Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decompression bomb protection #674

Merged
merged 13 commits into from
Jun 23, 2014
Merged

Decompression bomb protection #674

merged 13 commits into from
Jun 23, 2014

Conversation

hugovk
Copy link
Member

@hugovk hugovk commented May 24, 2014

For #515.

Further discussion welcome.

@hugovk hugovk mentioned this pull request May 24, 2014
Closed
@aclark4life
Copy link
Member

How is this one coming along?

@hugovk
Copy link
Member Author

hugovk commented Jun 1, 2014

@aclark4life It's ready for review. Discussion has been going on over at #515.

@aclark4life
Copy link
Member

Should I manually merge this?

@aclark4life aclark4life added this to the 2.5.0 milestone Jun 7, 2014
@wiredfool
Copy link
Member

I'm not sure that we have consensus on the intended behaviour change.

@masklinn
Copy link
Contributor

Look good to me, though maybe it could use a custom subcass of Warning or RuntimeWarning so it could be filtered (e.g. to an error) independently from other possible RuntimeWarnings?

I'm not sure that we have consensus on the intended behaviour change.

It seems innocuous enough that BC proponents would not mind it, and easy enough to notice that more hardline ones would be OK with it (and it's easy enough to turn warnings to errors).

@hugovk
Copy link
Member Author

hugovk commented Jun 23, 2014

@masklinn Good idea, I've changed the warning to a custom DecompressionBombWarning, a subclass or RuntimeWarning.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.04%) when pulling 729b9f3 on hugovk:bomb into 0cbf318 on python-pillow:master.

aclark4life added a commit that referenced this pull request Jun 23, 2014
@aclark4life
Merge pull request #674 from hugovk/bomb
2a657f7 
Decompression bomb protection
@aclark4life aclark4life merged commit 2a657f7 into python-pillow:master Jun 23, 2014
@aclark4life
Copy link
Member

Thanks

@hugovk hugovk deleted the bomb branch June 23, 2014 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
2.5.0
Development

Successfully merging this pull request may close these issues.
5 participants
@hugovk @aclark4life @wiredfool @masklinn @coveralls