Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/python/imaging/patches/02-CVE-2014-3589.patch
branchs11-update
changeset 3278 c29135b8edbf
equal deleted inserted replaced
3271:5df6b5141bff 3278:c29135b8edbf 
       
     1 # Patch to fix CVE-2014-3589 DOS in Python Imaging Library/Pillow.
 
       
     2 #
 
       
     3 # taken from the fix
 
       
     4 # https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
 
       
     5 # for Pillow, a fork of the PIL code which has
 
       
     6 # replaced the obsolete PIL project.
 
       
     7 #
 
       
     8 diff -rup Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py Imaging-1.1.7/PIL/IcnsImagePlugin.py
 
       
     9 --- Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py	2009-10-31 17:44:11.000000000 -0700
 
       
    10 +++ Imaging-1.1.7/PIL/IcnsImagePlugin.py	2014-08-12 16:11:57.999120000 -0700
 
       
    11 @@ -115,6 +115,8 @@ class IcnsFile:
 
       
    12          i = HEADERSIZE
 
       
    13          while i < filesize:
 
       
    14              sig, blocksize = nextheader(fobj)
 
       
    15 +            if blocksize <= 0:
 
       
    16 +                raise SyntaxError('invalid block header')
 
       
    17              i = i + HEADERSIZE
 
       
    18              blocksize = blocksize - HEADERSIZE
 
       
    19              dct[sig] = (i, blocksize)
upstream/oracle/userland-gate