Eric Soroos
e2577d1736
font fuzzer
2021-03-13 11:35:50 +01:00
Eric Soroos
38692f222f
Delegate building of oss-fuzz versions to pillow
2021-03-13 11:12:05 +01:00
Hugo van Kemenade
f15f573e51
Merge pull request #5224 from radarhere/mapper
2021-03-07 11:51:46 +02:00
Hugo van Kemenade
a95fee0475
Merge pull request #5215 from radarhere/license
...
Document license for several fonts
2021-03-07 11:41:56 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx
...
Handle PCX images with an odd stride
2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo
2021-03-07 11:38:36 +02:00
Andrew Murray
5269ab13a7
Lint fix
2021-03-06 10:20:01 +11:00
Eric Soroos
480f6819b5
Fix Memory DOS in Icns, Ico and Blp Image Plugins
...
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.
This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 10:19:14 +11:00
Eric Soroos
cbdce6c5d0
Fix for CVE-2021-25291
...
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70
Fix negative size read in TiffDecode.c
...
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd
Fix OOB read in SgiRleDecode.c
...
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94
Incorrect error code checking in TiffDecode.c
...
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 18:51:13 +11:00
Andrew Murray
3e670d7737
Migrated from deprecated numpy bool and float
2021-02-26 20:59:11 +11:00
Andrew Murray
3495b319bd
Replaced various instances of assert_image_similar with assert_image_similar_tofile
2021-02-21 22:22:29 +11:00
Andrew Murray
a5c251029c
Replaced various instances of assert_image_equal with assert_image_equal_tofile
2021-02-21 22:15:56 +11:00
Hugo van Kemenade
1857bf5570
Merge pull request #5259 from radarhere/warns
2021-02-17 21:31:15 +02:00
Andrew Murray
a1b4b026ff
Added pragma no cover
2021-02-14 07:58:16 +11:00
Andrew Murray
83542c42bf
Added context managers
2021-02-11 21:43:54 +11:00
Andrew Murray
4a0569e97f
Changed zero length assertions to falsy
2021-02-11 13:48:31 +11:00
Andrew Murray
01be700081
Fixed asserting that no warnings were raised
2021-02-10 23:37:55 +11:00
Andrew Murray
57d6e8ca43
Added PyQt6 support
2021-02-10 21:12:32 +11:00
Andrew Murray
bc0c0cb11a
Merge pull request #5250 from Piolie/open_formats_case
...
Changed Image.open formats parameter to be case-insensitive
2021-02-08 18:19:02 +11:00
Piolie
4a9a999dbb
Update Tests/test_image.py
...
Keep the original test cases; add the most likely non-uppercase versions.
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
2021-02-05 12:21:27 -03:00
Piolie
0c1675a143
Make formats
parameter in Image.open
accept aNy cAsE
2021-02-04 22:47:53 -03:00
Andrew Murray
63f21609c0
Added context manager
2021-02-02 23:39:53 +11:00
Andrew Murray
11cb3fba9c
Added test
2021-01-30 13:01:42 +11:00
Andrew Murray
e4b9f88de4
Updated test now that Win32 uses map_buffer
2021-01-30 12:59:45 +11:00
Andrew Murray
eb7e5d2797
Moved test that requires libtiff
2021-01-29 08:00:37 +11:00
Andrew Murray
b39977e1c2
Document license for several fonts
2021-01-21 21:33:35 +11:00
Andrew Murray
ac31061f22
Handle PCX images with an odd stride
2021-01-21 19:29:11 +11:00
wiredfool
e40a07bca6
Merge pull request #5150 from wiredfool/valgrind_tests
...
Support for ignoring tests when running valgrind
2021-01-16 16:56:55 +00:00
Eric Soroos
1d0149c369
feck8
2021-01-07 15:26:23 +01:00
Eric Soroos
a6fa139f62
useless reptile
2021-01-07 14:57:49 +01:00
Eric Soroos
1d7c8e03d0
known failing tests from valgrind -- uninitialized values
2021-01-07 14:52:02 +01:00
Andrew Murray
a58ff327d4
Moved imports to top of file
2021-01-07 14:52:02 +01:00
Andrew Murray
59ee809f13
Updated capitalisation
...
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-01-07 14:52:02 +01:00
Andrew Murray
d35995f945
Lint fixes
2021-01-07 14:52:02 +01:00
Eric Soroos
bd38487324
Ignore this test in valgrind -- the metadata values don't make logical sense.
2021-01-07 14:52:02 +01:00
Eric Soroos
59ed81f838
Add pytest configuration for patching around an unknown valgrind mark
2021-01-07 14:52:02 +01:00
Andrew Murray
eaeaa181dd
Removed unused import
2021-01-07 23:18:24 +11:00
Eric Soroos
37a7c601cc
uglify
2021-01-07 13:07:28 +01:00
Eric Soroos
ffbaa6523d
Internal support for oss-fuzz testing
2021-01-07 12:55:11 +01:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff
...
Fix TIFF OOB Write error
2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx
...
Fix for Read Overflow in PCX Decoding
2021-01-02 21:00:25 +11:00
Andrew Murray
903c67353d
Lint fix
2021-01-02 20:41:17 +11:00
Eric Soroos
2f409261eb
Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
...
* Don't trust the image to specify a buffer size
2021-01-02 20:38:46 +11:00
wiredfool
eb8c1206d6
Fix CVE-2020-35654 - OOB Write in TiffDecode.c
...
* In some circumstances with some versions of libtiff (4.1.0+), there
could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
2021-01-02 20:37:48 +11:00
Andrew Murray
1cbb12fb6e
Lint fix
2021-01-02 20:19:26 +11:00
Eric Soroos
7e95c63fa7
Fix for SGI Decode buffer overrun CVE-2020-35655
...
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read
2021-01-02 10:14:17 +02:00