File CVE-2023-44271.patch of Package python-Pillow

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-44271.patch of Package python-Pillow

Index: Pillow-5.2.0/Tests/test_imagefont.py
===================================================================
--- Pillow-5.2.0.orig/Tests/test_imagefont.py
+++ Pillow-5.2.0/Tests/test_imagefont.py
@@ -526,6 +526,21 @@ class TestImageFont(PillowTestCase):
 class TestImageFont_RaqmLayout(TestImageFont):
     LAYOUT_ENGINE = ImageFont.LAYOUT_RAQM
 
+    def test_too_many_characters(self):
+        font = self.get_font()
+        with pytest.raises(ValueError):
+            font.getsize("A" * 1000001)
+        with pytest.raises(ValueError):
+            font.getmask2("A" * 1000001)
+
+        transposed_font = ImageFont.TransposedFont(font)
+        with pytest.raises(ValueError):
+            transposed_font.getsize("A" * 1000001)
+
+        default_font = ImageFont.load_default()
+        with pytest.raises(ValueError):
+            default_font.getsize("A" * 1000001)
+
 
 if __name__ == '__main__':
     unittest.main()
Index: Pillow-5.2.0/src/PIL/ImageFont.py
===================================================================
--- Pillow-5.2.0.orig/src/PIL/ImageFont.py
+++ Pillow-5.2.0/src/PIL/ImageFont.py
@@ -40,12 +40,21 @@ class _imagingft_not_installed(object):
         raise ImportError("The _imagingft C module is not installed")
 
 
+MAX_STRING_LENGTH = 1000000
+
+
 try:
     from . import _imagingft as core
 except ImportError:
     core = _imagingft_not_installed()
 
 
+def _string_length_check(text):
+    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
+        msg = "too many characters in string"
+        raise ValueError(msg)
+
+
 # FIXME: add support for pilfont2 format (see FontFile.py)
 
 # --------------------------------------------------------------------
@@ -158,11 +167,13 @@ class FreeTypeFont(object):
         return self.font.ascent, self.font.descent
 
     def getsize(self, text, direction=None, features=None):
+        _string_length_check(text)
         size, offset = self.font.getsize(text, direction, features)
         return (size[0] + offset[0], size[1] + offset[1])
 
     def getsize_multiline(self, text, direction=None, spacing=4, features=None):
         max_width = 0
+        _string_length_check(text)
         lines = self._multiline_split(text)
         line_spacing = self.getsize('A')[1] + spacing
         for line in lines:
@@ -172,12 +183,14 @@ class FreeTypeFont(object):
         return max_width, len(lines)*line_spacing - spacing
 
     def getoffset(self, text):
+        _string_length_check(text)
         return self.font.getsize(text)[1]
 
     def getmask(self, text, mode="", direction=None, features=None):
         return self.getmask2(text, mode, direction=direction, features=features)[0]
 
     def getmask2(self, text, mode="", fill=Image.core.fill, direction=None, features=None, *args, **kwargs):
+        _string_length_check(text)
         size, offset = self.font.getsize(text, direction, features)
         im = fill("L", size, 0)
         self.font.render(text, im.id, mode == "1", direction, features)
@@ -219,6 +232,7 @@ class TransposedFont(object):
         self.orientation = orientation  # any 'transpose' argument, or None
 
     def getsize(self, text, *args, **kwargs):
+        _string_length_check(text)
         w, h = self.font.getsize(text)
         if self.orientation in (Image.ROTATE_90, Image.ROTATE_270):
             return h, w

Places

File CVE-2023-44271.patch of Package python-Pillow

Places