From dbfaf8a5258bea79473c5ef3858375b2773015a2 Mon Sep 17 00:00:00 2001
From: peterhillman <peterh@wetafx.co.nz>
Date: Fri, 4 Jun 2021 11:12:16 +1200
Subject: [PATCH] detect buffer overflows in RleUncompress (#1036)

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
---
 src/lib/OpenEXR/ImfRle.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib/OpenEXR/ImfRle.cpp b/src/lib/OpenEXR/ImfRle.cpp
index 1fec583678..5232cd97fd 100644
--- a/src/lib/OpenEXR/ImfRle.cpp
+++ b/src/lib/OpenEXR/ImfRle.cpp
@@ -117,6 +117,11 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
 	    if (0 > (maxLength -= count + 1))
 		return 0;
 
+        // check the input buffer is big enough to contain
+        // byte to be duplicated
+        if (inLength < 0)
+          return 0;
+
         memset(out, *(char*)in, count+1);
         out += count+1;