File CVE-2023-44271.patch of Package python-Pillow.33217
Index: Pillow-7.2.0/Tests/test_imagefont.py
===================================================================
--- Pillow-7.2.0.orig/Tests/test_imagefont.py
+++ Pillow-7.2.0/Tests/test_imagefont.py
@@ -733,6 +733,21 @@ class TestImageFont:
font.set_variation_by_axes([100])
self._check_text(font, "Tests/images/variation_tiny_axes.png", 32.5)
+ def test_too_many_characters(self):
+ font = self.get_font()
+ with pytest.raises(ValueError):
+ font.getsize("A" * 1_000_001)
+ with pytest.raises(ValueError):
+ font.getmask2("A" * 1_000_001)
+
+ transposed_font = ImageFont.TransposedFont(font)
+ with pytest.raises(ValueError):
+ transposed_font.getsize("A" * 1_000_001)
+
+ default_font = ImageFont.load_default()
+ with pytest.raises(ValueError):
+ default_font.getsize("A" * 1_000_001)
+
@skip_unless_feature("raqm")
class TestImageFont_RaqmLayout(TestImageFont):
Index: Pillow-7.2.0/src/PIL/ImageFont.py
===================================================================
--- Pillow-7.2.0.orig/src/PIL/ImageFont.py
+++ Pillow-7.2.0/src/PIL/ImageFont.py
@@ -43,12 +43,21 @@ class _imagingft_not_installed:
raise ImportError("The _imagingft C module is not installed")
+MAX_STRING_LENGTH = 1_000_000
+
+
try:
from . import _imagingft as core
except ImportError:
core = _imagingft_not_installed()
+def _string_length_check(text):
+ if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
+ msg = "too many characters in string"
+ raise ValueError(msg)
+
+
# FIXME: add support for pilfont2 format (see FontFile.py)
# --------------------------------------------------------------------
@@ -125,6 +134,7 @@ class ImageFont:
:return: (width, height)
"""
+ _string_length_check(text)
return self.font.getsize(text)
def getmask(self, text, mode="", *args, **kwargs):
@@ -259,6 +269,7 @@ class FreeTypeFont:
:return: (width, height)
"""
+ _string_length_check(text)
size, offset = self.font.getsize(text, False, direction, features, language)
return (
size[0] + stroke_width * 2 + offset[0],
@@ -315,6 +326,7 @@ class FreeTypeFont:
:return: (width, height)
"""
max_width = 0
+ _string_length_check(text)
lines = self._multiline_split(text)
line_spacing = self.getsize("A", stroke_width=stroke_width)[1] + spacing
for line in lines:
@@ -468,6 +480,7 @@ class FreeTypeFont:
:py:mod:`PIL.Image.core` interface module, and the text offset, the
gap between the starting coordinate and the first marking
"""
+ _string_length_check(text)
size, offset = self.font.getsize(
text, mode == "1", direction, features, language
)
@@ -569,6 +582,7 @@ class TransposedFont:
self.orientation = orientation # any 'transpose' argument, or None
def getsize(self, text, *args, **kwargs):
+ _string_length_check(text)
w, h = self.font.getsize(text)
if self.orientation in (Image.ROTATE_90, Image.ROTATE_270):
return h, w
