Skip to content

Commit

Permalink
Merge pull request #4102 from radarhere/decompression
Browse files Browse the repository at this point in the history
Added decompression bomb checks
  • Loading branch information
radarhere authored Sep 30, 2019
2 parents aaf2c42 + eed2bfc commit f228d0c
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 0 deletions.
Binary file added Tests/images/decompression_bomb.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Tests/images/decompression_bomb.ico
Binary file not shown.
9 changes: 9 additions & 0 deletions Tests/test_decompression_bomb.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ def tearDown(self):
def test_no_warning_small_file(self):
# Implicit assert: no warning.
# A warning would cause a failure.
Image.MAX_IMAGE_PIXELS = ORIGINAL_LIMIT
Image.open(TEST_FILE)

def test_no_warning_no_limit(self):
Expand Down Expand Up @@ -41,6 +42,14 @@ def test_exception(self):

self.assertRaises(Image.DecompressionBombError, lambda: Image.open(TEST_FILE))

def test_exception_ico(self):
with self.assertRaises(Image.DecompressionBombError):
Image.open("Tests/images/decompression_bomb.ico")

def test_exception_gif(self):
with self.assertRaises(Image.DecompressionBombError):
Image.open("Tests/images/decompression_bomb.gif")


class TestDecompressionCrop(PillowTestCase):
def setUp(self):
Expand Down
1 change: 1 addition & 0 deletions src/PIL/GifImagePlugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ def _seek(self, frame):
self.dispose = None
elif self.disposal_method == 2:
# replace with background colour
Image._decompression_bomb_check(self.size)
self.dispose = Image.core.fill("P", self.size, self.info["background"])
else:
# replace with previous contents
Expand Down
1 change: 1 addition & 0 deletions src/PIL/IcoImagePlugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,7 @@ def frame(self, idx):
else:
# XOR + AND mask bmp frame
im = BmpImagePlugin.DibImageFile(self.buf)
Image._decompression_bomb_check(im.size)

# change tile dimension to only encompass XOR image
im._size = (im.size[0], int(im.size[1] / 2))
Expand Down

0 comments on commit f228d0c

Please sign in to comment.