Use more specific regex chars to prevent ReDoS

* CVE-2021-25292
2025-01-27 01:34:24 +03:00 · 2021-01-09 15:53:09 +02:00 · 2021-01-09 15:53:09 +02:00 · 3bce145966
commit 3bce145966
parent cbdce6c5d0
1 changed files with 2 additions and 1 deletions
--- a/src/PIL/PdfParser.py
+++ b/src/PIL/PdfParser.py
@ -580,8 +580,9 @@ class PdfParser:
    whitespace_or_hex = br"[\000\011\012\014\015\0400-9a-fA-F]"
    whitespace_optional = whitespace + b"*"
    whitespace_mandatory = whitespace + b"+"
+    whitespace_optional_no_nl = br"[\000\011\014\015\040]*"  # no "\012" aka "\n"
    newline_only = br"[\r\n]+"
-    newline = whitespace_optional + newline_only + whitespace_optional
+    newline = whitespace_optional_no_nl + newline_only + whitespace_optional_no_nl
    re_trailer_end = re.compile(
        whitespace_mandatory
        + br"trailer"