From 49f1a2009c195cb8f316bb2aea79fd70f4542a85 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Fri, 11 Mar 2022 14:07:07 +0800
Subject: [PATCH] Fix CVE-2021-20303

---
 CVE-2021-20303.patch | 45 ++++++++++++++++++++++++++++++++++++++++++++
 OpenEXR.spec         |  6 +++++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-20303.patch

diff --git a/CVE-2021-20303.patch b/CVE-2021-20303.patch
new file mode 100644
index 0000000..8a6cc21
--- /dev/null
+++ b/CVE-2021-20303.patch
@@ -0,0 +1,45 @@
+Origin: https://github.com/AcademySoftwareFoundation/openexr/commit/31472b638bb2bd7020a3465d6e6ddffd564ae0ea
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-07-30
+
+From 31472b638bb2bd7020a3465d6e6ddffd564ae0ea Mon Sep 17 00:00:00 2001
+From: peterhillman <peterh@wetafx.co.nz>
+Date: Fri, 11 Sep 2020 11:03:48 +1200
+Subject: [PATCH] Use Int64 in dataWindowForTile to prevent integer overflow
+ (#831)
+
+* Use Int64 in dataWindowForTile to prevent integer overflow
+
+Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
+
+* use signed 64 bit instead for dataWindow calculation
+
+Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
+
+Co-authored-by: Cary Phillips <cary@ilm.com>
+---
+ IlmImf/ImfTiledMisc.cpp | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/IlmImf/ImfTiledMisc.cpp b/IlmImf/ImfTiledMisc.cpp
+index b8e195fd8..89ef97cb5 100644
+--- a/IlmImf/ImfTiledMisc.cpp
++++ b/IlmImf/ImfTiledMisc.cpp
+@@ -97,13 +97,14 @@ dataWindowForTile (const TileDescription &tileDesc,
+     V2i tileMin = V2i (minX + dx * tileDesc.xSize,
+ 		       minY + dy * tileDesc.ySize);
+ 
+-    V2i tileMax = tileMin + V2i (tileDesc.xSize - 1, tileDesc.ySize - 1);
++    int64_t tileMaxX = int64_t(tileMin[0]) + tileDesc.xSize - 1;
++    int64_t tileMaxY = int64_t(tileMin[1]) + tileDesc.ySize - 1;
+ 
+     V2i levelMax = dataWindowForLevel
+ 		       (tileDesc, minX, maxX, minY, maxY, lx, ly).max;
+ 
+-    tileMax = V2i (std::min (tileMax[0], levelMax[0]),
+-		   std::min (tileMax[1], levelMax[1]));
++    V2i tileMax = V2i (std::min (tileMaxX, int64_t(levelMax[0])),
++		   std::min (tileMaxY, int64_t(levelMax[1])));
+ 
+     return Box2i (tileMin, tileMax);
+ }
diff --git a/OpenEXR.spec b/OpenEXR.spec
index 8e2e8d3..e86c610 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        23
+Release:        24
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@@ -28,6 +28,7 @@ Patch0018:      CVE-2020-11758-to-CVE-2020-11765.patch
 Patch0019:      CVE-2020-15305.patch
 Patch0020:      CVE-2020-15306.patch
 Patch0021:      CVE-2021-3605.patch
+Patch0022:      CVE-2021-20303.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -91,6 +92,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-24
+- Fix CVE-2021-20303
+
 * Wed Sat 1 2021 liwu<liwu13@huawei.com> - 2.2.0-23
 - fix CVE-2021-3605