Revert "Workaround Pypy regression"

Update CHANGES.rst
Fix pypy 2.4 regression, #952
2014-12-31 20:11:39 -08:00 · 2014-12-31 20:09:07 -08:00 · 2014-12-31 20:06:55 -08:00 · 2014-12-31 20:03:05 -08:00 · 2014-12-31 15:33:06 -08:00 · 2014-12-31 15:26:12 -08:00
13 changed files with 158 additions and 13 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -1,6 +1,24 @@
 Changelog (Pillow)
 ==================

+2.6.2 (2015-01-01)
+------------------
+
+- Fix potential PNG decompression DOS #1060 
+  [wiredfool]
+
+- Fix Regression in PyPy 2.4 in streamio  #958
+  [wiredfool]
+
+2.6.1 (2014-10-13)
+------------------
+
+- Fix SciPy regression for in Image.resize #945
+  [wiredfool]
+
+- Fix manifest to include all test files
+  [aclark]
+
 2.6.0 (2014-10-01)
 ------------------

--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -1,10 +1,10 @@
-
 include *.c
 include *.h
 include *.md
 include *.py
 include *.rst
 include *.txt
+include *.yaml
 include .coveragerc
 include .gitattributes
 include .travis.yml
@ -44,9 +44,11 @@ recursive-include Tests *.dcx
 recursive-include Tests *.doc
 recursive-include Tests *.eps
 recursive-include Tests *.fli
+recursive-include Tests *.ggr
 recursive-include Tests *.gif
 recursive-include Tests *.gnuplot
 recursive-include Tests *.html
+recursive-include Tests *.icc
 recursive-include Tests *.icm
 recursive-include Tests *.icns
 recursive-include Tests *.ico
@ -70,6 +72,7 @@ recursive-include Tests *.rst
 recursive-include Tests *.sgi
 recursive-include Tests *.spider
 recursive-include Tests *.tar
+recursive-include Tests *.tga
 recursive-include Tests *.tif
 recursive-include Tests *.tiff
 recursive-include Tests *.ttf
--- a/PIL/Image.py
+++ b/PIL/Image.py
@ -1530,6 +1530,7 @@ class Image:

        self.load()

+        size=tuple(size)
        if self.size == size:
            return self._new(self.im)

--- a/PIL/PngImagePlugin.py
+++ b/PIL/PngImagePlugin.py
@ -72,6 +72,19 @@ _MODES = {

 _simple_palette = re.compile(b'^\xff+\x00\xff*$')

+# Maximum decompressed size for a iTXt or zTXt chunk.
+# Eliminates decompression bombs where compressed chunks can expand 1000x
+MAX_TEXT_CHUNK = ImageFile.SAFEBLOCK
+# Set the maximum total text chunk size.
+MAX_TEXT_MEMORY = 64 * MAX_TEXT_CHUNK
+
+def _safe_zlib_decompress(s):
+    dobj = zlib.decompressobj()
+    plaintext = dobj.decompress(s, MAX_TEXT_CHUNK)
+    if dobj.unconsumed_tail:
+        raise ValueError("Decompressed Data Too Large")
+    return plaintext
+

 # --------------------------------------------------------------------
 # Support classes.  Suitable for PNG and related formats like MNG etc.
@ -184,7 +197,6 @@ class PngInfo:
            tkey = tkey.encode("utf-8", "strict")

        if zip:
-            import zlib
            self.add(b"iTXt", key + b"\0\x01\0" + lang + b"\0" + tkey + b"\0" +
                     zlib.compress(value))
        else:
@ -206,7 +218,6 @@ class PngInfo:
            key = key.encode('latin-1', 'strict')

        if zip:
-            import zlib
            self.add(b"zTXt", key + b"\0\0" + zlib.compress(value))
        else:
            self.add(b"tEXt", key + b"\0" + value)
@ -229,6 +240,14 @@ class PngStream(ChunkStream):
        self.im_tile = None
        self.im_palette = None

+        self.text_memory = 0
+
+    def check_text_memory(self, chunklen):
+        self.text_memory += chunklen
+        if self.text_memory > MAX_TEXT_MEMORY:
+            raise ValueError("Too much memory used in text chunks: %s>MAX_TEXT_MEMORY" %
+                             self.text_memory)
+
    def chunk_iCCP(self, pos, length):

        # ICC profile
@ -247,7 +266,7 @@ class PngStream(ChunkStream):
            raise SyntaxError("Unknown compression method %s in iCCP chunk" %
                              comp_method)
        try:
-            icc_profile = zlib.decompress(s[i+2:])
+            icc_profile = _safe_zlib_decompress(s[i+2:])
        except zlib.error:
            icc_profile = None  # FIXME
        self.im_info["icc_profile"] = icc_profile
@ -341,6 +360,8 @@ class PngStream(ChunkStream):
                v = v.decode('latin-1', 'replace')

            self.im_info[k] = self.im_text[k] = v
+            self.check_text_memory(len(v))
+
        return s

    def chunk_zTXt(self, pos, length):
@ -359,9 +380,8 @@ class PngStream(ChunkStream):
        if comp_method != 0:
            raise SyntaxError("Unknown compression method %s in zTXt chunk" %
                              comp_method)
-        import zlib
        try:
-            v = zlib.decompress(v[1:])
+            v = _safe_zlib_decompress(v[1:])
        except zlib.error:
            v = b""

@ -371,6 +391,8 @@ class PngStream(ChunkStream):
                v = v.decode('latin-1', 'replace')

            self.im_info[k] = self.im_text[k] = v
+            self.check_text_memory(len(v))
+
        return s

    def chunk_iTXt(self, pos, length):
@ -390,9 +412,8 @@ class PngStream(ChunkStream):
            return s
        if cf != 0:
            if cm == 0:
-                import zlib
                try:
-                    v = zlib.decompress(v)
+                    v = _safe_zlib_decompress(v)
                except zlib.error:
                    return s
            else:
@ -407,7 +428,8 @@ class PngStream(ChunkStream):
                return s

        self.im_info[k] = self.im_text[k] = iTXt(v, lang, tk)
-
+        self.check_text_memory(len(v))
+            
        return s


--- a/PIL/TiffImagePlugin.py
+++ b/PIL/TiffImagePlugin.py
@ -883,6 +883,10 @@ class TiffImageFile(ImageFile.ImageFile):
                try:
                    fp = hasattr(self.fp, "fileno") and \
                        os.dup(self.fp.fileno())
+                    # flush the file descriptor, prevents error on pypy 2.4+
+                    # should also eliminate the need for fp.tell for py3
+                    # in _seek
+                    self.fp.flush()
                except IOError:
                    # io.BytesIO have a fileno, but returns an IOError if
                    # it doesn't use a file descriptor.
--- a/PIL/init.py
+++ b/PIL/init.py
@ -12,7 +12,7 @@
 # ;-)

 VERSION = '1.1.7'  # PIL version
-PILLOW_VERSION = '2.6.0'  # Pillow
+PILLOW_VERSION = '2.6.2'  # Pillow

 _plugins = ['BmpImagePlugin',
            'BufrStubImagePlugin',
--- a/Tests/check_png_dos.py
+++ b/Tests/check_png_dos.py
@ -0,0 +1,47 @@
+from helper import unittest, PillowTestCase
+from PIL import Image, PngImagePlugin
+from io import BytesIO
+import zlib
+
+TEST_FILE = "Tests/images/png_decompression_dos.png"
+
+class TestPngDos(PillowTestCase):
+    def test_dos_text(self):
+
+        try:
+            im = Image.open(TEST_FILE)
+            im.load()
+        except ValueError as msg:
+            self.assertTrue(msg, "Decompressed Data Too Large")
+            return
+
+        for s in im.text.values():
+            self.assertLess(len(s), 1024*1024, "Text chunk larger than 1M")
+
+    def test_dos_total_memory(self):
+        im = Image.new('L',(1,1))
+        compressed_data = zlib.compress('a'*1024*1023)
+
+        info = PngImagePlugin.PngInfo()
+
+        for x in range(64):
+            info.add_text('t%s'%x, compressed_data, 1)
+            info.add_itxt('i%s'%x, compressed_data, zip=True)
+
+        b = BytesIO()
+        im.save(b, 'PNG', pnginfo=info)
+        b.seek(0)
+        
+        try:
+            im2 = Image.open(b)
+        except ValueError as msg:
+            self.assertIn("Too much memory", msg)
+            return
+
+        total_len = 0
+        for txt in im2.text.values():
+            total_len += len(txt)
+        self.assertLess(total_len, 64*1024*1024, "Total text chunks greater than 64M")
+        
+if __name__ == '__main__':
+    unittest.main()
--- a/Tests/images/png_decompression_dos.png
+++ b/Tests/images/png_decompression_dos.png
--- a/Tests/test_file_png.py
+++ b/Tests/test_file_png.py
@ -153,7 +153,7 @@ class TestFilePng(PillowTestCase):

        im = load(HEAD + chunk(b'iTXt', b'spam\0\1\0en\0Spam\0' +
                               zlib.compress(b"egg")[:1]) + TAIL)
-        self.assertEqual(im.info, {})
+        self.assertEqual(im.info, {'spam':''})

