From eaef29c3696cd021147e692360997f4c12377c60 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Mon, 14 Jun 2021 09:19:50 +0200 Subject: [PATCH 2/5] CVE-2021-28678 --- src/PIL/BlpImagePlugin.py | 43 +++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/src/PIL/BlpImagePlugin.py b/src/PIL/BlpImagePlugin.py index d56d46c..846c83d 100644 --- a/src/PIL/BlpImagePlugin.py +++ b/src/PIL/BlpImagePlugin.py @@ -294,33 +294,36 @@ class _BLPBaseDecoder(ImageFile.PyDecoder): raise IOError("Truncated Blp file") return 0, 0 + def _safe_read(self, length): + return ImageFile._safe_read(self.fd, length) + def _read_palette(self): ret = [] for i in range(256): try: - b, g, r, a = struct.unpack("<4B", self.fd.read(4)) + b, g, r, a = struct.unpack("<4B", self._safe_read(4)) except struct.error: break ret.append((b, g, r, a)) return ret def _read_blp_header(self): - self._blp_compression, = struct.unpack("