Throw an exception when an opened image is larger than an arbitrary limit

2025-10-31 07:57:27 +03:00 · 2014-05-14 18:04:18 +03:00 · 2014-05-14 18:04:18 +03:00 · ce2955ec71
commit ce2955ec71
parent fc55580a69
1 changed files with 46 additions and 22 deletions
--- a/PIL/Image.py
+++ b/PIL/Image.py
@ -35,6 +35,12 @@ class _imaging_not_installed:
    def __getattr__(self, id):
        raise ImportError("The _imaging C module is not installed")

+
+class ImageIsTooBigError(Exception):
+    pass
+
+ARBITARY_LARGE_LIMIT = 6000 * 6000 - 1  # FIXME: Pick sensible limit
+
 try:
    # give Tk a chance to set up the environment, in case we're
    # using an _imaging module linked against libtcl/libtk (use
@ -2100,7 +2106,18 @@ _fromarray_typemap[((1, 1), _ENDIAN + "i4")] = ("I", "I")
 _fromarray_typemap[((1, 1), _ENDIAN + "f4")] = ("F", "F")


-def open(fp, mode="r"):
+def _compression_bomb_check(im, maximum_pixels):
+    if maximum_pixels is None:
+        return
+
+    pixels = im.size[0] * im.size[1]
+    print("Pixels:", pixels)  # FIXME: temporary
+
+    if im.size[0] * im.size[1] > maximum_pixels:
+        raise ImageIsTooBigError("Image size exceeds limit")
+
+
+def open(fp, mode="r", maximum_pixels=ARBITARY_LARGE_LIMIT):
    """
    Opens and identifies the given image file.

@ -2114,6 +2131,7 @@ def open(fp, mode="r"):
       must implement :py:meth:`~file.read`, :py:meth:`~file.seek`, and
       :py:meth:`~file.tell` methods, and be opened in binary mode.
    :param mode: The mode.  If given, this argument must be "r".
+    :param maximum_pixels: TODO.
    :returns: An :py:class:`~PIL.Image.Image` object.
    :exception IOError: If the file cannot be found, or the image cannot be
       opened and identified.
@ -2137,7 +2155,10 @@ def open(fp, mode="r"):
            factory, accept = OPEN[i]
            if not accept or accept(prefix):
                fp.seek(0)
-                return factory(fp, filename)
+                # return factory(fp, filename)
+                im = factory(fp, filename)
+                _compression_bomb_check(im, maximum_pixels)
+                return im
        except (SyntaxError, IndexError, TypeError):
            #import traceback
            #traceback.print_exc()
@ -2150,7 +2171,10 @@ def open(fp, mode="r"):
                factory, accept = OPEN[i]
                if not accept or accept(prefix):
                    fp.seek(0)
-                    return factory(fp, filename)
+                    # return factory(fp, filename)
+                    im = factory(fp, filename)
+                    _compression_bomb_check(im, maximum_pixels)
+                    return im
            except (SyntaxError, IndexError, TypeError):
                #import traceback
                #traceback.print_exc()