Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/python/imaging/patches/02-CVE-2014-3589.patch
author April Chin <april.chin@oracle.com>
Tue, 12 Aug 2014 19:12:09 -0700
changeset 2043 a569ed48a1be
permissions -rw-r--r--
19432241 problem in PYTHON-MOD/PIL
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2043
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     1
 
# Patch to fix CVE-2014-3589 DOS in Python Imaging Library/Pillow.
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     2
 
#
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     3
 
# Patch will be applied shortly to Pillow, a fork of the PIL code which has
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     4
 
# replaced the obsolete PIL project.
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     5
 
#
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     6
 
diff -rup Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py Imaging-1.1.7/PIL/IcnsImagePlugin.py
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     7
 
--- Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py	2009-10-31 17:44:11.000000000 -0700
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     8
 
+++ Imaging-1.1.7/PIL/IcnsImagePlugin.py	2014-08-12 16:11:57.999120000 -0700
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     9
 
@@ -115,6 +115,8 @@ class IcnsFile:
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    10
 
         i = HEADERSIZE
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    11
 
         while i < filesize:
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    12
 
             sig, blocksize = nextheader(fobj)
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    13
 
+            if blocksize <= 0:
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    14
 
+                raise SyntaxError('invalid block header')
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    15
 
             i = i + HEADERSIZE
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    16
 
             blocksize = blocksize - HEADERSIZE
a569ed48a1be 19432241 problem in PYTHON-MOD/PIL
April Chin <april.chin@oracle.com>
parents:
diff changeset 
    17
 
             dct[sig] = (i, blocksize)
upstream/oracle/userland-gate