summaryrefslogtreecommitdiff
path: root/graphics/py-imaging/patches/patch-PIL_JpegImagePlugin.py
blob: dcb94da278f6604f5796be7409e9e954c01230ff (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

$NetBSD: patch-PIL_JpegImagePlugin.py,v 1.1 2014/05/15 06:23:06 spz Exp $

patch for CVE-2014-1932 and CVE-2014-1933 taken from
https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7

--- PIL/JpegImagePlugin.py.orig	2009-11-01 00:44:12.000000000 +0000
+++ PIL/JpegImagePlugin.py
@@ -344,13 +344,17 @@ class JpegImageFile(ImageFile.ImageFile)
         # ALTERNATIVE: handle JPEGs via the IJG command line utilities
 
         import tempfile, os
-        file = tempfile.mktemp()
-        os.system("djpeg %s >%s" % (self.filename, file))
+        f, path = tempfile.mkstemp()
+        os.close(f)
+        if os.path.exists(self.filename):
+            os.system("djpeg '%s' >'%s'" % (self.filename, path))
+        else:
+            raise ValueError("Invalid Filename")
 
         try:
-            self.im = Image.core.open_ppm(file)
+            self.im = Image.core.open_ppm(path)
         finally:
-            try: os.unlink(file)
+            try: os.unlink(path)
             except: pass
 
         self.mode = self.im.mode
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 14:42:28 +0000