From ff668ae54e4d14e9738a463bd636d2da42cbcdc0 Mon Sep 17 00:00:00 2001 From: hugovk Date: Sat, 5 Jul 2014 21:55:19 +0300 Subject: [PATCH 1/2] Add (failing) test for #771 --- Tests/test_decompression_bomb.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py index 4c09bd9e3..71ca6780b 100644 --- a/Tests/test_decompression_bomb.py +++ b/Tests/test_decompression_bomb.py @@ -39,6 +39,18 @@ class TestDecompressionBomb(PillowTestCase): Image.DecompressionBombWarning, lambda: Image.open(test_file)) + def test_image_new(self): + # Arrange + # Set limit to a low, easily testable value + Image.MAX_IMAGE_PIXELS = 10 + self.assertEqual(Image.MAX_IMAGE_PIXELS, 10) + + # Act / Assert + self.assert_warning( + Image.DecompressionBombWarning, + lambda: Image.new('L', (100, 100), 0)) + + if __name__ == '__main__': unittest.main() From 48e12e04de8cf8244e0793ae01b0f461d87de904 Mon Sep 17 00:00:00 2001 From: hugovk Date: Sat, 5 Jul 2014 21:55:59 +0300 Subject: [PATCH 2/2] Add decompression bomb warning for Image.new() (re: #771) --- PIL/Image.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/PIL/Image.py b/PIL/Image.py index 787e60270..551c23c29 100644 --- a/PIL/Image.py +++ b/PIL/Image.py @@ -1985,6 +1985,8 @@ def new(mode, size, color=0): :returns: An :py:class:`~PIL.Image.Image` object. """ + _decompression_bomb_check(size) + if color is None: # don't initialize return Image()._new(core.new(mode, size))