Overview

File CVE-2021-34552.patch of Package python-Pillow.35230

Index: Pillow-7.2.0/src/libImaging/Convert.c
===================================================================
--- Pillow-7.2.0.orig/src/libImaging/Convert.c
+++ Pillow-7.2.0/src/libImaging/Convert.c
@@ -1664,9 +1664,8 @@ convert(Imaging imOut, Imaging imIn, con
 #ifdef notdef
         return (Imaging) ImagingError_ValueError("conversion not supported");
 #else
-        static char buf[256];
-        /* FIXME: may overflow if mode is too large */
-        sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
+        static char buf[100];
+        snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
         return (Imaging) ImagingError_ValueError(buf);
 #endif
     }
@@ -1724,9 +1723,8 @@ ImagingConvertTransparent(Imaging imIn,
     }
 #else
     {
-      static char buf[256];
-      /* FIXME: may overflow if mode is too large */
-      sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode);
+      static char buf[100];
+      snprintf(buf, 100, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode);
       return (Imaging) ImagingError_ValueError(buf);
     }
 #endif
openSUSE Build Service is sponsored by
Places