From 48da08a1be83d1214a3d938ce67ca627d2a916ef Mon Sep 17 00:00:00 2001
From: Cary Phillips <cary@ilm.com>
Date: Sat, 8 Aug 2020 16:27:03 -0700
Subject: [PATCH 1/2] Avoid integer overflow in calculateNumTiles()

Signed-off-by: Cary Phillips <cary@ilm.com>
---
 OpenEXR/IlmImf/ImfTiledMisc.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/OpenEXR/IlmImf/ImfTiledMisc.cpp b/OpenEXR/IlmImf/ImfTiledMisc.cpp
index 8552ada207..1cff8037d1 100644
--- a/OpenEXR/IlmImf/ImfTiledMisc.cpp
+++ b/OpenEXR/IlmImf/ImfTiledMisc.cpp
@@ -301,7 +301,11 @@ calculateNumTiles (int *numTiles,
 {
     for (int i = 0; i < numLevels; i++)
     {
-	numTiles[i] = (levelSize (min, max, i, rmode) + size - 1) / size;
+	int l = levelSize (min, max, i, rmode);
+        if (l >= std::numeric_limits<int>::max() - size + 1)
+            throw IEX_NAMESPACE::ArgExc ("Invalid size.");
+
+	numTiles[i] = (l + size - 1) / size;
     }
 }
 

From 379cbff5e9f96b1cbce251ddb6996be17e447dec Mon Sep 17 00:00:00 2001
From: Cary Phillips <cary@ilm.com>
Date: Sat, 8 Aug 2020 16:34:02 -0700
Subject: [PATCH 2/2] Change >= to > in overflow calculation

Signed-off-by: Cary Phillips <cary@ilm.com>
---
 OpenEXR/IlmImf/ImfTiledMisc.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/OpenEXR/IlmImf/ImfTiledMisc.cpp b/OpenEXR/IlmImf/ImfTiledMisc.cpp
index 1cff8037d1..51b6e5c267 100644
--- a/OpenEXR/IlmImf/ImfTiledMisc.cpp
+++ b/OpenEXR/IlmImf/ImfTiledMisc.cpp
@@ -301,11 +301,11 @@ calculateNumTiles (int *numTiles,
 {
     for (int i = 0; i < numLevels; i++)
     {
-	int l = levelSize (min, max, i, rmode);
-        if (l >= std::numeric_limits<int>::max() - size + 1)
+        int l = levelSize (min, max, i, rmode);
+        if (l > std::numeric_limits<int>::max() - size + 1)
             throw IEX_NAMESPACE::ArgExc ("Invalid size.");
 
-	numTiles[i] = (l + size - 1) / size;
+        numTiles[i] = (l + size - 1) / size;
     }
 }