Merge pull request #738 from hugovk/warning

Warn about decompression bombs
python-pillow · Jun 27, 2014 · be61256 · be61256
2 parents 3f5b15f + c927ab2
commit be61256
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/reference/Image.rst b/docs/reference/Image.rst
@@ -49,6 +49,8 @@ Functions
 
 .. autofunction:: open
 
+    .. warning:: > To protect against potential DOS attacks caused by "[decompression bombs](https://en.wikipedia.org/wiki/Zip_bomb)" (i.e. malicious files which decompress into a huge amount of data and are designed to crash or cause disruption by using up a lot of memory), Pillow will issue a `DecompressionBombWarning` if the image is over a certain limit. If desired, the warning can be turned into an error with `warnings.simplefilter('error', Image.DecompressionBombWarning)` or suppressed entirely with `warnings.simplefilter('ignore', Image.DecompressionBombWarning)`. See also [the logging documentation](https://docs.python.org/2/library/logging.html?highlight=logging#integration-with-the-warnings-module) to have warnings output to the logging facility instead of stderr.
+
 Image processing
 ^^^^^^^^^^^^^^^^