File 002-Added-decompression-bomb-checks.patch of Package python-Pillow
From eed2bfc5b49782f33c5c73080b1d15abcc1e0c38 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Sun, 29 Sep 2019 14:14:38 +1000
Subject: [PATCH] Added decompression bomb checks
---
Tests/test_decompression_bomb.py | 9 +++++++++
src/PIL/GifImagePlugin.py | 1 +
src/PIL/IcoImagePlugin.py | 1 +
3 files changed, 11 insertions(+)
diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py
index b3a36fe787..7c18f85d24 100644
--- a/Tests/test_decompression_bomb.py
+++ b/Tests/test_decompression_bomb.py
@@ -15,6 +15,7 @@ def tearDown(self):
def test_no_warning_small_file(self):
# Implicit assert: no warning.
# A warning would cause a failure.
+ Image.MAX_IMAGE_PIXELS = ORIGINAL_LIMIT
Image.open(TEST_FILE)
def test_no_warning_no_limit(self):
@@ -44,7 +45,11 @@ def test_exception(self):
self.assertRaises(Image.DecompressionBombError,
lambda: Image.open(TEST_FILE))
+ def test_exception_ico(self):
+ with self.assertRaises(Image.DecompressionBombError):
+ Image.open("Tests/images/decompression_bomb.ico")
+
class TestDecompressionCrop(PillowTestCase):
def setUp(self):
diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py
index 07f5ab6832..9d8e96feee 100644
--- a/src/PIL/GifImagePlugin.py
+++ b/src/PIL/GifImagePlugin.py
@@ -251,7 +251,8 @@ def _seek(self, frame):
self.dispose = None
elif self.disposal_method == 2:
# replace with background colour
+ Image._decompression_bomb_check(self.size)
self.dispose = Image.core.fill("P", self.size,
self.info["background"])
else:
# replace with previous contents
diff --git a/src/PIL/IcoImagePlugin.py b/src/PIL/IcoImagePlugin.py
index fc728d6fbd..148e604f89 100644
--- a/src/PIL/IcoImagePlugin.py
+++ b/src/PIL/IcoImagePlugin.py
@@ -167,6 +167,7 @@ def frame(self, idx):
else:
# XOR + AND mask bmp frame
im = BmpImagePlugin.DibImageFile(self.buf)
+ Image._decompression_bomb_check(im.size)
# change tile dimension to only encompass XOR image
im.size = (im.size[0], int(im.size[1] / 2))