-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix potential PNG decompression DOS #1060
Conversation
Thanks @wiredfool. Re: 1, Right now I'm more concerned about preventing a DOS than providing a consistent API and re: 2, can we reasonably defend against images with many-just-under-the-limit text segments? |
That was less invasive than I'd thought. Implementation allowing 64 * maxsize total memory usage for text chunks, and a test attempting to save 128 of them. ( ~8k or so of compressed text chunks in the image would expand to ~128M) |
|
im = Image.open(test_file) | ||
im.load() | ||
except ValueError as msg: | ||
self.assert_(msg, "Decompressed Data Too Large") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assertTrue
is a bit clearer (for me) than assert_
here.
👍 in general, with minor review notes. Did you want |
They're not especially slow, and as most of the DOS ones go, it's not a problem once we've solved the issue. They may be a bit more of an issue running the tests in a resource constrained environment, so I'd rather not run them by default. |
Changes Unknown when pulling 6696b78 on wiredfool:png-dos into * on python-pillow:master*. |
Fix potential PNG decompression DOS
Note that this has had a CVE assigned: CVE-2014-9601 (http://www.cvedetails.com/cve/CVE-2014-9601/) |
@hugovk @aclark4life
Two outstanding bits:
Opinions?
(note that I had to change the test to pass -- I believe that the new version is also a reasonable representation of an invalid iTXt segment)