python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-02-11 00:50:51 +03:00
Code Issues Packages Projects Releases Wiki Activity

FLI overflow error fix and testcase CVE-2016-0775

Browse Source
This commit is contained in:
wiredfool 2016-01-20 22:37:28 +00:00
parent a4065997df
commit bcaaf97f4f
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Tests/check_fli_overflow.py Normal file
View File

@ -0,0 +1,16 @@
from helper import unittest, PillowTestCase
from PIL import Image
TEST_FILE = "Tests/images/fli_overflow.fli"
class TestFliOverflow(PillowTestCase):
def test_fli_overflow(self):
# this should not crash with a malloc error or access violation
im = Image.open(TEST_FILE)
im.load()
if __name__ == '__main__':
unittest.main()

BIN
Tests/images/fli_overflow.fli Normal file
View File

Binary file not shown.

2
libImaging/FliDecode.c
View File

@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
/* COPY chunk */ /* COPY chunk */
for (y = 0; y < state->ysize; y++) { for (y = 0; y < state->ysize; y++) {
UINT8* buf = (UINT8*) im->image[y]; UINT8* buf = (UINT8*) im->image[y];
memcpy(buf+x, data, state->xsize); memcpy(buf, data, state->xsize);
data += state->xsize; data += state->xsize;
} }
break; break;