Catch FLI buffer overrun

This commit is contained in:
Andrew Murray 2020-01-02 15:23:36 +11:00
parent 138bd714f5
commit c40bc25847
3 changed files with 12 additions and 2 deletions

Binary file not shown.

View File

@ -598,6 +598,13 @@ class TestImage(PillowTestCase):
except OSError as e:
self.assertEqual(str(e), "buffer overrun when reading image file")
with Image.open("Tests/images/fli_overrun2.bin") as im:
try:
im.seek(1)
self.assertFail()
except OSError as e:
self.assertEqual(str(e), "buffer overrun when reading image file")
class MockEncoder:
pass

View File

@ -40,8 +40,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
return 0;
/* We don't decode anything unless we have a full chunk in the
input buffer (on the other hand, the Python part of the driver
makes sure this is always the case) */
input buffer */
ptr = buf;
@ -52,6 +51,10 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
/* Make sure this is a frame chunk. The Python driver takes
case of other chunk types. */
if (bytes < 8) {
state->errcode = IMAGING_CODEC_OVERRUN;
return -1;
}
if (I16(ptr+4) != 0xF1FA) {
state->errcode = IMAGING_CODEC_UNKNOWN;
return -1;