kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py
spz 2a524c1caf Icns DOS fix -- CVE-2014-3589 
from 205e056f8f
2014-09-07 09:37:46 +00:00

16 lines
641 B
Python
Raw Blame History

$NetBSD: patch-PIL_IcnsImagePlugin.py,v 1.1 2014/09/07 09:37:46 spz Exp $
Icns DOS fix -- CVE-2014-3589
from https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
--- PIL/IcnsImagePlugin.py.orig 2009-11-01 00:44:11.000000000 +0000
+++ PIL/IcnsImagePlugin.py
@@ -115,6 +115,8 @@ class IcnsFile:
i = HEADERSIZE
while i < filesize:
sig, blocksize = nextheader(fobj)
+ if blocksize <= 0:
+ raise SyntaxError('invalid block header')
i = i + HEADERSIZE
blocksize = blocksize - HEADERSIZE
dct[sig] = (i, blocksize)
Reference in a new issue View git blame Copy permalink