From c66d8aa75436f334f686fe32bca8e414bcdd18e6 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Mon, 2 Mar 2020 22:57:23 +0000
Subject: [PATCH 01/11] Fli issue 1

---
 src/libImaging/FliDecode.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 6f48c07d415..484f1ce686a 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -165,14 +165,26 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 15:
 	    /* FLI BRUN chunk */
+	    /* data = ptr + 6 */
 	    for (y = 0; y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
 		data += 1; /* ignore packetcount byte */
 		for (x = 0; x < state->xsize; x += i) {
+		    if (data + 2 > ptr + bytes ) {
+			/* Out of Bounds Read issue, guaranteed to try to read 2 from data */
+			state->errcode = IMAGING_CODEC_OVERRUN;
+			return -1;
+		    }
 		    if (data[0] & 0x80) {
 			i = 256 - data[0];
-			if (x + i > state->xsize)
+			if (x + i > state->xsize) {
 			    break; /* safety first */
+			}
+			if (data + i + 1 > ptr + bytes ) {
+			    /* Out of Bounds Read issue */
+			    state->errcode = IMAGING_CODEC_OVERRUN;
+			    return -1;
+			}
 			memcpy(out + x, data + 1, i);
 			data += i + 1;
 		    } else {

From f6926a041b4b544fd2ced3752542afb6c8c19405 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 09:11:13 +0000
Subject: [PATCH 02/11] Refactor to macro

---
 src/libImaging/FliDecode.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 484f1ce686a..d53b4a7fd17 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -24,7 +24,12 @@
 #define	I32(ptr)\
     ((ptr)[0] + ((ptr)[1] << 8) + ((ptr)[2] << 16) + ((ptr)[3] << 24))
 
-
+#define ERR_IF_DATA_OOB(offset) \
+  if ((data + (offset)) > ptr + bytes) {\
+    state->errcode = IMAGING_CODEC_OVERRUN; \
+    return -1; \
+  }
+    
 int
 ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t bytes)
 {
@@ -170,21 +175,15 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 		UINT8* out = (UINT8*) im->image[y];
 		data += 1; /* ignore packetcount byte */
 		for (x = 0; x < state->xsize; x += i) {
-		    if (data + 2 > ptr + bytes ) {
-			/* Out of Bounds Read issue, guaranteed to try to read 2 from data */
-			state->errcode = IMAGING_CODEC_OVERRUN;
-			return -1;
-		    }
+		    /* Out of Bounds Read issue, guaranteed to try to read 2 from data */
+		    ERR_IF_DATA_OOB(2)
 		    if (data[0] & 0x80) {
 			i = 256 - data[0];
 			if (x + i > state->xsize) {
 			    break; /* safety first */
 			}
-			if (data + i + 1 > ptr + bytes ) {
-			    /* Out of Bounds Read issue */
-			    state->errcode = IMAGING_CODEC_OVERRUN;
-			    return -1;
-			}
+			/* Out of Bounds read issue */
+			ERR_IF_DATA_OOB(i+1)
 			memcpy(out + x, data + 1, i);
 			data += i + 1;
 		    } else {

From b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 09:11:50 +0000
Subject: [PATCH 03/11] Fix OOB Reads in SS2 Chunk

---
 src/libImaging/FliDecode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index d53b4a7fd17..c4043615573 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -83,10 +83,12 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break; /* ignored; handled by Python code */
 	case 7:
 	    /* FLI SS2 chunk (word delta) */
+	    /* OOB ok, we've got 10 bytes min on entry */
 	    lines = I16(data); data += 2;
 	    for (l = y = 0; l < lines && y < state->ysize; l++, y++) {
 		UINT8* buf = (UINT8*) im->image[y];
 		int p, packets;
+		ERR_IF_DATA_OOB(2)
 		packets = I16(data); data += 2;
 		while (packets & 0x8000) {
 		    /* flag word */
@@ -101,11 +103,14 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 			/* store last byte (used if line width is odd) */
 			buf[state->xsize-1] = (UINT8) packets;
 		    }
+		    ERR_IF_DATA_OOB(2)
 		    packets = I16(data); data += 2;
 		}
 		for (p = x = 0; p < packets; p++) {
+		    ERR_IF_DATA_OOB(2)
 		    x += data[0]; /* pixel skip */
 		    if (data[1] >= 128) {
+			ERR_IF_DATA_OOB(4)
 			i = 256-data[1]; /* run */
 			if (x + i + i > state->xsize)
 			    break;
@@ -118,6 +123,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 			i = 2 * (int) data[1]; /* chunk */
 			if (x + i > state->xsize)
 			    break;
+			ERR_IF_DATA_OOB(2+i)
 			memcpy(buf + x, data + 2, i);
 			data += 2 + i;
 			x += i;

From c88b0204d7c930e3bd72626ae6ea078571cc0ea7 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 09:21:35 +0000
Subject: [PATCH 04/11] Fix OOB in LC packet

---
 src/libImaging/FliDecode.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index c4043615573..2316fa814dd 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -140,22 +140,26 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 12:
 	    /* FLI LC chunk (byte delta) */
+	    /* OOB Check ok, we have 10 bytes here */
 	    y = I16(data); ymax = y + I16(data+2); data += 4;
 	    for (; y < ymax && y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
 		int p, packets = *data++;
 		for (p = x = 0; p < packets; p++, x += i) {
+		    ERR_IF_DATA_OOB(2)
 		    x += data[0]; /* skip pixels */
 		    if (data[1] & 0x80) {
 			i = 256-data[1]; /* run */
 			if (x + i > state->xsize)
 			    break;
+			ERR_IF_DATA_OOB(3)
 			memset(out + x, data[2], i);
 			data += 3;
 		    } else {
 			i = data[1]; /* chunk */
 			if (x + i > state->xsize)
 			    break;
+			ERR_IF_DATA_OOB(2+i)
 			memcpy(out + x, data + 2, i);
 			data += i + 2;
 		    }

From c5edc361fd6450f805a6a444723b0f68190b1d0c Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 09:51:32 +0000
Subject: [PATCH 05/11] Fix OOB Advance Values

---
 src/libImaging/FliDecode.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 2316fa814dd..ca9e00327f8 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -83,7 +83,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break; /* ignored; handled by Python code */
 	case 7:
 	    /* FLI SS2 chunk (word delta) */
-	    /* OOB ok, we've got 10 bytes min on entry */
+	    /* OOB ok, we've got 4 bytes min on entry */
 	    lines = I16(data); data += 2;
 	    for (l = y = 0; l < lines && y < state->ysize; l++, y++) {
 		UINT8* buf = (UINT8*) im->image[y];
@@ -229,6 +229,10 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    return -1;
 	}
 	advance = I32(ptr);
+	if (advance < 0 || advance > bytes) {
+	    state->errcode = IMAGING_CODEC_OVERRUN;
+	    return -1;
+	}
 	ptr += advance;
 	bytes -= advance;
     }

From 8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 10:01:28 +0000
Subject: [PATCH 06/11] Fix OOB Read in FLI Copy Chunk

---
 src/libImaging/FliDecode.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index ca9e00327f8..98bc037681e 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -86,7 +86,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    /* OOB ok, we've got 4 bytes min on entry */
 	    lines = I16(data); data += 2;
 	    for (l = y = 0; l < lines && y < state->ysize; l++, y++) {
-		UINT8* buf = (UINT8*) im->image[y];
+		UINT8* local_buf = (UINT8*) im->image[y];
 		int p, packets;
 		ERR_IF_DATA_OOB(2)
 		packets = I16(data); data += 2;
@@ -98,10 +98,10 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 			    state->errcode = IMAGING_CODEC_OVERRUN;
 			    return -1;
 			}
-			buf = (UINT8*) im->image[y];
+			local_buf = (UINT8*) im->image[y];
 		    } else {
 			/* store last byte (used if line width is odd) */
-			buf[state->xsize-1] = (UINT8) packets;
+			local_buf[state->xsize-1] = (UINT8) packets;
 		    }
 		    ERR_IF_DATA_OOB(2)
 		    packets = I16(data); data += 2;
@@ -115,8 +115,8 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 			if (x + i + i > state->xsize)
 			    break;
 			for (j = 0; j < i; j++) {
-			    buf[x++] = data[2];
-			    buf[x++] = data[3];
+			    local_buf[x++] = data[2];
+			    local_buf[x++] = data[3];
 			}
 			data += 2 + 2;
 		    } else {
@@ -124,7 +124,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 			if (x + i > state->xsize)
 			    break;
 			ERR_IF_DATA_OOB(2+i)
-			memcpy(buf + x, data + 2, i);
+			memcpy(local_buf + x, data + 2, i);
 			data += 2 + i;
 			x += i;
 		    }
@@ -213,9 +213,13 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 16:
 	    /* COPY chunk */
+	    if (state->xsize > bytes/state->ysize) {
+		/* not enough data for frame */
+		return ptr - buf; /* bytes consumed */
+	    }
 	    for (y = 0; y < state->ysize; y++) {
-		UINT8* buf = (UINT8*) im->image[y];
-		memcpy(buf, data, state->xsize);
+		UINT8* local_buf = (UINT8*) im->image[y];
+		memcpy(local_buf, data, state->xsize);
 		data += state->xsize;
 	    }
 	    break;

From 19ff42bd683486a8a308743c76972ef6a6482e9b Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 10:13:10 +0000
Subject: [PATCH 07/11] tests for Fli OOB reads

---
 Tests/check_fli_oob.py                    |  61 ++++++++++++++++++++++
 Tests/images/fli_oob/02r/02r00.fli        | Bin 0 -> 400 bytes
 Tests/images/fli_oob/02r/notes            |   1 +
 Tests/images/fli_oob/02r/others/02r01.fli | Bin 0 -> 457 bytes
 Tests/images/fli_oob/02r/others/02r02.fli | Bin 0 -> 400 bytes
 Tests/images/fli_oob/02r/others/02r03.fli | Bin 0 -> 509 bytes
 Tests/images/fli_oob/02r/others/02r04.fli | Bin 0 -> 156 bytes
 Tests/images/fli_oob/02r/reproducing      |   1 +
 Tests/images/fli_oob/03r/03r00.fli        | Bin 0 -> 1949 bytes
 Tests/images/fli_oob/03r/notes            |   1 +
 Tests/images/fli_oob/03r/others/03r01.fli | Bin 0 -> 820 bytes
 Tests/images/fli_oob/03r/others/03r02.fli | Bin 0 -> 386 bytes
 Tests/images/fli_oob/03r/others/03r03.fli | Bin 0 -> 880 bytes
 Tests/images/fli_oob/03r/others/03r04.fli | Bin 0 -> 633 bytes
 Tests/images/fli_oob/03r/others/03r05.fli | Bin 0 -> 2586 bytes
 Tests/images/fli_oob/03r/others/03r06.fli | Bin 0 -> 784 bytes
 Tests/images/fli_oob/03r/others/03r07.fli | Bin 0 -> 893 bytes
 Tests/images/fli_oob/03r/others/03r08.fli | Bin 0 -> 784 bytes
 Tests/images/fli_oob/03r/others/03r09.fli | Bin 0 -> 2210 bytes
 Tests/images/fli_oob/03r/others/03r10.fli | Bin 0 -> 61158 bytes
 Tests/images/fli_oob/03r/others/03r11.fli | Bin 0 -> 60120 bytes
 Tests/images/fli_oob/03r/reproducing      |   1 +
 Tests/images/fli_oob/04r/04r00.fli        | Bin 0 -> 551 bytes
 Tests/images/fli_oob/04r/initial.fli      | Bin 0 -> 4096 bytes
 Tests/images/fli_oob/04r/notes            |   1 +
 Tests/images/fli_oob/04r/others/04r01.fli | Bin 0 -> 1363 bytes
 Tests/images/fli_oob/04r/others/04r02.fli | Bin 0 -> 725 bytes
 Tests/images/fli_oob/04r/others/04r03.fli | Bin 0 -> 1008 bytes
 Tests/images/fli_oob/04r/others/04r04.fli | Bin 0 -> 637 bytes
 Tests/images/fli_oob/04r/others/04r05.fli | Bin 0 -> 785 bytes
 Tests/images/fli_oob/04r/reproducing      |   1 +
 Tests/images/fli_oob/05r/05r00.fli        | Bin 0 -> 863 bytes
 Tests/images/fli_oob/05r/notes            |   1 +
 Tests/images/fli_oob/05r/others/05r01.fli | Bin 0 -> 415 bytes
 Tests/images/fli_oob/05r/others/05r02.fli | Bin 0 -> 3274 bytes
 Tests/images/fli_oob/05r/others/05r03.fli | Bin 0 -> 1320 bytes
 Tests/images/fli_oob/05r/others/05r04.fli | Bin 0 -> 1190 bytes
 Tests/images/fli_oob/05r/others/05r05.fli | Bin 0 -> 11135 bytes
 Tests/images/fli_oob/05r/others/05r06.fli | Bin 0 -> 619 bytes
 Tests/images/fli_oob/05r/others/05r07.fli | Bin 0 -> 672 bytes
 Tests/images/fli_oob/05r/reproducing      |   1 +
 Tests/images/fli_oob/06r/06r00.fli        | Bin 0 -> 1083 bytes
 Tests/images/fli_oob/06r/notes            |   1 +
 Tests/images/fli_oob/06r/others/06r01.fli | Bin 0 -> 1014 bytes
 Tests/images/fli_oob/06r/others/06r02.fli | Bin 0 -> 1082 bytes
 Tests/images/fli_oob/06r/others/06r03.fli | Bin 0 -> 919 bytes
 Tests/images/fli_oob/06r/others/06r04.fli | Bin 0 -> 916 bytes
 Tests/images/fli_oob/06r/reproducing      |   1 +
 48 files changed, 71 insertions(+)
 create mode 100644 Tests/check_fli_oob.py
 create mode 100644 Tests/images/fli_oob/02r/02r00.fli
 create mode 100644 Tests/images/fli_oob/02r/notes
 create mode 100644 Tests/images/fli_oob/02r/others/02r01.fli
 create mode 100644 Tests/images/fli_oob/02r/others/02r02.fli
 create mode 100644 Tests/images/fli_oob/02r/others/02r03.fli
 create mode 100644 Tests/images/fli_oob/02r/others/02r04.fli
 create mode 100644 Tests/images/fli_oob/02r/reproducing
 create mode 100644 Tests/images/fli_oob/03r/03r00.fli
 create mode 100644 Tests/images/fli_oob/03r/notes
 create mode 100644 Tests/images/fli_oob/03r/others/03r01.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r02.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r03.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r04.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r05.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r06.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r07.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r08.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r09.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r10.fli
 create mode 100644 Tests/images/fli_oob/03r/others/03r11.fli
 create mode 100644 Tests/images/fli_oob/03r/reproducing
 create mode 100644 Tests/images/fli_oob/04r/04r00.fli
 create mode 100644 Tests/images/fli_oob/04r/initial.fli
 create mode 100644 Tests/images/fli_oob/04r/notes
 create mode 100644 Tests/images/fli_oob/04r/others/04r01.fli
 create mode 100644 Tests/images/fli_oob/04r/others/04r02.fli
 create mode 100644 Tests/images/fli_oob/04r/others/04r03.fli
 create mode 100644 Tests/images/fli_oob/04r/others/04r04.fli
 create mode 100644 Tests/images/fli_oob/04r/others/04r05.fli
 create mode 100644 Tests/images/fli_oob/04r/reproducing
 create mode 100644 Tests/images/fli_oob/05r/05r00.fli
 create mode 100644 Tests/images/fli_oob/05r/notes
 create mode 100644 Tests/images/fli_oob/05r/others/05r01.fli
 create mode 100644 Tests/images/fli_oob/05r/others/05r02.fli
 create mode 100644 Tests/images/fli_oob/05r/others/05r03.fli
 create mode 100644 Tests/images/fli_oob/05r/others/05r04.fli
 create mode 100644 Tests/images/fli_oob/05r/others/05r05.fli
 create mode 100644 Tests/images/fli_oob/05r/others/05r06.fli
 create mode 100644 Tests/images/fli_oob/05r/others/05r07.fli
 create mode 100644 Tests/images/fli_oob/05r/reproducing
 create mode 100644 Tests/images/fli_oob/06r/06r00.fli
 create mode 100644 Tests/images/fli_oob/06r/notes
 create mode 100644 Tests/images/fli_oob/06r/others/06r01.fli
 create mode 100644 Tests/images/fli_oob/06r/others/06r02.fli
 create mode 100644 Tests/images/fli_oob/06r/others/06r03.fli
 create mode 100644 Tests/images/fli_oob/06r/others/06r04.fli
 create mode 100644 Tests/images/fli_oob/06r/reproducing

diff --git a/Tests/check_fli_oob.py b/Tests/check_fli_oob.py
new file mode 100644
index 00000000000..ca06c2cb825
--- /dev/null
+++ b/Tests/check_fli_oob.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+from PIL import Image
+
+repro_ss2 = ('images/fli_oob/06r/06r00.fli',
+             'images/fli_oob/06r/others/06r01.fli',
+             'images/fli_oob/06r/others/06r02.fli',
+             'images/fli_oob/06r/others/06r03.fli',
+             'images/fli_oob/06r/others/06r04.fli'
+)
+
+repro_lc = ('images/fli_oob/05r/05r00.fli',
+            'images/fli_oob/05r/others/05r03.fli',
+            'images/fli_oob/05r/others/05r06.fli',
+            'images/fli_oob/05r/others/05r05.fli',
+            'images/fli_oob/05r/others/05r01.fli',
+            'images/fli_oob/05r/others/05r04.fli',
+            'images/fli_oob/05r/others/05r02.fli',
+            'images/fli_oob/05r/others/05r07.fli',
+)
+
+
+repro_advance = ('images/fli_oob/03r/03r00.fli',
+                 'images/fli_oob/03r/others/03r01.fli',
+                 'images/fli_oob/03r/others/03r09.fli',
+                 'images/fli_oob/03r/others/03r11.fli',
+                 'images/fli_oob/03r/others/03r05.fli',
+                 'images/fli_oob/03r/others/03r10.fli',
+                 'images/fli_oob/03r/others/03r06.fli',
+                 'images/fli_oob/03r/others/03r08.fli',
+                 'images/fli_oob/03r/others/03r03.fli',
+                 'images/fli_oob/03r/others/03r07.fli',
+                 'images/fli_oob/03r/others/03r02.fli',
+                 'images/fli_oob/03r/others/03r04.fli',
+)
+
+repro_brun = ('images/fli_oob/04r/initial.fli',
+              'images/fli_oob/04r/others/04r02.fli',
+              'images/fli_oob/04r/others/04r05.fli',
+              'images/fli_oob/04r/others/04r04.fli',
+              'images/fli_oob/04r/others/04r03.fli',
+              'images/fli_oob/04r/others/04r01.fli',
+              'images/fli_oob/04r/04r00.fli',
+)
+
+repro_copy = ('images/fli_oob/02r/others/02r02.fli',
+              'images/fli_oob/02r/others/02r04.fli',
+              'images/fli_oob/02r/others/02r03.fli',
+              'images/fli_oob/02r/others/02r01.fli',
+              'images/fli_oob/02r/02r00.fli',
+)
+
+
+for path in repro_ss2 + repro_lc + repro_advance + repro_brun + repro_copy:
+    im = Image.open(path)
+    try:
+        im.load()
+    except Exception as msg:
+        print(msg)
+
+    
diff --git a/Tests/images/fli_oob/02r/02r00.fli b/Tests/images/fli_oob/02r/02r00.fli
new file mode 100644
index 0000000000000000000000000000000000000000..eac0e4304f229dd292d6a91e238f961da6ef6de7
GIT binary patch
literal 400
zcmb7=F$w}P5Jf-HW^IhM;2CVw=KvnUd#tVC4J<u?x0rjVt%Vl5!eaJ2*=z(+6eom`
zWSIB(;}*Ngz5*;Pk;@;8OEDu)B+p<8vLbIVgs!d4ed%OL2JIXonAAxcVA^sC27S@N
z`Y+;~tmy9X{;W07TnQ0rbh}POA$|EDXsF~18hA(73BCD>CcMGiEJkD(MOKJW)Cb^0
U6zZ7mv+tii1C2uC=~;2u10_eYy#N3J

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/02r/notes b/Tests/images/fli_oob/02r/notes
new file mode 100644
index 00000000000..49f92b19bed
--- /dev/null
+++ b/Tests/images/fli_oob/02r/notes
@@ -0,0 +1 @@
+Is this because a file-originating field is being interpreted as a *signed* int32, allowing it to provide negative values for 'advance'?
diff --git a/Tests/images/fli_oob/02r/others/02r01.fli b/Tests/images/fli_oob/02r/others/02r01.fli
new file mode 100644
index 0000000000000000000000000000000000000000..3a5864c84c5e89e44f875af8100a1a586d9b6af3
GIT binary patch
literal 457
zcmb7AOAY}+5Pj3J7z881f<#<nw$ev&23xkyU?Xt=w_rIZ5Wz|^iOj;^%u{Wq5gSoS
zS65fRRK53B38vLq0geZcu%S2k{bd<&OE3h7DBwuCR7og#><NyzTYRfc#!18+Vg>Rb
zeX3Kfm9PiK;6)lS%Zqu(pAYHZQM7x^7~&drpAFKyfYSThR6NVEy9Oyl@*iMBD4i)B
zvtm+rq&gE?BT}T6yJNRlMK>zpZxykbD$2bT`5%g8mc$w(yc7k7C9tzw4FJ%aO6D#z
Rcbz^PE<W7FFL%GWj2{Q!v-bc1

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/02r/others/02r02.fli b/Tests/images/fli_oob/02r/others/02r02.fli
new file mode 100644
index 0000000000000000000000000000000000000000..2b3d15b55ae1da1c8939aff634be03bf15d8c9dc
GIT binary patch
literal 400
zcmY*VK?=e!5S#`NT0ttP2L<sPy-J_rKkQZT2VMjp;4kXY7l^1=K`N+Kn~s}?RNWAg
zY-V?6XJ25|Ui<I@1cZy|*tk4*Tb>A>!5BX7WS#1IW{-=Y#N`e@7?Qe3S%X#}Z<42a
zbOr?{pa!3k&}?mzQJBOGb2J@~0A;<>ahV{^3$X1g3^Rc_uBnB%PvNw|W!IBiMnn-(
zMMiRtT$NM!rqY7)Ws5@gt-{(@Vfdp^dPy8G!;ivgIUpZUMu@Y*0Bsm6WR5>8fXWIp
ShrTmOglH~SRCAeXL-YZ)H=7Iq

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/02r/others/02r03.fli b/Tests/images/fli_oob/02r/others/02r03.fli
new file mode 100644
index 0000000000000000000000000000000000000000..a631721321a6710e40692dc1912a441a7ccd0c8c
GIT binary patch
literal 509
zcmbtQJ8r^25PexW5)jET4F!=PN1$~TDe_T#23pf1j^L65<OFG<<N`?nREdx*7Y-le
zeatShjYXM}cIWeE-h5^n^X^9n@FEaaMnJG>C&%v<w<LGq1fAX=xraLJ*!qn<G$7z$
zOV^kJkM5^+q>_-AUrBF&0V*-(DSfxTEfLGB&>%pn$UyXKS@bd>3!O5jDx^UsajHH0
znjyN{;ZXtw-Q~jf7ZdttJPBPr;Pc54{Ww(*W8CliFeY12TJ~j}*yM9_0+$X7)u1Vz
qs5JhonN<w8N0W`~z0Hloh{H@W+LU`4&}3N2L!b%0NnCFF1;!WBEw5Mr

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/02r/others/02r04.fli b/Tests/images/fli_oob/02r/others/02r04.fli
new file mode 100644
index 0000000000000000000000000000000000000000..4c17cbb3dee4004ce50c82ff942f14019e077dec
GIT binary patch
literal 156
zcmd=8$FNv%{a1#63^LsR8DL=dH6Yss2>x<1aQ^-G|L*_)|KBj&V`BLK|0|H$AjQDI
z%fL9B;s0Nt2vF(Y|NoC2JN8%l|5G66KLbdVfguGVeV0M(FOpgRAZ9Ue8fsWt{&xVX
TX884y8DcRbgc1N!TtE{52%|%c

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/02r/reproducing b/Tests/images/fli_oob/02r/reproducing
new file mode 100644
index 00000000000..3286d94f1c7
--- /dev/null
+++ b/Tests/images/fli_oob/02r/reproducing
@@ -0,0 +1 @@
+Image.open(...).seek(212)
diff --git a/Tests/images/fli_oob/03r/03r00.fli b/Tests/images/fli_oob/03r/03r00.fli
new file mode 100644
index 0000000000000000000000000000000000000000..7972880cecd8cc0f9b094481ccef2915b59e5782
GIT binary patch
literal 1949
zcmd5-%}&BV5dLh?2=NCJqlt;|91s&Z^ig;XBOZMQjy`~|;0cdD18_4W$^nT=`#ICn
zvUIx@gHh+u{bu&-?CkX0E<@bb?kYePRU$EeSf0HN9yua82D_->m3)C0j=9TT6=%Yn
zr~Ep336CWN9>}T0>CJc=vI7PZkwCzMhkmo!ziu?=>H{Z7@*r-2_la;c6d6aQ1nM}{
zhos<@0<|SI_JQLB{QS7LY09>p;BYmhn_G<l=h?u*S1t!RlU4?k;~CDDfeRpAx_CBq
z!KvzER-lW((8V-I7u)|+7lrNAwymiPH?3_qKh{OMw0`O=$)$_<h<sleX8u1^hV0Y&
zWBjHv@>*@S=4-s4Qrw?Br6_RI+ABP9YS=&-y0xq>qV3kR%ZP93&E!OHEdpz5#e5ye
zThU+?F23LmO;Sr7-}mJY6CV^UQ0$`vG-OOP^<>{dU70Ntljyp-5JzsQmQjie-Y+N2
XLY7ezNeODsa>(RTlyY|La@hL>W6fPk

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/notes b/Tests/images/fli_oob/03r/notes
new file mode 100644
index 00000000000..d75605cea64
--- /dev/null
+++ b/Tests/images/fli_oob/03r/notes
@@ -0,0 +1 @@
+ridiculous bytes value passed to ImagingFliDecode
diff --git a/Tests/images/fli_oob/03r/others/03r01.fli b/Tests/images/fli_oob/03r/others/03r01.fli
new file mode 100644
index 0000000000000000000000000000000000000000..1102c69ca3b0cd47c1c9763168605a54b799c2c9
GIT binary patch
literal 820
zcmb_aF>b;@5S+6pFp(ltP>?1(A`NM1E<fQNkt-zL;07rV$OGu1%m;{+KuSju1t1*X
z4P!8AVo@MZv#Z(F%t|}-d}+V7fCv$BhFyj~`}a4lNTy(n7PjOLfloV4Ced*(KkbuW
zpWk$T%?4ZmawDF>j(46z(1Cjqj<@q!uRn{~&vA410Wk)$b?`@sk<LG`yv?7Gm9>__
z=PDV*Rcx)CF}2EFCwA2hM!0M@svH-8Ek9Yl*nAutPC5p7a>|<$^QawbQ!-OHlqY>Z
ukBP~H>2jk$DP#qHhrqomLP8Nz@&;t6`2un;bZhWhfJxzJrxrc5)g=eG22jBO

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r02.fli b/Tests/images/fli_oob/03r/others/03r02.fli
new file mode 100644
index 0000000000000000000000000000000000000000..d30326fe0b0e6054a0a8b20b727e9722bb848605
GIT binary patch
literal 386
zcmZWkJx&5a7=1Ir#FfM>g&|-99Kg~B8=LVKl-$EDY&-)Ei3i{S^iXmEO^mVJM7KZ%
zcINp8nS{jGeDnRhpJBjLYi5Bw2a(|3vX9Nn%Dj^-!2)OaV*3X+lsx4m-`~~g{<25<
zP_Y4TL9R8Y{pMBR81yJN8hD;B7lYxV;IKwB`N;AS*jDmSAf)pTOkUa?J=K}l{V}H(
z2DtMIEXy0+IETur+sZ(hq)->c^xAZI;=yNdqOf#xhXGn~A6x3H2S_sTPjWZLNLvpn
pe8xXMkfHQq?8J!a??p|%4&5jObd0JXI{K=}s7#`-Z^`Ts;unC?qL=^x

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r03.fli b/Tests/images/fli_oob/03r/others/03r03.fli
new file mode 100644
index 0000000000000000000000000000000000000000..7f3db178e60cfd29ea665f4df68899da2804838e
GIT binary patch
literal 880
zcmds0JxT*X6#jPIB8ecYXb~3@!7GTcHa6oetRxrk1WD@|(nLIfwHMIRUX+M}B1SYt
z3`utP^P3s7hzK@TKG=D0-p{<hZ&~1E<+KLGhzUy+Gk4Y3$;~D2Ne;jcYIrBd2#WzL
z?8dOJ8J#bXG|0RdGQw3T)ksE$W3Cr$fjKylBInX$+CNV_Ofx>aL@pVQfax#<7Cv=)
zG%C%&v6pR8b1Frr3~rsCy|n<?%T=&a?)24z!7$WqssyS@&RK`(Z3T6XRMhn*yI}HP
z+AwDZ8(6k&Y6X^1@dMLj3i`>+TG*F$8ydu$UzPlF`Dwqv7=QE1ca-=#R_hiehuUuL
zQa6J+N)EoF<YJBzEc!T|{0${?dC>Z8^P;8=@uIuy_z@)nCE3;|z{uSgGf|B;kT2pQ
o4Gc|jR4FjoR|zq+C6qx(5+7vEWKjk+T#$Z<-6vKp<Pdc~08J)xi~s-t

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r04.fli b/Tests/images/fli_oob/03r/others/03r04.fli
new file mode 100644
index 0000000000000000000000000000000000000000..f05375e843b2246ab98ca727432e2a9c5efe03d3
GIT binary patch
literal 633
zcma)(Jx;?w5QU#DgyMj}QAk0MLV8-7q(Ml_EmGzlxaAC{u*3m40DUOA0EoX1MIsgo
zA;Ig%^9Dx|2$5;*nSJ}_+ZpD#s9jcp5Mhck%v10>y}RM_h#Z0us(7cJz|V)QFb<tA
z<F|b8k+gZrHCP|ySatdnHgm>00H-QgZe0)Bok7G-hK;fhh%;c8`ip`p^7$1kdo7dI
zOEQYgtFzKN|4G*Ri>wbvrgp24@k2!akU7ONxcA^PCNDW~VyUp`?szZ;DZ0d_(O*+#
zceOYtKl{MGz6c17MbkVYgTknsfHTFyyx{@IrMWbPxi5p6=Bic5DT|2Y(A(u$ySN2o
zxzb!2v=3^0(-ozPxv#RMk@MaZmV)W&)ItuU`D&%Jj)v>S(oUt)qg>w=-%>z$+wm8J
CXa;5g

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r05.fli b/Tests/images/fli_oob/03r/others/03r05.fli
new file mode 100644
index 0000000000000000000000000000000000000000..0379443241918d6ebf3e7d6e6ea6745861dd1794
GIT binary patch
literal 2586
zcmd5;&ubGw6n<G7j1e?F^k78INf4`|cxXID-A=$m5fv}~I7n_GP&^2F$?CmL%(Vy+
z(FHHLcnNxS6+HAGs8H%bDFq3d)+X6J-%NIPXPV7=s1n~{=6m0~_vX#)&YQsmyqIhx
z0a9=WL5jJy@B8-WW&DDO8-NxhVH0r+jQ$2Da49A1deZ*zQAD@j!U=E<Kx`9_#uldg
zSO9bZw~27^zy~Ljbu7&GU_bXq?vC&Ppwlu$K+zyj9Fj6`1mb|(N>MRDY*p}BpNav@
zx|A?Yd4X(96Iupo9h!i0qUm}TLj8Q~5N=Yy6~HCR0nN82WMGnyb5-<SZuO}?4nlSd
zaGOXMEc~%*B={Q1-sLk>&$BNRA?GzAO{?HzUPN+-W5}YU*_5MC1;8?6S0okmmjmdd
zb0ft!`7>z7A=Kz<DC?0a&F7|I{dKVWjG3%S!tzd36mRS??O?cB{*}frYFdOc7mQ5@
zkOdhkWB`LN5pcUhV#2}hgata~lb0kCIm}3n`fCCM?D^)AVqYcpdd7+;i;?0RDnR>)
zUIrh7J$e-K5!K0+NCYkVh<9~rl$MtRyDuwFwhXeY@H0sVZyaT%O|>qvtPFA+cUh79
zuJohJ%KMPwqBusuvot8miZg8WpOuwc`X4=10%nI-pff#ReJ#XS1qeS8fAIjQ_v%;<
zz&mlT{<8z%ZKq$AZs_}~X{Q;3n8rxu1c8E7WWSRDd8hf4NlT?yZsz0qzcDD(!t{)E
z;CDGw>;I1b%c5sO+_r7YF4**t_(e~LmGxXTgP*=$d|4xTR+}qTsI8SswNks=OLQkN
z7w0baB5$}O{xtR?mN8DxkXUhTy>o=#T<E0JPp&r(HY#tb^gQZ7t~$-5@}LVfidx`^
T<au%s)rCr9zOsC8{$c+&$P${S

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r06.fli b/Tests/images/fli_oob/03r/others/03r06.fli
new file mode 100644
index 0000000000000000000000000000000000000000..1527cbf91a05aaa0b23726a8f4fb70f7fa55ac61
GIT binary patch
literal 784
zcmbV}Jx)SF6on5@3c<ucL86!liH!@e!I;>Ly$hgZAHLQ#(2%$Q7GRI18_<Mcp#}aB
z^CaM#cRZKj84`kpx0#tcch33l9cH+x_RBy86(SEeD!tDh@A*V>48|zqi<~0L#@uGN
zvZzb*`h!E#XA>6TBan&mjHaw-?0_DeDdD+$H)ys7F<U8iavu=az<d(@CX|uRS}^z0
z&B|7%!Y~vUYX#uK3s{z?s&NjJNT<0B#3Y3@&W62{!afs0J%C-o(%m{VQMG$JF4myP
zUM*vg{O+KwTaTFd2tBIaTb)*;ztY3p*P$L{)XO6D91TmAC?+M7bF$<m5J1mhpcb<g
zT$2^<F`RWJmr(3%!hgD(nBF$DSggA%DevV7{2+(2boz`Vd}=a&VDM<a^^>Ka`qS(K
ze^A)e{{I2?3NqOQVDqqFws{~xDYXiumYPZh_Lr^1e#d^PSHp1RE)m5#h<zD08QX%d
HLB{h3Z<m5y

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r07.fli b/Tests/images/fli_oob/03r/others/03r07.fli
new file mode 100644
index 0000000000000000000000000000000000000000..c9dea41351d7ef405b00c473c52b23db5039056a
GIT binary patch
literal 893
zcmcIiOHKko6f8y-f{B8OiP0z|p1>u>#Lc+(04%u&Y&`=T5)Z%u+~d*<XhL+M3;Ym*
z2u@E~uZIDQXx!MF*ZsO)y?WKn7#GEM9w=lAM7qMg+{^g(n)f7oU;}x)ks}0gkE?7J
zJT6M{yZfYz`^>@xAcx8`7%_-h106V4!g2koQ?7IxtVCFw_7OYIfk{6|8><rH`L+a{
zt%a>}nXbQJYbyhsI#H_SkuYJ1exTDt4Wvm7QG;j!B@QL(25d?!!^;q56z$%QK6*xo
zGG;>gQA1U?4q|xS@G}bU45w)7>ncq9hS*7HOsRHMxw;COqcmCh37K;u@Inud5o~&(
zteVL+eANs859@ysZ>C9ji5zIRM7-V49CV#@CQC;TIKV*0x{eKm>T`RTnD1nd9yb|3
zVff<SVD8>rfN)*_ONw*%?66e8c1BHp5}<belZ5&tNJJ^MC`g~8tdxypZ~IrYP5QVp
cRG5~bdl#M|Xo!RFb=}&^>JwN5pOU7IpDQT1cK`qY

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r08.fli b/Tests/images/fli_oob/03r/others/03r08.fli
new file mode 100644
index 0000000000000000000000000000000000000000..698101443c52b6424f3d10cdf746310923fb7b06
GIT binary patch
literal 784
zcmbV~KTZN+5XIlF7J`X^0%I@{qKyZz!I;>ry$7J=9?*IQ8WIn{0VwR&(hF!pFi{Kq
zL(FQx{r350cR><D<21Y9`)1z!W_Fq2y4)`UC6tJH1f#<H^x=+=B*$O}MSPLp@RKpO
z*e#`bvGRBAZU2CD$%LD5KFCNq{clziwm=6?B{=TfhV@3+VI#)&ybp*gU^ej=f)x3z
z1pnBS0lqFWykUCBp63A<PQYq;O11|BOnjYYY9J<M#T}w|;yob})IHc0EQ3LSI?8r$
z$Ml(*vsX!&S^l)p)UAUYJ~ZP^>gOy^bw=M-q4foVAV4*<(JX1G95s^)6qCg0oGduZ
z3(jDm7SknMvlZ?!0-H)*a(COX&g;9InQCi#SgdxJsPcRTE}TP|96#d-pW2KI4Ia(6
zew6p4JJjwo{>)+B`2Ppk^EB2v0NaN?2?yE-GAK#QKpLqoDPw=xi0tdwo_ZAwN5Lih
Rjt*ka!!~2D_CKXIj=x5EjFSKW

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r09.fli b/Tests/images/fli_oob/03r/others/03r09.fli
new file mode 100644
index 0000000000000000000000000000000000000000..12058480a4469be242fb7b4587538b1f55d10356
GIT binary patch
literal 2210
zcmeHJI|{-;6dZ#^HloB<L2LwD%XAhwiU&#S87w`3x6sno#zreakU&g`xEVJ_!=g5l
z!Vj71z2SXkXNz4Xm^Nn?V8bTva5v%*ub14C+=Cu0gk%IG+0*32zSf<y`Zd}eQYJpD
zkOs)3;%P)|B^-egj1?i-Sj@Z5+@o_w?Y;-Z7&!SxPAEprc>=Rt;&(7CB6VD(x$M0;
z5QhI`#Y#I&AnIE7`LOa@Lct3N74*S9JxOEpktp-hfiH5v^xqT%@6CqaEVrIy=MTOs
P1;n85IJ@-65m531_d%RE

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r10.fli b/Tests/images/fli_oob/03r/others/03r10.fli
new file mode 100644
index 0000000000000000000000000000000000000000..448b0a812d75af0e15874c8a528ff22cb79839f9
GIT binary patch
literal 61158
zcmeGlyOP~BRJ&oxgGpEjga9FILQ6rL844H7@Ecp?8<=$0E#Humk|IAqajP&xK?YhT
zGfN;az~;pygfQ6^y4Tmfwy$1CI!BUi-DYi__rpiBBy0IG`|6EbXBgXMyPVa(&+eUm
z^y2Ov{tM^)knxh8VgGRcoNXT;@>Bfg?h@~1jsN~-&X10t@K@N;Hsk!6Xy@C{`FqFw
zI^#!-zYq;a{M@&<_paS8`L&nqwOS72>`TV}d$Qd$h!(+T<Hu`R8xV?yy*5+ff}q0N
zvOTXKy3h~RSQlFdLUW%;Ps>nOk2{eLR%}Im!u|mt>a7Dr1^5F*W&v4=N{H!(rRG*S
zcw(-#^8Rp3wAQYn00-Pf4#mZ`dbUPVU6QS`dyjg@e>JeXY=BP^d_h=!mEQ8L4H2`A
z7NUmIkMG=%JS??oKw*MIw7mmCM!~&~!bQr2|1NDFRpTFGnDaNiMWwZf-mpvb;D^?<
zJ;X@8|8G4tWVh}{$+)T7O7}<mtcqvVzOMw|kV6Q2c{d~9mFqeFRyTL`{GxvIzR1|A
z9`ZPEzcARjldRb<eKiX(HuO~yOh1qpfyIPFw~G`F!~1Ox{lnStHbfLkwS)+aiF-Gu
z@Wf=h2Yw)x#L?f9H84j`$&x)zR<o28qnq3QOK)bk`_tnN3feC@i@rYppdR2)0Tg7p
z1bDrCtFN#6<*JYAbAJg+{0vH9kAJeX$IX}|9w;2Sc9QjVM<z*-xzqyAXD(z(*o&;h
zN67q0*%c7({eBrj8y)wD*c$lG{6?C^kL|YL@<V3%sFn$XM=F9q!ezq4RtH+Tn&z`i
zxRi;r2AY@tBmwm803<ByrjRwOmO0?RDDLVE_&d%JOMlb&O?c@qP=E(Ahn`pCyz?Qi
z#t9eZg|~Gcxpz_nDH>~2L01!4cmw%kvdDSijXLys;myUvX)L?}G|vlfEa<|Ud(RFC
z>IyZ_Fv5Knl_JkDTDd=+8AdC0Gg9q=qP_tBRZq788AV5L&GTF9lGoQ8SLOBf#uX`D
z<n?u@Xgo1fg&Z!LwMi6%-~bX*OCP%Q0;C#c=4ubL9zoOj4f|>?ln~!J-)48wpz`v9
z@6QmD#Q_jg_|^GcR>r!1xH=EzD~t~>Ynwyp9DWw&=EAJ!A#59mjDJM|Y+16Hg~>lu
z57^AupbAtnd(@4!5-$S4`;+uQI{OYc0;!qBXgzRF3(dgnf$V|gJ&->~Og=;&3Kkx;
z;~>o=@qQe+;b4G1e&G8YFtx)wFPUmIFGvU(mI{7iiI)~yH5b~<h{jfqDxOVnK9^cZ
zB~~g-+8A>C;RjL;l5Wg(78ITx&UdT{;wQhgs&<IoUGpdAdtI`kdy9L=6aB2C{{S@w
z5!d{5xy||>s8k(t@^|yx$Mqq5A0Iu_p)KX<)KL&};AO}>bX!sUuwxtc%~V#OvHdne
zejAU%H^Ru?DN}nUyIq&{O?*voas0aYM{{I9NJ-HuVNt%c^g3Ypx5?#sBFf!LI$f8r
zt<s2+Ji^9PgQYPU<4QqAB8JZ)fWL@cQfs0T<DTd>XV1T{I?*Q`Ql&+zASeka0K#=8
z1>ek*iT@^>e^EVvHl~Scg+h3%d??HIYWT6QU_spMyS=F?>x!P7SbZAyQ+XY&)3fw*
z<J^zjp4x5dqRYRwx!X!}mp4Px_!W<<-Dc>=qRQdPoEE2aHbW=u_q-We8JvA3ga$Cf
zV@r2zlR?K&#cJ!opvXAEq1-!8?~U6k;2vd2Dg`~cY1~nAwXSd_91R^LVMk-M){w;a
zC~I|}I55OpT?iSLVI1bJujLHmtIa&4)K)!IO5)l`70)I(@;%C~>f+Ib+$EOxDC5N~
zO-|F^qr8gAs+J6Ek1|!Q?T;**f>=50(=_uKQL9<s0~K$o4hK<lC9AwgS?L;bK;EN_
z>tfBKaEU7^47bx^#Ke>0dgh0@;7T!uvPapa|Gr`$MYR1q^4`#15gn$B4|M#@u)If^
zNuL_C=gb&nj4RQKL=2xpW>191P<dXt*)5cUZhMqNX@@IE6$D%<nH#_Z`~?7cg{mks
zeMY<ehUD&TH?#0#p}M|O#Hq1-Hk3yS%|GXHv*?67JGAkmy9#kAXO;y3Tf3Q=;ZPn2
zvn3<OsA>UPMHsKAdK1ekL%&l2$lJYF+5rES`<_S`QiBFJ&6NHCiy&SnyF5`hcJc>Z
z=0mv?PsRbZu2#>Q;rWlYtr*)GnV**jc!;5L0a1~-D}ku8z@<9{q=2dd#V?@*89!|g
zG@}aR2j|!$_#%j78vBAsGYFY8tA19`#Z=7R(UXrDx;W)%#O9ey!+t<b@-kfM0p;xR
z>QDtGAuYi7Pz74;B5~L3pHXUrQf6jK_6@-D(<)1}if!3&ce<E6QAHvO*&nD5RiG=&
zgeUsJ;&lmzo(Oh;|1h`6ztYuQkvNC0w2|m+4pm6rsIwH#>(7bsrvND^-3>rqs;J9y
zUaYm7s9&aJb}QQJxUa8ntS`k?$nIW<D>}lFZ#IwYR}Lh8L>8@Ow@AKzG1C%gfq^5Y
z)kOi^SF|(MO}++=<{fYOozVc?)wn@i#41$%xy+)i6zqDYwZZhBzt4Vxi9^EnebH}9
zjn;Z3Wi@R0&l(^UbivmvP=Rgy#-r^<n(Mkqlr-$oxn4!!Slf)iYMLzU4jgRxCURwH
zY2thdnl^Kl5+O4kME>b&o(<jiGNb`4Q#triW~sI<gbb|$LkCtJYryVR?=Y%(Hk(6J
zJ%&Z^7U`>ia`bHAmBC#PP~}`#O0>J!$B-y%3vk}03X|*J&Hi|+DG1Tx5?*kgcUt;9
z`FSUlf~4NLb&)>v@G^}^SE-A~eAENLk50jR+Apv|pri?)Mo`o%W@-7T2f76!>Emb)
zi7kdA5tSnoTfQT}Q+Yo6%LV084=STa5YL4P{Sp701*Kt|E3F&S%qs^3(^>0>{_72e
zx(xx}1=ORmu1ZnvhWc3O>bOH}_sq_3dup9$X1XXCI`>3Ts1dsHMP$){2reuN6@gS3
z%T+S1b4ppeRw?L^-#U#79dPyK9qL!aT6q9q`-udQrG~0|R%h$10I5wmk^(8xMz*%)
sahock>+@_5(?&7v1Y_cjz4`HMJLPta{0k$-*b&<PTG)EP*sYJ*|15~mWB>pF

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/others/03r11.fli b/Tests/images/fli_oob/03r/others/03r11.fli
new file mode 100644
index 0000000000000000000000000000000000000000..db1b5fe58705105bc70cebfb304e1c6c7a50e776
GIT binary patch
literal 60120
zcmeHQIg=bU6xOa;e3i{&!*ZLoNeP^~ieLh&_!|>A;SW&Grc-`{LqY=o0fLE46#*`s
zyJ`)Xb8W9Fn`ObfqI+h#r(3P_Nl!<&CfRQ3ou6JyYU#C>o{+CzzjKa|ZL&>C{rmLC
zvrms6+@n8HO7{sZ$T{*irH5qmWS^d)x3?E`FKhbuu26b>@{GPhjyDOVFUoSdc}U+q
zp*IOVCiJK*IHniBy}NtkZb5InB<E{Agpw}_`S;moQ&5(aa(X{n>+02D6znoW&o>1n
z9$qbB46(U=0%1<oS%|Mu@jODZMzcYePdJhdDzP^!g0f3;{WE-YH}<3k(8tnh50!@g
ztSl;fuszqtX+_nkxm4|=bh}omU#V0kJhY_(v96u1=}?ztqv+oIy}RO9T^ibU{Fu4X
zQ#0$8cqu6Cw9M_;{c^(wSeT9XU~Cp#i)oexzl4?kDybYu)$iq`=P!I;ij@j==gUmO
z%JF<3YF?nZz%Ls1!ky9(-jEdVNB=@2gnKdNmR5zg_%(=QKHN#ZsRJ){0+;yB`t5<k
z*SPluIn!M8F1C1uQIx&3wc?tsfC%~3BU2PcSIZCGA+jv6`yJS^gSh)I0w6IUrZ-Kv
zob;9^3PaL92&p_W-SCF*^(6Ga$b7RghqJ9^BQ8eX5FKKSILK|nTj~B&uDCn=$!U|W
zt;YKNivodu%<TrW3qCdlG+JNvsW}7gM4#83lJ;gj!gZtj=F;IDY{*@Qi%OQ$-D`s5
zM}|H(z?5xC16DcdJM!vw?Hlcz>RP;l!&2JZzi-O?!jwUu{&b;Fn<-Hcm;j}Ag7r0^
zkSN$7eF3F22wN2XIyT}X$MR6cO-!Ua9-vHA+tdDFFTzfO?e>yz%4cU*%G@Xci6T^h
z@}P1N1U?R`*mEv|F?Ke&2n%Iy5-oCm0jK3`2LO)9y2xjrRqIUnuM@aB6aEeuIlo{9
z$5scHm~O1|3p_c~+o<!T*HBHh4bXl6D+|*5xm(MteeZ%&m-7DRE&mdg-a0oAsgaby
z2dP9l4PZNtV0Ryg%*fdC?ml*dSHpV#nIaI!#+!lFdE<@bjW>gM!6BUh#fsm<fdYfE
z>Ax(jP0Sl_4HkLht$`w@i@fm`Q)`UQ7KGzXP%(T083j-+%EHA6v=(VpXGu)OQZQ?5
z7lWF#gQVhe$M&aa5>JOwD6H^PUB`H_R44zWRBX~*T;;aL#iyUO&u%T_OY@%ua=S9*
zkZ(;c?IZ9{*$K8vt0WN3-*8?|H5~?$=_HH*MH{j`?Y6ZcH!6AFv_^$D3(p8-1Tq4y
z5Xj#Nxk55VIg=QT@@kX*ELh*HxAaLPq@;>t0UVi(0lXvAk`>c=!9()GhYn5CuWQo9
zMYddvY*r*g8;8}NP2+sV^$<%fR~fg^XI{_;TnnNu%>A=b^K4P7|Dizm;5YKklsNRc
zBBu7@(6bLv(;?!hi%;r|MPO-S%E9k0ZQJMQ6JKaREGqcn)DdO!?TgPigze^i*zwKv
z&6sw7U1K*edA&#Bo6<q%_?KOk&(JM(m0VSQdH8zypX1PeCS8iu2#xMb$}g+*|2DZ_
zxg*RLlG(bb+bEPI(G&EZ8dnyh30@i~2t@xeWPleoBmzv}0dC-%jPzAmrLZpQrj%GM
ztnyb;LRa|HHZD!6Wibz~b)3y*Vnn7jL<qa>)wE+8#{O|;F)Oeh%WG&Io<)U+FhCVx
z5i(a&I3l>_Ku+zm15rv5IRRM-QD6eS1muHq1{T=RWYx!$fE+P|IRRPNI8$K_PQ}cf
zSiEyo6gK+mtTy%(h77aX7retnZ`fWL<|dnjQa(y0c<4-mTM*g+lYm9DHLBUTr`%*T
zFh?xdM;!Ukq1l9KW_v9+j-uH<!fMZ^arn8(noW#I<}*7i=O!aIWE7%vZt}Vra&B^k
z1v|5BI>aSVpRDm3=+%rxVCg5;fa3$joSW<eWxkG_o6N@rS~|2%;j>U6QsKL(Zz%m)
zpSGmrcFC#aCPUt&uIj_%ET4xz8tNM&ql91}lc%oBxyk&eMva`Bg8MkC*>oucf#^Sm
zbPe`LCqf>cOXSFQSdOwI<(|ce8o{#}S=|}|dbGaQy<)o=L1yN*uDoD$y2&i`q%=|9
zQ-tYb%YV7eHikDaKR43k44=zJYB7nO%^xw1#E?A;6mv7RGvOWwwQZSVg}|~eaMmLX
z7guIsS>)(<q6+kK>zy`(|C5{GP8%}*@lUW2065*1=`^vEKJE%n<*w{X_gvemHO4ER
z|6pmwuEB6GZ&VW%>SL-rF=?d8;Kw`t!w3}<1Z&!&zQ}*22!wiRk{TtgRDN*odImp{
znls4Cc`um+;HIiGOZ!A+03Z!Zb-Gb=GrkMg59s(1bmp;e^>}rtf-^;ZL9!=6uyo%S
zGNzJX`7;^|oSL6jX_75lwXkd4xgEP-ZlB|U=uic`ZW-|;KflcsMw`KZb%PpM#a{tu
zru$IdKzurfDn#$p1q|@mH4*yUK#OclHxQFN>7qNIB=3f;17ivYMQh*cV5vFW)89H=
z;2VW)V7UuM`hevZP9*NLl$iHb@Ufj4T%Tr(!4=qZPK6@6!Pk)CyyGptGfDui28Qw?
zR7a&;%Ul>aZ<{K*o=JUBz2{FwVsXoD-}9TEM(RAS50!NK(4meUTU2apX%Mv$qQ_hJ
z5rrOkaH?w#EU0~UAZnZ<^v)Y>VH3D#XjuZjG+H%-Y6%dT0F{40-P7Uwo=23xE)@Vr
zo~P0>A3CH4#8L?bVmYvS9A4#sLEVr`C8Ws>jr9~3g#*0dLO6L=$cnK#WB_8tTqHP$
zK7~ZswBDCp+6~fl2<^gwUmGktF?qu*FbO;|Q`Y9@KHX)ftBnuBi~K!${vKTz9LZLQ
z`kUZWAk6R4MNTK%ie1CmdC8?ox8Chte><orU%kGG@Y21W*nizKs9WH1#<Jbj9M@f{
zkA-j^T*3=z+g)|5w2@lJnVK&Mg$y3w25EE_zD?@sTQ%sqU4{L}DhvQI)>Eoou>3^F
z>F0*px)p@&r$Rv*bG7VwnXRM3$OX*VjFBO2Vr^dz+FS_Nmw+-alernE;04u8h&6Tp
fE4y~cZ7JnXloV+bFy{htoN41#RqqjU=VS6evdp=w

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/03r/reproducing b/Tests/images/fli_oob/03r/reproducing
new file mode 100644
index 00000000000..145b8b074a2
--- /dev/null
+++ b/Tests/images/fli_oob/03r/reproducing
@@ -0,0 +1 @@
+im = Image.open(d); im.seek(0); im.getdata()
diff --git a/Tests/images/fli_oob/04r/04r00.fli b/Tests/images/fli_oob/04r/04r00.fli
new file mode 100644
index 0000000000000000000000000000000000000000..c4e416f3903ae979cab9cbf3a625d8dea7445ab8
GIT binary patch
literal 551
zcmc(bK}y3w7=>R$u{Hsd2yv$^dIdLG=_203rH4>lILm@3kZuA!fO}mE?Xnk86x~Uw
zsIAqK%=4d_XhFfPvzg4~&ByzGj?s(HeIP<ae68%h`Sfu!<O9hOsNk=?ku!LD#O23s
zWOIc}*X|HvldLOu1{R#^Mh7gpGU%siUxjIb07%>~;s}^Od-il##Y4BRVkRVu#{$ps
zFTBJ9=1Hxg_DU%%Yc5bu<pV{B$hViyI4!~J#z|LD%q}zBGNx^6@-ziR)uPF&0Cr80
zKMHJ^R~q=AQ3XW%r}Ly`oRxJxb<W_oa~qYj@rr@hJkjKZN4_5)V870*63~;-TbGf*
M-{A{nYFk411SC<#p8x;=

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/initial.fli b/Tests/images/fli_oob/04r/initial.fli
new file mode 100644
index 0000000000000000000000000000000000000000..5a8659f7c0b83b55e438d8eff3ddcf56b66a8ef3
GIT binary patch
literal 4096
zcmaFAZ|yyy^^6P*0t^!v1_H1!F#P(+47ZsL$l_(_1UiVH;lIO#frX<EU;suBFlCH_
z(GVE&Apk04hP)?6Jun&qqaiRF0;3^7s}OL!=CJ)6tqdPEcQgbBQ3#B-hXzq((Az2C
GJ~se6&}@bP

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/notes b/Tests/images/fli_oob/04r/notes
new file mode 100644
index 00000000000..7922e0ba895
--- /dev/null
+++ b/Tests/images/fli_oob/04r/notes
@@ -0,0 +1 @@
+failure to check input buffer (`data`) boundaries in BRUN chunk
diff --git a/Tests/images/fli_oob/04r/others/04r01.fli b/Tests/images/fli_oob/04r/others/04r01.fli
new file mode 100644
index 0000000000000000000000000000000000000000..af968970b6559353e0a2fecc46c313db7b20c71c
GIT binary patch
literal 1363
zcmeHHu}Z^G6g>$-Z425C7ObEJf59a#F7Y!Qge-o7xV)cmDoF7MoLqEp5bEd;D2Uyp
zpaE-bO>#Uh;n6^G?4lk>a?iW>opWE{U1o#x=0y!?pg}l<&(+t-<2?r?hoC{N^+Ar|
zXG1Q(bQ^hH;_5dx$ux_(gw$6?VxT`}J7WZ<;3RuT%9Xo*5cCa$1a;>F;ux65cH0cA
zvk>r}EF&w%el47B!HRdCy*005_ER-1%U#ukA!1)_Dg%xbATdO5$6Mz}O+A2J$uhhS
z(Ls||R#b4hR+7Au#^*`YDRN(DbI`Wi)OPjeOCUEA)xrU+z0u<u3ehH7dGbfOIsN~I
r@*lV?lV1|wEZ`ic3()-Il82@9M@QJw6-JdBGWOc<iD;^9YpQ$$diedp

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/others/04r02.fli b/Tests/images/fli_oob/04r/others/04r02.fli
new file mode 100644
index 0000000000000000000000000000000000000000..ae027fc1180579b9650b6fe4cf3420091f03ac09
GIT binary patch
literal 725
zcmc(cK}y3=5QhIegxVG~U0AS!3SPlY+_-t(LU-Bp2;%15qnm;UaIZ_DF1>()=uQe6
zG}hL<_dD}Kq$j8Y$;&^P%s=ym0hhh24n9((L=*P8{WgER=L^Xx=+NnZku#Vu<@)O=
zjdfL1zq3pFP;d?2fGj0XGvgpI2R%3spYYtcn`GI<F{{vRd_bH7i^BXR^kH*ZB~Plz
zmeW(Cv8`2o?{d7AwA_i8fyMGjYOF<JL@mTXW+G8JVtklvvy`D8z>&12y|LIwkJ?tG
zMD$qA=1VL5&z^BtK}TK-tM7{(r{Jwu$nW*P6docaaR#O7<ZAd@42XVwsocn)e26_c
U(WbB$oaJ%+oCgY9o2<s_7miCjT>t<8

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/others/04r03.fli b/Tests/images/fli_oob/04r/others/04r03.fli
new file mode 100644
index 0000000000000000000000000000000000000000..ab92f4b6a8358b806376851b6e37b097a68847b3
GIT binary patch
literal 1008
zcmcIiy-LGS6#g28+6tNu7HmQL5H59biEp7>L3{*pFoSQ=rQid&>mmqsba7M=9STyg
z1#5qk&+pz4(}=BIJdoU++;h(Tel9~?6fX0C3zvw)d&#{IpYHievJLvk7eC29oUqN6
zx4LWUDob&7d5a9fE|(EFAbXlar_WNz8W@1X@B;zY?wZwV(`R*p)wmPH2{7t9-#^U9
z`gf*DnH!TWfNtjWhh+M{LAHtrXTnTL=2<TZlJ(7MB2gGe(I2(2v5^^YKakc^YgaX%
zhpwY+ByA)oiHX_dIgqtu)B%`|!D$T#=un?vCsLm+1h(oBhWVKq<FOt}%Iv0A#kdA+
zYekMaQdno=HBB}w-mL!zUY}^}WH#B8|Bql@qv>6HsGuOE<`jiUL?H=U<drx_gm^0k
zL`;YYA$9qBrU{{FhM0MZaqT!wsJCaNNnJ-BKYbmUn3lSZQ=UeenPcX9Y6@)3^)$Dr
Yr_&Pr@YGF95aF`|{NkyVAo8L71tlkz!2kdN

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/others/04r04.fli b/Tests/images/fli_oob/04r/others/04r04.fli
new file mode 100644
index 0000000000000000000000000000000000000000..533ffa027e8d885e91c11846474fd5b39de08279
GIT binary patch
literal 637
zcmaix%Syvw5QR^I5Zi*b3kz0IAHq%D=pw#_?y~U_#6|NS-4uKP_qq{;y7UE9L>Gb-
zY@xOGk{r(@{d;laK=NnipUasqOmS7YE&^qg31{J3;cN8#$aj(*Fh;TZO%CCw9j<>i
z%URx3`F;D^*(H;-$2BBA$bsVYhpeTHzyutneI(p?XxHoQnDr@2z^3Xf4;R3==VuMw
z%kJjpy}HkZJQo2<M8gZ>lSD!_>QFghh@LNRtj5wpVj2^z18<uHiFpE>63Os3#6Bv_
zRLED}%-GuU$Q$+exr}fM-X|usoA0JPxeA=Yro?*O+z_?Et7ezhkDNs3*wcvurOD77
z$ysHiv47b(9m{NT<XU)knH@PBGKgJtzJv?tEZIUo{D+ZbzF2i&l~w^*MUJ4W9hVS%
cED$KUq0%J;@_=JQY&MCoilBIx5zPL>FQ``t=>Px#

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/others/04r05.fli b/Tests/images/fli_oob/04r/others/04r05.fli
new file mode 100644
index 0000000000000000000000000000000000000000..b07ef6496aff8298c3365f8009267dc4697c0c60
GIT binary patch
literal 785
zcmd^-!AiqG5QhJRKx+z31QBeZJ@gg4<mAOi@g+QU-y;{n2k;ScOOJg4g-~x2kU%xG
zCi^?PF%SZ!LXZ6~v;WNO?67>)c)on`fe<0l>V9+axqDkD?<8|j!N2|{OL#ix@FNaw
zU)A(`n9j&r7xYlOAipF}x8y_z4`2=M^cFS8t2ByI#i+ta?$7NE{qqRy3%7mP#-Qt*
z%s6tOOceQ6vRF?yJ>RiG=X~h+dZ=)E-fVqjO48JU<&nm7DI4+{8KnNN?61{Aa@G92
eE4jU3CS;PR6!CQH2rdeQpeMxMNnSu*fblP;`*0-y

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/04r/reproducing b/Tests/images/fli_oob/04r/reproducing
new file mode 100644
index 00000000000..145b8b074a2
--- /dev/null
+++ b/Tests/images/fli_oob/04r/reproducing
@@ -0,0 +1 @@
+im = Image.open(d); im.seek(0); im.getdata()
diff --git a/Tests/images/fli_oob/05r/05r00.fli b/Tests/images/fli_oob/05r/05r00.fli
new file mode 100644
index 0000000000000000000000000000000000000000..dff5a01e804fc010316ebb2bf18080e38ee29790
GIT binary patch
literal 863
zcmeHGu?@mN3_Ly*Bp~!O6e-vv)IS6Rz#eItAteK_0@YK}rlEljML;AV3ex}a;gyCB
zK%8WsY)fa^vT3mzts_7}5-rprywv+0k0c8)MKpep)kfHYy;COfS)#EeyD$Re-RV$N
zj4kJ&0c(4M;c%;yM5ojN`fVQ&OW;`sKGE?sXlUY;e0cSuP3TNGKl|fXH;{kZU<Oln
Sm`W+c?pbhdj`WRi0cJ0sph2eq

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/notes b/Tests/images/fli_oob/05r/notes
new file mode 100644
index 00000000000..bec9db779a7
--- /dev/null
+++ b/Tests/images/fli_oob/05r/notes
@@ -0,0 +1 @@
+failure to check input buffer (`data`) boundaries in LC chunk
diff --git a/Tests/images/fli_oob/05r/others/05r01.fli b/Tests/images/fli_oob/05r/others/05r01.fli
new file mode 100644
index 0000000000000000000000000000000000000000..1ad3444fec354514fd5c2c69adc323e850b7a12c
GIT binary patch
literal 415
zcmd5%F%E)25FAev1&zVRg2I2C^*u%3A+2wq^a1_?OJAUcc7~`VDnY#)7YL1|m0Rp)
zW;e4lbXbknKCoawG-VFnrPytGB$<K{{PBa#p<K$|DGu<xqIDTNunOc|bf|KMjx*4L
zg}cFWxJk55BI-B#%^wg;;F+~+q9tQb3`#T+rJB9gqOVexP|_`?0*o;T#URdd_b>Lv
S$`AG>1=)o+2V)6YRRum5rofi~

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/others/05r02.fli b/Tests/images/fli_oob/05r/others/05r02.fli
new file mode 100644
index 0000000000000000000000000000000000000000..cd6429884c4d3db82eb738f0a01c61a1dfdfcd43
GIT binary patch
literal 3274
zcmeI#u?@m75CzbWp&$XF&`_jck5GG*ut!>ENXY<f5lSYYAsvc<NI(>X{c*6;FakPD
zzSH@nv-G;7#df|6fd~=NAAJh0?eV~pWCdmj7f-T*vK7bYJi>2_#?~CcD3A{~hpJ(0
znSusv?Hz`*eUT(Z#^jAj{||@_@T!OYVc^rWOG`J&ml8!l1VlgtL_h>YKm<fU1pZqf
e1#W(q=(YfNm5T-|S7@yfyS)ULuJJv=8q7ZuRAC4J

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/others/05r03.fli b/Tests/images/fli_oob/05r/others/05r03.fli
new file mode 100644
index 0000000000000000000000000000000000000000..2a4be914cb8b3e4300aa186129526068b8ed3f14
GIT binary patch
literal 1320
zcmeHHK?=e!5FDciTSe-{Ll6F=p8FL2N3Xu2M<3uX>d_a7pa(&UT2M>HW=t&=tgXjV
z!G*BNOtPCDvZ2JRKi2^R29cS)(T>q-$t_7Abf6EeWC$UBw)d`qJjGZBY#|mPFDed2
zNK<mGmS7~$h}m0smgPCL?&xHBKum#K&`g0w>bi*=CP!;%qWn%utaUkCz<h~Su)6}N
xo|0Ek_&>!<fnBcce)UbfHP<Qqn37u5P!wY|wQU=w>RKG0@aO|l9H~t}_W>1LayS40

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/others/05r04.fli b/Tests/images/fli_oob/05r/others/05r04.fli
new file mode 100644
index 0000000000000000000000000000000000000000..0b547c7e2ec3d3941829b7cd7da5ec0933256715
GIT binary patch
literal 1190
zcmd5+OAY}+5PgOPLu717EO3pno}+LMvvmeb2XG6PPGG}|h%t#zi0-FG6Bgpru~12O
zbyfANex2$rYV=D37x3T_HwmV>=r9>`M$VUD2)Dc=_i*%**+tL8CB%D(O2^DVIUu)^
zht8f=%~pmAJm?J+i=(0M4@3GV<ZtJI=mN($Z5%113W=&oCS$Hm(!`YE$gI#5BM1Ui
zDXx{cgkG}zD|y1G@mB<YN~U6&?OJq8v>i+;6A3c>2>npT`bPl!O_ndX^YX;T%cu!H
X-0}VHH{a}e^VojdJgz))ZLoI+kZhuV

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/others/05r05.fli b/Tests/images/fli_oob/05r/others/05r05.fli
new file mode 100644
index 0000000000000000000000000000000000000000..0bf7752300e0a27f83cf2e8ab08000f0a46a60e0
GIT binary patch
literal 11135
zcmeHN&2G~`5T3XZq^Sf!NI)r~d5bCsBo29$ig)M<zX2Dd9(v>fc#Cr2&<ia;Qbh_x
zh!R>1w41bbKGsp9tn1(PdTTFu59xS*znQkXp3UGv?ZvH^O`;aHK(p2Tw0Jz)-@#`9
z1A<LWIt3V6;{h7jYEASmX8J1+0e9?->f~AkoNzuYhJFp}ZMdr#jsK8~8?UxIooySP
z3tHm#kH`iHv_btdXQ4NX?ESpyebjm^`x-Jvc6Rf!S>7ufpaSt67Z^J{^w)5<N!-2?
z*i$9z%9wp9O%3*nM)IX-0Lt+jjd&Na;)8hGoTY1F{*v&A*+lW)M+s8!Kc>*prt(Ic
zXRVH7|F$kg{?3?;`X%c;9wF`IhqOh4L4&UZl}fBs0mb@ic)40r%BM0myaG+$91815
zptX>^&6VHiv>^GfoeuKOem8H2Mfsz8QIY3y6;Fw|qi1t6Bb6JJ$oQ%esyCL%(&i*6
z>08J3?CDt~+CC8<%%D~OX@o4l3A9<{^Q(tDZQ*10oU6UH&{~6Zw+`>LVldMAxiadv
z${s2QvK3Iid5+x|{Ah0b8!x{w;Yn)u5Bs`oIZg109$_f~oDT6*?)3G<u~h0hph)=q
zEum|iY9P7c-PAd#?~bWMl|V62sS;q4gy6pzK3s?}zaPOjoSmZoaq>ygh}|u|d1@zA
zLgI)_@Kgq|xy=)^eLZj)iYa2?h5ctviNFC+9hKs*TA%}!5@d#uDUZs`*(4kh(}O7D
z61#lkVwvj@G@S0mzk(9uIYS+9R(z^-87D5;`-Ck%sfup5OKo6tlgJ}o&f~MIvvs~s
zSmlq7H;+19KS6aq4ts}>!-mYf&Zk>@o<5&$y>@WsSROrDp6AJQ>tmutkYoJ?f-@7P

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/others/05r06.fli b/Tests/images/fli_oob/05r/others/05r06.fli
new file mode 100644
index 0000000000000000000000000000000000000000..c35b8e232f98ba1350c83351d472d3d51163ee6c
GIT binary patch
literal 619
zcmaKqzfQtX6vn?cCI}=_VkD78gAd^1f{ROi3U%wkBN&&y2M(;bxXWmQBQId0(an%Z
zjfh3s&+oQWt)M4qa{k=&opXP;jB#GQECCK2A~W})_#8F{@gvD0=%ZA7BPX!qAy=Q;
z4hGDZ7{vis5ZNHd(xE+JJq|rE0>k(f5!Y_|&1T<cbB1y@2gE5b4Qy1thokaUmSf$U
zh^GAGNRqpqXUgnsSOxzu(zcqnuXC=8(Tk#~)U}Y>XFk!{vo<-_M(S)!lf9mcJ5*_e
z6p{_gD9el_d9_ZypLsY2uOqX-D7~Qc6e@87TV1}sY_5wsQNtn(=3x9mv^%$pR_1lP
z=>r&g)*`+9oda#NlwM)itZVES#3Z*Ipb`5I;E~F%0B#%A)IPixw&bEn=u!1A93-f?
GBjBI?)EM#r

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/others/05r07.fli b/Tests/images/fli_oob/05r/others/05r07.fli
new file mode 100644
index 0000000000000000000000000000000000000000..b99ce01b30715454f9e7edd461aecbc45b90bcf7
GIT binary patch
literal 672
zcma)4Jx&5a6#jNKtFUTzEtF_OyakDc1;_CK*llBB;teQ009UY*(wf2;(E<(8#egK@
z&gYw--2tPCQ_Z~h=KGtW!d2R<0|^qMT<u})jd!<vBsm5zQQ!L@pAo7tH($C5s#a!O
zEYyVSC_<1kB49Y@LCh{$0Fj!a;7-3kXx(INeIW)yOGR7&pOeuVzy}1jxCI0jK`|FZ
zuyZ!m;!M9iWCm==1p$?!XqEkFyT&FM(*f(cp97lJ9F5H^ip87d1N5of|G4N0#M)d4
zew}+gN_(Qz>C`g~&hm8EP@F=C4CoOZbbbzW1kLh_by*dxmQs26kFfoB35bh7gyGm5
z7${>|sB*{Y0+jL-aR>=sMe-fIlhwq_P=gcED<XZU2G6LKXLPF!^;(}-U&Ct>>6B2H
KDABlIO70taq350e

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/05r/reproducing b/Tests/images/fli_oob/05r/reproducing
new file mode 100644
index 00000000000..145b8b074a2
--- /dev/null
+++ b/Tests/images/fli_oob/05r/reproducing
@@ -0,0 +1 @@
+im = Image.open(d); im.seek(0); im.getdata()
diff --git a/Tests/images/fli_oob/06r/06r00.fli b/Tests/images/fli_oob/06r/06r00.fli
new file mode 100644
index 0000000000000000000000000000000000000000..9189d6ed03f903b6cc0ad4a51e4c1f133cdedca2
GIT binary patch
literal 1083
zcmd5(J5Iwu5PfS90rPVj#7Fo7RN%^@<p4PZm!QHe7obVW0XP7C(nO-BKtfRPQ6v-;
zhyvMt%-ZY137`$4V2T-ypXa?dvotuXpNBw%h$!RWcHx=Vm%Jm{Roll1*WSoS1g6XR
zr)C5Pfms1jn;vJO1CXzTVld#Q;VJJmFlYMETxqwj(pJWFghf&pV#EpX-g}tIl~ti%
z15|`yFhRzGOo)UWShByzD41d-Ny6M9#h{H*xzJWDf)#@hgD)F~hY(H<oxxV>4ED=O
zs*fXUP|G25&OEK!tZr;3YnhbLMI;sCq|*^M-^H>3KjB}_c?{$a29Av*TOa%KU)!DO
mjs4=3UMhca%Khor@pxoEQm-W|RJ)bVH5axvCXl@(0h^yR@iP+u

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/06r/notes b/Tests/images/fli_oob/06r/notes
new file mode 100644
index 00000000000..397ad4748a3
--- /dev/null
+++ b/Tests/images/fli_oob/06r/notes
@@ -0,0 +1 @@
+failure to check input buffer (`data`) boundaries in SS2 chunk
diff --git a/Tests/images/fli_oob/06r/others/06r01.fli b/Tests/images/fli_oob/06r/others/06r01.fli
new file mode 100644
index 0000000000000000000000000000000000000000..24a99dacc4fa006825ed6ff0566da14da33c47d4
GIT binary patch
literal 1014
zcmbVKt4;$!6g{(TD3sSCAUr|^7E>72AVDG!1c9!`qq>gp1DFZ~2^P_RXiXC|f`o^G
zq)F4#r2)EonAzD)*=0jETrrP(&b{}{$<W8u!c7sdVP7JOy{D-zHp+M=*%9kC6qnw~
zS6F_B!^LVBw+tZAF%Uh!$2>d>q)P}|L$3O~AU$BhAHd^Wt94gtI;@N^t<nr;5$C{X
z?<E)9gqdFeggCRtJrm7TBh?(3(ex6I(O1n%kWx|$oMhb&8jZ{hV6CJE#soqM?63H&
zLJ8zYD6m-x1rDN0imy{G@KG6I#OZbZS}o#1AIXBFwqh8z>#FBV*={Q}Vf;8osq{Sq
z@m?DbChFlVCo-~@Ok};6-?B3Q!`sYQ6!|wRPZ}9)N$;94>(H=L%t|j0vO9lZyT385
rJFkDDiMC7^-w5C>xgYXk|0T-B_qcPpF_=EV;0I%xJPOX+QiAnwRv9l7

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/06r/others/06r02.fli b/Tests/images/fli_oob/06r/others/06r02.fli
new file mode 100644
index 0000000000000000000000000000000000000000..02067a32c106de3d765128685d67b1f4b39df7b1
GIT binary patch
literal 1082
zcmdUtJx;?w5QX0wM8Nzx4dO>w6m&>P;L4)q23&!HD^TGMaRHi?v`E|{X(CZmAR%Y~
zMM8l<1jK&Ku5Gb4CJH4}?9T4Yy!kw9COE5KxPS+bFt!Hl-cCL7`jU4fJ8Ja^?!p`S
z04M42;IZK$3xQD@Vw`k2j@SYDN+>#gE+;%CV_+ibA?94Gbrm)vh67B?b=r(L0Y19-
zW2Uo80cwC!$4<XOj9N^DL>!pW={`~=A3+dM15Q!^wGFZl!ip~q3xE*7=cR=EsK?-Y
z2G|TUz+PTS^?9fPV;O|eG|RkR)s0@sS|ppBnI}7hq}>*p-)vR_!{U{7<$}#1cqt{C
z2Lr9!b@34`S~vgD-6%4j7mt;v5huK77292Y4pJxnZIC;b_K0rzi7U!%$~^4n&i7uG
UCea~(<(4VV35L&aTV}z=7ng)K!T<mO

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/06r/others/06r03.fli b/Tests/images/fli_oob/06r/others/06r03.fli
new file mode 100644
index 0000000000000000000000000000000000000000..649668c0ad92283d4920a1ed9bf266a3c8bc0893
GIT binary patch
literal 919
zcmd5*%WA?<5Iy%=)GCzgLZO9zM2VX~p_}+!W+(nYH*SP}fPc|!1b0HA-PlcA0urbV
zNbWrjriEZ=#GSJm=FH5QCmo(Tvld`rh(8HdmutQ)_)aobw?njgKjbI0i`o2|7%aFX
z5rbh4(Yk~euo~osP}C`J93M#w)ZI5MucGM1e-7zqXp1=~BgVis`KaxgRnFf4lp5*u
zFqu~r`<q#^3KQ0C=^>Y*SCu}WSD_{BH1ATl=iL`<Cvq1e&rmH-Mi%kk5@q$rS~!>C
x+#M^l5|=BVc1<H3$Oi<0Ni;KV<=Evv<aM%;nD*5*Hwr|uKlKN(Tkw^f>;RPK4rKrU

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/06r/others/06r04.fli b/Tests/images/fli_oob/06r/others/06r04.fli
new file mode 100644
index 0000000000000000000000000000000000000000..bff28ccfcea4b70c2109dc8640d1d054e07546c1
GIT binary patch
literal 916
zcmdT@u}T9$6r5WVV=f?Pp`Z`~$qxvoNtNdO0&DRT{Do`N*;!l@unp`N2ttZ9fz%dh
zw22`a4!j5<x8u7#1w9*6q{tMHef!?b+g)a9aCe|xz*8W;;Xjq<9FO=+as~!)j~3($
zl$mjF8hXf=n3#wKBqG9?aHu|bVi=MMuxs9_xIY*?wypxUR;U0f8%1=0Wi;8bsgrG%
zAavl8C<@T)L+jVHG{+mDuVXke#`gYdh3!u{e{h?kh`L4ZK?LQ>r>HO$y!jIJG;puu
z>=2OW=%DUe##kT=8#0Zb@of8WvG$RN!?h{@Ayo5C8=8|Jv*BEv)jjk|!MWJq_Yo=i
fNK0`#7d3J2Dj>Q|=a_LKE{p7^Y0JK34KVx!z)$=-

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/06r/reproducing b/Tests/images/fli_oob/06r/reproducing
new file mode 100644
index 00000000000..145b8b074a2
--- /dev/null
+++ b/Tests/images/fli_oob/06r/reproducing
@@ -0,0 +1 @@
+im = Image.open(d); im.seek(0); im.getdata()

From 088ce4df981b70fbec140ee54417bcb49a7dffca Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 10:46:27 +0000
Subject: [PATCH 08/11] comments

---
 src/libImaging/FliDecode.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 98bc037681e..16ddf3a49f7 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -140,7 +140,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 12:
 	    /* FLI LC chunk (byte delta) */
-	    /* OOB Check ok, we have 10 bytes here */
+	    /* OOB Check ok, we have 4 bytes min here */
 	    y = I16(data); ymax = y + I16(data+2); data += 4;
 	    for (; y < ymax && y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
@@ -180,19 +180,17 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 15:
 	    /* FLI BRUN chunk */
-	    /* data = ptr + 6 */
+	    /* OOB, ok, we've got 4 bytes min on entry */
 	    for (y = 0; y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
 		data += 1; /* ignore packetcount byte */
 		for (x = 0; x < state->xsize; x += i) {
-		    /* Out of Bounds Read issue, guaranteed to try to read 2 from data */
 		    ERR_IF_DATA_OOB(2)
 		    if (data[0] & 0x80) {
 			i = 256 - data[0];
 			if (x + i > state->xsize) {
 			    break; /* safety first */
 			}
-			/* Out of Bounds read issue */
 			ERR_IF_DATA_OOB(i+1)
 			memcpy(out + x, data + 1, i);
 			data += i + 1;

From 5b490fc413dfab2d52de46a58905c25d9badb650 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Tue, 10 Mar 2020 20:17:33 +0000
Subject: [PATCH 09/11] additional FLI check

---
 src/libImaging/FliDecode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 16ddf3a49f7..108e1edf93a 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -144,6 +144,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    y = I16(data); ymax = y + I16(data+2); data += 4;
 	    for (; y < ymax && y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
+                ERR_IF_DATA_OOB(1)
 		int p, packets = *data++;
 		for (p = x = 0; p < packets; p++, x += i) {
 		    ERR_IF_DATA_OOB(2)

From 00c6dd72d9ed0124cec81040b4bab0979a200fe2 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Tue, 10 Mar 2020 20:29:35 +0000
Subject: [PATCH 10/11] Tests for additional hits

