Skip to content

Commit

Permalink
Merge pull request #6699 from hugovk/security-libtiff_buffer
Browse files Browse the repository at this point in the history
  • Loading branch information
hugovk authored Oct 29, 2022
2 parents 2444cdd + 744f455 commit 1a51ce7
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
1 change: 0 additions & 1 deletion Tests/test_file_pdf.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ def test_save(tmp_path, mode):
helper_save_as_pdf(tmp_path, mode)


@pytest.mark.valgrind_known_error(reason="Temporary skip")
def test_monochrome(tmp_path):
# Arrange
mode = "1"
Expand Down
6 changes: 6 additions & 0 deletions docs/releasenotes/9.3.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ classes: :py:data:`~PIL.ExifTags.Base` and :py:data:`~PIL.ExifTags.GPS`.
Security
========

Initialize libtiff buffer when saving
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

When saving a TIFF image to a file object using libtiff, the buffer was not
initialized. This behaviour introduced in Pillow 2.0.0, and has now been fixed.

Decode JPEG compressed BLP1 data in original mode
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Expand Down
6 changes: 3 additions & 3 deletions src/libImaging/TiffDecode.c
Original file line number Diff line number Diff line change
Expand Up @@ -771,11 +771,11 @@ ImagingLibTiffEncodeInit(ImagingCodecState state, char *filename, int fp) {
TRACE(("Opening using fd: %d for writing \n", clientstate->fp));
clientstate->tiff = TIFFFdOpen(fd_to_tiff_fd(clientstate->fp), filename, mode);
} else {
// malloc a buffer to write the tif, we're going to need to realloc or something
// calloc a buffer to write the tif, we're going to need to realloc or something
// if we need bigger.
TRACE(("Opening a buffer for writing \n"));
/* malloc check ok, small constant allocation */
clientstate->data = malloc(bufsize);
/* calloc check ok, small constant allocation */
clientstate->data = calloc(bufsize, 1);
clientstate->size = bufsize;
clientstate->flrealloc = 1;

Expand Down

0 comments on commit 1a51ce7

Please # to comment.