From 93b22b846e0269ee9594ff71a72bec02d2bea8fd Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sat, 21 Dec 2019 18:38:22 +1100 Subject: [PATCH] Catch PCX P mode buffer overrun https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd --- src/libImaging/PcxDecode.c | 3 +++ 1 files changed, 3 insertions(+) diff --git a/src/libImaging/PcxDecode.c b/src/libImaging/PcxDecode.c index bf0eb00..ba76d92 100644 --- a/src/libImaging/PcxDecode.c +++ b/src/libImaging/PcxDecode.c @@ -25,6 +25,9 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) if ((state->xsize * state->bits + 7) / 8 > state->bytes) { state->errcode = IMAGING_CODEC_OVERRUN; return -1; + } else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) { + state->errcode = IMAGING_CODEC_OVERRUN; + return -1; } ptr = buf; -- 2.27.0