python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-25 00:34:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Do not try and crop glyphs from outside of source ImageFont image

Browse Source
This commit is contained in:
Andrew Murray 2024-01-01 16:13:24 +11:00
parent af026fdd3c
commit 8676cbd4e7
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releasenotes/10.2.0.rst
View File

@ -77,6 +77,16 @@ Pillow will now raise a :py:exc:`ValueError` if the number of characters passed
This threshold can be changed by setting :py:data:`PIL.ImageFont.MAX_STRING_LENGTH`. It
can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``.
A decompression bomb check has also been added to
:py:meth:`PIL.ImageFont.ImageFont.getmask`.
ImageFont.getmask: Trim glyph size
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To protect against potential DOS attacks when using PIL fonts,
:py:class:`PIL.ImageFont.ImageFont` now trims the size of individual glyphs so that
they do not extend beyond the bitmap image.
ImageMath.eval: Restricted environment keys
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

12
src/_imaging.c
View File

@ -2649,6 +2649,18 @@ _font_new(PyObject *self_, PyObject *args) {
self->glyphs[i].sy0 = S16(B16(glyphdata, 14));
self->glyphs[i].sx1 = S16(B16(glyphdata, 16));
self->glyphs[i].sy1 = S16(B16(glyphdata, 18));
// Do not allow glyphs to extend beyond bitmap image
// Helps prevent DOS by stopping cropped images being larger than the original
if (self->glyphs[i].sx1 > self->bitmap->xsize) {
self->glyphs[i].dx1 -= self->glyphs[i].sx1 - self->bitmap->xsize;
self->glyphs[i].sx1 = self->bitmap->xsize;
}
if (self->glyphs[i].sy1 > self->bitmap->ysize) {
self->glyphs[i].dy1 -= self->glyphs[i].sy1 - self->bitmap->ysize;
self->glyphs[i].sy1 = self->bitmap->ysize;
}
if (self->glyphs[i].dy0 < y0) {
y0 = self->glyphs[i].dy0;
}