python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-26 01:46:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Catch FLI buffer overrun

Browse Source
This commit is contained in:
Andrew Murray 2020-01-02 15:23:36 +11:00
parent 138bd714f5
commit c40bc25847
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Tests/images/fli_overrun2.bin Normal file
View File

Binary file not shown.

7
Tests/test_image.py
View File

@ -598,6 +598,13 @@ class TestImage(PillowTestCase):
except OSError as e: except OSError as e:
self.assertEqual(str(e), "buffer overrun when reading image file") self.assertEqual(str(e), "buffer overrun when reading image file")
with Image.open("Tests/images/fli_overrun2.bin") as im:
try:
im.seek(1)
self.assertFail()
except OSError as e:
self.assertEqual(str(e), "buffer overrun when reading image file")
class MockEncoder: class MockEncoder:
pass pass

7
src/libImaging/FliDecode.c
View File

@ -40,8 +40,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
return 0; return 0;
/* We don't decode anything unless we have a full chunk in the /* We don't decode anything unless we have a full chunk in the
input buffer (on the other hand, the Python part of the driver input buffer */
makes sure this is always the case) */
ptr = buf; ptr = buf;
@ -52,6 +51,10 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
/* Make sure this is a frame chunk. The Python driver takes /* Make sure this is a frame chunk. The Python driver takes
case of other chunk types. */ case of other chunk types. */
if (bytes < 8) {
state->errcode = IMAGING_CODEC_OVERRUN;
return -1;
}
if (I16(ptr+4) != 0xF1FA) { if (I16(ptr+4) != 0xF1FA) {
state->errcode = IMAGING_CODEC_UNKNOWN; state->errcode = IMAGING_CODEC_UNKNOWN;
return -1; return -1;