From 009444f9c51d2d008fd0256769c93a7c2acb670a Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Thu, 21 Aug 2025 21:56:03 +1000 Subject: [PATCH] Improved _accept length check --- src/PIL/FliImagePlugin.py | 2 +- src/PIL/GribStubImagePlugin.py | 2 +- src/PIL/PcxImagePlugin.py | 2 +- src/PIL/PpmImagePlugin.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/PIL/FliImagePlugin.py b/src/PIL/FliImagePlugin.py index 7c5bfeefa..ccb8a5953 100644 --- a/src/PIL/FliImagePlugin.py +++ b/src/PIL/FliImagePlugin.py @@ -30,7 +30,7 @@ from ._util import DeferredError def _accept(prefix: bytes) -> bool: return ( - len(prefix) >= 6 + len(prefix) >= 16 and i16(prefix, 4) in [0xAF11, 0xAF12] and i16(prefix, 14) in [0, 3] # flags ) diff --git a/src/PIL/GribStubImagePlugin.py b/src/PIL/GribStubImagePlugin.py index 439fc5a3e..dfa798893 100644 --- a/src/PIL/GribStubImagePlugin.py +++ b/src/PIL/GribStubImagePlugin.py @@ -33,7 +33,7 @@ def register_handler(handler: ImageFile.StubHandler | None) -> None: def _accept(prefix: bytes) -> bool: - return prefix.startswith(b"GRIB") and prefix[7] == 1 + return len(prefix) >= 8 and prefix.startswith(b"GRIB") and prefix[7] == 1 class GribStubImageFile(ImageFile.StubImageFile): diff --git a/src/PIL/PcxImagePlugin.py b/src/PIL/PcxImagePlugin.py index 458d586c4..6b16d5385 100644 --- a/src/PIL/PcxImagePlugin.py +++ b/src/PIL/PcxImagePlugin.py @@ -39,7 +39,7 @@ logger = logging.getLogger(__name__) def _accept(prefix: bytes) -> bool: - return prefix[0] == 10 and prefix[1] in [0, 2, 3, 5] + return len(prefix) >= 2 and prefix[0] == 10 and prefix[1] in [0, 2, 3, 5] ## diff --git a/src/PIL/PpmImagePlugin.py b/src/PIL/PpmImagePlugin.py index db34d107a..307bc97ff 100644 --- a/src/PIL/PpmImagePlugin.py +++ b/src/PIL/PpmImagePlugin.py @@ -47,7 +47,7 @@ MODES = { def _accept(prefix: bytes) -> bool: - return prefix.startswith(b"P") and prefix[1] in b"0123456fy" + return len(prefix) >= 2 and prefix.startswith(b"P") and prefix[1] in b"0123456fy" ##