From: Markus Koschany <apo@debian.org>
Date: Thu, 8 Dec 2022 12:54:34 +0100
Subject: CVE-2021-26260

Bug-Debian: https://bugs.debian.org/992703
Origin: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d
---
 OpenEXR/IlmImf/ImfDwaCompressor.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/OpenEXR/IlmImf/ImfDwaCompressor.cpp b/OpenEXR/IlmImf/ImfDwaCompressor.cpp
index d8c66dd..a50a58c 100644
--- a/OpenEXR/IlmImf/ImfDwaCompressor.cpp
+++ b/OpenEXR/IlmImf/ImfDwaCompressor.cpp
@@ -2957,9 +2957,10 @@ DwaCompressor::initializeBuffers (size_t &outBufferSize)
             // or for zlib compression (for DEFLATE)
             //
 
+
             maxOutBufferSize += std::max(
-                            (int)(2 * maxLossyDctAcSize + 65536),
-                            (int)compressBound (maxLossyDctAcSize) );
+                            2lu * maxLossyDctAcSize + 65536lu,
+                            static_cast<Int64>(compressBound (maxLossyDctAcSize)) );
             numLossyDctChans++;
             break;