From: =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org>
Date: Thu, 8 Sep 2022 20:38:54 +0200
Subject: CVE-2022-34300

Fix heap buffer overflow in DecodePixelData.

Forwarded: https://github.com/syoyo/tinyexr/pull/175
---
 tinyexr.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tinyexr.h b/tinyexr.h
index 5f977b1..10ca442 100644
--- a/tinyexr.h
+++ b/tinyexr.h
@@ -9949,8 +9949,8 @@ static bool DecodePixelData(/* out */ unsigned char **out_images,
         assert(requested_pixel_types[c] == TINYEXR_PIXELTYPE_FLOAT);
         for (size_t v = 0; v < static_cast<size_t>(num_lines); v++) {
           const float *line_ptr = reinterpret_cast<float *>(&outBuf.at(
-              v * pixel_data_size * static_cast<size_t>(x_stride) +
-              channel_offset_list[c] * static_cast<size_t>(x_stride)));
+              v * pixel_data_size * static_cast<size_t>(width) +
+              channel_offset_list[c] * static_cast<size_t>(width)));
           for (size_t u = 0; u < static_cast<size_t>(width); u++) {
             float val;
             // val = line_ptr[u];