File CVE-2022-22815.patch of Package python-Pillow.33871

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-22815.patch of Package python-Pillow.33871

Index: Pillow-7.2.0/Tests/test_imagepath.py
===================================================================
--- Pillow-7.2.0.orig/Tests/test_imagepath.py
+++ Pillow-7.2.0/Tests/test_imagepath.py
@@ -75,6 +75,22 @@ class TestImagePath:
             for i in range(200000):
                 x[i] = b"0" * 16
 
+    @pytest.mark.parametrize(
+        "coords, expected",
+        [
+            ([0, 1, 2, 3], (0.0, 1.0, 2.0, 3.0)),
+            ([3, 2, 1, 0], (1.0, 0.0, 3.0, 2.0)),
+            (0, (0.0, 0.0, 0.0, 0.0)),
+            (1, (0.0, 0.0, 0.0, 0.0)),
+        ],
+    )
+    def test_getbbox(self, coords, expected):
+        # Arrange
+        p = ImagePath.Path(coords)
+
+        # Act / Assert
+        assert p.getbbox() == expected
+
 
 class evil:
     def __init__(self):
Index: Pillow-7.2.0/src/path.c
===================================================================
--- Pillow-7.2.0.orig/src/path.c
+++ Pillow-7.2.0/src/path.c
@@ -60,7 +60,7 @@ alloc_array(Py_ssize_t count)
         PyErr_NoMemory();
         return NULL;
     }
-    xy = malloc(2 * count * sizeof(double) + 1);
+    xy = calloc(2 * count * sizeof(double) + 1, sizeof(double));
     if (!xy) {
         PyErr_NoMemory();
     }
@@ -340,21 +340,25 @@ path_getbbox(PyPathObject* self, PyObjec
 
     xy = self->xy;
 
-    x0 = x1 = xy[0];
-    y0 = y1 = xy[1];
-
-    for (i = 1; i < self->count; i++) {
-        if (xy[i+i] < x0) {
-            x0 = xy[i+i];
-        }
-        if (xy[i+i] > x1) {
-            x1 = xy[i+i];
-        }
-        if (xy[i+i+1] < y0) {
-            y0 = xy[i+i+1];
-        }
-        if (xy[i+i+1] > y1) {
-            y1 = xy[i+i+1];
+    if (self->count == 0) {
+        x0 = x1 = 0;
+        y0 = y1 = 0;
+    } else {
+        x0 = x1 = xy[0];
+        y0 = y1 = xy[1];
+        for (i = 1; i < self->count; i++) {
+            if (xy[i + i] < x0) {
+                x0 = xy[i + i];
+            }
+            if (xy[i + i] > x1) {
+                x1 = xy[i + i];
+            }
+            if (xy[i + i + 1] < y0) {
+                y0 = xy[i + i + 1];
+            }
+            if (xy[i + i + 1] > y1) {
+                y1 = xy[i + i + 1];
+            }
         }
     }

Places

File CVE-2022-22815.patch of Package python-Pillow.33871

Places