[Bug 1933983] [NEW] 5.1.0-1ubuntu0.6 on bionic (python2) can fail on Parser.feed(data) due to OSError
Tom Haddon
1933983 at bugs.launchpad.net
Tue Jun 29 14:15:34 UTC 2021
Public bug reported:
The python2 version of pillow in bionic (python-pil 5.1.0-1ubuntu0.6)
included debian/patches/CVE-2021-28675.patch includes has the following:
```
--- a/src/PIL/ImageFile.py
+++ b/src/PIL/ImageFile.py
@@ -522,12 +522,18 @@ def _safe_read(fp, size):
:param fp: File handle. Must implement a <b>read</b> method.
:param size: Number of bytes to read.
- :returns: A string containing up to <i>size</i> bytes of data.
+ :returns: A string containing <i>size</i> bytes of data.
+
+ Raises an OSError if the file is truncated and the read can not be completed
+
"""
if size <= 0:
return b""
if size <= SAFEBLOCK:
- return fp.read(size)
+ data = fp.read(size)
+ if len(data) < size:
+ raise OSError("Truncated File Read")
+ return data
data = []
while size > 0:
block = fp.read(min(size, SAFEBLOCK))
@@ -535,6 +541,8 @@ def _safe_read(fp, size):
break
data.append(block)
size -= len(block)
+ if sum(len(d) for d in data) < size:
+ raise OSError("Truncated File Read")
return b"".join(data)
```
However, further up in the file in the `feed` method we have:
```
# attempt to open this file
try:
with io.BytesIO(self.data) as fp:
im = Image.open(fp)
except IOError:
# traceback.print_exc()
pass # not enough data
```
In the python3 version of this file the IOError has already been changed
to OSError but not so here.
In my local copy of /usr/lib/python2.7/dist-packages/PIL/ImageFile.py
I've changed line 392 from `except IOError:` to `except (IOError,
OSError):` and I can confirm this has fixed the issues I've been seeing
since the release of 5.1.0-1ubuntu0.6 (tracebacks with
`OSError("Truncated File Read")`).
I've tried running the test suite locally (with `make test`) to submit a
patch, but I'm getting lots of unrelated failures in tests (missing
pytest imports, file comparisons not matching, etc.). Happy to provide
more detail on that if appropriate.
** Affects: pillow (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pillow in Ubuntu.
https://bugs.launchpad.net/bugs/1933983
Title:
5.1.0-1ubuntu0.6 on bionic (python2) can fail on Parser.feed(data) due
to OSError
Status in pillow package in Ubuntu:
New
Bug description:
The python2 version of pillow in bionic (python-pil 5.1.0-1ubuntu0.6)
included debian/patches/CVE-2021-28675.patch includes has the
following:
```
--- a/src/PIL/ImageFile.py
+++ b/src/PIL/ImageFile.py
@@ -522,12 +522,18 @@ def _safe_read(fp, size):
:param fp: File handle. Must implement a <b>read</b> method.
:param size: Number of bytes to read.
- :returns: A string containing up to <i>size</i> bytes of data.
+ :returns: A string containing <i>size</i> bytes of data.
+
+ Raises an OSError if the file is truncated and the read can not be completed
+
"""
if size <= 0:
return b""
if size <= SAFEBLOCK:
- return fp.read(size)
+ data = fp.read(size)
+ if len(data) < size:
+ raise OSError("Truncated File Read")
+ return data
data = []
while size > 0:
block = fp.read(min(size, SAFEBLOCK))
@@ -535,6 +541,8 @@ def _safe_read(fp, size):
break
data.append(block)
size -= len(block)
+ if sum(len(d) for d in data) < size:
+ raise OSError("Truncated File Read")
return b"".join(data)
```
However, further up in the file in the `feed` method we have:
```
# attempt to open this file
try:
with io.BytesIO(self.data) as fp:
im = Image.open(fp)
except IOError:
# traceback.print_exc()
pass # not enough data
```
In the python3 version of this file the IOError has already been
changed to OSError but not so here.
In my local copy of /usr/lib/python2.7/dist-packages/PIL/ImageFile.py
I've changed line 392 from `except IOError:` to `except (IOError,
OSError):` and I can confirm this has fixed the issues I've been
seeing since the release of 5.1.0-1ubuntu0.6 (tracebacks with
`OSError("Truncated File Read")`).
I've tried running the test suite locally (with `make test`) to submit
a patch, but I'm getting lots of unrelated failures in tests (missing
pytest imports, file comparisons not matching, etc.). Happy to provide
more detail on that if appropriate.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1933983/+subscriptions
More information about the foundations-bugs
mailing list