Eric Soroos
bb6c11fb88
Fix FLI DOS -- CVE-2021-28676
...
* FliDecode did not properly check that the block advance was
non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz
2021-04-01 17:17:23 +03:00
Eric Soroos
5a5e6db0ab
Fix EPS DOS on _open -- CVE-2021-28677
...
* The readline used in EPS has to deal with any combination of \r and
\n as line endings. It used an accidentally quadratic method of
accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
the open phase, before an image was accepted for opening.
* This dates to the PIL Fork
2021-04-01 17:17:18 +03:00
Eric Soroos
3bf5eddb89
Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288
...
* For J2k images with multiple bands, it's legal in to have different
widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0
2021-04-01 17:17:13 +03:00
Andrew Murray
2c8684c525
Moved getxmp() into JpegImageFile
2021-04-01 22:28:37 +11:00
Hugo van Kemenade
6812205f18
Merge pull request #5144 from UrielMaD/feature_xmp
2021-04-01 12:44:47 +03:00
Hugo van Kemenade
b90c73f08d
Merge pull request #5373 from wiredfool/valgrind_test_warnings
...
Fix pytest valgrind warnings
2021-04-01 12:17:50 +03:00
Hugo van Kemenade
8c852e44f0
Merge pull request #5349 from latosha-maltba/master
2021-04-01 11:55:37 +03:00
Andrew Murray
37f9fcf93b
Removed unused imports
2021-04-01 12:57:34 +11:00
Eric Soroos
87934e22d0
Fix for crash-0da0
2021-03-31 23:24:30 +02:00
Eric Soroos
53c80281d7
fix for crash-8115
2021-03-31 22:23:57 +02:00
Eric Soroos
45530d5ce1
fixes crash-74d2
2021-03-31 22:23:57 +02:00
Eric Soroos
22a6893364
Fix pytest valgrind warnings
2021-03-31 21:28:15 +02:00
Hugo van Kemenade
c54a7bb031
Merge pull request #5333 from radarhere/gif_frame_transparency
2021-03-31 18:08:11 +03:00
Hugo van Kemenade
727533148e
Merge pull request #5282 from radarhere/quantize
...
Set all transparent colors to be equal in quantize()
2021-03-31 17:58:21 +03:00
Hugo van Kemenade
683affa29c
Merge pull request #5206 from radarhere/numpy
2021-03-31 17:46:32 +03:00
Andrew Murray
b0b4fee796
Merge pull request #5350 from elejke/master
...
Add preserve_tone option to autocontrast
2021-03-30 07:59:57 +11:00
Andrew Murray
7844c6e483
Test that preserve_tone changes RGB images but not L images
2021-03-29 23:26:34 +11:00
wiredfool
9a683db339
Merge pull request #5274 from radarhere/gradient
...
Fixed linear_gradient and radial_gradient I and F modes
2021-03-28 14:35:22 +01:00
wiredfool
d0612030a0
Merge pull request #5364 from wiredfool/4641_merge
...
Add support for reading TIFFs with PlanarConfiguration=2
2021-03-28 14:33:42 +01:00
wiredfool
611a6d2330
Merge pull request #5328 from wiredfool/oss-fuzz
...
More OSS-Fuzz support
2021-03-28 14:19:29 +01:00
Konstantin Kopachev
4c2dfadf26
Swap pixel values on Big Endian
2021-03-28 15:03:37 +02:00
Konstantin Kopachev
169bb4842f
only use TIFFReadRGBA* in case of o_jpeg compression
2021-03-28 15:03:37 +02:00
nulano
671837840a
the previous commit also fixes these big-endian failures
2021-03-28 15:03:37 +02:00
Konstantin Kopachev
0018685a8e
Add Tests and support for Planar Tiff Images
2021-03-28 15:03:37 +02:00
German Novikov
d18e55013d
Update Tests/test_imageops.py
...
