Merge pull request #4966 from radarhere/decompression

python-pillow · Oct 12, 2020 · fee6baf · fee6baf
2 parents 15c3394 + cf31156
commit fee6baf
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 12 deletions.
diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py
@@ -60,6 +60,10 @@ def test_exception_gif(self):
         with pytest.raises(Image.DecompressionBombError):
             Image.open("Tests/images/decompression_bomb.gif")
 
+    def test_exception_bmp(self):
+        with pytest.raises(Image.DecompressionBombError):
+            Image.open("Tests/images/bmp/b/reallybig.bmp")
+
 
 class TestDecompressionCrop:
     @classmethod

diff --git a/docs/releasenotes/8.0.0.rst b/docs/releasenotes/8.0.0.rst
@@ -86,15 +86,11 @@ A new method :py:meth:`.ImageDraw.regular_polygon`, draws a regular polygon of `
 For example ``draw.regular_polygon(((100, 100), 50), 5)``
 draws a pentagon centered at the point ``(100, 100)`` with a polygon radius of ``50``.
 
-Security
-========
-
-TODO
-
 Other Changes
 =============
 
-TODO
-^^^^
+Error for large BMP files
+^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
+Previously, if a BMP file was too large, an ``OSError`` would be raised. Now,
+``DecompressionBombError`` is used instead, as Pillow already uses for other formats.
diff --git a/src/PIL/BmpImagePlugin.py b/src/PIL/BmpImagePlugin.py
@@ -162,10 +162,6 @@ def _bitmap(self, header=0, offset=0):
             else (1 << file_info["bits"])
         )
 
-        # ------------------------------- Check abnormal values for DOS attacks
-        if file_info["width"] * file_info["height"] > 2 ** 31:
-            raise OSError("Unsupported BMP Size: (%dx%d)" % self.size)
-
         # ---------------------- Check bit depth for unusual unsupported values
         self.mode, raw_mode = BIT2MODE.get(file_info["bits"], (None, None))
         if self.mode is None: