From ba36d0d8c484840e83946e1966cb455ef9f64c8c Mon Sep 17 00:00:00 2001
From: programmer12 <964969108@qq.com>
Date: Thu, 2 Sep 2021 16:00:46 +0800
Subject: [PATCH] fix CVE-2021-3605

---
 CVE-2021-3605.patch | 27 +++++++++++++++++++++++++++
 OpenEXR.spec        |  6 +++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-3605.patch

diff --git a/CVE-2021-3605.patch b/CVE-2021-3605.patch
new file mode 100644
index 0000000..ea277d2
--- /dev/null
+++ b/CVE-2021-3605.patch
@@ -0,0 +1,27 @@
+From 2a4f6d9ecd0c9ab2dfaf6bdb99ec962aa1ad09e9 Mon Sep 17 00:00:00 2001
+From: peterhillman <peterh@wetafx.co.nz>
+Date: Fri,4 Jun 2021 11:12:16 +1200
+Subject: [PATCH] detect buffer overflow in RleUncompress(#1036)
+
+---
+ IlmImf/ImfRle.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/IlmImf/ImfRle.cpp b/IlmImf/ImfRle.cpp
+index f6992fa..458f261 100644
+--- a/IlmImf/ImfRle.cpp
++++ b/IlmImf/ImfRle.cpp
+@@ -145,6 +145,10 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
+ 
+ 	    if (0 > (maxLength -= count + 1))
+ 		return 0;
++        //check the input buffer is big enough to contain
++	//byte to be duplicated
++	if (inLength < 0)
++	  return 0;
+ 
+         memset(out, *(char*)in, count+1);
+         out += count+1;
+-- 
+2.27.0
+
diff --git a/OpenEXR.spec b/OpenEXR.spec
index 8db424c..59dcf18 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        22
+Release:        23
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@@ -27,6 +27,7 @@ Patch0017:      CVE-2021-3598.patch
 Patch0018:      CVE-2020-11758-to-CVE-2020-11765.patch
 Patch0019:      CVE-2020-15305.patch
 Patch0020:      CVE-2020-15306.patch
+Patch0021:      CVE-2021-3605.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -90,6 +91,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Thu Sep 2 2021 liwu <liwu13@huawei.com> - 2.2.0-23
+- fix CVE-2021-3605
+
 * Mon Jul 12 2021 yaoxin <yaoxin30@huawei.com> - 2.2.0-22
 - fix CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306
 
-- 
Gitee