From 6fdbf5433108454f8085b5d01c803367f97535a7 Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sat, 12 Jul 2025 19:50:19 +1000 Subject: [PATCH 1/2] Width and height are unsigned --- src/PIL/GbrImagePlugin.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/PIL/GbrImagePlugin.py b/src/PIL/GbrImagePlugin.py index f319d7e84..d69295363 100644 --- a/src/PIL/GbrImagePlugin.py +++ b/src/PIL/GbrImagePlugin.py @@ -54,7 +54,7 @@ class GbrImageFile(ImageFile.ImageFile): width = i32(self.fp.read(4)) height = i32(self.fp.read(4)) color_depth = i32(self.fp.read(4)) - if width <= 0 or height <= 0: + if width == 0 or height == 0: msg = "not a GIMP brush" raise SyntaxError(msg) if color_depth not in (1, 4): @@ -71,7 +71,7 @@ class GbrImageFile(ImageFile.ImageFile): raise SyntaxError(msg) self.info["spacing"] = i32(self.fp.read(4)) - comment = self.fp.read(comment_length)[:-1] + self.info["comment"] = self.fp.read(comment_length)[:-1] if color_depth == 1: self._mode = "L" @@ -80,8 +80,6 @@ class GbrImageFile(ImageFile.ImageFile): self._size = width, height - self.info["comment"] = comment - # Image might not be small Image._decompression_bomb_check(self.size) From 4adff39bfd7a04c875b41bd879f513cde09c4604 Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sat, 12 Jul 2025 19:55:58 +1000 Subject: [PATCH 2/2] Improved test coverage --- Tests/test_file_gbr.py | 51 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/Tests/test_file_gbr.py b/Tests/test_file_gbr.py index 1b834cd3c..b8851d82b 100644 --- a/Tests/test_file_gbr.py +++ b/Tests/test_file_gbr.py @@ -1,8 +1,10 @@ from __future__ import annotations +from io import BytesIO + import pytest -from PIL import GbrImagePlugin, Image +from PIL import GbrImagePlugin, Image, _binary from .helper import assert_image_equal_tofile @@ -31,8 +33,49 @@ def test_multiple_load_operations() -> None: assert_image_equal_tofile(im, "Tests/images/gbr.png") -def test_invalid_file() -> None: - invalid_file = "Tests/images/flower.jpg" +def create_gbr_image(info: dict[str, int] = {}, magic_number=b"") -> BytesIO: + return BytesIO( + b"".join( + _binary.o32be(i) + for i in [ + info.get("header_size", 20), + info.get("version", 1), + info.get("width", 1), + info.get("height", 1), + info.get("color_depth", 1), + ] + ) + + magic_number + ) - with pytest.raises(SyntaxError): + +def test_invalid_file() -> None: + for f in [ + create_gbr_image({"header_size": 0}), + create_gbr_image({"width": 0}), + create_gbr_image({"height": 0}), + ]: + with pytest.raises(SyntaxError, match="not a GIMP brush"): + GbrImagePlugin.GbrImageFile(f) + + invalid_file = "Tests/images/flower.jpg" + with pytest.raises(SyntaxError, match="Unsupported GIMP brush version"): GbrImagePlugin.GbrImageFile(invalid_file) + + +def test_unsupported_gimp_brush() -> None: + f = create_gbr_image({"color_depth": 2}) + with pytest.raises(SyntaxError, match="Unsupported GIMP brush color depth: 2"): + GbrImagePlugin.GbrImageFile(f) + + +def test_bad_magic_number() -> None: + f = create_gbr_image({"version": 2}, magic_number=b"badm") + with pytest.raises(SyntaxError, match="not a GIMP brush, bad magic number"): + GbrImagePlugin.GbrImageFile(f) + + +def test_L() -> None: + f = create_gbr_image() + with Image.open(f) as im: + assert im.mode == "L"