From a59eb3975f9efb1ca88a7e823011ac0968d7d6ea Mon Sep 17 00:00:00 2001 From: wiredfool Date: Tue, 30 Dec 2014 17:06:38 -0800 Subject: [PATCH] Documentation Update for PNG zlib DOS --- docs/handbook/image-file-formats.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/handbook/image-file-formats.rst b/docs/handbook/image-file-formats.rst index f9216818d..f8db2660f 100644 --- a/docs/handbook/image-file-formats.rst +++ b/docs/handbook/image-file-formats.rst @@ -333,7 +333,12 @@ The :py:meth:`~PIL.Image.Image.open` method sets the following transparent palette image. ``Open`` also sets ``Image.text`` to a list of the values of the -``tEXt``, ``zTXt``, and ``iTXt`` chunks of the PNG image. +``tEXt``, ``zTXt``, and ``iTXt`` chunks of the PNG image. Individual +compressed chunks are limited to a decompressed size of +``PngImagePlugin.MAX_TEXT_CHUNK``, by default 1MB, to prevent +decompression bombs. Additionally, the total size of all of the text +chunks is limited to ``PngImagePlugin.MAX_TEXT_MEMORY``, defaulting to +64MB. The :py:meth:`~PIL.Image.Image.save` method supports the following options: