29 lines
985 B
Diff
29 lines
985 B
Diff
From 93b22b846e0269ee9594ff71a72bec02d2bea8fd Mon Sep 17 00:00:00 2001
|
|
From: Andrew Murray <radarhere@users.noreply.github.com>
|
|
Date: Sat, 21 Dec 2019 18:38:22 +1100
|
|
Subject: [PATCH] Catch PCX P mode buffer overrun
|
|
|
|
https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
|
|
|
|
---
|
|
src/libImaging/PcxDecode.c | 3 +++
|
|
1 files changed, 3 insertions(+)
|
|
|
|
diff --git a/src/libImaging/PcxDecode.c b/src/libImaging/PcxDecode.c
|
|
index bf0eb00..ba76d92 100644
|
|
--- a/src/libImaging/PcxDecode.c
|
|
+++ b/src/libImaging/PcxDecode.c
|
|
@@ -25,6 +25,9 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
|
|
if ((state->xsize * state->bits + 7) / 8 > state->bytes) {
|
|
state->errcode = IMAGING_CODEC_OVERRUN;
|
|
return -1;
|
|
+ } else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
|
|
+ state->errcode = IMAGING_CODEC_OVERRUN;
|
|
+ return -1;
|
|
}
|
|
|
|
ptr = buf;
|
|
--
|
|
2.27.0
|
|
|