diff options
| author | spz <spz> | 2014-09-07 09:37:46 +0000 |
|---|---|---|
| committer | spz <spz> | 2014-09-07 09:37:46 +0000 |
| commit | 682f6bb1d44089d519c2a221866c4e4cacad3667 (patch) | |
| tree | a8f93312136012b56de0dda91b7c3ea050a23339 /graphics/py-imaging/patches | |
| parent | e12aef9f313b1461ccab2623e9958d22ec46cd39 (diff) | |
| download | pkgsrc-682f6bb1d44089d519c2a221866c4e4cacad3667.tar.gz | |
Icns DOS fix -- CVE-2014-3589
from https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
Diffstat (limited to 'graphics/py-imaging/patches')
| -rw-r--r-- | graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py b/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py new file mode 100644 index 00000000000..b725262ffa5 --- /dev/null +++ b/graphics/py-imaging/patches/patch-PIL_IcnsImagePlugin.py @@ -0,0 +1,16 @@ +$NetBSD: patch-PIL_IcnsImagePlugin.py,v 1.1 2014/09/07 09:37:46 spz Exp $ + +Icns DOS fix -- CVE-2014-3589 +from https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d + +--- PIL/IcnsImagePlugin.py.orig 2009-11-01 00:44:11.000000000 +0000 ++++ PIL/IcnsImagePlugin.py +@@ -115,6 +115,8 @@ class IcnsFile: + i = HEADERSIZE + while i < filesize: + sig, blocksize = nextheader(fobj) ++ if blocksize <= 0: ++ raise SyntaxError('invalid block header') + i = i + HEADERSIZE + blocksize = blocksize - HEADERSIZE + dct[sig] = (i, blocksize) |