Fix for buffer overflow in TiffDecode.c CVE-2016-0740

This commit is contained in:
Eric Soroos 2016-01-14 04:59:19 -08:00 committed by wiredfool
parent 893a40850c
commit 717720b051
3 changed files with 24 additions and 1 deletions

View File

@ -0,0 +1,23 @@
from helper import unittest, PillowTestCase
from PIL import Image
TEST_FILE = "Tests/images/libtiff_segfault.tif"
class TestLibtiffSegfault(PillowTestCase):
def test_segfault(self):
""" This test should not segfault. It will on Pillow <= 3.1.0 and
libtiff >= 4.0.0
"""
try:
im = Image.open(TEST_FILE)
im.load()
except IOError:
self.assertTrue(True, "Got expected IOError")
except Exception:
self.fail("Should have returned IOError")
if __name__ == '__main__':
unittest.main()

Binary file not shown.

View File

@ -169,7 +169,7 @@ int ImagingLibTiffDecode(Imaging im, ImagingCodecState state, UINT8* buffer, int
char *filename = "tempfile.tif"; char *filename = "tempfile.tif";
char *mode = "r"; char *mode = "r";
TIFF *tiff; TIFF *tiff;
int size; tsize_t size;
/* buffer is the encoded file, bytes is the length of the encoded file */ /* buffer is the encoded file, bytes is the length of the encoded file */