From 28892b4720d0f04837618f33eb36b8bf460dc873 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Wed, 17 Apr 2024 10:34:15 +0800
Subject: [PATCH] Fix CVE-2024-31047

(cherry picked from commit 9d2765dde3c078984295127aa72c6cd71b0688c6)
---
 CVE-2024-31047.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 OpenEXR.spec         |  6 +++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-31047.patch

diff --git a/CVE-2024-31047.patch b/CVE-2024-31047.patch
new file mode 100644
index 0000000..66b040e
--- /dev/null
+++ b/CVE-2024-31047.patch
@@ -0,0 +1,42 @@
+From 7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 Mon Sep 17 00:00:00 2001
+From: xiaoxiaoafeifei <zhailiangliang@loongson.cn>
+Date: Wed, 20 Mar 2024 00:09:05 +0800
+Subject: [PATCH] prevent integer overflows in file exrmultipart.cpp (#1681)
+
+Signed-off-by: ZhaiLiangliang <zhailiangliang@loongson.cn>
+
+Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
+
+---
+ src/bin/exrmultipart/exrmultipart.cpp | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/bin/exrmultipart/exrmultipart.cpp b/src/bin/exrmultipart/exrmultipart.cpp
+index 931cebc..1c624b8 100644
+--- a/src/bin/exrmultipart/exrmultipart.cpp
++++ b/src/bin/exrmultipart/exrmultipart.cpp
+@@ -326,12 +326,17 @@ convert(vector <const char*> in,
+         }
+         
+         Box2i dataWindow = infile.header(0).dataWindow();
+-        int pixel_count = (dataWindow.size().y+1)*(dataWindow.size().x+1);
+-        int pixel_width = dataWindow.size().x+1;
+-        
++        //
++        // use int64_t for dimensions, since possible overflow int storage
++        //
++        int64_t pixel_count = (static_cast<int64_t>(dataWindow.size ().y) + 1) * (static_cast<int64_t>(dataWindow.size ().x) + 1);
++        int64_t pixel_width = static_cast<int64_t>(dataWindow.size ().x) + 1;
+         
++        //
+         // offset in pixels between base of array and 0,0
+-        int pixel_base = dataWindow.min.y*pixel_width+dataWindow.min.x;
++        // use int64_t for dimensions, since dataWindow.min.y * pixel_width could overflow int storage
++        //
++        int64_t pixel_base = static_cast<int64_t>(dataWindow.min.y) * pixel_width + static_cast<int64_t>(dataWindow.min.x);
+ 
+         vector< vector<char> > channelstore(channel_count);
+         
+-- 
+2.43.0
+
diff --git a/OpenEXR.spec b/OpenEXR.spec
index d51e793..ccb312d 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,12 +1,13 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        3.1.5
-Release:        2
+Release:        3
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        https://github.com/AcademySoftwareFoundation/openexr/archive/v%{version}/openexr-%{version}.tar.gz
 # https://github.com/AcademySoftwareFoundation/openexr/commit/df4d77471f2722025011da2e699d581d1e757f6b
 Patch0:         CVE-2023-5841.patch
+Patch1:         CVE-2024-31047.patch
 BuildRequires:  gcc-c++ zlib-devel pkgconfig python3-devel
 BuildRequires:  cmake gcc boost-devel pkgconfig(Imath) 
 
@@ -70,6 +71,9 @@ This package contains libraries and header files for development of %{name}.
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Wed Apr 17 2024 wangkai <13474090681@163.com> - 3.1.5-3
+- Fix CVE-2024-31047
+
 * Mon Feb 26 2024 yaoxin <yao_xin001@hoperun.com> - 3.1.5-2
 - Fix CVE-2023-5841
 
-- 
Gitee