* BlpImagePlugin did not properly check that reads after jumping to
file offsets returned data. This could lead to a DOS where the
decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0
* PSDImagePlugin did not sanity check the number of input layers and
vs the size of the data block, this could lead to a DOS on
Image.open prior to Image.load.
* This issue dates to the PIL fork
Follow Python's file object semantics. User code is responsible for
closing resources (usually through a context manager) in a deterministic
way.
To achieve this, remove __del__ functions. These functions used to
closed open file handlers in an attempt to silence Python
ResourceWarnings. However, using __del__ has the following drawbacks:
- __del__ isn't called until the object's reference count reaches 0.
Therefore, resource handlers remain open or in use longer than
necessary.
- The __del__ method isn't guaranteed to execute on system exit. See the
Python documentation:
https://docs.python.org/3/reference/datamodel.html#object.__del__
> It is not guaranteed that __del__() methods are called for objects
> that still exist when the interpreter exits.
- Exceptions that occur inside __del__ are ignored instead of raised.
This has the potential of hiding bugs. This is also in the Python
documentation:
> Warning: Due to the precarious circumstances under which __del__()
> methods are invoked, exceptions that occur during their execution
> are ignored, and a warning is printed to sys.stderr instead.
Instead, always close resource handlers when they are no longer in use.
This will close the file handler at a specified point in the user's code
and not wait until the interpreter chooses to. It is always guaranteed
to run. And, if an exception occurs while closing the file handler, the
bug will not be ignored.
Now, when code receives a ResourceWarning, it will highlight an area
that is mishandling resources. It should not simply be silenced, but
fixed by closing resources with a context manager.
All warnings that were emitted during tests have been cleaned up. To
enable warnings, I passed the `-Wa` CLI option to Python. This exposed
some mishandling of resources in ImageFile.__init__() and
SpiderImagePlugin.loadImageSeries(), they too were fixed.
With the introduction and use of pytest, it is simple and easy to
execute specific tests in isolation through documented command line
arguments. Either by specifying the module path or through the `-k
EXPRESSION` argument. There is no longer any need to provide the
boilerplate:
if __name__ == '__main__':
unittest.main()
To every test file. It is simply noise.
The pattern remains in test files that aren't named with `test_*` as
those files are not discovered and executed by pytest by default.
The previous test configuration made it difficult to run a single test
with the pytest CLI. There were two major issues:
- The Tests directory was not a package. It now includes a __init__.py
file and imports from other tests modules are done with relative
imports.
- setup.cfg always specified the Tests directory. So even if a specific
test were specified as a CLI arg, this configuration would also always
include all tests. This configuration has been removed to allow
specifying a single test on the command line.
Contributors can now run specific tests with a single command such as:
$ tox -e py37 -- Tests/test_file_pdf.py::TestFilePdf.test_rgb
This makes it easy and faster to iterate on a single test failure and is
very familiar to those that have previously used tox and pytest.
When running tox or pytest with no arguments, they still discover and
runs all tests in the Tests directory.
