Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:chajain:branches:Cloud:Openstack:Master
python-Pillow
011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch of Package python-Pillow
From 394d6a180a4b63a149a223b13e98a3209f837147 Mon Sep 17 00:00:00 2001 From: Eric Soroos <eric-github@soroos.net> Date: Sat, 28 Mar 2020 13:00:46 +0000 Subject: [PATCH 1/4] Track number of pixels, not the number of runs --- src/libImaging/SgiRleDecode.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libImaging/SgiRleDecode.c b/src/libImaging/SgiRleDecode.c index 1ba56b8c7b..3f9400a5bf 100644 --- a/src/libImaging/SgiRleDecode.c +++ b/src/libImaging/SgiRleDecode.c @@ -28,6 +28,7 @@ static void read4B(UINT32* dest, UINT8* buf) static int expandrow(UINT8* dest, UINT8* src, int n, int z, int xsize) { UINT8 pixel, count; + int x = 0; for (;n > 0; n--) { @@ -37,9 +38,10 @@ static int expandrow(UINT8* dest, UINT8* src, int n, int z, int xsize) count = pixel & RLE_MAX_RUN; if (!count) return count; - if (count > xsize) { + if (x + count > xsize) { return -1; } + x += count; if (pixel & RLE_COPY_FLAG) { while(count--) { *dest = *src++; @@ -63,6 +65,7 @@ static int expandrow2(UINT8* dest, const UINT16* src, int n, int z, int xsize) { UINT8 pixel, count; + int x = 0; for (;n > 0; n--) { @@ -73,9 +76,10 @@ static int expandrow2(UINT8* dest, const UINT16* src, int n, int z, int xsize) count = pixel & RLE_MAX_RUN; if (!count) return count; - if (count > xsize) { + if (x + count > xsize) { return -1; } + x += count; if (pixel & RLE_COPY_FLAG) { while(count--) { *dest = *src++; From dd341f12d6d4c1fa3a596daa4fc2795939fbc805 Mon Sep 17 00:00:00 2001 From: Eric Soroos <eric-github@soroos.net> Date: Sat, 28 Mar 2020 13:19:27 +0000 Subject: [PATCH 2/4] Tests for SGI Overruns --- Tests/test_sgi_crash.py | 15 +++++++++++++++ 3 files changed, 15 insertions(+) create mode 100644 Tests/test_sgi_crash.py diff --git a/Tests/test_sgi_crash.py b/Tests/test_sgi_crash.py new file mode 100644 index 0000000000..984234be4c --- /dev/null +++ b/Tests/test_sgi_crash.py @@ -0,0 +1,15 @@ +#!/usr/bin/env python +from .helper import PillowTestCase +from PIL import Image + +repro = ('Tests/images/sgi_overrun_expandrowF04.bin', + 'Tests/images/sgi_crash.bin', + ) + +class TestSgiCrashes(PillowTestCase): + def test_crashes(self): + for path in repro: + with open(path, 'rb') as f: + im = Image.open(f) + with self.assertRaises(IOError): + im.load() From 78478dfcfb97378525151507a4ea7aae9484c01b Mon Sep 17 00:00:00 2001 From: Hugo <hugovk@users.noreply.github.com> Date: Wed, 1 Apr 2020 10:13:12 +0300 Subject: [PATCH 3/4] Black and isort --- Tests/test_sgi_crash.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Tests/test_sgi_crash.py b/Tests/test_sgi_crash.py index 984234be4c..c8917df4d5 100644 --- a/Tests/test_sgi_crash.py +++ b/Tests/test_sgi_crash.py @@ -1,15 +1,18 @@ #!/usr/bin/env python -from .helper import PillowTestCase from PIL import Image -repro = ('Tests/images/sgi_overrun_expandrowF04.bin', - 'Tests/images/sgi_crash.bin', - ) +from .helper import PillowTestCase + +repro = ( + "Tests/images/sgi_overrun_expandrowF04.bin", + "Tests/images/sgi_crash.bin", +) + class TestSgiCrashes(PillowTestCase): def test_crashes(self): for path in repro: - with open(path, 'rb') as f: + with open(path, "rb") as f: im = Image.open(f) with self.assertRaises(IOError): im.load() From 44096adf59938637a535766d586e00b1a35b7ff3 Mon Sep 17 00:00:00 2001 From: Hugo <hugovk@users.noreply.github.com> Date: Wed, 1 Apr 2020 10:19:15 +0300 Subject: [PATCH 4/4] Convert from unittest to pytest --- Tests/test_sgi_crash.py | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/Tests/test_sgi_crash.py b/Tests/test_sgi_crash.py index c8917df4d5..6f3fc6f5d1 100644 --- a/Tests/test_sgi_crash.py +++ b/Tests/test_sgi_crash.py @@ -1,18 +1,14 @@ #!/usr/bin/env python +import pytest from PIL import Image -from .helper import PillowTestCase -repro = ( - "Tests/images/sgi_overrun_expandrowF04.bin", - "Tests/images/sgi_crash.bin", +@pytest.mark.parametrize( + "test_file", + ["Tests/images/sgi_overrun_expandrowF04.bin", "Tests/images/sgi_crash.bin"], ) - - -class TestSgiCrashes(PillowTestCase): - def test_crashes(self): - for path in repro: - with open(path, "rb") as f: - im = Image.open(f) - with self.assertRaises(IOError): - im.load() +def test_crashes(test_file): + with open(test_file, "rb") as f: + im = Image.open(f) + with pytest.raises(IOError): + im.load()
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor