python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-07-15 10:42:19 +03:00
Code Issues Packages Projects Releases Wiki Activity

Catch PCX P mode buffer overrun

Browse Source
This commit is contained in:
Andrew Murray 2019-12-21 18:38:22 +11:00
parent a09acd0dec
commit 93b22b846e
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Tests/images/pcx_overrun2.bin Normal file
View File

Binary file not shown.

7
Tests/test_image.py
View File

@ -590,7 +590,12 @@ class TestImage(PillowTestCase):
self.assertFalse(fp.closed) self.assertFalse(fp.closed)
def test_overrun(self): def test_overrun(self):
for file in ["fli_overrun.bin", "sgi_overrun.bin", "pcx_overrun.bin"]: for file in [
"fli_overrun.bin",
"sgi_overrun.bin",
"pcx_overrun.bin",
"pcx_overrun2.bin",
]:
im = Image.open(os.path.join("Tests/images", file)) im = Image.open(os.path.join("Tests/images", file))
try: try:
im.load() im.load()

3
src/libImaging/PcxDecode.c
View File

@ -25,6 +25,9 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) { if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) {
state->errcode = IMAGING_CODEC_OVERRUN; state->errcode = IMAGING_CODEC_OVERRUN;
return -1; return -1;
} else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
state->errcode = IMAGING_CODEC_OVERRUN;
return -1;
} }
ptr = buf; ptr = buf;