packages/python-pillow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix memory allocation

Browse Source
This commit is contained in:
wk333 2023-12-08 15:23:18 +08:00
parent c1867d00ac
commit e2f3bbdb12
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-Corrected-memory-allocation.patch Normal file
View File

@ -0,0 +1,30 @@
From fe32501922ef5e1be9a7d307132719bd5d52ca35 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Fri, 14 Jan 2022 10:16:35 +1100
Subject: [PATCH] Corrected allocation
Conflict:NA
Reference:https://github.com/python-pillow/Pillow/pull/5958/commits/fe32501922ef5e1be9a7d307132719bd5d52ca35
This patch is the rear patch of CVE-2022-22815,CVE-2022-22816
---
src/path.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/path.c b/src/path.c
index dea274e..1180406 100644
--- a/src/path.c
+++ b/src/path.c
@@ -57,7 +57,7 @@ alloc_array(Py_ssize_t count) {
if ((unsigned long long)count > (SIZE_MAX / (2 * sizeof(double))) - 1) {
return ImagingError_MemoryError();
}
- xy = calloc(2 * count * sizeof(double) + 1, sizeof(double));
+ xy = calloc(2 * count + 1, sizeof(double));
if (!xy) {
ImagingError_MemoryError();
}
--
2.27.0

12
python-pillow.spec
View File

@ -5,7 +5,7 @@
Name: python-pillow
Version: 9.0.1
Release: 4
Release: 5
Summary: Python image processing library
License: MIT
URL: http://python-pillow.github.io/
@ -16,9 +16,10 @@ Source2: decompression_bomb_extents.gif
Patch0000: python-pillow_spinxwarn.patch
Patch0001: python-pillow_sphinx-issues.patch
Patch0002: CVE-2022-45199.patch
Patch0003: CVE-2023-44271.patch
Patch0004: CVE-2022-45198.patch
Patch0002: backport-Corrected-memory-allocation.patch
Patch0003: CVE-2022-45199.patch
Patch0004: CVE-2023-44271.patch
Patch0005: CVE-2022-45198.patch
BuildRequires: freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel
BuildRequires: libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile
@ -152,6 +153,9 @@ popd
%{python3_sitearch}/PIL/__pycache__/ImageQt*
%changelog
* Fri Dec 08 2023 wangkai <13474090681@163.com> - 9.0.1-5
- correct memory allocation in alloc_array (this is the rear patch of CVE-2022-22815,CVE-2022-22816)
* Thu Dec 07 2023 wangkai <13474090681@163.com> - 9.0.1-4
- Fix CVE-2022-45198