Fixed decompression bomb check

This commit is contained in:
Andrew Murray 2023-06-17 14:35:44 +10:00
parent 98cc2e63ac
commit 7044038e70
3 changed files with 2 additions and 1 deletions

View File

@ -1042,6 +1042,7 @@ def test_render_mono_size():
"test_file",
[
"Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf",
"Tests/fonts/oom-4da0210eb7081b0bf15bf16cc4c52ce02c1e1bbc.ttf",
],
)
def test_oom(test_file):

View File

@ -880,7 +880,7 @@ font_render(FontObject *self, PyObject *args) {
width += stroke_width * 2 + ceil(x_start);
height += stroke_width * 2 + ceil(y_start);
if (max_image_pixels != Py_None) {
if (width * height > PyLong_AsLong(max_image_pixels) * 2) {
if ((long long)width * height > PyLong_AsLong(max_image_pixels) * 2) {
PyMem_Del(glyph_info);
return Py_BuildValue("O(ii)(ii)", Py_None, width, height, 0, 0);
}