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-03-28 15:02:52 +03:00
Eric Soroos
bf8cebc96d
Add libxcb to fuzzers
2021-03-28 13:49:37 +02:00
Hugo van Kemenade
e405ab300b
Merge pull request #5351 from radarhere/categories
2021-03-28 14:34:50 +03:00
Andrew Murray
71cd97a519
Added deprecation warnings
2021-03-28 15:51:28 +11:00
Ondrej Baranovič
9872d57e3b
corrected comment
2021-03-27 02:06:36 +01:00
German Novikov
977e64fb61
Update Tests/test_imageops.py
...
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-03-25 14:56:30 +03:00
nulano
49fa3656b1
do not premultiply alpha when resizing with Image.NEAREST resampling
2021-03-23 13:16:20 +01:00
elejke
694d70bdc3
fixed typos in test for autocolor tone preserving
2021-03-23 13:09:51 +03:00
Andrew Murray
4a0698838d
Parametrized test
2021-03-23 20:08:18 +11:00
elejke
8913166c7e
fix test function name for autocontrast
2021-03-23 11:59:37 +03:00
Latosha Maltba
52794432f0
Make code for ImageMagick/GraphicsMagick more symmetric
2021-03-22 19:50:06 +00:00
Andrew Murray
35943372f0
Removed CONVERT helper variables
2021-03-22 19:50:06 +00:00
elejke
f73d238cd2
removed redundant comments in tests for tone preserving autocolor
2021-03-22 15:30:43 +03:00
German Novikov
25403063ea
Update Tests/test_imageops.py
...
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-03-22 15:27:13 +03:00
elejke
b4e5a6d202
add more tests for autocontrast preserve tone option
2021-03-22 12:06:44 +03:00
elejke
c585e6ab6b
Add preserve_tone option to autocontrast
2021-03-21 21:15:13 +03:00
Hugo van Kemenade
ddcc936643
Merge pull request #5330 from radarhere/png_plte
...
Allow fewer PNG palette entries than the bit depth maximum when saving
2021-03-21 17:31:35 +02:00
Latosha Maltba
ef864d72f1
TestSuite: Add support for GraphicsMagick
...
Add support to run the tests using GraphicsMagick's "gm convert" instead
of ImageMagick's "convert".
2021-03-21 14:36:18 +00:00
Hugo van Kemenade
688e6f163f
Merge pull request #5338 from radarhere/webp_save_duration
...
Use duration from info dictionary when saving WebP
2021-03-21 11:35:28 +02:00
Andrew Murray
754752e78f
Allow fewer palette entries than the bit depth maximum
2021-03-21 09:22:01 +11:00
Hugo van Kemenade
7235cf3135
Merge pull request #5345 from radarhere/tofile
...
Increased use of assert_image_equal_tofile
2021-03-21 00:05:28 +02:00
Hugo van Kemenade
e1e9569d8a
Merge pull request #5331 from radarhere/png_bits
...
