python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-11 04:07:21 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,946 Commits 48 Branches 91 Tags 312 MiB
3fbc9eb229
Commit Graph

590 Commits

Author SHA1 Message Date
Eric Soroos
bb6c11fb88 Fix FLI DOS -- CVE-2021-28676 
* FliDecode did not properly check that the block advance was
  non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz
 2021-04-01 17:17:23 +03:00
Eric Soroos
5a5e6db0ab Fix EPS DOS on _open -- CVE-2021-28677 
* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork
 2021-04-01 17:17:18 +03:00
Eric Soroos
3bf5eddb89 Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288 
* For J2k images with multiple bands, it's legal in to have different
  widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0
 2021-04-01 17:17:13 +03:00
Hugo van Kemenade
6812205f18
Merge pull request #5144 from UrielMaD/feature_xmp 2021-04-01 12:44:47 +03:00
Eric Soroos
87934e22d0 Fix for crash-0da0 2021-03-31 23:24:30 +02:00
Eric Soroos
53c80281d7 fix for crash-8115 2021-03-31 22:23:57 +02:00
Eric Soroos
45530d5ce1 fixes crash-74d2 2021-03-31 22:23:57 +02:00
Hugo van Kemenade
c54a7bb031
Merge pull request #5333 from radarhere/gif_frame_transparency 2021-03-31 18:08:11 +03:00
Konstantin Kopachev
0018685a8e Add Tests and support for Planar Tiff Images 2021-03-28 15:03:37 +02:00
Andrew Murray
b216b367ac Only set info transparency on first frame 2021-03-17 00:24:57 +11:00
Andrew Murray
9ce3eba7eb Only draw each pixel once 2021-03-08 19:54:03 +11:00
Andrew Murray
f5d49f4f61 Added rounded_rectangle method 2021-03-08 19:53:59 +11:00
Ondrej Baranovič
14671f715f
Merge branch 'master' into sbix 2021-03-07 20:05:25 +01:00
Hugo van Kemenade
3a27118d76
Merge pull request #5183 from radarhere/rectangle 
Only draw each rectangle outline pixel once
 2021-03-07 12:25:45 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx 
Handle PCX images with an odd stride
 2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo 2021-03-07 11:38:36 +02:00
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins 
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
 2021-03-06 10:19:14 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 18:51:13 +11:00
nulano
61ee8ec03c document and add tests for SBIX color font support 2021-02-22 12:00:20 +11:00
Andrew Murray
c0ee869c2c Only draw each rectangle outline pixel once 2021-02-22 07:48:58 +11:00
Andrew Murray
ac31061f22 Handle PCX images with an odd stride 2021-01-21 19:29:11 +11:00
Jan Solanti
ddd3a2b482 Add tests for issue #4142 2021-01-04 22:47:18 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff 
Fix TIFF OOB Write error
 2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx 
Fix for Read Overflow in PCX Decoding
 2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. 
* Don't trust the image to specify a buffer size
 2021-01-02 20:38:46 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c 
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
 2021-01-02 20:37:48 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655 
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
 2021-01-02 20:09:58 +11:00
Andrew Murray
db3b5108dc Changed MP Type to match #1631 image 2021-01-01 13:00:01 +11:00
Andrew Murray
6175389186 Only read different sizes for "Large Thumbnail" frames 2021-01-01 12:45:02 +11:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal 
Use disposal settings from previous frame in APNG
 2020-12-31 16:06:33 +02:00
UrielMaD
7968279c13 XMP feature added 2020-12-27 22:24:38 -06:00
Andrew Murray
5e4e0fa6ee Use disposal settings from previous frame 2020-12-24 09:55:22 +11:00
Andrew Murray
9940c84b08 Use previous disposal method in load_end 2020-12-23 13:22:53 +11:00
Andrew Murray
f886bc973b Moved string_dimension image to pillow-depends 2020-10-19 21:32:56 +11:00
Hugo van Kemenade
b074d87179
Merge pull request #4760 from qiankanglai/dds-rgba8888 
Support raw rgba8888 for dds
 2020-10-15 08:10:01 +03:00
Hugo van Kemenade
1cb3e2f742
Merge pull request #4918 from gofr/4825-jpeg-16-bit-qt 2020-10-14 17:58:12 +03:00
Andrew Murray
1a3367400c Added reading of IFD tag type 2020-10-14 23:37:54 +11:00
nulano
90e8255ba4 Merge remote-tracking branch 'upstream/master' into anchor-part3 
# Conflicts:
#	Tests/test_imagefontctl.py
 2020-10-12 15:50:45 +01:00
Hugo van Kemenade
43c3f4de80
Merge pull request #4955 from nulano/ft-color3 2020-10-12 13:52:01 +03:00
nulano
d84185579e move bitmap font tests to test_imagefont 2020-10-11 21:45:10 +01:00
Hugo van Kemenade
15c339470d
Merge pull request #4523 from xtsm/ellipse 
Implemented another ellipse drawing algorithm
 2020-10-11 18:04:34 +03:00
gofr
938e251088 Add new JPEG test image 2020-10-10 20:08:39 +02:00
nulano
1551e120ae add textlength and textbbox to ImageDraw 2020-10-09 01:02:51 +01:00
nulano
395aa946a9 add getbbox and getlength, with tests 
Squashed commits:

