Tree - rpms/python-pillow - CentOS Git server

rpms / python-pillow

Blame SOURCES/CVE-2020-35653.patch

Blob History Raw

		7f73fb	`From 7a0aea5806d57e0e7c5187fbc9c2937a16e0bca1 Mon Sep 17 00:00:00 2001`
		7f73fb	`From: Eric Soroos <eric-github@soroos.net>`
		7f73fb	`Date: Thu, 17 Dec 2020 00:17:53 +0100`
		7f73fb	`Subject: [PATCH] Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.`
		7f73fb
		7f73fb	`* Don't trust the image to specify a buffer size`
		7f73fb	`---`
		7f73fb	`src/PIL/PcxImagePlugin.py \| 9 +++++++--`
		7f73fb	`1 file changed, 7 insertions(+), 2 deletions(-)`
		7f73fb
		7f73fb	`diff --git a/src/PIL/PcxImagePlugin.py b/src/PIL/PcxImagePlugin.py`
		7f73fb	`index 564713a..17bbd18 100644`
		7f73fb	`--- a/src/PIL/PcxImagePlugin.py`
		7f73fb	`+++ b/src/PIL/PcxImagePlugin.py`
		7f73fb	`@@ -63,9 +63,9 @@ class PcxImageFile(ImageFile.ImageFile):`
		7f73fb	`version = i8(s[1])`
		7f73fb	`bits = i8(s[3])`
		7f73fb	`planes = i8(s[65])`
		7f73fb	`- stride = i16(s, 66)`
		7f73fb	`+ ignored_stride = i16(s, 66)`
		7f73fb	`logger.debug("PCX version %s, bits %s, planes %s, stride %s",`
		7f73fb	`- version, bits, planes, stride)`
		7f73fb	`+ version, bits, planes, ignored_stride)`
		7f73fb
		7f73fb	`self.info["dpi"] = i16(s, 12), i16(s, 14)`
		7f73fb
		7f73fb	`@@ -102,6 +102,11 @@ class PcxImageFile(ImageFile.ImageFile):`
		7f73fb	`self.mode = mode`
		7f73fb	`self.size = bbox[2]-bbox[0], bbox[3]-bbox[1]`
		7f73fb
		7f73fb	`+ # don't trust the passed in stride. Calculate for ourselves.`
		7f73fb	`+ # CVE-2020-35653`
		7f73fb	`+ stride = (self.size[0] * bits + 7) // 8`
		7f73fb	`+ stride += stride % 2`
		7f73fb	`+`
		7f73fb	`bbox = (0, 0) + self.size`
		7f73fb	`logger.debug("size: %sx%s", *self.size)`
		7f73fb
		7f73fb	`--`
		7f73fb	`2.29.2`
		7f73fb

rpms / python-pillow

Source Code

Blame SOURCES/CVE-2020-35653.patch