From 59770927ceeb4cb2b55ad9fcac553c7c15fecdc2 Mon Sep 17 00:00:00 2001 From: wooken Date: Mon, 14 Feb 2022 13:41:08 -0800 Subject: [PATCH] Use snprintf instead of sprintf This is fix for CVE-2021-34552 (cherry picked from commit 518ee3722a99d7f7d890db82a20bd81c1c0327fb) --- CHANGES.rst | 6 ++++++ src/libImaging/Convert.c | 24 +++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 3b1927430..42236e550 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -2,6 +2,12 @@ Changelog (Pillow) ================== +6.2.2.3 (2022-02-14) +-------------------- + +- Use snprintf instead of sprintf. CVE-2021-34552 + [wooken] + 6.2.2.2 (date TBD) ------------------ diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c index 60513c66d..2c31f98aa 100644 --- a/src/libImaging/Convert.c +++ b/src/libImaging/Convert.c @@ -1618,17 +1618,15 @@ convert(Imaging imOut, Imaging imIn, const char *mode, break; } - if (!convert) + if (!convert) { #ifdef notdef return (Imaging) ImagingError_ValueError("conversion not supported"); #else - { - static char buf[256]; - /* FIXME: may overflow if mode is too large */ - sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode); - return (Imaging) ImagingError_ValueError(buf); - } + static char buf[100]; + snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode); + return (Imaging)ImagingError_ValueError(buf); #endif + } imOut = ImagingNew2Dirty(mode, imOut, imIn); if (!imOut) @@ -1681,10 +1679,14 @@ ImagingConvertTransparent(Imaging imIn, const char *mode, } #else { - static char buf[256]; - /* FIXME: may overflow if mode is too large */ - sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode); - return (Imaging) ImagingError_ValueError(buf); + static char buf[100]; + snprintf( + buf, + 100, + "conversion from %.10s to %.10s not supported in convert_transparent", + imIn->mode, + mode); + return (Imaging)ImagingError_ValueError(buf); } #endif