Skip to content

Commit 93b22b8

Browse files
committed
Catch PCX P mode buffer overrun
1 parent a09acd0 commit 93b22b8

File tree

3 files changed

+9
-1
lines changed

3 files changed

+9
-1
lines changed

Diff for: Tests/images/pcx_overrun2.bin

132 Bytes
Binary file not shown.

Diff for: Tests/test_image.py

+6-1
Original file line numberDiff line numberDiff line change
@@ -590,7 +590,12 @@ def act(fp):
590590
self.assertFalse(fp.closed)
591591

592592
def test_overrun(self):
593-
for file in ["fli_overrun.bin", "sgi_overrun.bin", "pcx_overrun.bin"]:
593+
for file in [
594+
"fli_overrun.bin",
595+
"sgi_overrun.bin",
596+
"pcx_overrun.bin",
597+
"pcx_overrun2.bin",
598+
]:
594599
im = Image.open(os.path.join("Tests/images", file))
595600
try:
596601
im.load()

Diff for: src/libImaging/PcxDecode.c

+3
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
2525
if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) {
2626
state->errcode = IMAGING_CODEC_OVERRUN;
2727
return -1;
28+
} else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
29+
state->errcode = IMAGING_CODEC_OVERRUN;
30+
return -1;
2831
}
2932

3033
ptr = buf;

0 commit comments

Comments
 (0)