From 138bd714f5cb2346af71447f7ec52ed54037bc0b Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Wed, 1 Jan 2020 16:07:03 +1100 Subject: [PATCH] Raise an error for an invalid number of bands in FPX image --- Tests/images/input_bw_five_bands.fpx | Bin 0 -> 33792 bytes Tests/test_file_fpx.py | 6 ++++++ src/PIL/FpxImagePlugin.py | 5 ++++- 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 Tests/images/input_bw_five_bands.fpx diff --git a/Tests/images/input_bw_five_bands.fpx b/Tests/images/input_bw_five_bands.fpx new file mode 100644 index 0000000000000000000000000000000000000000..5fcb144aef1e450669894f95bef740708a3506a0 GIT binary patch literal 33792 zcmeG^2Ygf2*C#EdWf;o{GiV{qAlfhk3NL^LQ6dNhQL6%BwG>LBNO2Vr5O6UHqBx)~ za8d_U90e4_fg+-yH~?|r-hhMt&$;8RjE=N^KR(}0&pY>?ea~Gl<8{|N^$x5lYIYDz zr4PiziPBn7Q%AR9oq&~OfH#>`G`6*| zUI(Er!YK%Lgi{f43P3%C`UnjW8X`Cl8X+`BXoAobfowEK>_ljRa2mqt2q_3H5n3UT zOl!n#5ZWTNLuilC0l|&X5#bDkP6%froQ05z;6WhWE{MA#bVKNl&;!AX&=a8-!r2Jt zAoND)gPmGT!un6zH)Ia&Vwn4r@<`DN=~cJ4VT=Qw5FeHOVLorPw#eVJ#9>_ zIgM&JY22)7+cxdnxjS_0+M|0!{AX^bNq55EnT#5 z!HVSt%V16O-h*1~u#ub(C);xyHWnwqFqi?8@im(H9*9wl$B3peN-ktzeF_<|+2U=Y zP!o3_TaEad3GETn_|e=YY=as#X2#hdF1}ukgqEI~i5K^+KRdD8h)sL9+9Y{^_R zt-Bsb!BNgX2f6*N82&v0RKIntlgzNhD9U)Bpm-{gJCmI!B-6Q*W4M6&p znAYyI#KeV8^Is2g4jta0CE17xD5 zqP!OwbY>HOF~j}Q^JMhKcON8GsMN>Rub=JVl;yr7G3}QdgkYrIZy5HPPJwZl4Y?1d zveVw^p)>YG`ltO0Mj7)!B812WkMvV63 zQaK&gV}tevI!ELlL74UoWWl_CEqfF0Ic`R8qEnG_>ii#X9CtL0&dS<7C_df#H_aVd zuVq1ko421spN`WD`*0S-=D+6~OZOzf0NA%JPBPM%vM3i^_(R&Fo z{V|T1_aAouSCREs7yYLoP#KE7osK=v!n;tp&&nOA?B0_dn~m=0$UpT9MjPh=k>t9A z`*yPXP@>5~cfVsW>)IY5ce@lgA7dL0WAQpoiicn~=AZggk^a;EKT5S^LqAw>zR}#I zc{mm^&BH9B<1v$q7o0E2*CD1gO7oF)Mh$Cklk<-x^!NQJ53LdCyr*?cdOiV?hf`WR zzar?nP=?-1l8#S+USIALeUV3bARetRtj(tT4{B3?ao=HuHN;U40=j zE{Z3x%=^iTqs>2gHdE(2!rDT@J|A82^8g=vE06Eh!