python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-10 19:56:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added GIF decompression bomb check

Browse Source
This commit is contained in:
Andrew Murray 2022-06-30 12:47:35 +10:00
parent 8f35234f3a
commit c9f1b35e98
3 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Tests/images/decompression_bomb_extents.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 368 B

5
Tests/test_decompression_bomb.py
View File

@ -61,6 +61,11 @@ class TestDecompressionBomb:
with Image.open("Tests/images/decompression_bomb.gif"):
pass
def test_exception_gif_extents(self):
with Image.open("Tests/images/decompression_bomb_extents.gif") as im:
with pytest.raises(Image.DecompressionBombError):
im.seek(1)
def test_exception_bmp(self):
with pytest.raises(Image.DecompressionBombError):
with Image.open("Tests/images/bmp/b/reallybig.bmp"):

1
src/PIL/GifImagePlugin.py
View File

@ -265,6 +265,7 @@ class GifImageFile(ImageFile.ImageFile):
x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6)
if (x1 > self.size[0] or y1 > self.size[1]) and update_image:
self._size = max(x1, self.size[0]), max(y1, self.size[1])
Image._decompression_bomb_check(self._size)
frame_dispose_extent = x0, y0, x1, y1
flags = s[8]