Added test for saving PNG with bits keyword
2021-03-20 23:25:24 +02:00
Andrew Murray
6591297239
Increased use of assert_image_equal_tofile
2021-03-20 22:32:27 +11:00
Hugo van Kemenade
5a209081b2
Merge pull request #4947 from radarhere/exif
2021-03-19 21:26:33 +02:00
Andrew Murray
298600381f
Replaced tiff_deflate with tiff_adobe_deflate compression when saving
2021-03-19 12:00:29 +11:00
Andrew Murray
94df4ec1c9
Lint fix
2021-03-17 23:16:35 +11:00
Andrew Murray
1d8c5a820c
Use duration from info dictionary when saving
2021-03-17 20:37:31 +11:00
Andrew Murray
b216b367ac
Only set info transparency on first frame
2021-03-17 00:24:57 +11:00
Andrew Murray
c801db7a32
Added test for saving PNG with bits keyword
2021-03-15 21:27:07 +11:00
Andrew Murray
68719fe6ea
Merge branch 'master' into exif
2021-03-15 12:41:45 +11:00
Andrew Murray
c52b45df62
Removed automatic retrieval of GPS IFD
2021-03-15 12:33:06 +11:00
Eric Soroos
ad37e86c40
DecompressionBombError is now an option
2021-03-15 00:21:18 +01:00
Eric Soroos
83dabda6b2
Clean up comments and filters
2021-03-15 00:18:07 +01:00
Eric Soroos
d45247eb66
Add decompression bomb error to font fuzzer
2021-03-15 00:14:43 +01:00
Eric Soroos
76e0422eb7
Isort linted that there's an extra line, which black didn't worry about
2021-03-14 14:13:37 +01:00
Eric Soroos
862e3b9d8e
Apparently, it's a keyword-only parameter
2021-03-14 14:11:48 +01:00
Eric Soroos
961b2c0242
True
2021-03-14 14:03:41 +01:00
Eric Soroos
487dc16ce6
Can't skip windows properly because the depenedncy is in the decorator
2021-03-14 13:57:24 +01:00
Eric Soroos
bb6b991d8d
no colors anymore, they want them to turn black
2021-03-14 13:49:36 +01:00
Eric Soroos
0ea13132a2
Overflow error shows up in x86
2021-03-14 13:42:16 +01:00
Eric Soroos
6189bca3bc
Skip fuzzer tests on windows
2021-03-14 13:42:16 +01:00
Eric Soroos
8b06fec6ab
linty bits
2021-03-14 13:14:39 +01:00
Eric Soroos
c17ce801cf
I see a python file and I want to paint it black
2021-03-14 13:02:48 +01:00
Eric Soroos
becd633d3f
Refactor fuzzers, add fuzzer tests
2021-03-14 13:01:27 +01:00
Hugo van Kemenade
1c086c65d4
Merge pull request #5321 from radarhere/tiff_icc_profile
...
Save ICC profile from TIFF encoderinfo
2021-03-14 10:42:51 +02:00
Hugo van Kemenade
982837ec85
Merge pull request #5325 from radarhere/unclosed_file
...
Fixed unclosed file warning
2021-03-14 10:29:58 +02:00
Eric Soroos
e2577d1736
font fuzzer
2021-03-13 11:35:50 +01:00
Eric Soroos
38692f222f
Delegate building of oss-fuzz versions to pillow
2021-03-13 11:12:05 +01:00
Andrew Murray
2844fd2d18
Fixed unclosed file warning
2021-03-12 22:45:07 +11:00
Andrew Murray
f42d6cf1ac
Save ICC profile from TIFF encoderinfo
2021-03-10 20:16:49 +11:00
Andrew Murray
e54880c652
Moved RGB fix inside ImageQt class
2021-03-10 13:17:19 +11:00
Hugo van Kemenade
3225e39e9a
Merge branch 'master' into alpha_composite
2021-03-08 14:16:46 +02:00
Hugo van Kemenade
d9e4424a7f
Merge pull request #5260 from radarhere/imageqt_exclusive_fp
...
Ensure file is closed if it is opened by ImageQt.ImageQt
2021-03-08 14:13:48 +02:00
Andrew Murray
e7f5bb1831
Ensure file is closed if it is opened by ImageQt.ImageQt
2021-03-08 20:38:03 +11:00
Andrew Murray
9ce3eba7eb
Only draw each pixel once
2021-03-08 19:54:03 +11:00
Andrew Murray
f5d49f4f61
Added rounded_rectangle method
2021-03-08 19:53:59 +11:00
Ondrej Baranovič
14671f715f
Merge branch 'master' into sbix
2021-03-07 20:05:25 +01:00
Hugo van Kemenade
6108596ff8
Merge pull request #5289 from radarhere/ipythonviewer
2021-03-07 14:26:50 +02:00
Hugo van Kemenade
3a27118d76
Merge pull request #5183 from radarhere/rectangle
...
