From 26bf1c352489c9e847ff770cd752e97fda5b82cb Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Wed, 23 Sep 2020 00:14:40 +1000 Subject: [PATCH] Moved CVE images to pillow-depends --- Tests/check_tiff_crashes.py | 29 ----------------------------- Tests/images/crash_1.tif | Bin 6511 -> 0 bytes Tests/images/crash_2.tif | Bin 6223 -> 0 bytes Tests/test_tiff_crashes.py | 36 ++++++++++++++++++++++++++++++++++++ 4 files changed, 36 insertions(+), 29 deletions(-) delete mode 100644 Tests/check_tiff_crashes.py delete mode 100644 Tests/images/crash_1.tif delete mode 100644 Tests/images/crash_2.tif create mode 100644 Tests/test_tiff_crashes.py diff --git a/Tests/check_tiff_crashes.py b/Tests/check_tiff_crashes.py deleted file mode 100644 index f4eb04375..000000000 --- a/Tests/check_tiff_crashes.py +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env python - -# Reproductions/tests for crashes/read errors in TiffDecode.c - -# When run in python, all of these images should fail for -# one reason or another, either as a buffer overrun, -# unrecognized datastream, or truncated image file. -# There shouldn't be any segfaults. -# -# if run like -# `valgrind --tool=memcheck python check_tiff_crashes.py 2>&1 | grep TiffDecode.c` -# the output should be empty. There may be python issues -# in the valgrind especially if run in a debug python -# version. - - -from PIL import Image - -repro_read_strip = ( - "images/crash_1.tif", - "images/crash_2.tif", -) - -for path in repro_read_strip: - with Image.open(path) as im: - try: - im.load() - except Exception as msg: - print(msg) diff --git a/Tests/images/crash_1.tif b/Tests/images/crash_1.tif deleted file mode 100644 index 230d4439aadb0867d3005e6cec458b69588ecc42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6511 zcmebD)M7AVWMHV6(|g&_`>=xu`-lHenXc<+*sg58(KBmF8RG(#Cix`+_6-)6DHftj zn&l7jKaz+#xPIbA!=}y8@3wB6{ypl&?N7?z|LN;06e#@g8$?4B4L z>-8vd@8*uFRg0I^J<;Ck81HiB+@w9&fVg9BO=v>V?z{z^wa?ESiO|tqd2%-+GXv0Z z3^Re45yS>bfW%n^4sJY}@9cYKzgEf-qmPZ8C)Zwl&=Qfhd#*9_uOoMMmh`J0`40gM z7AmP))wR;)9*6bz@#Lg%mYqC3moxaFbXnRfGs_Ku{8xgm^Xx3+?lqrSYVDoyEqCWM zwnpBE`vS^~1)pj8&tRV>WgmaMCy)QzwcFa>vbV1=F5X>GR@IYw;HaGT4o=@(CeM?6 z$KB5JZ(Qe79ck_I$K3sh+Qwu3PF26zlUKMiFbFXGV_*S$1LzB&KbRSqe*XWT26Wv& zsQ1jVSi*qSmW}+?=Y7_p+Jfu~h&*8rl*2s$3f@f(K!OeEL}pUL62n_4F$FZyoPoiJ zfq@C?Nsufvlue$6JURYAGr$qJ2oZsQ7$cCP@H{YB4T+9NP%u!(p><>dd}(x;c#+s} zDF-RU$g6}h;y_0rvAzSV!|)xrB*K~H&d2@br+X4}sx=9Aeve+084d>RJDUDY4kc8VhFh;q!vdhiO}rB-Y6IV zr;_7EoV{AI8hW5ON9)y6si6ms1}v31X5$Jec2F96NGSuaCTvLvtN|3Gz!c~J#Ntp( zn1O65MphunFxrsBHLfzG8kP4!!V&sa~)*Fs4@Tm diff --git a/Tests/images/crash_2.tif b/Tests/images/crash_2.tif deleted file mode 100644 index 26c00d0ff1ae8610df40faf6e38cf41afff596d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6223 zcmebD)M7AVWMHV6(|g&_`>=xu`-lHenXc<+*sg58(KBmF8RG(#Cix`+_6-)6DHftj zn&l7jKaz+#xPIbA!=}y8@3wB6{ypl&?N7?z|LN;06e#@g8$?4B4L z>-8vd@8*uFRg0I^J<;Ck81HiB+@w9&fVg9BO=v>V?z{z^wa?ESiO|tqd2%-+GXv0Z z3^Re45yS>bfW%n^4sJY}@9cYKzgEf-qmPZ8C)Zwl&=Qfhd#*9_uOoMMmh`J0`40gM z7AmP))wR;)9*6bz@#Lg%mYqC3moxaFbXnRfGs_Ku{8xgm^Xx3+?lqrSYVDoyEqCWM zwnpBE`vS^~1)pj8&tRV>WgmaMCy)QzwcFa>vbV1=F5X>GR@IYw;HaGT4o=@(CeM?6 z$KB5JZ(Qe79ck_I$K3sh+Qwu3PF26zlUKMiFbFXGV_*S$1LzB&KbRSqe*XWT26Wv& zsQ1jVSi*qSmW}+?=Y7_p+Jfu~h&*8rl*2s$3f@f(K!OeEL}pUL62n_4F$FZyoPoiJ zfq@C?Nsufvlue$6(8ybah`c|H5lGQ@9vGyCM8_d02&m)8I@$y5i5O>Wp{G|IeiZ@6 z5P|q%fM=9HNFhyhAQ!{a89bw4OTxG^3VMn%Mz|Lwg(W>f@)<896N4vE{s&N%AR{F6 zaRB-6{`~<7ffb3mASFz&X}EL=0Tm|0wIS((ScaLXA>xcTFij;?GJtfz3p*ei7C}HJ z7C?MaI-iuH^z@J_OM&5n5@J*=OQBIcT8>ezfTK-02FoR|Jc=bpQneUk5FIT923Lb> zv=A7)jTvGa)l_aPAQcMWdKgQgfLT8eg0=#v;R0^AjJ6f1-tR&yCcy19P$IyRHmF)* zfI5hzw0nu~iDJz(%rpV8o~JRv{w*j-QQBlcKC~M+5LxjzuwVG<-=F^=yTSJ3b;M}1 zoi0Nl=t+daX1f(y|B}{2AUq6^0j1$F2x5kFqy{>0mZBc#C<^lUA<(lxfURsmYBGQZ3Sfl{tcw6Kgj^C*UXea9F#t{_$BQ^S z5!eQs81MxHda#3wcu*(+W6c4G#i7x}3}j0&vVz0ai3!Mo0fFQ&R3E@hB+6Q3OFZu1 z-oN1gg>5sy`0B3N|A7q*pf$Lxg{nvGRDzujaps)v^8XWCVeX_0jUF;!C*DW)639_d MA5Lrq`4Qqu07c*)kN^Mx diff --git a/Tests/test_tiff_crashes.py b/Tests/test_tiff_crashes.py new file mode 100644 index 000000000..9c293e014 --- /dev/null +++ b/Tests/test_tiff_crashes.py @@ -0,0 +1,36 @@ +# Reproductions/tests for crashes/read errors in TiffDecode.c + +# When run in Python, all of these images should fail for +# one reason or another, either as a buffer overrun, +# unrecognized datastream, or truncated image file. +# There shouldn't be any segfaults. +# +# if run like +# `valgrind --tool=memcheck pytest test_tiff_crashes.py 2>&1 | grep TiffDecode.c` +# the output should be empty. There may be Python issues +# in the valgrind especially if run in a debug Python +# version. + +import pytest + +from PIL import Image + +from .helper import on_ci + + +@pytest.mark.parametrize( + "test_file", ["Tests/images/crash_1.tif", "Tests/images/crash_2.tif"] +) +@pytest.mark.filterwarnings("ignore:Possibly corrupt EXIF data") +@pytest.mark.filterwarnings("ignore:Metadata warning") +def test_tiff_crashes(test_file): + try: + with Image.open(test_file) as im: + im.load() + except FileNotFoundError: + if not on_ci(): + pytest.skip("test image not found") + return + raise + except OSError: + pass