Commit Graph

3052 Commits

Author SHA1 Message Date
Andrew Murray
608bf4fef5 Lint fix 2021-03-06 13:37:58 +11:00
Eric Soroos
756fff3312 Fix Memory DOS in Icns, Ico and Blp Image Plugins
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 13:37:58 +11:00
Eric Soroos
8b8076bdcb Fix for CVE-2021-25291
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:08:52 +11:00
Eric Soroos
e25be1e33d Fix negative size read in TiffDecode.c
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:08:39 +11:00
Eric Soroos
f891baa604 Fix OOB read in SgiRleDecode.c
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:08:26 +11:00
Eric Soroos
cbfdde7b1f Incorrect error code checking in TiffDecode.c
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 19:08:17 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff
Fix TIFF OOB Write error
2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx
Fix for Read Overflow in PCX Decoding
2021-01-02 21:00:25 +11:00
Andrew Murray
903c67353d Lint fix 2021-01-02 20:41:17 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
* Don't trust the image to specify a buffer size
2021-01-02 20:38:46 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
2021-01-02 20:37:48 +11:00
Andrew Murray
1cbb12fb6e Lint fix 2021-01-02 20:19:26 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read 2021-01-02 10:14:17 +02:00
Hugo van Kemenade
effa65cb38 Refactor 2021-01-01 20:37:16 +02:00
Hugo van Kemenade
4e3dc9a06b Add support for PySide6 2021-01-01 20:34:44 +02:00
Andrew Murray
62693b7c54 Moved QApplication into one test 2021-01-01 11:33:20 +11:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal
Use disposal settings from previous frame in APNG
2020-12-31 16:06:33 +02:00
Andrew Murray
77b16efba3 Corrected argument 2020-12-31 16:25:46 +11:00
Hugo van Kemenade
85d61ca7d5
Merge pull request #5139 from radarhere/repr_png
Added exception explaining that _repr_png_ saves to PNG
2020-12-29 12:43:22 +02:00
Hugo van Kemenade
cd446e6088
Merge pull request #5125 from radarhere/disposal_method
Use previous disposal method in GIF load_end
2020-12-29 12:26:14 +02:00
Hugo van Kemenade
25500e83bc
Merge pull request #5089 from radarhere/putpalette_rgba
Allow putpalette to accept 1024 integers to include alpha values
2020-12-29 12:17:50 +02:00
Eric Soroos
d96945b7c8 Fix Out of bounds read when saving GIF of xsize=1 2020-12-27 16:01:26 +01:00
Andrew Murray
fdce845364 Added exception explaining that _repr_png_ saves to PNG 2020-12-27 15:36:16 +11:00
Andrew Murray
e37a8a263d
Merge pull request #4568 from ziplantil/ico-append-images
Add append_images support for ICO
2020-12-24 11:10:33 +11:00
Andrew Murray
46f7b4a439
Updated test name and text 2020-12-24 10:50:43 +11:00
Andrew Murray
5e4e0fa6ee Use disposal settings from previous frame 2020-12-24 09:55:22 +11:00
Andrew Murray
9940c84b08 Use previous disposal method in load_end 2020-12-23 13:22:53 +11:00
Andrew Murray
8794610c76 Block TIFFTAG_SUBIFD 2020-12-22 11:38:02 +11:00
Andrew Murray
83d82ae150
Merge pull request #5098 from hugovk/deprecate-freetype
Deprecate FreeType 2.7
2020-12-20 13:35:41 +11:00
Andrew Murray
c52c3ae3e2
Merge pull request #5102 from hugovk/add-path-tests
Add tests for ImagePath.Path
2020-12-20 07:43:56 +11:00
Andrew Murray
b0af0d4076 Travis CI is no longer used 2020-12-19 21:57:32 +02:00
Hugo van Kemenade
9e21ef7338 Remove old Travis CI config 2020-12-19 21:57:32 +02:00
Hugo van Kemenade
ceaed2e058 Add tests for ImagePath.Path 2020-12-18 22:54:48 +02:00
Hugo van Kemenade
2b319f2ce4 Simplify: remove class 2020-12-18 22:54:40 +02:00
Hugo van Kemenade
27bf17009c Deprecate FreeType 2.7, to be removed in Pillow 9 (2022-01-02) 2020-12-17 10:28:06 +02:00
nulano
db35e6404e remove FreeType<2.7 metrics in test_imagefont 2020-12-12 15:29:41 +01:00
nulano
a3ab868b0f xfail tests failing on ppc64le on GHA
(cherry picked from commit 9c7fb5bd14c3064fede96131a0f7f67abf26a4e7)
2020-12-12 15:26:42 +01:00
nulano
989c9b303a xfail failing libtiff tests on big-endian
(cherry picked from commit 25ce233edf732edb5660f877365379377a64f136)
2020-12-12 15:26:42 +01:00
Andrew Murray
a666c91e10 Allow putpalette to accept 1024 integers to include alpha values 2020-12-12 14:12:30 +11:00
nulano
86993df834 remove duplicate values 2020-11-25 07:38:13 +00:00
nulano
74048f9b4f remove FT 2.3 from tests 2020-11-25 07:27:11 +00:00
Hugo van Kemenade
85e991e5b6 Don't include test-skipping 'except' in coverage 2020-11-04 16:05:51 +02:00
Andrew Murray
a357ff12ad Simplified test 2020-11-04 22:39:25 +11:00
Andrew Murray
d1650cb2b3 Document FreeMono license [ci skip] 2020-10-23 21:08:06 +11:00
Andrew Murray
f886bc973b Moved string_dimension image to pillow-depends 2020-10-19 21:32:56 +11:00
Hugo van Kemenade
b074d87179
Merge pull request #4760 from qiankanglai/dds-rgba8888
Support raw rgba8888 for dds
2020-10-15 08:10:01 +03:00
Hugo van Kemenade
1cb3e2f742
Merge pull request #4918 from gofr/4825-jpeg-16-bit-qt 2020-10-14 17:58:12 +03:00
Andrew Murray
1a3367400c Added reading of IFD tag type 2020-10-14 23:37:54 +11:00
mergify[bot]
50787ad2c4
Merge pull request #4971 from radarhere/freetype
Updated freetype to 2.10.3
2020-10-13 06:10:01 +00:00