rpms / python-pillow

Clone
Source Code
GIT

Files

  1.   ed67fe3999e32e3f6c9e9d3962e7d00ea7efc2a2
  2.   SOURCES
  3.   CVE-2021-28676.patch
Blob Blame History Raw 
From cedb7ba568161021bc2f2f48af95fcf33e262f77 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Mon, 14 Jun 2021 09:30:01 +0200
Subject: [PATCH 4/5] CVE-2021-28676

---
 src/libImaging/FliDecode.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 72ba138..9181b8b 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -209,6 +209,11 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
 	    return -1;
 	}
 	advance = I32(ptr);
+	if (advance == 0 ) {
+        // If there's no advance, we're in in infinite loop
+        state->errcode = IMAGING_CODEC_BROKEN;
+        return -1;
+    }
 	ptr += advance;
 	bytes -= advance;
     }
-- 
2.31.1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation