Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-22815, CVE-2022-22816: Fixed ImagePath.Path array handling #5920

Merged
merged 2 commits into from Jan 1, 2022

Conversation

radarhere
Copy link
Member

@radarhere radarhere commented Jan 1, 2022

No description provided.

@radarhere
Copy link
Member Author

@radarhere radarhere commented Jan 1, 2022

CIFuzz failure is also occurring in main. It would be due to python-pillow/pillow-wheels#237

@radarhere radarhere merged commit 5543e4e into python-pillow:main Jan 1, 2022
49 of 51 checks passed
@radarhere radarhere deleted the calloc branch Jan 1, 2022
@radarhere
Copy link
Member Author

@radarhere radarhere commented Jan 1, 2022

CIFuzz failure is now fixed thanks to 525c840

@radarhere radarhere mentioned this pull request Jan 2, 2022
@hugovk hugovk mentioned this pull request Jan 7, 2022
@hugovk hugovk changed the title Fixed ImagePath.Path array handling CVE-2022-22815, CVE-2022-22816: Fixed ImagePath.Path array handling Jan 10, 2022
risicle
Copy link

@risicle risicle commented on 1e09241 Jan 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now allocating 8x the amount of memory it previously was - is that intentional?

wiredfool
Copy link
Member

@wiredfool wiredfool commented on 1e09241 Jan 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sizeof(double) should only be in one of the arguments.

radarhere
Copy link
Member Author

@radarhere radarhere commented on 1e09241 Jan 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created #5958 to address this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants