Use snprintf instead of sprintf

This is fix for CVE-2021-34552

(cherry picked from commit 518ee3722a)

CHANGES.rst

@@ -2,6 +2,12 @@
 Changelog (Pillow)
 ==================
 
+6.2.2.3 (2022-02-14)
+--------------------
+
+- Use snprintf instead of sprintf. CVE-2021-34552
+  [wooken]
+
 6.2.2.2 (date TBD)
 ------------------
 

src/libImaging/Convert.c

@@ -1618,17 +1618,15 @@ convert(Imaging imOut, Imaging imIn, const char *mode,
             break;
         }
 
-    if (!convert)
+    if (!convert) {
 #ifdef notdef
         return (Imaging) ImagingError_ValueError("conversion not supported");
 #else
-    {
+        static char buf[100];
-      static char buf[256];
+        snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
-      /* FIXME: may overflow if mode is too large */
-      sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
         return (Imaging)ImagingError_ValueError(buf);
-    }
 #endif
+    }
 
     imOut = ImagingNew2Dirty(mode, imOut, imIn);
     if (!imOut)
@@ -1681,9 +1679,13 @@ ImagingConvertTransparent(Imaging imIn, const char *mode,
     }
 #else
     {
-      static char buf[256];
+        static char buf[100];
-      /* FIXME: may overflow if mode is too large */
+        snprintf(
-      sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode);
+            buf,
+            100,
+            "conversion from %.10s to %.10s not supported in convert_transparent",
+            imIn->mode,
+            mode);
         return (Imaging)ImagingError_ValueError(buf);
     }
 #endif