Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK

Tests/test_imagefile.py

@@ -2,7 +2,7 @@
 
 import pytest
 
-from PIL import EpsImagePlugin, Image, ImageFile, features
+from PIL import BmpImagePlugin, EpsImagePlugin, Image, ImageFile, _binary, features
 
 from .helper import (
     assert_image,
@@ -111,6 +111,20 @@ def test_negative_stride(self):
         with pytest.raises(OSError):
             p.close()
 
+    def test_truncated(self):
+        b = BytesIO(
+            b"BM000000000000"  # head_data
+            + _binary.o32le(
+                ImageFile.SAFEBLOCK + 1 + 4
+            )  # header_size, so BmpImagePlugin will try to read SAFEBLOCK + 1 bytes
+            + (
+                b"0" * ImageFile.SAFEBLOCK
+            )  # only SAFEBLOCK bytes, so that the header is truncated
+        )
+        with pytest.raises(OSError) as e:
+            BmpImagePlugin.BmpImageFile(b)
+        assert str(e.value) == "Truncated File Read"
+
     @skip_unless_feature("zlib")
     def test_truncated_with_errors(self):
         with Image.open("Tests/images/truncated_image.png") as im:

src/PIL/ImageFile.py

@@ -545,12 +545,13 @@ def _safe_read(fp, size):
             raise OSError("Truncated File Read")
         return data
     data = []
-    while size > 0:
-        block = fp.read(min(size, SAFEBLOCK))
+    remaining_size = size
+    while remaining_size > 0:
+        block = fp.read(min(remaining_size, SAFEBLOCK))
         if not block:
             break
         data.append(block)
-        size -= len(block)
+        remaining_size -= len(block)
     if sum(len(d) for d in data) < size:
         raise OSError("Truncated File Read")
     return b"".join(data)