python-pillow/backport-CVE-2021-28676.patch

From bb6c11fb889e6c11b0ee122b828132ee763b5856 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 11 Mar 2021 22:12:35 +0100
Subject: [PATCH] Fix FLI DOS -- CVE-2021-28676

Conflict:NA
Reference:https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
---
 src/libImaging/FliDecode.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 8450801..b8bc5ce 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -242,6 +242,11 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
                 return -1;
         }
         advance = I32(ptr);
+        if (advance == 0 ) {
+            // If there's no advance, we're in in infinite loop
+            state->errcode = IMAGING_CODEC_BROKEN;
+            return -1;
+        }
         if (advance < 0 || advance > bytes) {
             state->errcode = IMAGING_CODEC_OVERRUN;
             return -1;
-- 
2.23.0