From 2ec53e36e9135fda4e2eb6bbd5343a7facae71da Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sun, 31 Dec 2023 23:17:28 +1100 Subject: [PATCH] Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() --- Tests/test_imagefont.py | 2 ++ docs/releasenotes/10.2.0.rst | 15 +++++++++++++-- src/PIL/ImageFont.py | 1 + 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py index efe523643..807d581ed 100644 --- a/Tests/test_imagefont.py +++ b/Tests/test_imagefont.py @@ -1058,6 +1058,8 @@ def test_too_many_characters(font): imagefont.getlength("A" * 1_000_001) with pytest.raises(ValueError): imagefont.getbbox("A" * 1_000_001) + with pytest.raises(ValueError): + imagefont.getmask("A" * 1_000_001) @pytest.mark.parametrize( diff --git a/docs/releasenotes/10.2.0.rst b/docs/releasenotes/10.2.0.rst index ade152fcd..6ab139b56 100644 --- a/docs/releasenotes/10.2.0.rst +++ b/docs/releasenotes/10.2.0.rst @@ -62,8 +62,19 @@ output only the quantization and Huffman tables for the image. Security ======== -Restricted environment keys for ImageMath.eval -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +ImageFont.getmask: Applied ImageFont.MAX_STRING_LENGTH +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To protect against potential DOS attacks when using arbitrary strings as text input, +Pillow will now raise a :py:exc:`ValueError` if the number of characters passed into +:py:meth:`PIL.ImageFont.ImageFont.getmask` is over a certain limit, +:py:data:`PIL.ImageFont.MAX_STRING_LENGTH`. + +This threshold can be changed by setting :py:data:`PIL.ImageFont.MAX_STRING_LENGTH`. It +can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``. + +ImageMath.eval: Restricted environment keys +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :cve:`2023-50447`: If an attacker has control over the keys passed to the ``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py index 6db7cc4ec..7f0366ddb 100644 --- a/src/PIL/ImageFont.py +++ b/src/PIL/ImageFont.py @@ -149,6 +149,7 @@ class ImageFont: :return: An internal PIL storage memory instance as defined by the :py:mod:`PIL.Image.core` interface module. """ + _string_length_check(text) return self.font.getmask(text, mode) def getbbox(self, text, *args, **kwargs):