# HG changeset patch
# User April Chin <april.chin@oracle.com>
# Date 1408396637 25200
# Node ID c29135b8edbf6e43c22dc7f9cd88e8abbcd1c445
# Parent  5df6b5141bff74a154cc3b7c200a404dd1b73d3b
19432241 problem in PYTHON-MOD/PIL

diff -r 5df6b5141bff -r c29135b8edbf components/python/imaging/patches/02-CVE-2014-3589.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/imaging/patches/02-CVE-2014-3589.patch	Mon Aug 18 14:17:17 2014 -0700
@@ -0,0 +1,19 @@
+# Patch to fix CVE-2014-3589 DOS in Python Imaging Library/Pillow.
+#
+# taken from the fix
+# https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
+# for Pillow, a fork of the PIL code which has
+# replaced the obsolete PIL project.
+#
+diff -rup Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py Imaging-1.1.7/PIL/IcnsImagePlugin.py
+--- Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py	2009-10-31 17:44:11.000000000 -0700
++++ Imaging-1.1.7/PIL/IcnsImagePlugin.py	2014-08-12 16:11:57.999120000 -0700
+@@ -115,6 +115,8 @@ class IcnsFile:
+         i = HEADERSIZE
+         while i < filesize:
+             sig, blocksize = nextheader(fobj)
++            if blocksize <= 0:
++                raise SyntaxError('invalid block header')
+             i = i + HEADERSIZE
+             blocksize = blocksize - HEADERSIZE
+             dct[sig] = (i, blocksize)