Projects
openEuler:20.03:LTS:SP3
python-pillow
_service:tar_scm_kernel_repo:CVE-2022-45198.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:CVE-2022-45198.patch of Package python-pillow
From 20c10c81927790c700480a67dc48aebe2228d6e2 Mon Sep 17 00:00:00 2001 From: zhangshaoning <zhangshaoning@uniontech.com> Date: Sat, 6 May 2023 15:06:22 +0800 Subject: [PATCH] CVE-2022-45198 --- Tests/test_decompression_bomb.py | 5 +++++ src/PIL/GifImagePlugin.py | 1 + 2 files changed, 6 insertions(+) diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py index d918ef9..18fed06 100644 --- a/Tests/test_decompression_bomb.py +++ b/Tests/test_decompression_bomb.py @@ -62,6 +62,11 @@ class TestDecompressionBomb: with Image.open("Tests/images/decompression_bomb.gif"): pass + def test_exception_gif_extents(self): + with Image.open("Tests/images/decompression_bomb_extents.gif") as im: + with pytest.raises(Image.DecompressionBombError): + im.seek(1) + def test_exception_bmp(self): with pytest.raises(Image.DecompressionBombError): with Image.open("Tests/images/bmp/b/reallybig.bmp"): diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py index 8c2180b..04b567a 100644 --- a/src/PIL/GifImagePlugin.py +++ b/src/PIL/GifImagePlugin.py @@ -247,6 +247,7 @@ class GifImageFile(ImageFile.ImageFile): x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6) if x1 > self.size[0] or y1 > self.size[1]: self._size = max(x1, self.size[0]), max(y1, self.size[1]) + Image._decompression_bomb_check(self._size) self.dispose_extent = x0, y0, x1, y1 flags = s[8] -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.