Public bug reported: The python2 version of pillow in bionic (python-pil 5.1.0-1ubuntu0.6) included debian/patches/CVE-2021-28675.patch includes has the following:
``` --- a/src/PIL/ImageFile.py +++ b/src/PIL/ImageFile.py @@ -522,12 +522,18 @@ def _safe_read(fp, size): :param fp: File handle. Must implement a <b>read</b> method. :param size: Number of bytes to read. - :returns: A string containing up to <i>size</i> bytes of data. + :returns: A string containing <i>size</i> bytes of data. + + Raises an OSError if the file is truncated and the read can not be completed + """ if size <= 0: return b"" if size <= SAFEBLOCK: - return fp.read(size) + data = fp.read(size) + if len(data) < size: + raise OSError("Truncated File Read") + return data data = [] while size > 0: block = fp.read(min(size, SAFEBLOCK)) @@ -535,6 +541,8 @@ def _safe_read(fp, size): break data.append(block) size -= len(block) + if sum(len(d) for d in data) < size: + raise OSError("Truncated File Read") return b"".join(data) ``` However, further up in the file in the `feed` method we have: ``` # attempt to open this file try: with io.BytesIO(self.data) as fp: im = Image.open(fp) except IOError: # traceback.print_exc() pass # not enough data ``` In the python3 version of this file the IOError has already been changed to OSError but not so here. In my local copy of /usr/lib/python2.7/dist-packages/PIL/ImageFile.py I've changed line 392 from `except IOError:` to `except (IOError, OSError):` and I can confirm this has fixed the issues I've been seeing since the release of 5.1.0-1ubuntu0.6 (tracebacks with `OSError("Truncated File Read")`). I've tried running the test suite locally (with `make test`) to submit a patch, but I'm getting lots of unrelated failures in tests (missing pytest imports, file comparisons not matching, etc.). Happy to provide more detail on that if appropriate. ** Affects: pillow (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933983 Title: 5.1.0-1ubuntu0.6 on bionic (python2) can fail on Parser.feed(data) due to OSError To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1933983/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs