$OpenBSD: patch-IlmImf_ImfRleCompressor_cpp,v 1.1 2009/07/30 11:56:40 jasper Exp $

Security fix for CVE-2009-1720, patch from Debian.
Fix integer overflows in compressor constructors.

--- IlmImf/ImfRleCompressor.cpp.orig	Thu Jul 30 13:47:11 2009
+++ IlmImf/ImfRleCompressor.cpp	Thu Jul 30 13:47:58 2009
@@ -41,6 +41,7 @@
 //-----------------------------------------------------------------------------
 
 #include <ImfRleCompressor.h>
+#include <climits>
 #include "Iex.h"
 
 namespace Imf {
@@ -164,6 +165,9 @@ RleCompressor::RleCompressor (const Header &hdr, int m
     _tmpBuffer (0),
     _outBuffer (0)
 {
+    if ((unsigned) maxScanLineSize > INT_MAX / 3)
+	 throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow");
+
     _tmpBuffer = new char [maxScanLineSize];
     _outBuffer = new char [maxScanLineSize * 3 / 2];
 }
