python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-12 18:26:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

do not crop ImageFont glyphs from negative coordinates

Browse Source
This commit is contained in:
Nulano 2024-01-01 11:35:42 +01:00
parent 1469e433b6
commit 0eb661b889
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Tests/test_imagefontpil.py
View File

@ -66,7 +66,9 @@ def test_decompression_bomb():
@pytest.mark.timeout(4)
def test_oom():
glyph = struct.pack(">hhhhhhhhhh", 1, 0, 0, 0, 32767, 32767, 0, 0, 32767, 32767)
glyph = struct.pack(
">hhhhhhhhhh", 1, 0, -32767, -32767, 32767, 32767, -32767, -32767, 32767, 32767
)
fp = BytesIO(b"PILfont\n\nDATA\n" + glyph * 256)
font = ImageFont.ImageFont()

8
src/_imaging.c
View File

@ -2652,6 +2652,14 @@ _font_new(PyObject *self_, PyObject *args) {
// Do not allow glyphs to extend beyond bitmap image
// Helps prevent DOS by stopping cropped images being larger than the original
if (self->glyphs[i].sx0 < 0) {
self->glyphs[i].dx0 -= self->glyphs[i].sx0;
self->glyphs[i].sx0 = 0;
}
if (self->glyphs[i].sy0 < 0) {
self->glyphs[i].dy0 -= self->glyphs[i].sy0;
self->glyphs[i].sy0 = 0;
}
if (self->glyphs[i].sx1 > self->bitmap->xsize) {
self->glyphs[i].dx1 -= self->glyphs[i].sx1 - self->bitmap->xsize;
self->glyphs[i].sx1 = self->bitmap->xsize;