From 3fe0b5534e6b67fc10d4a805f09f3171af208ba3 Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 16:36:51 -0700
Subject: [PATCH 1/8] fix buffer overflow for YCbCr histograms

---
 libImaging/Imaging.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libImaging/Imaging.h b/libImaging/Imaging.h
index 64a4fb66d..dd9532389 100644
--- a/libImaging/Imaging.h
+++ b/libImaging/Imaging.h
@@ -72,10 +72,12 @@ typedef struct ImagingPaletteInstance* ImagingPalette;
 #define IMAGING_TYPE_FLOAT32 2
 #define IMAGING_TYPE_SPECIAL 3 /* check mode for details */
 
+#define IMAGING_MODE_LENGTH 6+1 /* Band names ("1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "BGR;xy") */
+
 struct ImagingMemoryInstance {
 
     /* Format */
-    char mode[6+1];	/* Band names ("1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "BGR;xy") */
+    char mode[IMAGING_MODE_LENGTH];	/* Band names ("1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "BGR;xy") */
     int type;		/* Data type (IMAGING_TYPE_*) */
     int depth;		/* Depth (ignored in this version) */
     int bands;		/* Number of bands (1, 2, 3, or 4) */
@@ -127,7 +129,7 @@ struct ImagingAccessInstance {
 struct ImagingHistogramInstance {
 
     /* Format */
-    char mode[4+1];	/* Band names (of corresponding source image) */
+    char mode[IMAGING_MODE_LENGTH];	/* Band names (of corresponding source image) */
     int bands;		/* Number of bands (1, 3, or 4) */
 
     /* Data */

From b161209e0950b0cffcb4cce9e05c8cf0821dfbe5 Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 16:47:40 -0700
Subject: [PATCH 2/8] Switching to strncpy, fixing potential buffer overflow in
 palette as well

---
 libImaging/Histo.c   | 2 +-
 libImaging/Imaging.h | 2 +-
 libImaging/Palette.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libImaging/Histo.c b/libImaging/Histo.c
index 513c84475..0bfc8dfe9 100644
--- a/libImaging/Histo.c
+++ b/libImaging/Histo.c
@@ -41,7 +41,7 @@ ImagingHistogramNew(Imaging im)
 
     /* Create histogram descriptor */
     h = calloc(1, sizeof(struct ImagingHistogramInstance));
-    strcpy(h->mode, im->mode);
+    strncpy(h->mode, im->mode, IMAGING_MODE_LENGTH);
     h->bands = im->bands;
     h->histogram = calloc(im->pixelsize, 256 * sizeof(long));
 
diff --git a/libImaging/Imaging.h b/libImaging/Imaging.h
index dd9532389..cf94dae0b 100644
--- a/libImaging/Imaging.h
+++ b/libImaging/Imaging.h
@@ -141,7 +141,7 @@ struct ImagingHistogramInstance {
 struct ImagingPaletteInstance {
 
     /* Format */
-    char mode[4+1];	/* Band names */
+    char mode[IMAGING_MODE_LENGTH];	/* Band names */
 
     /* Data */
     UINT8 palette[1024];/* Palette data (same format as image data) */
diff --git a/libImaging/Palette.c b/libImaging/Palette.c
index bd4f4f1d6..9b0dd57c4 100644
--- a/libImaging/Palette.c
+++ b/libImaging/Palette.c
@@ -37,7 +37,7 @@ ImagingPaletteNew(const char* mode)
     if (!palette)
 	return (ImagingPalette) ImagingError_MemoryError();
 
-    strcpy(palette->mode, mode);
+    strncpy(palette->mode, mode, IMAGING_MODE_LENGTH);
 
     /* Initialize to ramp */
     for (i = 0; i < 256; i++) {

From d33f83531f19937b7955fed0b6e96202744ec6ce Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 20:40:23 -0700
Subject: [PATCH 3/8] print in test

---
 Tests/test_image_histogram.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Tests/test_image_histogram.py b/Tests/test_image_histogram.py
index c86cb578a..29989f4a5 100644
--- a/Tests/test_image_histogram.py
+++ b/Tests/test_image_histogram.py
@@ -16,4 +16,6 @@ def test_histogram():
     assert_equal(histogram("RGB"), (768, 0, 285))
     assert_equal(histogram("RGBA"), (1024, 0, 16384))
     assert_equal(histogram("CMYK"), (1024, 0, 16384))
+    print ("YCbCr")
     assert_equal(histogram("YCbCr"), (768, 0, 741))
+    print ("YCbCr Done")

From 66965b6bb44e2ba415e13f245c0454a56d83eb37 Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 16:36:51 -0700
Subject: [PATCH 4/8] fix buffer overflow for YCbCr histograms

---
 libImaging/Imaging.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libImaging/Imaging.h b/libImaging/Imaging.h
index 64a4fb66d..dd9532389 100644
--- a/libImaging/Imaging.h
+++ b/libImaging/Imaging.h
@@ -72,10 +72,12 @@ typedef struct ImagingPaletteInstance* ImagingPalette;
 #define IMAGING_TYPE_FLOAT32 2
 #define IMAGING_TYPE_SPECIAL 3 /* check mode for details */
 
+#define IMAGING_MODE_LENGTH 6+1 /* Band names ("1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "BGR;xy") */
+
 struct ImagingMemoryInstance {
 
