CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
hardknott
meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/0001-Handle-case-where-path-count-is-zero.patch
Trevor Gamblin 23598caeaf python3-pillow: fix CVE-2022-22815, 22816, 22817 
Backport three patches from 9.0.0 upstream to fix CVES.

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-01-30 15:13:01 -08:00

78 lines
2.1 KiB
Diff
Raw Permalink Blame History

From c48271ab354db49cdbd740bc45e13be4f0f7993c Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Mon, 6 Dec 2021 22:25:14 +1100
Subject: [PATCH] Handle case where path count is zero
CVE: CVE-2022-22816
Upstream-Status: Backport
(https://github.com/python-pillow/Pillow/pull/5920/commits/c48271ab354db49cdbd740bc45e13be4f0f7993c)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
---
Tests/test_imagepath.py | 1 +
src/path.c | 33 +++++++++++++++++++--------------
2 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/Tests/test_imagepath.py b/Tests/test_imagepath.py
index cd850bb1..b18271cc 100644
--- a/Tests/test_imagepath.py
+++ b/Tests/test_imagepath.py
@@ -90,6 +90,7 @@ def test_path_odd_number_of_coordinates():
[
([0, 1, 2, 3], (0.0, 1.0, 2.0, 3.0)),
([3, 2, 1, 0], (1.0, 0.0, 3.0, 2.0)),
+ (0, (0.0, 0.0, 0.0, 0.0)),
(1, (0.0, 0.0, 0.0, 0.0)),
],
)
diff --git a/src/path.c b/src/path.c
index 64c767cb..dea274ee 100644
--- a/src/path.c
+++ b/src/path.c
@@ -327,21 +327,26 @@ path_getbbox(PyPathObject *self, PyObject *args) {
xy = self->xy;
- x0 = x1 = xy[0];
- y0 = y1 = xy[1];
+ if (self->count == 0) {
+ x0 = x1 = 0;
+ y0 = y1 = 0;
+ } else {
+ x0 = x1 = xy[0];
+ y0 = y1 = xy[1];
- for (i = 1; i < self->count; i++) {
- if (xy[i + i] < x0) {
- x0 = xy[i + i];
- }
- if (xy[i + i] > x1) {
- x1 = xy[i + i];
- }
- if (xy[i + i + 1] < y0) {
- y0 = xy[i + i + 1];
- }
- if (xy[i + i + 1] > y1) {
- y1 = xy[i + i + 1];
+ for (i = 1; i < self->count; i++) {
+ if (xy[i + i] < x0) {
+ x0 = xy[i + i];
+ }
+ if (xy[i + i] > x1) {
+ x1 = xy[i + i];
+ }
+ if (xy[i + i + 1] < y0) {
+ y0 = xy[i + i + 1];
+ }
+ if (xy[i + i + 1] > y1) {
+ y1 = xy[i + i + 1];
+ }
}
}
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink