From ca6bb16f2d10dfc918ddc857118ed3ba7e5db90d Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Mon, 13 Nov 2023 12:30:56 +0100
Subject: [PATCH] CVE-2023-44271

---
 PIL/ImageFont.py | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/PIL/ImageFont.py b/PIL/ImageFont.py
index 8ec60fe..4503df4 100644
--- a/PIL/ImageFont.py
+++ b/PIL/ImageFont.py
@@ -35,11 +35,20 @@ class _imagingft_not_installed:
     def __getattr__(self, id):
         raise ImportError("The _imagingft C module is not installed")
 
+MAX_STRING_LENGTH = 1000000
+
 try:
     import _imagingft as core
 except ImportError:
     core = _imagingft_not_installed()
 
+
+def _string_length_check(text):
+    if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
+        msg = "too many characters in string"
+        raise ValueError(msg)
+
+
 # FIXME: add support for pilfont2 format (see FontFile.py)
 
 # --------------------------------------------------------------------
@@ -118,9 +127,12 @@ class ImageFont:
 
         self.font = Image.core.font(image.im, data)
 
-        # delegate critical operations to internal type
-        self.getsize = self.font.getsize
-        self.getmask = self.font.getmask
+    def getsize(self, text):
+        _string_length_check(text)
+        return self.font.getsize(text)
+    
+    def getmask(self, text, mode=""):
+        return self.font.getmask(text, mode)
 
 ##
 # Wrapper for FreeType fonts.  Application code should use the
@@ -140,12 +152,14 @@ class FreeTypeFont:
         return self.font.ascent, self.font.descent
 
     def getsize(self, text):
+        _string_length_check(text)
         return self.font.getsize(text)[0]
 
     def getmask(self, text, mode=""):
         return self.getmask2(text, mode)[0]
 
     def getmask2(self, text, mode="", fill=Image.core.fill):
+        _string_length_check(text)
         size, offset = self.font.getsize(text)
         im = fill("L", size, 0)
         self.font.render(text, im.id, mode=="1")
@@ -168,6 +182,7 @@ class TransposedFont:
         self.orientation = orientation # any 'transpose' argument, or None
 
     def getsize(self, text):
+        _string_length_check(text)
         w, h = self.font.getsize(text)
         if self.orientation in (Image.ROTATE_90, Image.ROTATE_270):
             return h, w
-- 
2.41.0