Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
systemsmanagement:Ardana:8:CentOS:7.3
python-Pillow
016-Fix-Memory-DOS-in-BLP-ICNS-and-ICO-Image-Pl...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 016-Fix-Memory-DOS-in-BLP-ICNS-and-ICO-Image-Plugins.patch of Package python-Pillow
From 756fff33128a0b643d10518a26ad04b726dd8973 Mon Sep 17 00:00:00 2001 From: Eric Soroos <eric-github@soroos.net> Date: Wed, 24 Feb 2021 23:27:07 +0100 Subject: [PATCH] Fix Memory DOS in Icns, Ico and Blp Image Plugins Some container plugins that could contain images of other formats, such as the ICNS format, did not properly check the reported size of the contained image. These images could cause arbitrariliy large memory allocations. This is fixed for all locations where individual *ImageFile classes are created without going through the usual Image.open method. --- ...d3316a4109213ca96fb8a256a0bfefdece1461.icns | Bin 0 -> 240915 bytes Tests/test_file_icns.py | 6 ++++++ PIL/IcnsImagePlugin.py | 2 ++ PIL/IcoImagePlugin.py | 1 + 5 files changed, 10 insertions(+) create mode 100644 Tests/images/oom-8ed3316a4109213ca96fb8a256a0bfefdece1461.icns diff --git a/Tests/test_file_icns.py b/Tests/test_file_icns.py index a3d502d429..ce89f01582 100644 --- a/Tests/test_file_icns.py +++ b/Tests/test_file_icns.py @@ -81,6 +81,12 @@ def test_not_an_icns_file(): im2.load() self.assertEqual(im2.mode, 'RGBA') self.assertEqual(im2.size, (wr, hr)) + +# disabled because test image uses JPEG2000 which is not enabled for this package +# def test_icns_decompression_bomb(self): +# with self.assertRaises(Image.DecompressionBombError): +# im = Image.open('Tests/images/oom-8ed3316a4109213ca96fb8a256a0bfefdece1461.icns') +# im.load() if __name__ == '__main__': diff --git a/PIL/IcnsImagePlugin.py b/PIL/IcnsImagePlugin.py index 2a63d75cb2..ca6a0adad4 100644 --- a/PIL/IcnsImagePlugin.py +++ b/PIL/IcnsImagePlugin.py @@ -110,6 +110,7 @@ def read_png_or_jpeg2000(fobj, start_length, size): if sig[:8] == b'\x89PNG\x0d\x0a\x1a\x0a': fobj.seek(start) im = PngImagePlugin.PngImageFile(fobj) + Image._decompression_bomb_check(im.size) return {"RGBA": im} elif sig[:4] == b'\xff\x4f\xff\x51' \ or sig[:4] == b'\x0d\x0a\x87\x0a' \ @@ -122,6 +123,7 @@ def read_png_or_jpeg2000(fobj, start_length, size): jp2kstream = fobj.read(length) f = io.BytesIO(jp2kstream) im = Jpeg2KImagePlugin.Jpeg2KImageFile(f) + Image._decompression_bomb_check(im.size) if im.mode != 'RGBA': im = im.convert('RGBA') return {"RGBA": im} diff --git a/PIL/IcoImagePlugin.py b/PIL/IcoImagePlugin.py index e1bfa7a598..5634bf8e91 100644 --- a/PIL/IcoImagePlugin.py +++ b/PIL/IcoImagePlugin.py @@ -164,6 +164,7 @@ def frame(self, idx): if data[:8] == PngImagePlugin._MAGIC: # png frame im = PngImagePlugin.PngImageFile(self.buf) + Image._decompression_bomb_check(im.size) else: # XOR + AND mask bmp frame im = BmpImagePlugin.DibImageFile(self.buf)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor