From 801272c9bf8b84a66c62f1e8a4490ece81da6a56 Mon Sep 17 00:00:00 2001
From: Peter Hillman <peterh@wetafx.co.nz>
Date: Tue, 21 Jan 2020 13:33:53 +1300
Subject: [PATCH] check for bad bit counts in Huff encoded data

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
---
 OpenEXR/IlmImf/ImfHuf.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/OpenEXR/IlmImf/ImfHuf.cpp b/OpenEXR/IlmImf/ImfHuf.cpp
index 97909a5b19..43515f5bd1 100644
--- a/OpenEXR/IlmImf/ImfHuf.cpp
+++ b/OpenEXR/IlmImf/ImfHuf.cpp
@@ -1070,6 +1070,11 @@ hufUncompress (const char compressed[],
 
     const char *ptr = compressed + 20;
 
+    if ( ptr + (nBits+7 )/8 > compressed+nCompressed)
+    {
+        throw Iex::InputExc("invalid bit count for data size in Huf data");
+    }
+
     // 
     // Fast decoder needs at least 2x64-bits of compressed data, and
     // needs to be run-able on this platform. Otherwise, fall back