4d7408ead8b905a fix-pkgconfig-prefix.patch"
08a7da593186974583390ab6459d317cb3a2b4ca35e25af1530cc55d16d8c06b07c8388b06134d2035898b6091f601c6e0e0a494a4b0423ba4d7408ead8b905a fix-pkgconfig-prefix.patch
7d4eed2cb51126e643de27346858f7174ce3716d7235ff096fc83d5eeccbffd112264bbdfb655a69caaaeda7a7c85069e3389b8dbe4d8e37326c94a13dbe8307 CVE-2020-15304.patch
66cbd2202e11163f092c644a6e6d1ce2da12ff8684ba1ce04ae746f4aa5f8e73adf97d2a8d6e61013f109f06bf5c826e0454fed076e6b044fb51bf83e35c44fe CVE-2020-15305.patch
710b40e559b1224458958b0f54a0a78f828715f6d3eece23dc1a0a80f86c811ec1a8f701668da805e8f2edd9b7eaa5c3e793d0bdc7732bf9d7178a0d998b8a56 CVE-2020-15306.patch"
diff --git a/OpenEXR/IlmImf/ImfTiledInputFile.cpp b/OpenEXR/IlmImf/ImfTiledInputFile.cpp
index e6936d5..6b17f45 100644
--- a/OpenEXR/IlmImf/ImfTiledInputFile.cpp
+++ b/OpenEXR/IlmImf/ImfTiledInputFile.cpp
@@ -807,7 +807,10 @@ TiledInputFile::TiledInputFile (OPENEXR_IMF_INTERNAL_NAMESPACE::IStream &is, int
{
for (size_t i = 0; i < _data->tileBuffers.size(); i++)
{
- delete [] _data->tileBuffers[i]->buffer;
+ if( _data->tileBuffers[i])
+ {
+ delete [] _data->tileBuffers[i]->buffer;
+ }
}
}
if (streamDataCreated) delete _data->_streamData;
@@ -849,11 +852,14 @@ TiledInputFile::TiledInputFile (const Header &header,
{
for (size_t i = 0; i < _data->tileBuffers.size(); i++)
{
- delete [] _data->tileBuffers[i]->buffer;
+ if(_data->tileBuffers[i])
+ {
+ delete [] _data->tileBuffers[i]->buffer;
+ }
}
}
delete _data->_streamData;
- delete _data;
+ delete _data;
throw;
}
}
diff --git a/OpenEXR/IlmImfFuzzTest/testFuzzDeepScanLines.cpp b/OpenEXR/IlmImfFuzzTest/testFuzzDeepScanLines.cpp
index 945ffac..a0748be 100644
--- a/OpenEXR/IlmImfFuzzTest/testFuzzDeepScanLines.cpp
+++ b/OpenEXR/IlmImfFuzzTest/testFuzzDeepScanLines.cpp
@@ -185,6 +185,21 @@ void generateRandomFile(const char filename[], int channelCount,int parts , Comp
}
pt.writePixels(height);
+
+
+ // free sample memory
+ for (int i = 0; i < height; i++)
+ {
+ for (int j = 0; j < width; j++)
+ {
+ sampleCount[i][j] = rand() % 4 + 1;
+ for (int k = 0; k < channelCount; k++)
+ {
+ delete[] (float*) data[k][i][j];
+ }
+ }
+ }
+
}
}
diff --git a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
index 4989fd7..f1ac733 100644
--- a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
+++ b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
@@ -1048,6 +1048,8 @@ DeepScanLineInputFile::DeepScanLineInputFile
delete _data->_streamData;
}
if (_data) delete _data;
+
+ throw;
}
readLineOffsets (*_data->_streamData->is,
diff --git a/OpenEXR/IlmImf/ImfDeepTiledOutputFile.cpp b/OpenEXR/IlmImf/ImfDeepTiledOutputFile.cpp
index 33704f0..e3a9b04 100644
--- a/OpenEXR/IlmImf/ImfDeepTiledOutputFile.cpp
+++ b/OpenEXR/IlmImf/ImfDeepTiledOutputFile.cpp
@@ -1227,7 +1227,7 @@ DeepTiledOutputFile::initialize (const Header &header)
_data->numYTiles);
//ignore the existing value of chunkCount - correct it if it's wrong
- _data->header.setChunkCount(getChunkOffsetTableSize(_data->header,true));
+ _data->header.setChunkCount(getChunkOffsetTableSize(_data->header));
_data->maxSampleCountTableSize = _data->tileDesc.ySize *
_data->tileDesc.xSize *
diff --git a/OpenEXR/IlmImf/ImfMisc.cpp b/OpenEXR/IlmImf/ImfMisc.cpp
index d0b6fb2..7d69798 100644
--- a/OpenEXR/IlmImf/ImfMisc.cpp
+++ b/OpenEXR/IlmImf/ImfMisc.cpp
@@ -1900,18 +1900,30 @@ int
getTiledChunkOffsetTableSize(const Header& header);
int
-getChunkOffsetTableSize(const Header& header,bool ignore_attribute)
+getChunkOffsetTableSize(const Header& header,bool)
{
- if(!ignore_attribute && header.hasChunkCount())
- {
- return header.chunkCount();
- }
-
+ //
+ // if there is a type in the header which indicates the part is not a currently supported type,
+ // use the chunkCount attribute
+ //
+
+
