python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-14 11:26:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Throw an exception when an opened image is larger than an arbitrary limit

Browse Source
This commit is contained in:
hugovk 2014-05-14 18:04:18 +03:00
parent fc55580a69
commit ce2955ec71
1 changed files with 46 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
PIL/Image.py
View File

@ -35,6 +35,12 @@ class _imaging_not_installed:
def __getattr__(self, id): def __getattr__(self, id):
raise ImportError("The _imaging C module is not installed") raise ImportError("The _imaging C module is not installed")
class ImageIsTooBigError(Exception):
pass
ARBITARY_LARGE_LIMIT = 6000 * 6000 - 1 # FIXME: Pick sensible limit
try: try:
# give Tk a chance to set up the environment, in case we're # give Tk a chance to set up the environment, in case we're
# using an _imaging module linked against libtcl/libtk (use # using an _imaging module linked against libtcl/libtk (use
@ -2100,7 +2106,18 @@ _fromarray_typemap[((1, 1), _ENDIAN + "i4")] = ("I", "I")
_fromarray_typemap[((1, 1), _ENDIAN + "f4")] = ("F", "F") _fromarray_typemap[((1, 1), _ENDIAN + "f4")] = ("F", "F")
def open(fp, mode="r"): def _compression_bomb_check(im, maximum_pixels):
if maximum_pixels is None:
return
pixels = im.size[0] * im.size[1]
print("Pixels:", pixels) # FIXME: temporary
if im.size[0] * im.size[1] > maximum_pixels:
raise ImageIsTooBigError("Image size exceeds limit")
def open(fp, mode="r", maximum_pixels=ARBITARY_LARGE_LIMIT):
""" """
Opens and identifies the given image file. Opens and identifies the given image file.
@ -2114,6 +2131,7 @@ def open(fp, mode="r"):
must implement :py:meth:`~file.read`, :py:meth:`~file.seek`, and must implement :py:meth:`~file.read`, :py:meth:`~file.seek`, and
:py:meth:`~file.tell` methods, and be opened in binary mode. :py:meth:`~file.tell` methods, and be opened in binary mode.
:param mode: The mode. If given, this argument must be "r". :param mode: The mode. If given, this argument must be "r".
:param maximum_pixels: TODO.
:returns: An :py:class:`~PIL.Image.Image` object. :returns: An :py:class:`~PIL.Image.Image` object.
:exception IOError: If the file cannot be found, or the image cannot be :exception IOError: If the file cannot be found, or the image cannot be
opened and identified. opened and identified.
@ -2137,7 +2155,10 @@ def open(fp, mode="r"):
factory, accept = OPEN[i] factory, accept = OPEN[i]
if not accept or accept(prefix): if not accept or accept(prefix):
fp.seek(0) fp.seek(0)
return factory(fp, filename) # return factory(fp, filename)
im = factory(fp, filename)
_compression_bomb_check(im, maximum_pixels)
return im
except (SyntaxError, IndexError, TypeError): except (SyntaxError, IndexError, TypeError):
#import traceback #import traceback
#traceback.print_exc() #traceback.print_exc()
@ -2150,7 +2171,10 @@ def open(fp, mode="r"):
factory, accept = OPEN[i] factory, accept = OPEN[i]
if not accept or accept(prefix): if not accept or accept(prefix):
fp.seek(0) fp.seek(0)
return factory(fp, filename) # return factory(fp, filename)
im = factory(fp, filename)
_compression_bomb_check(im, maximum_pixels)
return im
except (SyntaxError, IndexError, TypeError): except (SyntaxError, IndexError, TypeError):
#import traceback #import traceback
#traceback.print_exc() #traceback.print_exc()