Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crop decompression #2410

Merged
merged 3 commits into from
Jun 21, 2017
Merged

Crop decompression #2410

merged 3 commits into from
Jun 21, 2017

Conversation

wiredfool
Copy link
Member

@wiredfool wiredfool commented Feb 17, 2017
edited

Fixes #2402 .

Changes proposed in this pull request:

  • Add decompression bomb check for image.crop, since it can enlarge images.
  • Refactor out checks to _crop, so that we can apply them to any core image object.
  • Gif disposal is where the bug in out of memory when processing this GIF #2402 was, it was requesting a 1GP dispose_extents.

Still need to:
- [ ] Generate a gif with extra large extents

@homm
Copy link
Member

homm commented May 8, 2017

Consider making decompression bombs an error at some level

+1

@wiredfool wiredfool added this to the 4.2.0 milestone Jun 13, 2017
@wiredfool
Copy link
Member Author

Since we've done this, there's been a change in the GIF code where the extent changes raise a ValueError, instead of triggering the decompression bomb here. Test is now on the https://github.com/wiredfool/Pillow/tree/dispose_extents_test branch. I've removed it here, rebased on master, and I'm going to merge this pending tests passing.

wiredfool added a commit to wiredfool/Pillow that referenced this pull request Jun 21, 2017
@wiredfool
Added DecompressionBombError on 2 x pixels of warning, ref python-pil…
7f6fa3a 
…low#2410
@wiredfool wiredfool mentioned this pull request Jun 21, 2017
Merged
wiredfool added a commit to wiredfool/Pillow that referenced this pull request Jun 21, 2017
@wiredfool
Added DecompressionBombError on 2 x pixels of warning, ref python-pil…
e47b0fc 
…low#2410
@wiredfool wiredfool merged commit a4dafe7 into python-pillow:master Jun 21, 2017
wiredfool added a commit to wiredfool/Pillow that referenced this pull request Jun 21, 2017
@wiredfool
Added DecompressionBombError on 2 x pixels of warning, ref python-pil…
1a1a2ed 
…low#2410
@wiredfool wiredfool deleted the crop_decompression branch October 2, 2017 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@homm homm homm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.2.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wiredfool @homm