Segmentation Fault

[ChijinZ]

I build tinyexr with gcc. When testcase (see: https://github.com/ChijinZ/security_advisories/blob/master/tinyexr_16aba30/segmentation_fault) is input into test_tinyexr (command: ./test_tinyexr testcase), a segmentation fault is triggered. GDB provides information as follow:

#0  0x000000000040f031 in tinyexr::wav2Decode(unsigned short*, int, int, int, int, unsigned short) ()
#1  0x000000000041223e in tinyexr::DecompressPiz(unsigned char*, unsigned char const*, unsigned long, unsigned long, int, _EXRChannelInfo const*, int, int) ()
#2  0x00000000004125ad in tinyexr::DecodePixelData(unsigned char**, int const*, unsigned char const*, unsigned long, int, int, int, int, int, int, int, int, unsigned long, unsigned long, _EXRAttribute const*, unsigned long, _EXRChannelInfo const*, std::vector<unsigned long, std::allocator<unsigned long> > const&) ()
#3  0x000000000041639b in tinyexr::DecodeChunk(_EXRImage*, _EXRHeader const*, std::vector<unsigned long long, std::allocator<unsigned long long> > const&, unsigned char const*, unsigned long) ()
#4  0x0000000000416cee in tinyexr::DecodeEXRImage(_EXRImage*, _EXRHeader const*, unsigned char const*, unsigned char const*, unsigned long, char const**) ()
#5  0x0000000000418a99 in LoadEXRImageFromMemory ()
#6  0x000000000041887a in LoadEXRImageFromFile ()
#7  0x00000000004170d0 in LoadEXR ()
#8  0x000000000041f2e1 in main ()

[hongxuchen]

For the record, the error lies inside tinyexr::wav2Decode at tinyexr.h:8088 as of 16aba30, which seems an allocation error according to Address Sanitizer.

[syoyo]

wav2Decode is grabbed from OpenEXR so I have no idea how to fix it.

PR is always welcome!