Merge pull request #4102 from radarhere/decompression

Added decompression bomb checks
This commit is contained in:
Andrew Murray 2019-09-30 20:31:05 +10:00 committed by GitHub
commit f228d0ccbf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 0 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 B

View File

@ -14,6 +14,7 @@ class TestDecompressionBomb(PillowTestCase):
def test_no_warning_small_file(self): def test_no_warning_small_file(self):
# Implicit assert: no warning. # Implicit assert: no warning.
# A warning would cause a failure. # A warning would cause a failure.
Image.MAX_IMAGE_PIXELS = ORIGINAL_LIMIT
Image.open(TEST_FILE) Image.open(TEST_FILE)
def test_no_warning_no_limit(self): def test_no_warning_no_limit(self):
@ -41,6 +42,14 @@ class TestDecompressionBomb(PillowTestCase):
self.assertRaises(Image.DecompressionBombError, lambda: Image.open(TEST_FILE)) self.assertRaises(Image.DecompressionBombError, lambda: Image.open(TEST_FILE))
def test_exception_ico(self):
with self.assertRaises(Image.DecompressionBombError):
Image.open("Tests/images/decompression_bomb.ico")
def test_exception_gif(self):
with self.assertRaises(Image.DecompressionBombError):
Image.open("Tests/images/decompression_bomb.gif")
class TestDecompressionCrop(PillowTestCase): class TestDecompressionCrop(PillowTestCase):
def setUp(self): def setUp(self):

View File

@ -265,6 +265,7 @@ class GifImageFile(ImageFile.ImageFile):
self.dispose = None self.dispose = None
elif self.disposal_method == 2: elif self.disposal_method == 2:
# replace with background colour # replace with background colour
Image._decompression_bomb_check(self.size)
self.dispose = Image.core.fill("P", self.size, self.info["background"]) self.dispose = Image.core.fill("P", self.size, self.info["background"])
else: else:
# replace with previous contents # replace with previous contents

View File

@ -180,6 +180,7 @@ class IcoFile(object):
else: else:
# XOR + AND mask bmp frame # XOR + AND mask bmp frame
im = BmpImagePlugin.DibImageFile(self.buf) im = BmpImagePlugin.DibImageFile(self.buf)
Image._decompression_bomb_check(im.size)
# change tile dimension to only encompass XOR image # change tile dimension to only encompass XOR image
im._size = (im.size[0], int(im.size[1] / 2)) im._size = (im.size[0], int(im.size[1] / 2))