python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-10-31 16:07:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4707 from Cykooz/fix_jpeg_magic_number

Browse Source 
Replaced primitive "magic number" inside of JpegImagePlugin._accept() function by more correct version
This commit is contained in:
Andrew Murray 2020-06-23 08:11:34 +10:00 committed by GitHub
commit 926af72db3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Tests/test_file_jpeg.py
View File

@ -3,7 +3,14 @@ import re
from io import BytesIO from io import BytesIO
import pytest import pytest
from PIL import ExifTags, Image, ImageFile, JpegImagePlugin, features from PIL import (
ExifTags,
Image,
ImageFile,
JpegImagePlugin,
UnidentifiedImageError,
features,
)
from .helper import ( from .helper import (
assert_image, assert_image,
@ -709,6 +716,24 @@ class TestFileJpeg:
with Image.open("Tests/images/icc-after-SOF.jpg") as im: with Image.open("Tests/images/icc-after-SOF.jpg") as im:
assert im.info["icc_profile"] == b"profile" assert im.info["icc_profile"] == b"profile"
def test_jpeg_magic_number(self):
size = 4097
buffer = BytesIO(b"\xFF" * size) # Many xFF bytes
buffer.max_pos = 0
orig_read = buffer.read
def read(n=-1):
res = orig_read(n)
buffer.max_pos = max(buffer.max_pos, buffer.tell())
return res
buffer.read = read
with pytest.raises(UnidentifiedImageError):
Image.open(buffer)
# Assert the entire file has not been read
assert 0 < buffer.max_pos < size
@pytest.mark.skipif(not is_win32(), reason="Windows only") @pytest.mark.skipif(not is_win32(), reason="Windows only")
@skip_unless_feature("jpg") @skip_unless_feature("jpg")

8
src/PIL/JpegImagePlugin.py
View File

@ -323,7 +323,8 @@ MARKER = {
def _accept(prefix): def _accept(prefix):
return prefix[0:1] == b"\377" # Magic number was taken from https://en.wikipedia.org/wiki/JPEG
return prefix[0:3] == b"\xFF\xD8\xFF"
## ##
@ -337,10 +338,11 @@ class JpegImageFile(ImageFile.ImageFile):
def _open(self): def _open(self):
s = self.fp.read(1) s = self.fp.read(3)
if i8(s) != 255: if s != b"\xFF\xD8\xFF":
raise SyntaxError("not a JPEG file") raise SyntaxError("not a JPEG file")
s = b"\xFF"
# Create attributes # Create attributes
self.bits = self.layers = 0 self.bits = self.layers = 0