Merge pull request #1970 from uploadcare/ignore-decompression-dos

Ignore large text blocks in PNG if LOAD_TRUNCATED_IMAGES is enabled
This commit is contained in:
wiredfool 2016-06-29 22:32:35 +01:00 committed by GitHub
commit 0ddb0f3c7f
2 changed files with 31 additions and 1 deletions

View File

@ -311,6 +311,11 @@ class PngStream(ChunkStream):
comp_method)
try:
icc_profile = _safe_zlib_decompress(s[i+2:])
except ValueError:
if ImageFile.LOAD_TRUNCATED_IMAGES:
icc_profile = None
else:
raise
except zlib.error:
icc_profile = None # FIXME
self.im_info["icc_profile"] = icc_profile
@ -430,6 +435,11 @@ class PngStream(ChunkStream):
comp_method)
try:
v = _safe_zlib_decompress(v[1:])
except ValueError:
if ImageFile.LOAD_TRUNCATED_IMAGES:
v = b""
else:
raise
except zlib.error:
v = b""
@ -462,6 +472,11 @@ class PngStream(ChunkStream):
if cm == 0:
try:
v = _safe_zlib_decompress(v)
except ValueError:
if ImageFile.LOAD_TRUNCATED_IMAGES:
return s
else:
raise
except zlib.error:
return s
else:

View File

@ -1,5 +1,5 @@
from helper import unittest, PillowTestCase
from PIL import Image, PngImagePlugin
from PIL import Image, PngImagePlugin, ImageFile
from io import BytesIO
import zlib
@ -7,6 +7,21 @@ TEST_FILE = "Tests/images/png_decompression_dos.png"
class TestPngDos(PillowTestCase):
def test_ignore_dos_text(self):
ImageFile.LOAD_TRUNCATED_IMAGES = True
try:
im = Image.open(TEST_FILE)
im.load()
finally:
ImageFile.LOAD_TRUNCATED_IMAGES = False
for s in im.text.values():
self.assertLess(len(s), 1024*1024, "Text chunk larger than 1M")
for s in im.info.values():
self.assertLess(len(s), 1024*1024, "Text chunk larger than 1M")
def test_dos_text(self):
try: