Add test for CVE-2021-25292 ReDoS

2025-01-25 00:34:14 +03:00 · 2021-04-08 23:53:22 +03:00 · 2021-04-08 23:53:22 +03:00 · bde149be38
commit bde149be38
parent 75c111903c
1 changed files with 10 additions and 0 deletions
--- a/Tests/test_file_pdf.py
+++ b/Tests/test_file_pdf.py
@ -286,3 +286,13 @@ def test_pdf_append_to_bytesio():
    f = io.BytesIO(f.getvalue())
    im.save(f, format="PDF", append=True)
    assert len(f.getvalue()) > initial_size
+
+
+@pytest.mark.timeout(1)
+def test_redos():
+    malicious = b" trailer<<>>" + b"\n" * 3456
+
+    # This particular exception isn't relevant here.
+    # The important thing is it doesn't timeout, cause a ReDoS (CVE-2021-25292).
+    with pytest.raises(PdfParser.PdfFormatError):
+        PdfParser.PdfParser(buf=malicious)