From 35b6908b7b17451335226d0d2ce5d73536ed08fa Mon Sep 17 00:00:00 2001
From: peterhillman <peterh@wetafx.co.nz>
Date: Wed, 29 Sep 2021 07:55:00 +1300
Subject: [PATCH] validate filesize before allocating chunk memory (#1161)

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
---
 src/lib/OpenEXRCore/chunk.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/lib/OpenEXRCore/chunk.c b/src/lib/OpenEXRCore/chunk.c
index 000bd6150..49697fc89 100644
--- a/src/lib/OpenEXRCore/chunk.c
+++ b/src/lib/OpenEXRCore/chunk.c
@@ -70,6 +70,17 @@ extract_chunk_table (
             return ctxt->report_error (
                 ctxt, EXR_ERR_INVALID_ARGUMENT, "Invalid file with no chunks");
 
+        if (chunkbytes + chunkoff > (uint64_t) ctxt->file_size)
+           return ctxt->print_error (
+               ctxt,
+               EXR_ERR_INVALID_ARGUMENT,
+               "chunk table size (%" PRIu64
+               ") too big for file size (%" PRId64 ")",
+               chunkbytes,
+               ctxt->file_size);
+
+
+
         ctable = (uint64_t*) ctxt->alloc_fn (chunkbytes);
         if (ctable == NULL)
             return ctxt->standard_error (ctxt, EXR_ERR_OUT_OF_MEMORY);