From 518b783c64150571ab010cb375ec77e343be626e Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Mon, 12 Oct 2020 19:32:48 +1100 Subject: [PATCH 1/2] Removed OSError in favour of DecompressionBombError --- Tests/test_decompression_bomb.py | 4 ++++ src/PIL/BmpImagePlugin.py | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py index 5799fc0ed..132269933 100644 --- a/Tests/test_decompression_bomb.py +++ b/Tests/test_decompression_bomb.py @@ -60,6 +60,10 @@ class TestDecompressionBomb: with pytest.raises(Image.DecompressionBombError): Image.open("Tests/images/decompression_bomb.gif") + def test_exception_bmp(self): + with pytest.raises(Image.DecompressionBombError): + Image.open("Tests/images/bmp/b/reallybig.bmp") + class TestDecompressionCrop: @classmethod diff --git a/src/PIL/BmpImagePlugin.py b/src/PIL/BmpImagePlugin.py index 711e030e1..1bcbe93b2 100644 --- a/src/PIL/BmpImagePlugin.py +++ b/src/PIL/BmpImagePlugin.py @@ -162,10 +162,6 @@ class BmpImageFile(ImageFile.ImageFile): else (1 << file_info["bits"]) ) - # ------------------------------- Check abnormal values for DOS attacks - if file_info["width"] * file_info["height"] > 2 ** 31: - raise OSError("Unsupported BMP Size: (%dx%d)" % self.size) - # ---------------------- Check bit depth for unusual unsupported values self.mode, raw_mode = BIT2MODE.get(file_info["bits"], (None, None)) if self.mode is None: From cf3115632679484ad14fa132e6b9a65cdd398506 Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Mon, 12 Oct 2020 19:58:39 +1100 Subject: [PATCH 2/2] Added release notes for #4966 [ci skip] --- docs/releasenotes/8.0.0.rst | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/docs/releasenotes/8.0.0.rst b/docs/releasenotes/8.0.0.rst index 79fdb7340..4d79b4aaf 100644 --- a/docs/releasenotes/8.0.0.rst +++ b/docs/releasenotes/8.0.0.rst @@ -86,15 +86,11 @@ A new method :py:meth:`.ImageDraw.regular_polygon`, draws a regular polygon of ` For example ``draw.regular_polygon(((100, 100), 50), 5)`` draws a pentagon centered at the point ``(100, 100)`` with a polygon radius of ``50``. -Security -======== - -TODO - Other Changes ============= -TODO -^^^^ +Error for large BMP files +^^^^^^^^^^^^^^^^^^^^^^^^^ -TODO +Previously, if a BMP file was too large, an ``OSError`` would be raised. Now, +``DecompressionBombError`` is used instead, as Pillow already uses for other formats.