From: =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org>
Date: Thu, 8 Sep 2022 19:31:26 +0200
Subject: CVE-2022-38529

Fix heap buffer overflow in rleUncompress.
Backported from upstream commit cc1b199dd17b700c3130a53866ea462ab88e7f82

Forwarded: not-needed
---
 tinyexr.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tinyexr.h b/tinyexr.h
index 0480fd3..5f977b1 100644
--- a/tinyexr.h
+++ b/tinyexr.h
@@ -7865,7 +7865,7 @@ static int rleUncompress(int inLength, int maxLength, const signed char in[],
       int count = *in++;
       inLength -= 2;
 
-      if (0 > (maxLength -= count + 1)) return 0;
+      if (0 > (maxLength -= count + 1) || inLength < 0) return 0;
 
       memset(out, *reinterpret_cast<const char *>(in), count + 1);
       out += count + 1;