rpms / python-pillow

Clone
Source Code
GIT

Files

  1.   ed67fe3999e32e3f6c9e9d3962e7d00ea7efc2a2
  2.   SOURCES
  3.   CVE-2021-34552.patch
Blob Blame History Raw 
diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c
index b3e48e5..cfed8ad 100644
--- a/src/libImaging/Convert.c
+++ b/src/libImaging/Convert.c
@@ -1338,9 +1338,8 @@ convert(Imaging imOut, Imaging imIn, const char *mode,
         return (Imaging) ImagingError_ValueError("conversion not supported");
 #else
     {
-      static char buf[256];
-      /* FIXME: may overflow if mode is too large */
-      sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
+      static char buf[100];
+      snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
       return (Imaging) ImagingError_ValueError(buf);
     }
 #endif
@@ -1394,9 +1393,13 @@ ImagingConvertTransparent(Imaging imIn, const char *mode,
     }
 #else
     {
-      static char buf[256];
-      /* FIXME: may overflow if mode is too large */
-      sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode);
+      static char buf[100];
+      snprintf(
+        buf,
+        100,
+        "conversion from %.10s to %.10s not supported in convert_transparent",
+        imIn->mode,
+        mode);
       return (Imaging) ImagingError_ValueError(buf);
     }
 #endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation