From ef633d7c5dcad78976350ce8212b7a41a8c7b74c Mon Sep 17 00:00:00 2001 From: Amaury Forgeot d'Arc Date: Tue, 18 Nov 2008 22:35:48 +0000 Subject: #4317: Fix an Array Bounds Read in imageop.rgb2rgb8. Backport of r67266 --- Lib/test/test_imageop.py | 3 ++- Misc/NEWS | 2 ++ Modules/imageop.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_imageop.py b/Lib/test/test_imageop.py index f57757f..476b379 100755 --- a/Lib/test/test_imageop.py +++ b/Lib/test/test_imageop.py @@ -19,6 +19,7 @@ SIZES = (1, 2, 3, 4) _VALUES = (1, 2, 2**10, 2**15-1, 2**15, 2**15+1, 2**31-2, 2**31-1) VALUES = tuple( -x for x in reversed(_VALUES) ) + (0,) + _VALUES AAAAA = "A" * 1024 +MAX_LEN = 2**20 class InputValidationTests(unittest.TestCase): @@ -30,7 +31,7 @@ class InputValidationTests(unittest.TestCase): strlen = abs(width * height) if size: strlen *= size - if strlen < 1024: + if strlen < MAX_LEN: data = "A" * strlen else: data = AAAAA diff --git a/Misc/NEWS b/Misc/NEWS index 25bffa2..eee0085 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -12,6 +12,8 @@ What's New in Python 2.5.3? Core and builtins ----------------- +- Issue #4317: Fixed a crash in the imageop.rgb2rgb8() function. + - Issue #4230: If ``__getattr__`` is a descriptor, it now functions correctly. - Issue #4048: The parser module now correctly validates relative imports. diff --git a/Modules/imageop.c b/Modules/imageop.c index b756f7d..d746474 100644 --- a/Modules/imageop.c +++ b/Modules/imageop.c @@ -590,7 +590,7 @@ imageop_rgb2rgb8(PyObject *self, PyObject *args) if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) ) return 0; - if ( !check_multiply_size(len*4, x, "x", y, "y", 4) ) + if ( !check_multiply_size(len, x, "x", y, "y", 4) ) return 0; nlen = x*y; if ( !check_multiply(nlen, x, y) ) -- cgit v0.12