Only draw each rectangle outline pixel once
2021-03-07 12:25:45 +02:00
Hugo van Kemenade
f15f573e51
Merge pull request #5224 from radarhere/mapper
2021-03-07 11:51:46 +02:00
Hugo van Kemenade
a95fee0475
Merge pull request #5215 from radarhere/license
...
Document license for several fonts
2021-03-07 11:41:56 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx
...
Handle PCX images with an odd stride
2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo
2021-03-07 11:38:36 +02:00
Andrew Murray
690cf9ebe2
Allow alpha_composite destination to be negative
2021-03-06 20:54:21 +11:00
Andrew Murray
5269ab13a7
Lint fix
2021-03-06 10:20:01 +11:00
Eric Soroos
480f6819b5
Fix Memory DOS in Icns, Ico and Blp Image Plugins
...
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.
This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 10:19:14 +11:00
Andrew Murray
346bfc9537
Added IPythonViewer
2021-03-04 08:55:24 +11:00
Eric Soroos
cbdce6c5d0
Fix for CVE-2021-25291
...
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70
Fix negative size read in TiffDecode.c
...
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd
Fix OOB read in SgiRleDecode.c
...
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94
Incorrect error code checking in TiffDecode.c
...
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 18:51:13 +11:00
Andrew Murray
3e670d7737
Migrated from deprecated numpy bool and float
2021-02-26 20:59:11 +11:00
Andrew Murray
114145a61a
Set all transparent colors to be equal
2021-02-25 22:49:11 +11:00
Andrew Murray
297789284b
Fixed linear_gradient and radial_gradient 32-bit modes
2021-02-22 19:32:52 +11:00
Andrew Murray
8fb5fd7f63
Updated tests for changed helper imports
2021-02-22 12:14:49 +11:00
nulano
c709aa3d28
minor test formatting cleanup
2021-02-22 12:03:01 +11:00
nulano
61ee8ec03c
document and add tests for SBIX color font support
2021-02-22 12:00:20 +11:00
Andrew Murray
c0ee869c2c
Only draw each rectangle outline pixel once
2021-02-22 07:48:58 +11:00
Andrew Murray
e763f8f2be
Save interop IFD when converting Exif to bytes
2021-02-22 07:47:59 +11:00
Andrew Murray
4b14f0102d
Save base IFDs when converting Exif to bytes
2021-02-22 07:47:05 +11:00
Andrew Murray
faf8fad76d
Stopped flattening EXIF IFD into getexif()
2021-02-22 07:47:05 +11:00
Andrew Murray
3495b319bd
Replaced various instances of assert_image_similar with assert_image_similar_tofile
2021-02-21 22:22:29 +11:00
Andrew Murray
a5c251029c
Replaced various instances of assert_image_equal with assert_image_equal_tofile
2021-02-21 22:15:56 +11:00
Hugo van Kemenade
1857bf5570
Merge pull request #5259 from radarhere/warns
2021-02-17 21:31:15 +02:00
Andrew Murray
a1b4b026ff
Added pragma no cover
2021-02-14 07:58:16 +11:00
Andrew Murray
83542c42bf
Added context managers
2021-02-11 21:43:54 +11:00
Andrew Murray
4a0569e97f
Changed zero length assertions to falsy
2021-02-11 13:48:31 +11:00
Andrew Murray
01be700081
Fixed asserting that no warnings were raised
2021-02-10 23:37:55 +11:00
Andrew Murray
57d6e8ca43
Added PyQt6 support
2021-02-10 21:12:32 +11:00
Andrew Murray
bc0c0cb11a
Merge pull request #5250 from Piolie/open_formats_case
...
Changed Image.open formats parameter to be case-insensitive
2021-02-08 18:19:02 +11:00
Piolie
4a9a999dbb
Update Tests/test_image.py
...
Keep the original test cases; add the most likely non-uppercase versions.