     /* Format */
-    char mode[6+1];	/* Band names ("1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "BGR;xy") */
+    char mode[IMAGING_MODE_LENGTH];	/* Band names ("1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "BGR;xy") */
     int type;		/* Data type (IMAGING_TYPE_*) */
     int depth;		/* Depth (ignored in this version) */
     int bands;		/* Number of bands (1, 2, 3, or 4) */
@@ -127,7 +129,7 @@ struct ImagingAccessInstance {
 struct ImagingHistogramInstance {
 
     /* Format */
-    char mode[4+1];	/* Band names (of corresponding source image) */
+    char mode[IMAGING_MODE_LENGTH];	/* Band names (of corresponding source image) */
     int bands;		/* Number of bands (1, 3, or 4) */
 
     /* Data */

From b5335c0cf36389ac26c306ae9fbba24c4b7feb8e Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 16:47:40 -0700
Subject: [PATCH 5/8] Switching to strncpy, fixing potential buffer overflow in
 palette as well

---
 libImaging/Histo.c   | 2 +-
 libImaging/Imaging.h | 2 +-
 libImaging/Palette.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libImaging/Histo.c b/libImaging/Histo.c
index 513c84475..0bfc8dfe9 100644
--- a/libImaging/Histo.c
+++ b/libImaging/Histo.c
@@ -41,7 +41,7 @@ ImagingHistogramNew(Imaging im)
 
     /* Create histogram descriptor */
     h = calloc(1, sizeof(struct ImagingHistogramInstance));
-    strcpy(h->mode, im->mode);
+    strncpy(h->mode, im->mode, IMAGING_MODE_LENGTH);
     h->bands = im->bands;
     h->histogram = calloc(im->pixelsize, 256 * sizeof(long));
 
diff --git a/libImaging/Imaging.h b/libImaging/Imaging.h
index dd9532389..cf94dae0b 100644
--- a/libImaging/Imaging.h
+++ b/libImaging/Imaging.h
@@ -141,7 +141,7 @@ struct ImagingHistogramInstance {
 struct ImagingPaletteInstance {
 
     /* Format */
-    char mode[4+1];	/* Band names */
+    char mode[IMAGING_MODE_LENGTH];	/* Band names */
 
     /* Data */
     UINT8 palette[1024];/* Palette data (same format as image data) */
diff --git a/libImaging/Palette.c b/libImaging/Palette.c
index bd4f4f1d6..9b0dd57c4 100644
--- a/libImaging/Palette.c
+++ b/libImaging/Palette.c
@@ -37,7 +37,7 @@ ImagingPaletteNew(const char* mode)
     if (!palette)
 	return (ImagingPalette) ImagingError_MemoryError();
 
-    strcpy(palette->mode, mode);
+    strncpy(palette->mode, mode, IMAGING_MODE_LENGTH);
 
     /* Initialize to ramp */
     for (i = 0; i < 256; i++) {

From 62a29c76181951368cac2b96b150afb14589e6f0 Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 20:40:23 -0700
Subject: [PATCH 6/8] print in test

---
 Tests/test_image_histogram.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Tests/test_image_histogram.py b/Tests/test_image_histogram.py
index c86cb578a..29989f4a5 100644
--- a/Tests/test_image_histogram.py
+++ b/Tests/test_image_histogram.py
@@ -16,4 +16,6 @@ def test_histogram():
     assert_equal(histogram("RGB"), (768, 0, 285))
     assert_equal(histogram("RGBA"), (1024, 0, 16384))
     assert_equal(histogram("CMYK"), (1024, 0, 16384))
+    print ("YCbCr")
     assert_equal(histogram("YCbCr"), (768, 0, 741))
+    print ("YCbCr Done")

From be6ee2f8267d31d4ded3117a49caec1699cef091 Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 20:50:20 -0700
Subject: [PATCH 7/8] reverting previous commit

---
 Tests/test_image_histogram.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Tests/test_image_histogram.py b/Tests/test_image_histogram.py
index 29989f4a5..c86cb578a 100644
--- a/Tests/test_image_histogram.py
+++ b/Tests/test_image_histogram.py
@@ -16,6 +16,4 @@ def test_histogram():
     assert_equal(histogram("RGB"), (768, 0, 285))
     assert_equal(histogram("RGBA"), (1024, 0, 16384))
     assert_equal(histogram("CMYK"), (1024, 0, 16384))
-    print ("YCbCr")
     assert_equal(histogram("YCbCr"), (768, 0, 741))
-    print ("YCbCr Done")

From 6b90bcd497c2418691b34d9d3a0e959cc5ec0290 Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Thu, 14 Mar 2013 20:56:19 -0700
Subject: [PATCH 8/8] reverting testing prints

---
 Tests/test_image_histogram.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Tests/test_image_histogram.py b/Tests/test_image_histogram.py
index 29989f4a5..c86cb578a 100644
--- a/Tests/test_image_histogram.py
+++ b/Tests/test_image_histogram.py
@@ -16,6 +16,4 @@ def test_histogram():
     assert_equal(histogram("RGB"), (768, 0, 285))
     assert_equal(histogram("RGBA"), (1024, 0, 16384))
     assert_equal(histogram("CMYK"), (1024, 0, 16384))
-    print ("YCbCr")
     assert_equal(histogram("YCbCr"), (768, 0, 741))
-    print ("YCbCr Done")