Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
FLI overflow error fix and testcase CVE-2016-0775
  • Loading branch information
wiredfool committed Feb 2, 2016
1 parent a406599 commit bcaaf97
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 1 deletion.
16 changes: 16 additions & 0 deletions Tests/check_fli_overflow.py
@@ -0,0 +1,16 @@
from helper import unittest, PillowTestCase
from PIL import Image

TEST_FILE = "Tests/images/fli_overflow.fli"


class TestFliOverflow(PillowTestCase):
def test_fli_overflow(self):

# this should not crash with a malloc error or access violation
im = Image.open(TEST_FILE)
im.load()


if __name__ == '__main__':
unittest.main()
Binary file added Tests/images/fli_overflow.fli
Binary file not shown.
2 changes: 1 addition & 1 deletion libImaging/FliDecode.c
Expand Up @@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
/* COPY chunk */
for (y = 0; y < state->ysize; y++) {
UINT8* buf = (UINT8*) im->image[y];
memcpy(buf+x, data, state->xsize);
memcpy(buf, data, state->xsize);
data += state->xsize;
}
break;
Expand Down

0 comments on commit bcaaf97

Please sign in to comment.