[ec9ec31b] add tests for invalid anchor
(cherry picked from commit 9e50a6a47f79876ee56942152047f03fff03c49b)

[386a9170] fix lint and docs
(cherry picked from commit 2d0d5282fcfc3ee332a41e60b865ee766445cc3d)

[29f5d4c9] restore and document previous getsize behaviour
see discussion in issue 4789
(cherry picked from commit 9fbc94571ce0ed42fdd11e99f343a1613c9dc6d3)

[0ffd51a0] add getbbox and getlength, with tests
(cherry picked from commit c5f63737476a998c81e589e5819d21ca69bb7b46)
 2020-10-09 00:56:58 +01:00
nulano
786eaf11e2 downgrade NotoColorEmoji to minimize size 2020-10-07 13:31:05 +01:00
nulano
24f3d85a3e add test for {1bpp, 2bpp, 4bpp, 8bpp} bitmap fonts 2020-10-07 11:57:15 +01:00
nulano
55db572467 add tests for opaque COLR and CBDT fonts 2020-10-07 05:29:18 +01:00
Hugo van Kemenade
b29cab08d3
Merge pull request #4930 from nulano/anchor-part2 2020-10-05 20:19:33 +03:00
Andrew Murray
26bf1c3524 Moved CVE images to pillow-depends 2020-09-23 00:14:40 +10:00
nulano
0838d8ea62 add tests for multiline text with anchor 2020-09-22 14:58:21 +02:00
nulano
3fc1be06e6 add and fix tests for text anchors 2020-09-22 11:31:43 +02:00
Hugo van Kemenade
93d011efb5
Merge pull request #4910 from nulano/anchor-part1 2020-09-19 13:41:15 +03:00
nulano
ee1cc6ad7c remove use of FT_Set_Transform 2020-09-09 02:14:49 +02:00
nulano
54e067779b fix and add tests 
(cherry picked from commit 0b711f10d0490863976699c051f2027b6799d501) (+1 squashed commits)

Squashed commits:

[9d4e6c17] fix tests
 2020-09-09 02:12:21 +02:00
Hugo van Kemenade
3dba4ee10a
Merge pull request #4846 from comhar/features/compute_polygon_coordinates 2020-09-04 23:28:43 +03:00
Andrew Murray
186a4723c8 Added test for empty GPS IFD 2020-09-02 21:14:36 +10:00
Tommy C
df9329f9f0 Replace bbox with b_circle, kwargs with args + minor tweaks 
Summary of changes:
 - `ImageDraw.regular_polygon` now accepts a bounding circle which
inscribes the polygon. A bounding circle is defined by a center point
(x0, y0) and a radius. A bounding box is no longer accepted.
 - All keyword args have been replaced with positional args.