=L}YI&}BMi=6)w(|MJag8L9| z9MRSv?N_p-`gpCjPu)5gAq9s*=AOMT3A6sxb*HYsBsi9jpD1+Px*%HrjqC5gK^Y6- z+CJW<^+)fgWDHWq7e8B8!R((tFBu}Z(fsT4FOAjmZQds9gd^o&FJt!K44Ldc8?m~6 z>AcasZx<8XVCLU#guRt1cL=d*m*pn>eO6gomFMH^GANsx241)Z=^HJClL|}YYG(a% z8)JfaLH|_3x-b%%Fe7nk7P(Xuq;eUOW=WXb(-jMkL^2~{l4bI$gfL*z58ElJC{&mU z>IVsj(O1P~g?y7FS0s$U5z+NNsiBi44XMYq*_A5`U8cavBrOV86S{)ST52FD!JM;h znDxmLH$hkQq!vkLfl;hReN|ScB6T%YM&W_8c%=lV8(L~ZXOLHgzR5q2mPgFPGg72I z3S9P3XByeuE|*g|%#^CjH95_|VcL`fQe-X|5{gI`bVlGos$mEX&7Nw*94IkJn$aaw z(omoI5kg#$`xWvO5_@qGM&;UMQ|L<{(yZ1G)i62I73P+!Bb9p;+Nu=S5bjl~Rv|u@ z(Hk(vBBe##`WR4E1|>0#0u?Sz4Ft0eli)&9TuSLg8A*6mZHQ>O1(MJyFh9Iafk`i_ zEb}NYMy`=6oiZ#85)vj&mQ}hisj}5dh_4U=imK9TB}7U`AR(O~ubPND@zAPHnV2+` z28*E@I*L%%+0ZEF#Ou_IRjxuaSfk6#Ym^8zsYB|*0Fop%f|4YwV(3ol3rrL#79Ddj zu8(!qP;@Pg%k+i15ot1!YX9Ab6X08C<=mEKBSEX=r3Xb7WuU4u5bd)8{JlZc-xFgDaR~IA zt`jnzSZ)O^-RK#pvfqCwa9m90Y4`dA={cFffWr~UFFlkWwUB>@i+(wY-s}#C z)8TPC{9d;|J&>+sZpT3@iCRc6vpDFsgWH>!=yZAmip#CI9p3cJ+g26sk3Q(gCH=HR zM@sTM-hkVIFR$C_45Yc;&b<7Ro#a1yA$>z}v#Xekd zdy3MX`S~S#qNc9|_3fT@M~iYYy>6Gson8=d=H+-i3XVWgnsYdgU0LJr_U7z4vM#Lv z<930PskptU>`|2T`QAh)C|HYDu=Ac(>k0#jnT6PAm)qe~P~YS6I2DiGld0r;qfVcE zjNcW^PfxT50$!)bo9ObVdlkj+vU>uF&VXN0(#q7QX@~31?X=_Ap<|Di=CQ|1Yf;HB zC_~>x!jR|=c-?M?haSLRa#nJsE*Oi9L?C7DRrAPO# z3+VeEMmmI~I2}sSQ8~wt6#Hr0sX$RcQA(sb!=YV>X3o;L@@LH-{Q|PqPqh8Q%(M0n zYyYtJ4{QI>GGOhW<~=f6`()ogtfu50CjF6155`mt{ zTa7>;_8rCt?0ksj^I_$w%jfybcmUejh5u}Z#v}>r?GZ*H(C%bo|J4Tl;)8#aF<=6H zp=TfC;^H7aJ|6#zNDW9xNPwC(YvOZiiI9|(1hs0_g4(rfL!CNxpl;o|aLOsCfZc9~ zQ%^k=l9Q96UcGuyzkYpa(4YY{Y}gPS4hJ-9)Cd|kZVXMDG=Zi~n?kc@&7gVn=HPTX zp+$=paN237!Re=;4k;-q(6VJqXw|9}xLhu1-MTfjY10PUwrvaT+O>oB?b}0#4jlmB zHbcjb9pQ{K&VWvxI>DJ|o(X52br#@1836qB06KT>3|+c(fv#PQ6)RT2op;^|D_5?ByY9LR?!NnOShZ>u+;h)8aPPhM!hQGM2lwB9KdfH88rG~? z1BHc!@W2BPz=IDy2oF8<5Ip?w!|=!>kHFfsYhm5Gb@1q;kHTY*JqC|I{y04G#1ru3 zlTX4^Pdx?e*RO}7q9S8IhDXP$v)pM4gdd+s^duwesi+_({ni;Lm;=bwj7n>N7< zFT4ORzW5@%^wLZ4^2;v+eo_XTH*bb5TeiT~ty|%hS6+cvUwsv}ZQBOhw{M5nUV9C8 z?AQUXzy3PB@x~kQ=9_QATW`GuJ9qAcx8Hsn-g)O8*tKgHy!