if(header.hasType() && !isSupportedType(header.type()))
{
- throw IEX_NAMESPACE::ArgExc ("unsupported header type to "
- "get chunk offset table size");
+ if(header.hasChunkCount())
+ {
+ return header.chunkCount();
+ }
+ else
+ {
+ throw IEX_NAMESPACE::ArgExc ("unsupported header type to "
+ "get chunk offset table size");
+ }
}
+
+ //
+ // part is a known type - ignore the header attribute and compute the chunk size from the header
+ //
if (isTiled(header.type()) == false)
return getScanlineChunkOffsetTableSize(header);
else
diff --git a/OpenEXR/IlmImf/ImfMisc.h b/OpenEXR/IlmImf/ImfMisc.h
index 4cb7607..f1cf648 100644
--- a/OpenEXR/IlmImf/ImfMisc.h
+++ b/OpenEXR/IlmImf/ImfMisc.h
@@ -464,13 +464,16 @@ bool usesLongNames (const Header &header);
//
-// compute size of chunk offset table - if ignore_attribute set to true
-// will compute from the image size and layout, rather than the attribute
-// The default behaviour is to read the attribute
+// compute size of chunk offset table - for existing types, computes
+// the chunk size from the image size, compression type, and tile description
+// (for tiled types). If the type is not supported, uses the chunkCount attribute
+// if present, or throws an exception otherwise
+// deprecated_attribute is no longer used by this function
+//
//
IMF_EXPORT
-int getChunkOffsetTableSize(const Header& header,bool ignore_attribute=false);
+int getChunkOffsetTableSize(const Header& header,bool deprecated_attribute=false);
OPENEXR_IMF_INTERNAL_NAMESPACE_HEADER_EXIT
diff --git a/OpenEXR/IlmImf/ImfMultiPartInputFile.cpp b/OpenEXR/IlmImf/ImfMultiPartInputFile.cpp
index c2ffecb..eba675c 100644
--- a/OpenEXR/IlmImf/ImfMultiPartInputFile.cpp
+++ b/OpenEXR/IlmImf/ImfMultiPartInputFile.cpp
@@ -733,7 +733,7 @@ MultiPartInputFile::Data::readChunkOffsetTables(bool reconstructChunkOffsetTable
for (size_t i = 0; i < parts.size(); i++)
{
- int chunkOffsetTableSize = getChunkOffsetTableSize(parts[i]->header,false);
+ int chunkOffsetTableSize = getChunkOffsetTableSize(parts[i]->header);
parts[i]->chunkOffsets.resize(chunkOffsetTableSize);
for (int j = 0; j < chunkOffsetTableSize; j++)
diff --git a/OpenEXR/IlmImf/ImfMultiPartOutputFile.cpp b/OpenEXR/IlmImf/ImfMultiPartOutputFile.cpp
index 27add0c..a4c9331 100644
--- a/OpenEXR/IlmImf/ImfMultiPartOutputFile.cpp
+++ b/OpenEXR/IlmImf/ImfMultiPartOutputFile.cpp
@@ -145,7 +145,7 @@ MultiPartOutputFile::Data::do_header_sanity_checks(bool overrideSharedAttributes
if (isMultiPart)
{
// multipart files must contain a chunkCount attribute
- _headers[0].setChunkCount(getChunkOffsetTableSize(_headers[0],true));
+ _headers[0].setChunkCount(getChunkOffsetTableSize(_headers[0]));
for (size_t i = 1; i < parts; i++)
{
@@ -153,7 +153,7 @@ MultiPartOutputFile::Data::do_header_sanity_checks(bool overrideSharedAttributes
throw IEX_NAMESPACE::ArgExc ("Every header in a multipart file should have a type");
- _headers[i].setChunkCount(getChunkOffsetTableSize(_headers[i],true));
+ _headers[i].setChunkCount(getChunkOffsetTableSize(_headers[i]));
_headers[i].sanityCheck (_headers[i].hasTileDescription(), isMultiPart);
@@ -185,7 +185,7 @@ MultiPartOutputFile::Data::do_header_sanity_checks(bool overrideSharedAttributes
if (_headers[0].hasType() && isImage(_headers[0].type()) == false)
{
- _headers[0].setChunkCount(getChunkOffsetTableSize(_headers[0],true));
+ _headers[0].setChunkCount(getChunkOffsetTableSize(_headers[0]));
}
}
@@ -494,7 +494,7 @@ MultiPartOutputFile::Data::writeChunkTableOffsets (vector<OutputPartData*> &part
{
for (size_t i = 0; i < parts.size(); i++)
{
- int chunkTableSize = getChunkOffsetTableSize(parts[i]->header,false);
+ int chunkTableSize = getChunkOffsetTableSize(parts[i]->header);
Int64 pos = os->tellp();
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment