From c9f1b35e981075110a23487a8d4a6cbb59a588ea Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Thu, 30 Jun 2022 12:47:35 +1000 Subject: [PATCH] Added GIF decompression bomb check --- Tests/images/decompression_bomb_extents.gif | Bin 0 -> 368 bytes Tests/test_decompression_bomb.py | 5 +++++ src/PIL/GifImagePlugin.py | 1 + 3 files changed, 6 insertions(+) create mode 100644 Tests/images/decompression_bomb_extents.gif diff --git a/Tests/images/decompression_bomb_extents.gif b/Tests/images/decompression_bomb_extents.gif new file mode 100644 index 0000000000000000000000000000000000000000..0d5ff03f525904d4bc29e3b22f70b45eb1c2cba7 GIT binary patch literal 368 zcmZ?wbh9u|Okqf2XkcLY&j12CAOa-9z_E~lkweB~!-9j&9Ku>LCpIiR+%BN(HOFJ) zqNCjs##whxY+QW2U%|Oc#&gq>lan=qSH+y%wDk0JgXB|lJU1^pJKLi8)t!@@m!F^S z(99+4wPnS{#U7KjVoz;Zd3kxjVz0SgTUT9O9kDsd1uK)l5 literal 0 HcmV?d00001 diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py index d85d1f3c266..63071b78c9c 100644 --- a/Tests/test_decompression_bomb.py +++ b/Tests/test_decompression_bomb.py @@ -61,6 +61,11 @@ def test_exception_gif(self): with Image.open("Tests/images/decompression_bomb.gif"): pass + def test_exception_gif_extents(self): + with Image.open("Tests/images/decompression_bomb_extents.gif") as im: + with pytest.raises(Image.DecompressionBombError): + im.seek(1) + def test_exception_bmp(self): with pytest.raises(Image.DecompressionBombError): with Image.open("Tests/images/bmp/b/reallybig.bmp"): diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py index ce9fb5dd46c..c239a6a2bdb 100644 --- a/src/PIL/GifImagePlugin.py +++ b/src/PIL/GifImagePlugin.py @@ -265,6 +265,7 @@ def _seek(self, frame, update_image=True): x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6) if (x1 > self.size[0] or y1 > self.size[1]) and update_image: self._size = max(x1, self.size[0]), max(y1, self.size[1]) + Image._decompression_bomb_check(self._size) frame_dispose_extent = x0, y0, x1, y1 flags = s[8]