Merge pull request #4929 from radarhere/crash

Moved CVE images to pillow-depends
This commit is contained in:
Hugo van Kemenade 2020-09-22 23:38:58 +03:00 committed by GitHub
commit eb00829bdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 29 deletions

View File

@ -1,29 +0,0 @@
#!/usr/bin/env python
# Reproductions/tests for crashes/read errors in TiffDecode.c
# When run in python, all of these images should fail for
# one reason or another, either as a buffer overrun,
# unrecognized datastream, or truncated image file.
# There shouldn't be any segfaults.
#
# if run like
# `valgrind --tool=memcheck python check_tiff_crashes.py 2>&1 | grep TiffDecode.c`
# the output should be empty. There may be python issues
# in the valgrind especially if run in a debug python
# version.
from PIL import Image
repro_read_strip = (
"images/crash_1.tif",
"images/crash_2.tif",
)
for path in repro_read_strip:
with Image.open(path) as im:
try:
im.load()
except Exception as msg:
print(msg)

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,36 @@
# Reproductions/tests for crashes/read errors in TiffDecode.c
# When run in Python, all of these images should fail for
# one reason or another, either as a buffer overrun,
# unrecognized datastream, or truncated image file.
# There shouldn't be any segfaults.
#
# if run like
# `valgrind --tool=memcheck pytest test_tiff_crashes.py 2>&1 | grep TiffDecode.c`
# the output should be empty. There may be Python issues
# in the valgrind especially if run in a debug Python
# version.
import pytest
from PIL import Image
from .helper import on_ci
@pytest.mark.parametrize(
"test_file", ["Tests/images/crash_1.tif", "Tests/images/crash_2.tif"]
)
@pytest.mark.filterwarnings("ignore:Possibly corrupt EXIF data")
@pytest.mark.filterwarnings("ignore:Metadata warning")
def test_tiff_crashes(test_file):
try:
with Image.open(test_file) as im:
im.load()
except FileNotFoundError:
if not on_ci():
pytest.skip("test image not found")
return
raise
except OSError:
pass