1 Fix to upstream bug

     2 https://github.com/python-pillow/Pillow/pull/1060

     3 

     4 Patch based on upstream commit to Pillow 2.7.0 (PIL fork)

     5 https://github.com/wiredfool/Pillow/commit/44286ba3c9bfa6ed565d11bd61460d8ec215e1ea

     6 

     7 Note that this patch includes a test of the fix, which requires an 

     8 image file which is copied in from files/png_decompress_dos.png,

     9 since it cannot be patched in.

    10 

    11 --- Imaging-1.1.7-orig/PIL/PngImagePlugin.py	2015-01-21 17:45:12.000000000 -0800

    12 +++ Imaging-1.1.7/PIL/PngImagePlugin.py	2015-01-21 19:37:23.000000000 -0800

    13 @@ -68,6 +68,12 @@ _MODES = {

    14      (16,6): ("RGBA", "RGBA;16B"),

    15  }

    16  

    17 +def _safe_zlib_decompress(s):

    18 +    dobj = zlib.decompressobj()

    19 +    plaintext = dobj.decompress(s, ImageFile.SAFEBLOCK)

    20 +    if dobj.unconsumed_tail:

    21 +        raise ValueError("Decompressed Data Too Large")

    22 +    return plaintext

    23  

    24  # --------------------------------------------------------------------

    25  # Support classes.  Suitable for PNG and related formats like MNG etc.

    26 @@ -197,7 +203,7 @@ class PngStream(ChunkStream):

    27          if comp_method != 0:

    28              raise SyntaxError("Unknown compression method %s in iCCP chunk" % comp_method)

    29          try:

    30 -            icc_profile = zlib.decompress(s[i+2:])

    31 +            icc_profile = _safe_zlib_decompress(s[i+2:])

    32          except zlib.error:

    33              icc_profile = None # FIXME

    34          self.im_info["icc_profile"] = icc_profile

    35 @@ -293,7 +299,7 @@ class PngStream(ChunkStream):

    36          if comp_method != 0:

    37              raise SyntaxError("Unknown compression method %s in zTXt chunk" % comp_method)

    38          import zlib

    39 -        self.im_info[k] = self.im_text[k] = zlib.decompress(v[1:])

    40 +        self.im_info[k] = self.im_text[k] = _safe_zlib_decompress(v[1:])

    41          return s

    42  

    43  # --------------------------------------------------------------------

    44 --- Imaging-1.1.7-orig/selftest.py	2015-01-21 17:44:51.000000000 -0800

    45 +++ Imaging-1.1.7/selftest.py	2015-07-02 17:06:23.636751412 -0700

    46 @@ -9,6 +9,7 @@ from PIL import Image

    47  from PIL import ImageDraw

    48  from PIL import ImageFilter

    49  from PIL import ImageMath

    50 +from PIL import PngImagePlugin

    51  

    52  try:

    53      Image.core.ping

    54 @@ -146,6 +147,15 @@ def testimage():

    55      >>> im.mode, im.size

    56      ('F', (128, 128))

    57  

    58 +    Test fix to PNG decompression DOS #1060

    59 +

    60 +    >>> try:

    61 +    ...  im = Image.open("Images/png_decompression_dos.png")

    62 +    ...  im.load()

    63 +    ... except ValueError as msg:

    64 +    ...  print msg

    65 +    Decompressed Data Too Large

    66 +

    67      PIL can do many other things, but I'll leave that for another

    68      day.  If you're curious, check the handbook, available from:

    69