Commit Graph

1560 Commits

Author SHA1 Message Date
Hugo van Kemenade
6108596ff8
Merge pull request #5289 from radarhere/ipythonviewer 2021-03-07 14:26:50 +02:00
Hugo van Kemenade
3a27118d76
Merge pull request #5183 from radarhere/rectangle
Only draw each rectangle outline pixel once
2021-03-07 12:25:45 +02:00
Hugo van Kemenade
f15f573e51
Merge pull request #5224 from radarhere/mapper 2021-03-07 11:51:46 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx
Handle PCX images with an odd stride
2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo 2021-03-07 11:38:36 +02:00
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 10:19:14 +11:00
Andrew Murray
7b09463809 Added IPythonViewer docstring 2021-03-04 08:56:49 +11:00
Andrew Murray
f067fe4c05 Added import alias for clarity 2021-03-04 08:56:03 +11:00
Andrew Murray
346bfc9537 Added IPythonViewer 2021-03-04 08:55:24 +11:00
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1
Fix suspicious sequence of types castings
2021-03-01 20:19:26 +00:00
Hugo van Kemenade
3bce145966 Use more specific regex chars to prevent ReDoS
* CVE-2021-25292
2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 18:51:13 +11:00
Andrew Murray
5f92636bd0 Removed comment 2021-02-27 00:33:23 +11:00
Christoph Gohlke
71f48e19b9
Use unsigned size_t 2021-02-24 08:15:25 -08:00
Christoph Gohlke
48ac517c8d
Fix suspicious sequence of types castings 2021-02-24 07:02:42 -08:00
Andrew Murray
c0ee869c2c Only draw each rectangle outline pixel once 2021-02-22 07:48:58 +11:00
Andrew Murray
223b05a2ea Corrected docstring 2021-02-16 22:33:17 +11:00
Andrew Murray
c8ca4b909a Added braces 2021-02-13 11:32:52 +11:00
Andrew Murray
57d6e8ca43 Added PyQt6 support 2021-02-10 21:12:32 +11:00
Andrew Murray
441d75aa28 Updated docstring 2021-02-09 19:14:57 +11:00
Andrew Murray
bc0c0cb11a
Merge pull request #5250 from Piolie/open_formats_case
Changed Image.open formats parameter to be case-insensitive
2021-02-08 18:19:02 +11:00
Andrew Murray
587e073dac Moved case transformation before initialization check 2021-02-05 20:28:34 +11:00
Piolie
0c1675a143 Make formats parameter in Image.open accept aNy cAsE 2021-02-04 22:47:53 -03:00
Hugo van Kemenade
54f12f8aad
Merge pull request #5216 from radarhere/tk
Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
2021-02-02 15:00:15 +02:00
Andrew Murray
c10bf8d9a7 Improved docstring [ci skip] 2021-01-31 13:14:14 +11:00
Andrew Murray
685e951182 Removed unused C code 2021-01-30 11:23:24 +11:00
Andrew Murray
f2f92d22d1 Do not use "use built-in mapper WIN32 only" 2021-01-30 11:23:24 +11:00
Andrew Murray
428a62c696
Merge pull request #5223 from Bitblade/master
Documentation error: Wrong threshold in conversion from L to 1
2021-01-27 17:51:10 +11:00
Andrew Murray
c9740ab7e3 Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) 2021-01-26 18:14:28 +11:00
Andrew Murray
cf98f178ad Added tk version 2021-01-26 08:01:26 +11:00
Mark Laagland
e6ff82b9ab Small fix for convert documentation of Image.py
[ci skip]
2021-01-24 22:49:27 +01:00
Andrew Murray
ac31061f22 Handle PCX images with an odd stride 2021-01-21 19:29:11 +11:00
Andrew Murray
6f236284b0 Corrected CVE number 2021-01-20 20:43:00 +11:00
Andrew Murray
543fa2ceb7
Merge pull request #5194 from radarhere/python310
PyModule_AddObject fix for Python 3.10
2021-01-12 21:53:54 +11:00
Andrew Murray
4eccadced4 Document that getcolors() returns colors in the image mode [ci skip] 2021-01-09 21:30:16 +11:00
Andrew Murray
cf190a3c2f PyModule_AddObject fix for Python 3.10 2021-01-09 12:17:57 +11:00
Andrew Murray
46b7e86bab Format with ClangFormat 2021-01-03 14:17:51 +11:00
Andrew Murray
56e7d1fd9b 8.2.0.dev0 version bump 2021-01-03 07:14:59 +11:00
Andrew Murray
fcc42e0d34 8.1.0 version bump 2021-01-02 22:39:02 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff
Fix TIFF OOB Write error
2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx
Fix for Read Overflow in PCX Decoding
2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
* Don't trust the image to specify a buffer size
2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1 Rework ReadTile
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
2021-01-02 20:37:48 +11:00
Eric Soroos
9a2c9f722f Make the SGI code return -1 as an error flag, error in state 2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read 2021-01-02 10:14:17 +02:00