From 21801f3a45cd9d6a519120acffa7bafa8b44ef77 Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sat, 16 Mar 2024 13:33:04 +1100 Subject: [PATCH] Raise ValueError if seeking to greater than offset-sized integer --- Tests/images/seek_too_large.tif | Bin 0 -> 16 bytes Tests/test_file_tiff.py | 4 ++++ src/PIL/TiffImagePlugin.py | 3 +++ 3 files changed, 7 insertions(+) create mode 100644 Tests/images/seek_too_large.tif diff --git a/Tests/images/seek_too_large.tif b/Tests/images/seek_too_large.tif new file mode 100644 index 0000000000000000000000000000000000000000..094c3057c867a1d678b1683937df5ff70e7b3c96 GIT binary patch literal 16 ScmebD)MnsdU|{$U0Sy2y{s=z+ literal 0 HcmV?d00001 diff --git a/Tests/test_file_tiff.py b/Tests/test_file_tiff.py index 21d52462e..8821fb46a 100644 --- a/Tests/test_file_tiff.py +++ b/Tests/test_file_tiff.py @@ -113,6 +113,10 @@ class TestFileTiff: outfile = str(tmp_path / "temp.tif") im.save(outfile, save_all=True, append_images=[im], tiffinfo=im.tag_v2) + def test_seek_too_large(self): + with pytest.raises(ValueError, match="Unable to seek to frame"): + Image.open("Tests/images/seek_too_large.tif") + def test_set_legacy_api(self) -> None: ifd = TiffImagePlugin.ImageFileDirectory_v2() with pytest.raises(Exception) as e: diff --git a/src/PIL/TiffImagePlugin.py b/src/PIL/TiffImagePlugin.py index b59139f58..3f00c4b3a 100644 --- a/src/PIL/TiffImagePlugin.py +++ b/src/PIL/TiffImagePlugin.py @@ -1166,6 +1166,9 @@ class TiffImageFile(ImageFile.ImageFile): self.__next, self.fp.tell(), ) + if self.__next >= 2**63: + msg = "Unable to seek to frame" + raise ValueError(msg) self.fp.seek(self.__next) self._frame_pos.append(self.__next) logger.debug("Loading tags, location: %s", self.fp.tell())