CVE-2020-16588

An attacker crafts a malicious EXR file that causes `generatePreview` to compute a preview image dimension of exactly 1 pixel in height or width. When the function calculates the scaling factors `fx` and `fy`, the divisor `(previewWidth - 1)` or `(previewHeight - 1)` becomes zero, triggering a division-by-zero. This results in a null pointer dereference and a denial of service. No authentication or special network access is required beyond delivering the crafted file to an application that uses OpenEXR's preview generation.

The vulnerability is in `OpenEXR/exrmakepreview/makePreview.cpp` in the `generatePreview` function. The faulty lines compute scaling factors `fx` and `fy` using `(previewWidth - 1)` and `(previewHeight - 1)` as divisors, but the guard condition only checks for `> 0` instead of `> 1`. When a crafted EXR file produces a preview image that is exactly 1 pixel high or 1 pixel wide, the divisor becomes zero, leading to a division-by-zero that manifests as a null pointer dereference.

The patch changes the guard conditions from `(previewWidth > 0)` to `(previewWidth > 1)` and from `(previewHeight > 0)` to `(previewHeight > 1)`. This ensures that the division `(w - 1) / (previewWidth - 1)` and `(h - 1) / (previewHeight - 1)` only executes when the divisor is at least 1 (i.e., the preview dimension is at least 2). When the preview dimension is exactly 1, the scaling factor is safely set to 1, avoiding the division-by-zero that caused the null pointer dereference.