File CVE-2023-44271.patch of Package python-Pillow.35230

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-44271.patch of Package python-Pillow.35230

Index: Pillow-7.2.0/Tests/test_imagefont.py
===================================================================
--- Pillow-7.2.0.orig/Tests/test_imagefont.py
+++ Pillow-7.2.0/Tests/test_imagefont.py
@@ -733,6 +733,21 @@ class TestImageFont:
         font.set_variation_by_axes([100])
         self._check_text(font, "Tests/images/variation_tiny_axes.png", 32.5)
 
+    def test_too_many_characters(self):
+        font = self.get_font()
+        with pytest.raises(ValueError):
+            font.getsize("A" * 1_000_001)
+        with pytest.raises(ValueError):
+            font.getmask2("A" * 1_000_001)
+
+        transposed_font = ImageFont.TransposedFont(font)
+        with pytest.raises(ValueError):
+            transposed_font.getsize("A" * 1_000_001)
+
+        default_font = ImageFont.load_default()
+        with pytest.raises(ValueError):
+            default_font.getsize("A" * 1_000_001)
+
 
 @skip_unless_feature("raqm")
 class TestImageFont_RaqmLayout(TestImageFont):
Index: Pillow-7.2.0/src/PIL/ImageFont.py
===================================================================
--- Pillow-7.2.0.orig/src/PIL/ImageFont.py
+++ Pillow-7.2.0/src/PIL/ImageFont.py
@@ -43,12 +43,21 @@ class _imagingft_not_installed:
         raise ImportError("The _imagingft C module is not installed")
 
 
+MAX_STRING_LENGTH = 1_000_000
+
+
 try:
     from . import _imagingft as core
 except ImportError:
     core = _imagingft_not_installed()
 
 
+def _string_length_check(text):
+    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
+        msg = "too many characters in string"
+        raise ValueError(msg)
+
+
 # FIXME: add support for pilfont2 format (see FontFile.py)
 
 # --------------------------------------------------------------------
@@ -125,6 +134,7 @@ class ImageFont:
 
         :return: (width, height)
         """
+        _string_length_check(text)
         return self.font.getsize(text)
 
     def getmask(self, text, mode="", *args, **kwargs):
@@ -259,6 +269,7 @@ class FreeTypeFont:
 
         :return: (width, height)
         """
+        _string_length_check(text)
         size, offset = self.font.getsize(text, False, direction, features, language)
         return (
             size[0] + stroke_width * 2 + offset[0],
@@ -315,6 +326,7 @@ class FreeTypeFont:
         :return: (width, height)
         """
         max_width = 0
+        _string_length_check(text)
         lines = self._multiline_split(text)
         line_spacing = self.getsize("A", stroke_width=stroke_width)[1] + spacing
         for line in lines:
@@ -468,6 +480,7 @@ class FreeTypeFont:
                  :py:mod:`PIL.Image.core` interface module, and the text offset, the
                  gap between the starting coordinate and the first marking
         """
+        _string_length_check(text)
         size, offset = self.font.getsize(
             text, mode == "1", direction, features, language
         )
@@ -569,6 +582,7 @@ class TransposedFont:
         self.orientation = orientation  # any 'transpose' argument, or None
 
     def getsize(self, text, *args, **kwargs):
+        _string_length_check(text)
         w, h = self.font.getsize(text)
         if self.orientation in (Image.ROTATE_90, Image.ROTATE_270):
             return h, w

Places

File CVE-2023-44271.patch of Package python-Pillow.35230

Places