-CEuzUAzc<;UUV9%aC z@c#Sn!v`OH0DJfDg?;<>!G|Ay2p@g)5$xZ;A3py0WBBBgPvFx}KZVae`wR{oH~KmPb5{PfdL@bk|A$HEByA`Z}9u?zr!DY`~gRg9))Aaj=}Nc$KlUE z|AfE(`V0R4`)~N?pMT)Qi4(L}=(mCLZRdK8^3=%(^TR9Ua8e$tnoKp@*JY^8(6yi{ zQ!D$oFO{)MIl z30ATrIv;WXbls}FWu09$KJLI6Xk~s^rMJzK!EIK#eXaW@ms*o*nwYU~ky-|MLqlp{ zPuR2#%alTqF$P7sAORjJzp4td$t7egFn@q?i! z9FZ-ha12J%8x}%(QaQTAmue&jdSlgLKa5Qzp;zfxRMn<_qL8GRdcqDzBpf;_%!Hbd zNNJS<0uw?oTH`e7l1Vb-TGWC^RMOTlm^5Pxn@mR9;+W)#ELu7Vjmmh8QwjSNlh!3& zRp%FNGjBW+=1E4R2BsxO7cX+TZPkOQNEwNBSnVV~{)9Bl50Bq}5OW8zje&PD;u!`#g2bf{-V1 zRfOr1AW?K=%^V8^Ia(A(WlfTq(Ag0Fb>bu|TuGM<P@#5(?Nisd z8L}sO%1QjH32y)mb#GAt_RnFqdHz8H}FI>$*ra zrnIJ+mK05<+U={($tQMK_JMkiJbffcV1JTEOi~v}T9RyzC6(laHG%YU8b`-u(}?uB z8)?a)rxH~?5wk!jEIB4hs9|C2-?pzsNWsczMHCp5jz%pK5v?OQQh|SzQWeEgqYZ@M?{Mnze%aACd(!_NS2wn$$nWTIA4v9n!FEG zVO6!M=cxJT`ej|K+kP1TJR4$eif|2LoMs?Zs3G%0gCOgg0U}~cM4{0uT%$0<*r&lD zPRxZ_31_G(?T19kj8{qgA*LmPyO6D_$JJ`TlBubJ`A}A(s@p|%+b^qs20jI2ec#My zdR1So?|-$aW_|x_egA8H|NEc+{#V-&teTYpD+5*rtPEHgurgp}z{-G?0V@Mm2CNKN l8L%>7Wx&dSl>sXQRtBsLSQ)S~P^}rTzW=T2Z+^MG{{i2sp637n literal 0 HcmV?d00001 diff --git a/Tests/test_file_fpx.py b/Tests/test_file_fpx.py index 7c985be30..25a7ff24b 100644 --- a/Tests/test_file_fpx.py +++ b/Tests/test_file_fpx.py @@ -1,5 +1,7 @@ import unittest +from PIL import Image + from .helper import PillowTestCase try: @@ -20,3 +22,7 @@ class TestFileFpx(PillowTestCase): # Test a valid OLE file, but not an FPX file ole_file = "Tests/images/test-ole-file.doc" self.assertRaises(SyntaxError, FpxImagePlugin.FpxImageFile, ole_file) + + def test_fpx_invalid_number_of_bands(self): + with self.assertRaisesRegex(IOError, "Invalid number of bands"): + Image.open("Tests/images/input_bw_five_bands.fpx") diff --git a/src/PIL/FpxImagePlugin.py b/src/PIL/FpxImagePlugin.py index 3938f0f09..8d252c79c 100644 --- a/src/PIL/FpxImagePlugin.py +++ b/src/PIL/FpxImagePlugin.py @@ -97,7 +97,10 @@ class FpxImageFile(ImageFile.ImageFile): s = prop[0x2000002 | id] colors = [] - for i in range(i32(s, 4)): + bands = i32(s, 4) + if bands > 4: + raise IOError("Invalid number of bands") + for i in range(bands): # note: for now, we ignore the "uncalibrated" flag colors.append(i32(s, 8 + i * 4) & 0x7FFFFFFF)