File 013-Fix-bounds-overflow-in-PCX-decoding.patch of Package python-Pillow
From 124f4bb591e16212605d0e41c413ed53e242cba2 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Mon, 9 Mar 2020 20:21:40 +0000
Subject: [PATCH 1/3] Tests for PCX OOB Access
---
Tests/test_image.py | 4 ++++
2 files changed, 4 insertions(+)
diff --git a/Tests/test_image.py b/Tests/test_image.py
index b0fd7c5403..6e9a5e8832 100644
--- a/Tests/test_image.py
+++ b/Tests/test_image.py
@@ -535,6 +535,9 @@ def test_no_resource_warning_on_save(self):
self.assert_warning(None, im.save, temp_file)
def test_overrun(self):
+ """ For overrun completeness, test as:
+ `valgrind pytest -qq Tests/test_image.py::TestImage::test_overrun | grep decode.c`
+ """
for file in [
"fli_overrun.bin",
"sgi_overrun.bin",
@@ -542,6 +545,7 @@ def test_overrun(self):
"sgi_overrun_expandrow2.bin",
"pcx_overrun.bin",
"pcx_overrun2.bin",
+ "01r_00.pcx",
]:
im = Image.open(os.path.join("Tests/images", file))
try:
From 6a83e4324738bb0452fbe8074a995b1c73f08de7 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Mon, 9 Mar 2020 20:22:06 +0000
Subject: [PATCH 2/3] Fix OOB Access on PcxDecode.c
---
src/libImaging/PcxDecode.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/libImaging/PcxDecode.c b/src/libImaging/PcxDecode.c
index 9e9504ce5f..e5a38f4bec 100644
--- a/src/libImaging/PcxDecode.c
+++ b/src/libImaging/PcxDecode.c
@@ -22,10 +22,7 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
UINT8 n;
UINT8* ptr;
- if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) {
- state->errcode = IMAGING_CODEC_OVERRUN;
- return -1;
- } else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
+ if ((state->xsize * state->bits + 7) / 8 > state->bytes) {
state->errcode = IMAGING_CODEC_OVERRUN;
return -1;
}
From ada137eba5b605fd5aeff619c33bbf0e53af26ee Mon Sep 17 00:00:00 2001
From: Hugo <hugovk@users.noreply.github.com>
Date: Wed, 1 Apr 2020 10:52:21 +0300
Subject: [PATCH 3/3] Fix Flake8
---
Tests/test_image.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Tests/test_image.py b/Tests/test_image.py
index 6e9a5e8832..3a0b7bd62d 100644
--- a/Tests/test_image.py
+++ b/Tests/test_image.py
@@ -536,7 +536,7 @@ def test_pillow_version(self, test_module):
def test_overrun(self):
""" For overrun completeness, test as:
- `valgrind pytest -qq Tests/test_image.py::TestImage::test_overrun | grep decode.c`
+ valgrind pytest -qq Tests/test_image.py::TestImage::test_overrun | grep decode.c
"""
for file in [
"fli_overrun.bin",