Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700

Merged
merged 5 commits into from Oct 29, 2022
Merged

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700

merged 5 commits into from Oct 29, 2022

Commits on Oct 29, 2022

  1. Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD 

    A large value in the SAMPLESPERPIXEL tag could lead to a memory and
runtime DOS in TiffImagePlugin.py when setting up the context for
image decoding.
    @wiredfool @hugovk
    wiredfool authored and hugovk committed Oct 29, 2022
    Copy the full SHA
    13f2c5a View commit details
    Browse the repository at this point in the history

  2. Tighter test case

    @wiredfool @hugovk
    wiredfool authored and hugovk committed Oct 29, 2022
    Copy the full SHA
    05b175e View commit details
    Browse the repository at this point in the history

  3. Hide UserWarning in logs 

    Tests/test_file_tiff.py::TestFileTiff::test_oom[Tests/images/oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif]
  PIL/TiffImagePlugin.py:850: UserWarning: Corrupt EXIF data.  Expecting to read 12 bytes but only got 6. 
    warnings.warn(str(msg))

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
    @hugovk @radarhere
    hugovk and radarhere committed Oct 29, 2022
    Copy the full SHA
    00b25fd View commit details
    Browse the repository at this point in the history

  4. Fix linting

    @hugovk
    hugovk committed Oct 29, 2022
    Copy the full SHA
    799a6a0 View commit details
    Browse the repository at this point in the history

  5. Add to release notes

    @hugovk
    hugovk committed Oct 29, 2022
    Copy the full SHA
    0846bfa View commit details
    Browse the repository at this point in the history