---
 Tests/check_fli_oob.py             |   4 ++++
 Tests/images/fli_oob/patch0/000000 | Bin 0 -> 646 bytes
 Tests/images/fli_oob/patch0/000001 | Bin 0 -> 656 bytes
 Tests/images/fli_oob/patch0/000002 | Bin 0 -> 5486 bytes
 Tests/images/fli_oob/patch0/000003 | Bin 0 -> 6707 bytes
 5 files changed, 4 insertions(+)
 create mode 100644 Tests/images/fli_oob/patch0/000000
 create mode 100644 Tests/images/fli_oob/patch0/000001
 create mode 100644 Tests/images/fli_oob/patch0/000002
 create mode 100644 Tests/images/fli_oob/patch0/000003

diff --git a/Tests/check_fli_oob.py b/Tests/check_fli_oob.py
index ca06c2cb825..8d83605aa48 100644
--- a/Tests/check_fli_oob.py
+++ b/Tests/check_fli_oob.py
@@ -17,6 +17,10 @@
             'images/fli_oob/05r/others/05r04.fli',
             'images/fli_oob/05r/others/05r02.fli',
             'images/fli_oob/05r/others/05r07.fli',
+            'images/fli_oob/patch0/000000',
+            'images/fli_oob/patch0/000001',
+            'images/fli_oob/patch0/000002',
+            'images/fli_oob/patch0/000003',
 )
 
 
diff --git a/Tests/images/fli_oob/patch0/000000 b/Tests/images/fli_oob/patch0/000000
new file mode 100644
index 0000000000000000000000000000000000000000..e074e4a76c0fa1581c97f5356c43c00d72930220
GIT binary patch
literal 646
zcmeDF$FNv%Jr@ImKt02M1~4#SU~qZF`TpnK^Zy?={Qv)-;eP`Im)N)e|GzUZ{dn`A
z<JD{d2A~vB<_%2h^Z&p9KK^H6_{+rb|NmE@Ise(d|Cjn-pTh9}FT?+z|GqH%{m*xt
zfx+@v!+*;^4BS9_faZcohE4{CUmuyl7BetHC>{_cci{iOmk>VGT@VgB*#;L7fU`y!
Ol!pM`K&RYzR1*OG^GhfI

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/patch0/000001 b/Tests/images/fli_oob/patch0/000001
new file mode 100644
index 0000000000000000000000000000000000000000..6cfd7f6478f4919d892f54cd23c0904d8debc5ad
GIT binary patch
literal 656
zcmeH@F$%&!5Jms478*s@Rw4ID?@_#msRYkp=>fcgm6o1B1g!)`0&0k4_Zu^83afyv
zQ_RdC-e-n6I4lRN0Lmys_!uACw`{-TiQpBC5#UL-sNIDr7N+EK&yPaVx`a(w4f0XU
zsZ$O)oq!h1+#Qy^Ef8&DMmai#pQW3a1FxhZi<Ok_r-W;|vuM9Z)K{KWTCS>O&8A<2
NlUr+mf8^H>yaC<PLv8>7

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/patch0/000002 b/Tests/images/fli_oob/patch0/000002
new file mode 100644
index 0000000000000000000000000000000000000000..ff5a6b63b19e48eb790fa1dab71ae40d27aceafb
GIT binary patch
literal 5486
zcmds5Jx;?g6n=yXHEk7z2?U}N3r9dIQ;x#G!VMU^at1~Yzya7{<OHx31}Y?!p@LRT
z9xrhm#rbVaoHTiZo%h-A`<@-!O^q(x?>`IxOfV6+J)Y>_%hwm2Ar8p)yuvfh{lfnI
z&ZK^yu;%@b$B2$=V-Fk+5Eq1__Jc<*Uct-(ToT}*@eD9|n&M;)LyAW~8sQdTW$!ZK
z9afE~x{xsz-b9IHrFDZ*myW9=;6_HImkhctuw+E{5UIt{>@<Ajtml5SsWqtH!WY@#
zY%%HJOjnwRC9=Qg9>o#|wMbuy=l#YtXs1R+;^R1v6$jepr)~1w1tku!L{~8|&wC?Q
zoagn}sEt1JQtgnVX=CSYGPRW%RJBq<=wAYtMCT?bHw2Wd08#sZxl<7hJ@&C)Yq=m3
z1Z`b#nG<GM;X^PN6*4NMN|}>1Xq5(XERr5U=Nwj2pDAJOAZcR#s~e-*H?A)4TA4?+
zs>Q|pqfm>ZrTp;DMTla1AAcif00<poj^zH0(hJWq`t5Uv+m}*7M(m2Mpi^6$bvHY6
PBfF_<Ep*%I|Lyz()jQ;P

literal 0
HcmV?d00001

diff --git a/Tests/images/fli_oob/patch0/000003 b/Tests/images/fli_oob/patch0/000003
new file mode 100644
index 0000000000000000000000000000000000000000..12c15b43ea70984dcf2a95b4479e50c250f630b9
GIT binary patch
literal 6707
zcmeHKOHRWu5FJWY(H{yMDj~!IBo^GDtg_%BEV|(Yuxq!Rfh7mv7O><1h)VnfLPe;8
z7Fv-G4h~6N9RKpEsNzL3<9Tn!9(x=Iui$j$tO8(xh49<<Zp*Ku>r1>t#2#P=Dyu`B
z9718z!=>jF3j)(knV5c<SOlj4hy$Ww=>ylW-2!v~N0WDOaQOnDdEUY17gR|cj|0a5
z<NhKIyg*+y^4c|Nls=0m$y1O$wE@`R%~}m^f-0JjDCfw8%87R%X(nNk;CNdt30G<R
zFxXpZ4@u_#K~N4$GIE;sndTCoVo$9V+rvL|kVT!^Y)<ZlC%NJ|zs~whT5~^<Gj7o<
z^P)bo4GOLM4BL|`LGx|u0(QmNz<FkpctEkNyhDw<hq;}xLPwIj$;2WTQ*q<X9iUCR
z#k?r19c4grV>R<BJ_<&Dzy{)@ujmT<x`Z&^Y+hjxQn?{UWLAbjpaE%tMx=h3QK=#x
zHplA7w}~Vd9H*IdF|*%fw6HP`E52O!B^{xq1J1FA8Thl)4gF+8o2tsGpqW&HEQscZ
zAo`{x3#4whS!jNTW%Hq}<#*Vr!gE#aEUFU3HP0D|ahFAgq)gsYMiO962dsj9lY@pV
yq`<10T8WFNONgK0rQ`y=&TWw~E!&R7aaCfU4|BZbpN|~mvq&ui?hmm0r}zzY;u7ru

literal 0
HcmV?d00001


From 11ef7ca53a7d0af4bc52666c29199deffa5fc1bd Mon Sep 17 00:00:00 2001
From: Hugo <hugovk@users.noreply.github.com>
Date: Thu, 26 Mar 2020 21:39:58 +0200
Subject: [PATCH 11/11] Format with Black

---
 Tests/check_fli_oob.py | 89 ++++++++++++++++++++++--------------------
 1 file changed, 46 insertions(+), 43 deletions(-)

diff --git a/Tests/check_fli_oob.py b/Tests/check_fli_oob.py
index 8d83605aa48..739ad224e7e 100644
--- a/Tests/check_fli_oob.py
+++ b/Tests/check_fli_oob.py
@@ -2,56 +2,61 @@
 
 from PIL import Image
 
-repro_ss2 = ('images/fli_oob/06r/06r00.fli',
-             'images/fli_oob/06r/others/06r01.fli',
-             'images/fli_oob/06r/others/06r02.fli',
-             'images/fli_oob/06r/others/06r03.fli',
-             'images/fli_oob/06r/others/06r04.fli'
+repro_ss2 = (
+    "images/fli_oob/06r/06r00.fli",
+    "images/fli_oob/06r/others/06r01.fli",
+    "images/fli_oob/06r/others/06r02.fli",
+    "images/fli_oob/06r/others/06r03.fli",
+    "images/fli_oob/06r/others/06r04.fli",
 )
 
-repro_lc = ('images/fli_oob/05r/05r00.fli',
-            'images/fli_oob/05r/others/05r03.fli',
-            'images/fli_oob/05r/others/05r06.fli',
-            'images/fli_oob/05r/others/05r05.fli',
-            'images/fli_oob/05r/others/05r01.fli',
-            'images/fli_oob/05r/others/05r04.fli',
-            'images/fli_oob/05r/others/05r02.fli',
-            'images/fli_oob/05r/others/05r07.fli',
-            'images/fli_oob/patch0/000000',
-            'images/fli_oob/patch0/000001',
-            'images/fli_oob/patch0/000002',
-            'images/fli_oob/patch0/000003',
+repro_lc = (
+    "images/fli_oob/05r/05r00.fli",
+    "images/fli_oob/05r/others/05r03.fli",
+    "images/fli_oob/05r/others/05r06.fli",
+    "images/fli_oob/05r/others/05r05.fli",
+    "images/fli_oob/05r/others/05r01.fli",
+    "images/fli_oob/05r/others/05r04.fli",
+    "images/fli_oob/05r/others/05r02.fli",
+    "images/fli_oob/05r/others/05r07.fli",
+    "images/fli_oob/patch0/000000",
+    "images/fli_oob/patch0/000001",
+    "images/fli_oob/patch0/000002",
+    "images/fli_oob/patch0/000003",
 )
 
 
-repro_advance = ('images/fli_oob/03r/03r00.fli',
-                 'images/fli_oob/03r/others/03r01.fli',
-                 'images/fli_oob/03r/others/03r09.fli',
-                 'images/fli_oob/03r/others/03r11.fli',
-                 'images/fli_oob/03r/others/03r05.fli',
-                 'images/fli_oob/03r/others/03r10.fli',
-                 'images/fli_oob/03r/others/03r06.fli',
-                 'images/fli_oob/03r/others/03r08.fli',
-                 'images/fli_oob/03r/others/03r03.fli',
-                 'images/fli_oob/03r/others/03r07.fli',
-                 'images/fli_oob/03r/others/03r02.fli',
-                 'images/fli_oob/03r/others/03r04.fli',
+repro_advance = (
+    "images/fli_oob/03r/03r00.fli",
+    "images/fli_oob/03r/others/03r01.fli",
+    "images/fli_oob/03r/others/03r09.fli",
+    "images/fli_oob/03r/others/03r11.fli",
+    "images/fli_oob/03r/others/03r05.fli",
+    "images/fli_oob/03r/others/03r10.fli",
+    "images/fli_oob/03r/others/03r06.fli",
+    "images/fli_oob/03r/others/03r08.fli",
+    "images/fli_oob/03r/others/03r03.fli",
+    "images/fli_oob/03r/others/03r07.fli",
+    "images/fli_oob/03r/others/03r02.fli",
+    "images/fli_oob/03r/others/03r04.fli",
 )
 
-repro_brun = ('images/fli_oob/04r/initial.fli',
-              'images/fli_oob/04r/others/04r02.fli',
-              'images/fli_oob/04r/others/04r05.fli',
-              'images/fli_oob/04r/others/04r04.fli',
-              'images/fli_oob/04r/others/04r03.fli',
-              'images/fli_oob/04r/others/04r01.fli',
-              'images/fli_oob/04r/04r00.fli',
+repro_brun = (
+    "images/fli_oob/04r/initial.fli",
+    "images/fli_oob/04r/others/04r02.fli",
+    "images/fli_oob/04r/others/04r05.fli",
+    "images/fli_oob/04r/others/04r04.fli",
+    "images/fli_oob/04r/others/04r03.fli",
+    "images/fli_oob/04r/others/04r01.fli",
+    "images/fli_oob/04r/04r00.fli",
 )
 
-repro_copy = ('images/fli_oob/02r/others/02r02.fli',
-              'images/fli_oob/02r/others/02r04.fli',
-              'images/fli_oob/02r/others/02r03.fli',
-              'images/fli_oob/02r/others/02r01.fli',
-              'images/fli_oob/02r/02r00.fli',
+repro_copy = (
+    "images/fli_oob/02r/others/02r02.fli",
+    "images/fli_oob/02r/others/02r04.fli",
+    "images/fli_oob/02r/others/02r03.fli",
+    "images/fli_oob/02r/others/02r01.fli",
+    "images/fli_oob/02r/02r00.fli",
 )
 
 
@@ -61,5 +66,3 @@
         im.load()
     except Exception as msg:
         print(msg)
-
-