From 124f4bb591e16212605d0e41c413ed53e242cba2 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Mon, 9 Mar 2020 20:21:40 +0000
Subject: [PATCH 1/3] Tests for PCX OOB Access

---
 Tests/images/01r_00.pcx | Bin 0 -> 836 bytes
 Tests/test_image.py     |   4 ++++
 2 files changed, 4 insertions(+)
 create mode 100644 Tests/images/01r_00.pcx

diff --git a/Tests/images/01r_00.pcx b/Tests/images/01r_00.pcx
new file mode 100644
index 0000000000000000000000000000000000000000..f40777ac58221b95a071e47ac4cdf61eb58861a3
GIT binary patch
literal 836
zcmd;LW#nK0f^Y_71_#CyAm)D<U|?VYa)9XmXP6L>Mp5#gfsqF&z|#N{#S8x5LrB*X
zFtQ$K$!UmHAp4jQI)RR11oFVH0NZSWkV9665QVd>;4B2=G(-8Bav&GsJ&1phOa&_@
z+Gsfx$096(vCu++9po7}_+JlaLK$r+0$|rFFq|%D0JF}N6T#{*2Ko@F?l#D$U>1sz
zFitrb<U%MsWEny(2gXe4h5=tVV1%=LePObw^kP&l67T<i`UMLjAYmbaLc_d>jjn|X
Hc6S2+Q8W7n

literal 0
HcmV?d00001

diff --git a/Tests/test_image.py b/Tests/test_image.py
index b0fd7c5403c..6e9a5e8832f 100644
--- a/Tests/test_image.py
+++ b/Tests/test_image.py
@@ -638,6 +638,9 @@ def test_pillow_version(self, test_module):
             assert test_module.PILLOW_VERSION > "7.0.0"
 
     def test_overrun(self):
+        """ For overrun completeness, test as:
+        `valgrind pytest -qq Tests/test_image.py::TestImage::test_overrun | grep decode.c`
+        """
         for file in [
             "fli_overrun.bin",
             "sgi_overrun.bin",
@@ -645,6 +648,7 @@ def test_overrun(self):
             "sgi_overrun_expandrow2.bin",
             "pcx_overrun.bin",
             "pcx_overrun2.bin",
+            "01r_00.pcx",
         ]:
             with Image.open(os.path.join("Tests/images", file)) as im:
                 try:

From 6a83e4324738bb0452fbe8074a995b1c73f08de7 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Mon, 9 Mar 2020 20:22:06 +0000
Subject: [PATCH 2/3] Fix OOB Access on PcxDecode.c

---
 src/libImaging/PcxDecode.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/libImaging/PcxDecode.c b/src/libImaging/PcxDecode.c
index 9e9504ce5f1..e5a38f4bec1 100644
--- a/src/libImaging/PcxDecode.c
+++ b/src/libImaging/PcxDecode.c
@@ -22,10 +22,7 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
     UINT8 n;
     UINT8* ptr;
 
-    if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) {
-        state->errcode = IMAGING_CODEC_OVERRUN;
-        return -1;
-    } else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
+    if ((state->xsize * state->bits + 7) / 8 > state->bytes) {
         state->errcode = IMAGING_CODEC_OVERRUN;
         return -1;
     }

From ada137eba5b605fd5aeff619c33bbf0e53af26ee Mon Sep 17 00:00:00 2001
From: Hugo <hugovk@users.noreply.github.com>
Date: Wed, 1 Apr 2020 10:52:21 +0300
Subject: [PATCH 3/3] Fix Flake8

---
 Tests/test_image.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Tests/test_image.py b/Tests/test_image.py
index 6e9a5e8832f..3a0b7bd62d9 100644
--- a/Tests/test_image.py
+++ b/Tests/test_image.py
@@ -639,7 +639,7 @@ def test_pillow_version(self, test_module):
 
     def test_overrun(self):
         """ For overrun completeness, test as:
-        `valgrind pytest -qq Tests/test_image.py::TestImage::test_overrun | grep decode.c`
+        valgrind pytest -qq Tests/test_image.py::TestImage::test_overrun | grep decode.c
         """
         for file in [
             "fli_overrun.bin",