equal
deleted
inserted
replaced
|
1 # Patch to fix CVE-2014-3589 DOS in Python Imaging Library/Pillow. |
|
2 # |
|
3 # taken from the fix |
|
4 # https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d |
|
5 # for Pillow, a fork of the PIL code which has |
|
6 # replaced the obsolete PIL project. |
|
7 # |
|
8 diff -rup Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py Imaging-1.1.7/PIL/IcnsImagePlugin.py |
|
9 --- Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py 2009-10-31 17:44:11.000000000 -0700 |
|
10 +++ Imaging-1.1.7/PIL/IcnsImagePlugin.py 2014-08-12 16:11:57.999120000 -0700 |
|
11 @@ -115,6 +115,8 @@ class IcnsFile: |
|
12 i = HEADERSIZE |
|
13 while i < filesize: |
|
14 sig, blocksize = nextheader(fobj) |
|
15 + if blocksize <= 0: |
|
16 + raise SyntaxError('invalid block header') |
|
17 i = i + HEADERSIZE |
|
18 blocksize = blocksize - HEADERSIZE |
|
19 dct[sig] = (i, blocksize) |