python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-02-11 00:50:51 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,236 Commits 49 Branches 92 Tags 256 MiB
8206f14419
Commit Graph

1548 Commits

Author SHA1 Message Date
Andrew Murray
8206f14419 Simplified code 2021-03-06 21:44:31 +11:00
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins 
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
 2021-03-06 10:19:14 +11:00
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1 
Fix suspicious sequence of types castings
 2021-03-01 20:19:26 +00:00
Hugo van Kemenade
3bce145966 Use more specific regex chars to prevent ReDoS 
* CVE-2021-25292
 2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 18:51:13 +11:00
Andrew Murray
5f92636bd0 Removed comment 2021-02-27 00:33:23 +11:00
Christoph Gohlke
71f48e19b9
Use unsigned size_t 2021-02-24 08:15:25 -08:00
Christoph Gohlke
48ac517c8d
Fix suspicious sequence of types castings 2021-02-24 07:02:42 -08:00
Andrew Murray
223b05a2ea Corrected docstring 2021-02-16 22:33:17 +11:00
Andrew Murray
c8ca4b909a Added braces 2021-02-13 11:32:52 +11:00
Andrew Murray
57d6e8ca43 Added PyQt6 support 2021-02-10 21:12:32 +11:00
Andrew Murray
441d75aa28 Updated docstring 2021-02-09 19:14:57 +11:00
Andrew Murray
bc0c0cb11a
Merge pull request #5250 from Piolie/open_formats_case 
Changed Image.open formats parameter to be case-insensitive
 2021-02-08 18:19:02 +11:00
Andrew Murray
587e073dac Moved case transformation before initialization check 2021-02-05 20:28:34 +11:00
Piolie
0c1675a143 Make formats parameter in Image.open accept aNy cAsE 2021-02-04 22:47:53 -03:00
Hugo van Kemenade
54f12f8aad
Merge pull request #5216 from radarhere/tk 
Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
 2021-02-02 15:00:15 +02:00
Andrew Murray
c10bf8d9a7 Improved docstring [ci skip] 2021-01-31 13:14:14 +11:00
Andrew Murray
428a62c696
Merge pull request #5223 from Bitblade/master 
Documentation error: Wrong threshold in conversion from L to 1
 2021-01-27 17:51:10 +11:00
Andrew Murray
c9740ab7e3 Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) 2021-01-26 18:14:28 +11:00
Andrew Murray
cf98f178ad Added tk version 2021-01-26 08:01:26 +11:00
Mark Laagland
e6ff82b9ab Small fix for convert documentation of Image.py 
[ci skip]
 2021-01-24 22:49:27 +01:00
Andrew Murray
6f236284b0 Corrected CVE number 2021-01-20 20:43:00 +11:00
Andrew Murray
543fa2ceb7
Merge pull request #5194 from radarhere/python310 
PyModule_AddObject fix for Python 3.10
 2021-01-12 21:53:54 +11:00
Andrew Murray
4eccadced4 Document that getcolors() returns colors in the image mode [ci skip] 2021-01-09 21:30:16 +11:00
Andrew Murray
cf190a3c2f PyModule_AddObject fix for Python 3.10 2021-01-09 12:17:57 +11:00
Andrew Murray
46b7e86bab Format with ClangFormat 2021-01-03 14:17:51 +11:00
Andrew Murray
56e7d1fd9b 8.2.0.dev0 version bump 2021-01-03 07:14:59 +11:00
Andrew Murray
fcc42e0d34 8.1.0 version bump 2021-01-02 22:39:02 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff 
Fix TIFF OOB Write error
 2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx 
Fix for Read Overflow in PCX Decoding
 2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. 
* Don't trust the image to specify a buffer size
 2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1 Rework ReadTile 
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
 2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c 
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
 2021-01-02 20:37:48 +11:00
Eric Soroos
9a2c9f722f Make the SGI code return -1 as an error flag, error in state 2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655 
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
 2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read 2021-01-02 10:14:17 +02:00
Hugo van Kemenade
4e3dc9a06b Add support for PySide6 2021-01-01 20:34:44 +02:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal 
Use disposal settings from previous frame in APNG
 2020-12-31 16:06:33 +02:00
Andrew Murray
01cee38b9b
Merge pull request #5153 from radarhere/tiff_wheels 
Updated libtiff to 4.2.0
 2020-12-31 10:01:19 +11:00
Eric Soroos
250e42f7f8 Bad Rebase 2020-12-30 11:07:58 +01:00
Alexander
1ff61bcaa6 use offset for all binary input functions instead of slicing 2020-12-30 19:10:50 +11:00
Alexander
3757b8c748 remove extra i8 calls where input is proved bytes[] or int 2020-12-30 19:04:11 +11:00
Andrew Murray
6b21a96578 Changed readcount so that _TIFFSetGetType can identify the type 2020-12-30 11:57:05 +11:00
Hugo van Kemenade
85d61ca7d5
Merge pull request #5139 from radarhere/repr_png 
Added exception explaining that _repr_png_ saves to PNG
 2020-12-29 12:43:22 +02:00
Hugo van Kemenade
cd446e6088
Merge pull request #5125 from radarhere/disposal_method 
Use previous disposal method in GIF load_end
 2020-12-29 12:26:14 +02:00
Hugo van Kemenade
5c64438792
Merge pull request #5090 from radarhere/valueerror 
Do not catch a ValueError only to raise another
 2020-12-29 12:19:16 +02:00
Hugo van Kemenade
25500e83bc
Merge pull request #5089 from radarhere/putpalette_rgba 
Allow putpalette to accept 1024 integers to include alpha values
 2020-12-29 12:17:50 +02:00