[Bug 1933983] [NEW] 5.1.0-1ubuntu0.6 on bionic (python2) can fail on Parser.feed(data) due to OSError

Tom Haddon Tue, 29 Jun 2021 07:20:47 -0700

Public bug reported:

The python2 version of pillow in bionic (python-pil 5.1.0-1ubuntu0.6)
included debian/patches/CVE-2021-28675.patch includes has the following:


```
--- a/src/PIL/ImageFile.py
+++ b/src/PIL/ImageFile.py
@@ -522,12 +522,18 @@ def _safe_read(fp, size):
 
     :param fp: File handle.  Must implement a <b>read</b> method.
     :param size: Number of bytes to read.
-    :returns: A string containing up to <i>size</i> bytes of data.
+    :returns: A string containing <i>size</i> bytes of data.
+
+    Raises an OSError if the file is truncated and the read can not be 
completed
+
     """
     if size <= 0:
         return b""
     if size <= SAFEBLOCK:
-        return fp.read(size)
+        data = fp.read(size)
+        if len(data) < size:
+            raise OSError("Truncated File Read")
+        return data
     data = []
     while size > 0:
         block = fp.read(min(size, SAFEBLOCK))
@@ -535,6 +541,8 @@ def _safe_read(fp, size):
             break
         data.append(block)
         size -= len(block)
+    if sum(len(d) for d in data) < size:
+        raise OSError("Truncated File Read")
     return b"".join(data)
```

However, further up in the file in the `feed` method we have:

```
# attempt to open this file                                                     
                                                 
try:
    with io.BytesIO(self.data) as fp:                                           
                                                 
        im = Image.open(fp)                                                     
                                                 
except IOError:
    # traceback.print_exc()                                                     
                                                 
    pass  # not enough data
```

In the python3 version of this file the IOError has already been changed
to OSError but not so here.

In my local copy of /usr/lib/python2.7/dist-packages/PIL/ImageFile.py
I've changed line 392 from `except IOError:` to `except (IOError,
OSError):` and I can confirm this has fixed the issues I've been seeing
since the release of 5.1.0-1ubuntu0.6 (tracebacks with
`OSError("Truncated File Read")`).

I've tried running the test suite locally (with `make test`) to submit a
patch, but I'm getting lots of unrelated failures in tests (missing
pytest imports, file comparisons not matching, etc.). Happy to provide
more detail on that if appropriate.

** Affects: pillow (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933983

Title:
  5.1.0-1ubuntu0.6 on bionic (python2) can fail on Parser.feed(data) due
  to OSError

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1933983/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1933983] [NEW] 5.1.0-1ubuntu0.6 on bionic (python2) can fail on Parser.feed(data) due to OSError

Reply via email to