python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-13 18:56:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1970 from uploadcare/ignore-decompression-dos

Browse Source 
Ignore large text blocks in PNG if LOAD_TRUNCATED_IMAGES is enabled
This commit is contained in:
wiredfool 2016-06-29 22:32:35 +01:00 committed by GitHub
commit 0ddb0f3c7f
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
PIL/PngImagePlugin.py
View File

@ -311,6 +311,11 @@ class PngStream(ChunkStream):
comp_method) comp_method)
try: try:
icc_profile = _safe_zlib_decompress(s[i+2:]) icc_profile = _safe_zlib_decompress(s[i+2:])
except ValueError:
if ImageFile.LOAD_TRUNCATED_IMAGES:
icc_profile = None
else:
raise
except zlib.error: except zlib.error:
icc_profile = None # FIXME icc_profile = None # FIXME
self.im_info["icc_profile"] = icc_profile self.im_info["icc_profile"] = icc_profile
@ -430,6 +435,11 @@ class PngStream(ChunkStream):
comp_method) comp_method)
try: try:
v = _safe_zlib_decompress(v[1:]) v = _safe_zlib_decompress(v[1:])
except ValueError:
if ImageFile.LOAD_TRUNCATED_IMAGES:
v = b""
else:
raise
except zlib.error: except zlib.error:
v = b"" v = b""
@ -462,6 +472,11 @@ class PngStream(ChunkStream):
if cm == 0: if cm == 0:
try: try:
v = _safe_zlib_decompress(v) v = _safe_zlib_decompress(v)
except ValueError:
if ImageFile.LOAD_TRUNCATED_IMAGES:
return s
else:
raise
except zlib.error: except zlib.error:
return s return s
else: else:

17
Tests/check_png_dos.py
View File

@ -1,5 +1,5 @@
from helper import unittest, PillowTestCase from helper import unittest, PillowTestCase
from PIL import Image, PngImagePlugin from PIL import Image, PngImagePlugin, ImageFile
from io import BytesIO from io import BytesIO
import zlib import zlib
@ -7,6 +7,21 @@ TEST_FILE = "Tests/images/png_decompression_dos.png"
class TestPngDos(PillowTestCase): class TestPngDos(PillowTestCase):
def test_ignore_dos_text(self):
ImageFile.LOAD_TRUNCATED_IMAGES = True
try:
im = Image.open(TEST_FILE)
im.load()
finally:
ImageFile.LOAD_TRUNCATED_IMAGES = False
for s in im.text.values():
self.assertLess(len(s), 1024*1024, "Text chunk larger than 1M")
for s in im.info.values():
self.assertLess(len(s), 1024*1024, "Text chunk larger than 1M")
def test_dos_text(self): def test_dos_text(self):
try: try: