python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-12 04:37:04 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,237 Commits 48 Branches 91 Tags 312 MiB
e437a8f981
Commit Graph

517 Commits

Author SHA1 Message Date
Eric Soroos
480f6819b5 Fix Memory DOS in Icns, Ico and Blp Image Plugins 
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
 2021-03-06 10:19:14 +11:00
Eric Soroos
cbdce6c5d0 Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
 2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70 Fix negative size read in TiffDecode.c 
* Caught by oss-fuzz runs
* CVE-2021-25290
 2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
 2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94 Incorrect error code checking in TiffDecode.c 
* since Pillow 8.1.0
* CVE-2021-25289
 2021-03-01 18:51:13 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff 
Fix TIFF OOB Write error
 2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx 
Fix for Read Overflow in PCX Decoding
 2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. 
* Don't trust the image to specify a buffer size
 2021-01-02 20:38:46 +11:00
wiredfool
eb8c1206d6 Fix CVE-2020-35654 - OOB Write in TiffDecode.c 
* In some circumstances with some versions of libtiff (4.1.0+), there
  could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
 2021-01-02 20:37:48 +11:00
Eric Soroos
7e95c63fa7 Fix for SGI Decode buffer overrun CVE-2020-35655 
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
 2021-01-02 20:09:58 +11:00
Hugo van Kemenade
4093897673
Merge pull request #5126 from radarhere/apng_disposal 
Use disposal settings from previous frame in APNG
 2020-12-31 16:06:33 +02:00
Andrew Murray
5e4e0fa6ee Use disposal settings from previous frame 2020-12-24 09:55:22 +11:00
Andrew Murray
9940c84b08 Use previous disposal method in load_end 2020-12-23 13:22:53 +11:00
Andrew Murray
f886bc973b Moved string_dimension image to pillow-depends 2020-10-19 21:32:56 +11:00
Hugo van Kemenade
b074d87179
Merge pull request #4760 from qiankanglai/dds-rgba8888 
Support raw rgba8888 for dds
 2020-10-15 08:10:01 +03:00
Hugo van Kemenade
1cb3e2f742
Merge pull request #4918 from gofr/4825-jpeg-16-bit-qt 2020-10-14 17:58:12 +03:00
Andrew Murray
1a3367400c Added reading of IFD tag type 2020-10-14 23:37:54 +11:00
nulano
90e8255ba4 Merge remote-tracking branch 'upstream/master' into anchor-part3 
# Conflicts:
#	Tests/test_imagefontctl.py
 2020-10-12 15:50:45 +01:00
Hugo van Kemenade
43c3f4de80
Merge pull request #4955 from nulano/ft-color3 2020-10-12 13:52:01 +03:00
nulano
d84185579e move bitmap font tests to test_imagefont 2020-10-11 21:45:10 +01:00
Hugo van Kemenade
15c339470d
Merge pull request #4523 from xtsm/ellipse 
Implemented another ellipse drawing algorithm
 2020-10-11 18:04:34 +03:00
gofr
938e251088 Add new JPEG test image 2020-10-10 20:08:39 +02:00
nulano
1551e120ae add textlength and textbbox to ImageDraw 2020-10-09 01:02:51 +01:00
nulano
395aa946a9 add getbbox and getlength, with tests 
Squashed commits:

[ec9ec31b] add tests for invalid anchor
(cherry picked from commit 9e50a6a47f79876ee56942152047f03fff03c49b)

[386a9170] fix lint and docs
(cherry picked from commit 2d0d5282fcfc3ee332a41e60b865ee766445cc3d)

[29f5d4c9] restore and document previous getsize behaviour
see discussion in issue 4789
(cherry picked from commit 9fbc94571ce0ed42fdd11e99f343a1613c9dc6d3)

[0ffd51a0] add getbbox and getlength, with tests
(cherry picked from commit c5f63737476a998c81e589e5819d21ca69bb7b46)
 2020-10-09 00:56:58 +01:00
nulano
786eaf11e2 downgrade NotoColorEmoji to minimize size 2020-10-07 13:31:05 +01:00
nulano
24f3d85a3e add test for {1bpp, 2bpp, 4bpp, 8bpp} bitmap fonts 2020-10-07 11:57:15 +01:00
nulano
55db572467 add tests for opaque COLR and CBDT fonts 2020-10-07 05:29:18 +01:00
Hugo van Kemenade
b29cab08d3
Merge pull request #4930 from nulano/anchor-part2 2020-10-05 20:19:33 +03:00
Andrew Murray
26bf1c3524 Moved CVE images to pillow-depends 2020-09-23 00:14:40 +10:00
nulano
0838d8ea62 add tests for multiline text with anchor 2020-09-22 14:58:21 +02:00
nulano
3fc1be06e6 add and fix tests for text anchors 2020-09-22 11:31:43 +02:00
Hugo van Kemenade
93d011efb5
Merge pull request #4910 from nulano/anchor-part1 2020-09-19 13:41:15 +03:00
nulano
ee1cc6ad7c remove use of FT_Set_Transform 2020-09-09 02:14:49 +02:00
nulano
54e067779b fix and add tests 
(cherry picked from commit 0b711f10d0490863976699c051f2027b6799d501) (+1 squashed commits)

Squashed commits:

[9d4e6c17] fix tests
 2020-09-09 02:12:21 +02:00
Hugo van Kemenade
3dba4ee10a
Merge pull request #4846 from comhar/features/compute_polygon_coordinates 2020-09-04 23:28:43 +03:00
Andrew Murray
186a4723c8 Added test for empty GPS IFD 2020-09-02 21:14:36 +10:00
Tommy C
df9329f9f0 Replace bbox with b_circle, kwargs with args + minor tweaks 
Summary of changes:
 - `ImageDraw.regular_polygon` now accepts a bounding circle which
inscribes the polygon. A bounding circle is defined by a center point
(x0, y0) and a radius. A bounding box is no longer accepted.
 - All keyword args have been replaced with positional args.

Misc
- Test image file renaming, minor variable name changes
 2020-08-20 20:46:11 +01:00
Tommy C
0ed01dd964 Add ImageDraw.regular_polygon 2020-08-16 13:29:13 +01:00
Andrew Murray
5da1a8adcf Read EXIF data tEXt chunk into info as bytes instead of string 2020-07-31 17:42:48 +10:00
Kanglai Qian
b5c59878da support raw rgba8888 for dds 2020-07-07 00:22:57 +08:00
Stanislau Tsitsianok
7dedb1402f
Merge remote-tracking branch 'upstream/master' into ellipse 2020-06-29 23:31:25 +03:00
Stanislau Tsitsianok
5830a641cc
Added more tests 2020-06-29 23:31:04 +03:00
Stanislau Tsitsianok
9a9d3a050a
Fixed tests 2020-06-29 22:49:11 +03:00
Andrew Murray
cdf4936c07 Fixed loading non-RGBA mode images with dispose background 2020-06-29 21:20:57 +10:00
Andrew Murray
c1fe0b4e0c Use hypot function 2020-06-23 19:17:00 +10:00
Hugo van Kemenade
390b34c231
Merge pull request #4664 from nulano/ft-getsize-mode 2020-06-21 18:53:03 +03:00
Hugo van Kemenade
b9a087d482
Merge pull request #4566 from radarhere/text 
Consider transparency when pasting text on an RGBA image
 2020-06-20 15:02:59 +03:00
Stanislau Tsitsianok
27109c9011
Merge remote-tracking branch 'upstream/master' into ellipse 2020-06-16 20:20:44 +03:00
Andrew Murray
05932c4cbc Updated harfbuzz to 2.6.7 2020-06-14 22:23:19 +10:00
Andrew Murray
eeb9e719e3 Fixed drawing a 1px high polygon 2020-06-07 12:07:13 +10:00