From 72c067af2969517fde1979a4749c5076be96894a Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Wed, 3 Sep 2025 19:23:26 +1000
Subject: [PATCH] Check all reserved bytes in header

---
 Tests/images/crash-5762152299364352.fli       | Bin 8731 -> 8731 bytes
 ...39147ce93e20eb14088fe238e541443ffd64b3.fli | Bin 200 -> 200 bytes
 ...f0a9dc7243a8e6ede2408d2ffa6a9964698b87.fli | Bin 159 -> 159 bytes
 src/PIL/FliImagePlugin.py                     |   7 ++++++-
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Tests/images/crash-5762152299364352.fli b/Tests/images/crash-5762152299364352.fli
index 944fe0b56c73b016c7599beb5b8e47cd33f0432f..d7588eea88f4a37d000e6c12949a13e219298092 100644
GIT binary patch
delta 21
dcmbR3GTUW>)?^7rwTS^jlNA`{Ha5&w1OQM22K@j4

delta 28
kcmbR3GTUW>)@CbaM#jksjBb<bgbgN7V2s)Pmr+gu0Ef#7C;$Ke

diff --git a/Tests/images/timeout-9139147ce93e20eb14088fe238e541443ffd64b3.fli b/Tests/images/timeout-9139147ce93e20eb14088fe238e541443ffd64b3.fli
index ce4607d2dd083a923db2d6326e5b6cb34edd0702..73da81dcb6220ab90c9d9ffa336727353de5dafd 100644
GIT binary patch
literal 200
zcmccrk72RkdM*Y=0bk+&3^3sGi1Yo=yXXHu{?G9L4a5Hi1}=tgFgXJB|Nmcs<{*qB
zq#UU9*T?_gr~YHtgem0(F-}5xbwI;@05QzOb3nlK{lC<|{|OBH|FZmN14{h;KN|o>
CO)#eb

delta 86
zcmWm2u?;{#07l{8MIq5BbeD+Q1_~Rf%wPsBBT(B1!)Qe$?w<3SmwZQbM03?bgYhQ`
nYbFW3g#Foq(fNm1&IqpHm^-(gUO4dtaIkM>y-n1w(q-sA4znvm

diff --git a/Tests/images/timeout-bff0a9dc7243a8e6ede2408d2ffa6a9964698b87.fli b/Tests/images/timeout-bff0a9dc7243a8e6ede2408d2ffa6a9964698b87.fli
index 77a94b87a3ade935e707f3d89c9fbff801a1e976..abe642e6a9d665941b34501c6c0879370cac87b0 100644
GIT binary patch
literal 159
zcmccrk72RkdM*Y=0S1Bp3^3sGi1Yo=yXXHu{?G9L4a5Hi1}=tgFgXJB|Nmcs<{*qB
Zq#UU9*GH!Ykh1?k0HS$81PJ_}4FLDPAGiPj

delta 86
zcmbQwIG=HXme2qH9RHdAy#bQ51sE6@{xkgf52QdqTJHb<zyCh|XJPou#PI+BSD^TR
mrtc!s|Nf^i{Qt}F|0hu3?|;7I#}q7&HT<{y!@xbUOcMa?xhfg}

diff --git a/src/PIL/FliImagePlugin.py b/src/PIL/FliImagePlugin.py
index ccb8a5953..c8e38f6be 100644
--- a/src/PIL/FliImagePlugin.py
+++ b/src/PIL/FliImagePlugin.py
@@ -49,7 +49,12 @@ class FliImageFile(ImageFile.ImageFile):
     def _open(self) -> None:
         # HEAD
         s = self.fp.read(128)
-        if not (_accept(s) and s[20:22] == b"\x00\x00"):
+        if not (
+            _accept(s)
+            and s[20:22] == b"\x00" * 2
+            and s[42:80] == b"\x00" * 38
+            and s[88:] == b"\x00" * 40
+        ):
             msg = "not an FLI/FLC file"
             raise SyntaxError(msg)