        im = load(HEAD + chunk(b'iTXt', b'spam\0\1\1en\0Spam\0' +
                               zlib.compress(b"egg")) + TAIL)
--- a/Tests/test_scipy.py
+++ b/Tests/test_scipy.py
@ -0,0 +1,42 @@
+from helper import PillowTestCase
+
+try:
+    import numpy as np
+    from numpy.testing import assert_equal
+
+    from scipy import misc
+    HAS_SCIPY = True
+except:
+    HAS_SCIPY = False
+    
+
+class Test_scipy_resize(PillowTestCase):
+    """ Tests for scipy regression in 2.6.0 """
+
+    def setUp(self):
+        if not HAS_SCIPY:
+            self.skipTest("Scipy Required")
+
+    def test_imresize(self):
+        im = np.random.random((10,20))
+        for T in np.sctypes['float'] + [float]:
+            # 1.1 rounds to below 1.1 for float16, 1.101 works
+            im1 = misc.imresize(im,T(1.101))
+            self.assertEqual(im1.shape,(11,22))
+
+    def test_imresize4(self):
+        im = np.array([[1,2],
+                       [3,4]])
+        res = np.array([[ 1. ,  1. ,  1.5,  2. ],
+                        [ 1. ,  1. ,  1.5,  2. ],
+                        [ 2. ,  2. ,  2.5,  3. ],
+                        [ 3. ,  3. ,  3.5,  4. ]], dtype=np.float32)
+        # Check that resizing by target size, float and int are the same
+        im2 = misc.imresize(im, (4,4), mode='F')  # output size
+        im3 = misc.imresize(im, 2., mode='F')  # fraction
+        im4 = misc.imresize(im, 200, mode='F')  # percentage
+        assert_equal(im2, res)
+        assert_equal(im3, res)
+        assert_equal(im4, res)
+
+
--- a/_imaging.c
+++ b/_imaging.c
@ -71,7 +71,7 @@
 * See the README file for information on usage and redistribution.
 */

-#define PILLOW_VERSION "2.6.0"
+#define PILLOW_VERSION "2.6.2"

 #include "Python.h"

--- a/docs/handbook/image-file-formats.rst
+++ b/docs/handbook/image-file-formats.rst
@ -332,6 +332,14 @@ The :py:meth:`~PIL.Image.Image.open` method sets the following
    Transparency color index. This key is omitted if the image is not a
    transparent palette image.

+``Open`` also sets ``Image.text`` to a list of the values of the
+``tEXt``, ``zTXt``, and ``iTXt`` chunks of the PNG image. Individual
+compressed chunks are limited to a decompressed size of
+``PngImagePlugin.MAX_TEXT_CHUNK``, by default 1MB, to prevent
+decompression bombs. Additionally, the total size of all of the text
+chunks is limited to ``PngImagePlugin.MAX_TEXT_MEMORY``, defaulting to
+64MB.
+
 The :py:meth:`~PIL.Image.Image.save` method supports the following options:

 **optimize**
--- a/setup.py
+++ b/setup.py
@ -90,7 +90,7 @@ except (ImportError, OSError):


 NAME = 'Pillow'
-PILLOW_VERSION = '2.6.0'
+PILLOW_VERSION = '2.6.2'
 TCL_ROOT = None
 JPEG_ROOT = None
 JPEG2K_ROOT = None
Author	SHA1	Message	Date
Hugo	9f0ec3b0d7	Revert "Workaround Pypy regression"	2014-12-31 20:11:39 -08:00
wiredfool	a84054a945	Update CHANGES.rst	2014-12-31 20:09:07 -08:00
wiredfool	a15bf21ea1	Fix pypy 2.4 regression, #952	2014-12-31 20:06:55 -08:00
wiredfool	9b66864e07	Merge pull request #1062 from wiredfool/png-dos-2.6.1 Png text decompression dos fix, for 2.6.x	2014-12-31 20:03:05 -08:00
wiredfool	cf880329a7	Version Bump -- 2.6.2	2014-12-31 15:33:06 -08:00
wiredfool	61ee1d9ccc	Documentation Update for PNG zlib DOS	2014-12-31 15:26:12 -08:00
wiredfool	43f6291cfd	Test style cleanup	2014-12-31 15:24:10 -08:00
wiredfool	c5c648a6a3	Limit total text chunk size to 64k	2014-12-31 15:24:04 -08:00
wiredfool	4738506ecb	Test change -- different representation for invalid compressed object	2014-12-28 22:37:04 -08:00
wiredfool	4a6aac605a	Fix for zlib.decompression bomb in iTXt,zTXt, and iCCP chunks	2014-11-30 23:31:29 -08:00
wiredfool	4a8471dea1	Date Slip [ci skip]	2014-10-13 10:13:17 -07:00
Hugo	e54da99325	Allow latest PyPy 2.4.0 to fail and temporarily add previous passing 2.3.1 for the time-being (#952 )	2014-10-13 09:24:43 -07:00
wiredfool	c20c75e1a5	Version bump, 2.6.1	2014-10-11 09:56:40 -07:00
Eric Soroos	dcf42f5363	Fix for regression in scipy	2014-10-11 09:46:38 -07:00
Alex Clark	d97378550f	Fix manifest Run `make pre` to check MANIFEST	2014-10-02 09:48:56 -07:00