Misc
- Test image file renaming, minor variable name changes
 2020-08-20 20:46:11 +01:00
Tommy C
0ed01dd964 Add ImageDraw.regular_polygon 2020-08-16 13:29:13 +01:00
Andrew Murray
5da1a8adcf Read EXIF data tEXt chunk into info as bytes instead of string 2020-07-31 17:42:48 +10:00
Kanglai Qian
b5c59878da support raw rgba8888 for dds 2020-07-07 00:22:57 +08:00
Stanislau Tsitsianok
7dedb1402f
Merge remote-tracking branch 'upstream/master' into ellipse 2020-06-29 23:31:25 +03:00
Stanislau Tsitsianok
5830a641cc
Added more tests 2020-06-29 23:31:04 +03:00
Stanislau Tsitsianok
9a9d3a050a
Fixed tests 2020-06-29 22:49:11 +03:00
Andrew Murray
cdf4936c07 Fixed loading non-RGBA mode images with dispose background 2020-06-29 21:20:57 +10:00
Andrew Murray
c1fe0b4e0c Use hypot function 2020-06-23 19:17:00 +10:00
Hugo van Kemenade
390b34c231
Merge pull request #4664 from nulano/ft-getsize-mode 2020-06-21 18:53:03 +03:00
Hugo van Kemenade
b9a087d482
Merge pull request #4566 from radarhere/text 
Consider transparency when pasting text on an RGBA image
 2020-06-20 15:02:59 +03:00
Stanislau Tsitsianok
27109c9011
Merge remote-tracking branch 'upstream/master' into ellipse 2020-06-16 20:20:44 +03:00
Andrew Murray
05932c4cbc Updated harfbuzz to 2.6.7 2020-06-14 22:23:19 +10:00
Andrew Murray
eeb9e719e3 Fixed drawing a 1px high polygon 2020-06-07 12:07:13 +10:00
nulano
2dd9324df2 add mono color text test 2020-06-01 22:18:38 +02:00
Hugo van Kemenade
02d55b79c1
Merge pull request #4560 from radarhere/xmp 2020-06-01 10:49:00 +03:00
Stanislau Tsitsianok
305b61ed1c
Added test with various ellipse sizes 2020-05-08 23:54:17 +03:00
Alexander
f15e4a8e06 truncate icclist instead of changing to None 2020-05-08 19:48:20 +03:00
Andrew Murray
e10cab42f1 Consider transparency when drawing text on an RGBA image 2020-04-19 20:56:17 +10:00
Andrew Murray
1e63f772f8 Parse orientation from XMP tags 2020-04-16 21:05:34 +10:00
Stanislau Tsitsianok
521c431734
fixed failing tests 2020-04-03 22:33:47 +03:00
Hugo van Kemenade
46f4a349b8
Merge pull request #4507 from hugovk/fix_tiff 
Fix 2 buffer overflows in TIFF decoding
 2020-04-01 12:51:04 +03:00
Hugo van Kemenade
ff60894d69
Merge pull request #4505 from hugovk/jpeg2k_overflow 
Fix bounds overflow in JPEG 2000 decoding
 2020-04-01 12:27:27 +03:00
Hugo van Kemenade
2ef59fdbae
Merge pull request #4504 from hugovk/sgi_fixes 
Fix buffer overflow in SGI-RLE decoding
 2020-04-01 12:27:14 +03:00
Hugo van Kemenade
0da1eca7cf
Merge pull request #4503 from hugovk/fix_fli_6.2.x 
Fix multiple OOB reads in FLI decoding
 2020-04-01 12:27:04 +03:00
Eric Soroos
6e7c0ced68 Tests for tiff crashes 2020-04-01 11:02:40 +03:00
Eric Soroos
124f4bb591 Tests for PCX OOB Access 2020-04-01 10:50:48 +03:00
Eric Soroos
30443d39bd Tests for jp2 overflow 2020-04-01 10:33:46 +03:00
Eric Soroos
dd341f12d6 Tests for SGI Overruns 2020-04-01 10:12:21 +03:00
Eric Soroos
00c6dd72d9 Tests for additional hits 2020-04-01 09:53:18 +03:00
Eric Soroos
19ff42bd68 tests for Fli OOB reads 2020-04-01 09:53:04 +03:00
Hugo van Kemenade
f27873a888
Merge pull request #4243 from pmrowla/apng 
Add APNG support
 2020-04-01 00:23:57 +03:00
Marcin Jaworski
422efd68c3 Add tests for charset aware PcfFontFile 2020-03-31 10:20:43 +02:00
Andrew Murray
ca5a81ef27 Added reading of earlier ImageMagick EXIF data 2020-03-14 00:04:58 +11:00
Andrew Murray
9f61be4c72
Merge branch 'master' into apng 2020-03-09 23:29:40 +11:00
Hugo van Kemenade
da4667cc9e
Merge pull request #4401 from radarhere/freetype 
Fixed stroke on FreeType < 2.9
 2020-03-06 00:21:17 +02:00
Hugo van Kemenade
64a9e0c660
Merge branch 'master' into apng 2020-02-29 17:40:17 +02:00
Andrew Murray
9ba25f8135 Trim end of name, keeping ext 2020-02-26 20:15:23 +11:00
Andrew Murray
17c10b0ca0 Fixed stroke on FreeType < 2.9 2020-02-24 22:49:33 +11:00
Peter Rowlands
7c0df1034f Add APNG test cases 
Includes tests for reading and writing APNG files.

The tests for reading files are based on the APNG browser compatibility
tests from https://philip.html5.org/tests/apng/tests.html
(which is linked in the Tests section of https://wiki.mozilla.org/APNG_Specification)
 2020-02-23 15:14:06 +11:00
Hugo van Kemenade
0e993c4740
Merge pull request #4334 from radarhere/outline_width 
Allow explicit zero width to hide outline
 2020-02-15 14:30:12 +02:00