python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-12-08 10:44:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,094 Commits 52 Branches 95 Tags 280 MiB
d3486362da
Commit Graph

1526 Commits

Author SHA1 Message Date
Eric Soroos
756fff3312 Fix Memory DOS in Icns, Ico and Blp Image Plugins 
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
 2021-03-06 13:37:58 +11:00
Andrew Murray
741d8744a5 8.1.1 version bump 2021-03-01 19:24:03 +11:00
Hugo van Kemenade
521dab94c7 Use more specific regex chars to prevent ReDoS 
* CVE-2021-25292
 2021-03-01 19:08:58 +11:00
Eric Soroos
8b8076bdcb Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:08:52 +11:00
Eric Soroos
e25be1e33d Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:08:39 +11:00
Eric Soroos
f891baa604 Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:08:26 +11:00
Eric Soroos
cbfdde7b1f Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 19:08:17 +11:00
Andrew Murray
2ba5eb1cd9 PyModule_AddObject fix for Python 3.10 2021-03-01 19:08:11 +11:00
Andrew Murray
fcc42e0d34 8.1.0 version bump 2021-01-02 22:39:02 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff 
Fix TIFF OOB Write error
 2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx 
Fix for Read Overflow in PCX Decoding
 2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. 
* Don't trust the image to specify a buffer size
 2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1 Rework ReadTile 
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
 2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c 
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
 2021-01-02 20:37:48 +11:00
Eric Soroos
9a2c9f722f Make the SGI code return -1 as an error flag, error in state 2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655 
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
 2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read 2021-01-02 10:14:17 +02:00
Hugo van Kemenade
4e3dc9a06b Add support for PySide6 2021-01-01 20:34:44 +02:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal 
Use disposal settings from previous frame in APNG
 2020-12-31 16:06:33 +02:00
Andrew Murray
01cee38b9b
Merge pull request #5153 from radarhere/tiff_wheels 
Updated libtiff to 4.2.0
 2020-12-31 10:01:19 +11:00
Eric Soroos
250e42f7f8 Bad Rebase 2020-12-30 11:07:58 +01:00
Alexander
1ff61bcaa6 use offset for all binary input functions instead of slicing 2020-12-30 19:10:50 +11:00
Alexander
3757b8c748 remove extra i8 calls where input is proved bytes[] or int 2020-12-30 19:04:11 +11:00
Andrew Murray
6b21a96578 Changed readcount so that _TIFFSetGetType can identify the type 2020-12-30 11:57:05 +11:00
Hugo van Kemenade
85d61ca7d5
Merge pull request #5139 from radarhere/repr_png 
Added exception explaining that _repr_png_ saves to PNG
 2020-12-29 12:43:22 +02:00
Hugo van Kemenade
cd446e6088
Merge pull request #5125 from radarhere/disposal_method 
Use previous disposal method in GIF load_end
 2020-12-29 12:26:14 +02:00
Hugo van Kemenade
5c64438792
Merge pull request #5090 from radarhere/valueerror 
Do not catch a ValueError only to raise another
 2020-12-29 12:19:16 +02:00
Hugo van Kemenade
25500e83bc
Merge pull request #5089 from radarhere/putpalette_rgba 
Allow putpalette to accept 1024 integers to include alpha values
 2020-12-29 12:17:50 +02:00
Eric Soroos
a39d7c4fcf Fix OOB Read in tif_dirinfo.c 
==3330==    at 0xBD4110C: _TIFFSetupFields (tif_dirinfo.c:327)

Passing in a stack allocated array is going to fail, as a reference
is retained to the name and used later when flushing the Tiff to
the file.
 2020-12-28 15:00:48 +01:00
Eric Soroos
d96945b7c8 Fix Out of bounds read when saving GIF of xsize=1 2020-12-27 16:01:26 +01:00
Andrew Murray
00df94bb78 Removed unused variable 2020-12-27 16:16:55 +11:00
Andrew Murray
fdce845364 Added exception explaining that _repr_png_ saves to PNG 2020-12-27 15:36:16 +11:00
Andrew Murray
cf530b8d9c
Merge pull request #5111 from cgohlke/patch-3 
Fix dereferencing of potential null pointers
 2020-12-27 12:21:09 +11:00
Andrew Murray
51b8137924
Changed style for consistency 2020-12-26 21:49:40 +11:00
Hugo van Kemenade
2635a4859d
Merge pull request #5127 from radarhere/warnings 
Fixed warnings assigning to "unsigned char *" from "char *"
 2020-12-24 10:50:24 +02:00
Andrew Murray
e37a8a263d
Merge pull request #4568 from ziplantil/ico-append-images 
Add append_images support for ICO
 2020-12-24 11:10:33 +11:00
Andrew Murray
8eaf9e7cb7 Fixed warning assigning to "unsigned char *" from "char *" 2020-12-24 10:47:06 +11:00
Andrew Murray
5e4e0fa6ee Use disposal settings from previous frame 2020-12-24 09:55:22 +11:00
Andrew Murray
9940c84b08 Use previous disposal method in load_end 2020-12-23 13:22:53 +11:00
Andrew Murray
36dc83e3ac Fixed comparison between unsigned int and int 2020-12-22 16:07:32 +11:00
Andrew Murray
26e5929617 Fixed comparison between int and unsigned long 2020-12-22 16:06:44 +11:00
Andrew Murray
8794610c76 Block TIFFTAG_SUBIFD 2020-12-22 11:38:02 +11:00
Andrew Murray
0eddc82157
Merge pull request #5108 from cgohlke/patch-1 
Fix dereferencing potential null pointer
 2020-12-22 08:26:48 +11:00
Hugo van Kemenade
396b329507
Merge pull request #5113 from radarhere/memory 
Replaced PyErr_NoMemory with ImagingError_MemoryError
 2020-12-20 22:17:10 +02:00
Christoph Gohlke
d1e706d756
return ImagingError_MemoryError 2020-12-19 19:42:29 -08:00
Christoph Gohlke
fd14616dbb
Return ImagingError_MemoryError 2020-12-19 19:37:05 -08:00
Christoph Gohlke
15dd7aef9f
Return ImagingError_MemoryError 2020-12-19 19:35:21 -08:00
Andrew Murray
83d82ae150
Merge pull request #5098 from hugovk/deprecate-freetype 
Deprecate FreeType 2.7
 2020-12-20 13:35:41 +11:00
Andrew Murray
b7fb39fff8 Use ImagingError_MemoryError NULL return value 2020-12-20 13:00:16 +11:00
Andrew Murray
75542fea6d Replaced PyErr_NoMemory with ImagingError_MemoryError 2020-12-20 13:00:10 +11:00