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-02-05 12:21:27 -03:00
Piolie
0c1675a143
Make formats
parameter in Image.open
accept aNy cAsE
2021-02-04 22:47:53 -03:00
Andrew Murray
63f21609c0
Added context manager
2021-02-02 23:39:53 +11:00
Andrew Murray
11cb3fba9c
Added test
2021-01-30 13:01:42 +11:00
Andrew Murray
e4b9f88de4
Updated test now that Win32 uses map_buffer
2021-01-30 12:59:45 +11:00
Andrew Murray
eb7e5d2797
Moved test that requires libtiff
2021-01-29 08:00:37 +11:00
Andrew Murray
b39977e1c2
Document license for several fonts
2021-01-21 21:33:35 +11:00
Andrew Murray
ac31061f22
Handle PCX images with an odd stride
2021-01-21 19:29:11 +11:00
wiredfool
e40a07bca6
Merge pull request #5150 from wiredfool/valgrind_tests
...
Support for ignoring tests when running valgrind
2021-01-16 16:56:55 +00:00
Andrew Murray
7b4b356fc0
Test for incorrect PixelAccess arguments
2021-01-14 22:09:11 +11:00
Andrew Murray
bdbf1694fc
Allow PixelAccess to use Python __int__ when parsing x and y
2021-01-14 21:31:25 +11:00
Eric Soroos
1d0149c369
feck8
2021-01-07 15:26:23 +01:00
Eric Soroos
a6fa139f62
useless reptile
2021-01-07 14:57:49 +01:00
Eric Soroos
1d7c8e03d0
known failing tests from valgrind -- uninitialized values
2021-01-07 14:52:02 +01:00
Andrew Murray
a58ff327d4
Moved imports to top of file
2021-01-07 14:52:02 +01:00
Andrew Murray
59ee809f13
Updated capitalisation
...
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-01-07 14:52:02 +01:00
Andrew Murray
d35995f945
Lint fixes
2021-01-07 14:52:02 +01:00
Eric Soroos
bd38487324
Ignore this test in valgrind -- the metadata values don't make logical sense.
2021-01-07 14:52:02 +01:00
Eric Soroos
59ed81f838
Add pytest configuration for patching around an unknown valgrind mark
2021-01-07 14:52:02 +01:00
Andrew Murray
eaeaa181dd
Removed unused import
2021-01-07 23:18:24 +11:00
Eric Soroos
37a7c601cc
uglify
2021-01-07 13:07:28 +01:00
Eric Soroos
ffbaa6523d
Internal support for oss-fuzz testing
2021-01-07 12:55:11 +01:00
Andrew Murray
2341c6b933
Merge branch 'master' into jp2-decode-subsample
2021-01-04 23:25:09 +11:00
Jan Solanti
ddd3a2b482
Add tests for issue #4142
2021-01-04 22:47:18 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff
...
Fix TIFF OOB Write error
2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx
...
Fix for Read Overflow in PCX Decoding
2021-01-02 21:00:25 +11:00
Andrew Murray
903c67353d
Lint fix
2021-01-02 20:41:17 +11:00
Eric Soroos
2f409261eb
Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
...
* Don't trust the image to specify a buffer size
2021-01-02 20:38:46 +11:00
wiredfool
eb8c1206d6
Fix CVE-2020-35654 - OOB Write in TiffDecode.c
...
* In some circumstances with some versions of libtiff (4.1.0+), there
could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
2021-01-02 20:37:48 +11:00
Andrew Murray
1cbb12fb6e
Lint fix
2021-01-02 20:19:26 +11:00
Eric Soroos
7e95c63fa7
Fix for SGI Decode buffer overrun CVE-2020-35655
...
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read
2021-01-02 10:14:17 +02:00
Hugo van Kemenade
effa65cb38
Refactor
2021-01-01 20:37:16 +02:00
Hugo van Kemenade
4e3dc9a06b
Add support for PySide6
2021-01-01 20:34:44 +02:00
Andrew Murray
db3b5108dc
Changed MP Type to match #1631 image
2021-01-01 13:00:01 +11:00
Andrew Murray
6175389186
Only read different sizes for "Large Thumbnail" frames
2021-01-01 12:45:02 +11:00