FLI overflow error fix and testcase CVE-2016-0775

This commit is contained in:
wiredfool 2016-01-20 22:37:28 +00:00
parent c3cb690fed
commit 893a40850c
3 changed files with 17 additions and 1 deletions

View File

@ -0,0 +1,16 @@
from helper import unittest, PillowTestCase
from PIL import Image
TEST_FILE = "Tests/images/fli_overflow.fli"
class TestFliOverflow(PillowTestCase):
def test_fli_overflow(self):
# this should not crash with a malloc error or access violation
im = Image.open(TEST_FILE)
im.load()
if __name__ == '__main__':
unittest.main()

Binary file not shown.

View File

@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
/* COPY chunk */
for (y = 0; y < state->ysize; y++) {
UINT8* buf = (UINT8*) im->image[y];
memcpy(buf+x, data, state->xsize);
memcpy(buf, data, state->xsize);
data += state->xsize;
}
break;