From 1e7949444401b917e122d3f5bf95bcca7d6411ed Mon Sep 17 00:00:00 2001
From: like <like@kylinos.cn>
Date: Thu, 23 Jun 2022 15:48:08 +0800
Subject: [PATCH] fix CVE-2021-20300

---
 OpenEXR.spec                       |  9 ++++++++-
 backport-0001-CVE-2021-20300.patch | 14 ++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 backport-0001-CVE-2021-20300.patch

diff --git a/OpenEXR.spec b/OpenEXR.spec
index 3f02d93..35933b5 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        25
+Release:        26
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@@ -31,6 +31,7 @@ Patch0021:      CVE-2021-3605.patch
 Patch0022:      CVE-2021-20303.patch
 #https://github.com/AcademySoftwareFoundation/openexr/commit/7b11bbac18fc3c23.patch
 Patch0023:      CVE-2021-20299.patch
+Patch0024:      backport-0001-CVE-2021-20300.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -94,6 +95,12 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Thu Jun 23 2022 Like <like@kylinos.cn> - 2.2.0-26
+- Type:CVE
+- Id:CVE-2021-20300
+- SUG:NA
+- DESC:fix CVE-2021-20300
+
 * Wed Mar 23 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-25
 - Fix CVE-2021-20299
 
diff --git a/backport-0001-CVE-2021-20300.patch b/backport-0001-CVE-2021-20300.patch
new file mode 100644
index 0000000..c01e24e
--- /dev/null
+++ b/backport-0001-CVE-2021-20300.patch
@@ -0,0 +1,14 @@
+diff -Nur openexr-2.2.0.old/IlmImf/ImfHuf.cpp openexr-2.2.0.new/IlmImf/ImfHuf.cpp
+--- openexr-2.2.0.old/IlmImf/ImfHuf.cpp	2022-06-23 15:33:11.557936680 +0800
++++ openexr-2.2.0.new/IlmImf/ImfHuf.cpp	2022-06-23 15:34:26.950510490 +0800
+@@ -1073,7 +1073,9 @@
+ 
+     const char *ptr = compressed + 20;
+ 
+-    if ( ptr + (nBits+7 )/8 > compressed+nCompressed)
++    uint64_t nBytes = (static_cast<uint64_t>(nBits)+7) / 8 ;
++
++    if ( ptr + nBytes > compressed+nCompressed)
+     {
+         notEnoughData();
+         return;
-- 
Gitee