!139 Fix CVE-2022-45198

From: @wk333 Reviewed-by: @cherry530 Signed-off-by: @cherry530
2023-12-08 08:47:07 +00:00 · 2023-12-08 08:47:07 +00:00 · 08c18cb0d9
commit 08c18cb0d9
parent b12a8f7b77 9c3b0840d6
3 changed files with 55 additions and 8 deletions
--- a/CVE-2022-45198.patch
+++ b/CVE-2022-45198.patch
@ -0,0 +1,41 @@
+From 20c10c81927790c700480a67dc48aebe2228d6e2 Mon Sep 17 00:00:00 2001
+From: zhangshaoning <zhangshaoning@uniontech.com>
+Date: Sat, 6 May 2023 15:06:22 +0800
+Subject: [PATCH] CVE-2022-45198
+
+---
+ Tests/test_decompression_bomb.py            |   5 +++++
+ src/PIL/GifImagePlugin.py                   |   1 +
+ 2 files changed, 6 insertions(+)
+
+diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py
+index d918ef9..18fed06 100644
+--- a/Tests/test_decompression_bomb.py
+++ b/Tests/test_decompression_bomb.py
+@@ -62,6 +62,11 @@ class TestDecompressionBomb:
+             with Image.open("Tests/images/decompression_bomb.gif"):
+                 pass
+ 
+    def test_exception_gif_extents(self):
+        with Image.open("Tests/images/decompression_bomb_extents.gif") as im:
+            with pytest.raises(Image.DecompressionBombError):
+                im.seek(1)
+
+     def test_exception_bmp(self):
+         with pytest.raises(Image.DecompressionBombError):
+             with Image.open("Tests/images/bmp/b/reallybig.bmp"):
+diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py
+index 8c2180b..04b567a 100644
+--- a/src/PIL/GifImagePlugin.py
+++ b/src/PIL/GifImagePlugin.py
+@@ -247,6 +247,7 @@ class GifImageFile(ImageFile.ImageFile):
+                 x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6)
+                 if x1 > self.size[0] or y1 > self.size[1]:
+                     self._size = max(x1, self.size[0]), max(y1, self.size[1])
+                    Image._decompression_bomb_check(self._size)
+                 self.dispose_extent = x0, y0, x1, y1
+                 flags = s[8]
+ 
+-- 
+2.20.1
+
--- a/decompression_bomb_extents.gif
+++ b/decompression_bomb_extents.gif
--- a/python-pillow.spec
+++ b/python-pillow.spec
@ -5,19 +5,21 @@
 
 Name:           python-pillow
 Version:        9.0.1
-Release:        4
+Release:        5
 Summary:        Python image processing library 
 License:        MIT
 URL:            http://python-pillow.github.io/
 Source0:        https://github.com/python-pillow/Pillow/archive/%{version}/Pillow-%{version}.tar.gz
 Source1:        oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif
+# https://github.com/python-pillow/Pillow/blob/c9f1b35/Tests/images/decompression_bomb_extents.gif
+Source2:        decompression_bomb_extents.gif

-Patch0:         python-pillow_spinxwarn.patch
-Patch1:         python-pillow_sphinx-issues.patch
-
-Patch6000:      backport-Corrected-memory-allocation.patch
-Patch6001:      CVE-2022-45199.patch
-Patch6002:      CVE-2023-44271.patch
+Patch0000:      python-pillow_spinxwarn.patch
+Patch0001:      python-pillow_sphinx-issues.patch
+Patch0002:      backport-Corrected-memory-allocation.patch
+Patch0003:      CVE-2022-45199.patch
+Patch0004:      CVE-2023-44271.patch
+Patch0005:      CVE-2022-45198.patch

 BuildRequires:  freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libtiff-devel
 BuildRequires:  libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile
@ -97,9 +99,10 @@ Provides:       python3-imaging-qt = %{version}-%{release}
 Qt pillow image wrapper.
 %prep
 %autosetup -p1 -n Pillow-%{version} 
-cp %{SOURCE1} Tests/images/
 
 %build
+cp %{SOURCE1} Tests/images/
+cp %{SOURCE2} Tests/images/

 %py3_build

@ -156,6 +159,9 @@ pytest --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v
 %{python3_sitearch}/PIL/__pycache__/ImageQt*

 %changelog
+* Thu Dec 07 2023 wangkai <13474090681@163.com> - 9.0.1-5
+- Fix CVE-2022-45198
+
 * Tue Nov 14 2023 hanhuihui <hanhuihui5@huawei.com> - 9.0.1-4
 - Type:CVE
 - ID:NA