python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-16 06:36:49 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,231 Commits 48 Branches 91 Tags 314 MiB
b511d704ae
Commit Graph

1546 Commits

Author SHA1 Message Date
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1 
Fix suspicious sequence of types castings
 2021-03-01 20:19:26 +00:00
Hugo van Kemenade
3bce145966 Use more specific regex chars to prevent ReDoS 
* CVE-2021-25292
 2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 18:51:13 +11:00
Andrew Murray
5f92636bd0 Removed comment 2021-02-27 00:33:23 +11:00
Christoph Gohlke
71f48e19b9
Use unsigned size_t 2021-02-24 08:15:25 -08:00
Christoph Gohlke
48ac517c8d
Fix suspicious sequence of types castings 2021-02-24 07:02:42 -08:00
Andrew Murray
223b05a2ea Corrected docstring 2021-02-16 22:33:17 +11:00
Andrew Murray
c8ca4b909a Added braces 2021-02-13 11:32:52 +11:00
Andrew Murray
57d6e8ca43 Added PyQt6 support 2021-02-10 21:12:32 +11:00
Andrew Murray
441d75aa28 Updated docstring 2021-02-09 19:14:57 +11:00
Andrew Murray
bc0c0cb11a
Merge pull request #5250 from Piolie/open_formats_case 
Changed Image.open formats parameter to be case-insensitive
 2021-02-08 18:19:02 +11:00
Andrew Murray
587e073dac Moved case transformation before initialization check 2021-02-05 20:28:34 +11:00
Piolie
0c1675a143 Make formats parameter in Image.open accept aNy cAsE 2021-02-04 22:47:53 -03:00
Hugo van Kemenade
54f12f8aad
Merge pull request #5216 from radarhere/tk 
Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
 2021-02-02 15:00:15 +02:00
Andrew Murray
c10bf8d9a7 Improved docstring [ci skip] 2021-01-31 13:14:14 +11:00
Andrew Murray
428a62c696
Merge pull request #5223 from Bitblade/master 
Documentation error: Wrong threshold in conversion from L to 1
 2021-01-27 17:51:10 +11:00
Andrew Murray
c9740ab7e3 Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) 2021-01-26 18:14:28 +11:00
Andrew Murray
cf98f178ad Added tk version 2021-01-26 08:01:26 +11:00
Mark Laagland
e6ff82b9ab Small fix for convert documentation of Image.py 
[ci skip]
 2021-01-24 22:49:27 +01:00
Andrew Murray
6f236284b0 Corrected CVE number 2021-01-20 20:43:00 +11:00
Andrew Murray
543fa2ceb7
Merge pull request #5194 from radarhere/python310 
PyModule_AddObject fix for Python 3.10
 2021-01-12 21:53:54 +11:00
Andrew Murray
4eccadced4 Document that getcolors() returns colors in the image mode [ci skip] 2021-01-09 21:30:16 +11:00
Andrew Murray
cf190a3c2f PyModule_AddObject fix for Python 3.10 2021-01-09 12:17:57 +11:00
Andrew Murray
46b7e86bab Format with ClangFormat 2021-01-03 14:17:51 +11:00
Andrew Murray
56e7d1fd9b 8.2.0.dev0 version bump 2021-01-03 07:14:59 +11:00
Andrew Murray
fcc42e0d34 8.1.0 version bump 2021-01-02 22:39:02 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff 
Fix TIFF OOB Write error
 2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx 
Fix for Read Overflow in PCX Decoding
 2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. 
* Don't trust the image to specify a buffer size
 2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1 Rework ReadTile 
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
 2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c 
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
 2021-01-02 20:37:48 +11:00
Eric Soroos
9a2c9f722f Make the SGI code return -1 as an error flag, error in state 2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655 
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
 2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read 2021-01-02 10:14:17 +02:00
Hugo van Kemenade
4e3dc9a06b Add support for PySide6 2021-01-01 20:34:44 +02:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal 
Use disposal settings from previous frame in APNG
 2020-12-31 16:06:33 +02:00
Andrew Murray
01cee38b9b
Merge pull request #5153 from radarhere/tiff_wheels 
Updated libtiff to 4.2.0
 2020-12-31 10:01:19 +11:00
Eric Soroos
250e42f7f8 Bad Rebase 2020-12-30 11:07:58 +01:00
Alexander
1ff61bcaa6 use offset for all binary input functions instead of slicing 2020-12-30 19:10:50 +11:00
Alexander
3757b8c748 remove extra i8 calls where input is proved bytes[] or int 2020-12-30 19:04:11 +11:00
Andrew Murray
6b21a96578 Changed readcount so that _TIFFSetGetType can identify the type 2020-12-30 11:57:05 +11:00
Hugo van Kemenade
85d61ca7d5
Merge pull request #5139 from radarhere/repr_png 
Added exception explaining that _repr_png_ saves to PNG
 2020-12-29 12:43:22 +02:00
Hugo van Kemenade
cd446e6088
Merge pull request #5125 from radarhere/disposal_method 
Use previous disposal method in GIF load_end
 2020-12-29 12:26:14 +02:00
Hugo van Kemenade
5c64438792
Merge pull request #5090 from radarhere/valueerror 
Do not catch a ValueError only to raise another
 2020-12-29 12:19:16 +02:00
Hugo van Kemenade
25500e83bc
Merge pull request #5089 from radarhere/putpalette_rgba 
Allow putpalette to accept 1024 integers to include alpha values
 2020-12-29 12:17:50 +02:00
Eric Soroos
a39d7c4fcf Fix OOB Read in tif_dirinfo.c 
==3330==    at 0xBD4110C: _TIFFSetupFields (tif_dirinfo.c:327)

Passing in a stack allocated array is going to fail, as a reference
is retained to the name and used later when flushing the Tiff to
the file.
 2020-12-28 15:00:48 +01:00
Eric Soroos
d96945b7c8 Fix Out of bounds read when saving GIF of xsize=1 2020-12-27 16:01:26 +01:00